From 2b283d5588683f131c805640f80841ef3f663a91 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Fri, 17 Apr 2020 00:47:17 +0200
Subject: [PATCH] Add pihole docker container

---
 configuration.nix      | 12 ++++++------
 modules/containers.nix | 36 ++++++++++++++++++++++++++++++++++++
 modules/networking.nix |  1 +
 modules/webstack.nix   |  2 +-
 4 files changed, 44 insertions(+), 7 deletions(-)
 create mode 100644 modules/containers.nix

diff --git a/configuration.nix b/configuration.nix
index c96045a..39604fe 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -4,7 +4,7 @@
   boot.loader.grub.enable = false;
   # Enables the generation of /boot/extlinux/extlinux.conf
   boot.loader.generic-extlinux-compatible.enable = true;
-
+   
   # A bunch of boot parameters needed for optimal runtime on RPi 3B
   boot.kernelParams = ["cma=32M" "zfs.zfs_arc_max=12884901888"];
   boot.loader.raspberryPi = {
@@ -13,8 +13,7 @@
     uboot.enable = true;
     firmwareConfig = ''
         hdmi_force_hotplug=1
-      '';
-  };
+      '';};
 
   environment.systemPackages = with pkgs; [
     raspberrypi-tools
@@ -37,13 +36,13 @@
 
   # Set hostname
   networking.hostName = "zion";
-
+   
   # Create coolneng user
   users.users.coolneng = {
     isNormalUser = true;
     home = "/home/coolneng";
-    extraGroups = [ "wheel" "lp" "scanner" ];
-    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDG7JtfAqcbZV28wkNTfSWSqTOo5buH+dyT0w6SlTqq+KFh5DxREB0yGuM1UfjLpyLQ0XI7UbhCwNG28Li4yv/hwPGq63TF1kl+w4sjQKFn4bOUv1NvsfSN3oTamjfYoVsrapCiXqOvZkzEKMF47MSwOfPkqZ6ihU5V3INA0IZbl1Ri+r9MsIzvY76ZHBiF6rVqQJjdXVDbcLMViOrM56FpyK+ICo+uTkErsEbYFwevVTv9memOh778RRPesBobpZjggWOI4HXXxqk35myInYjHve9K4ox6YZMjwnwnEftONr2HyoBBcBNT+wWd1jtYxCoCWQ3vVkn4LGBDOQ3+HKb4rT3JxI66VfFyQWGJPdgJL5/ZNRlBqA7CpAtE7JaR6l7d3mCCoGW2B0atWiEXecwb8dz4CzzYm1r9Wz27L74OtPzUqcV7mQjCVDcnRsY/MtfhzyWzhB3tujVqnRtF3VrFSrm0YXS1ZWG4dltX1cfgud8s8XwwBKcFw5NdCrVxq3nRMNlGcSqbXC+RnrkK/i6ciAriZdXgFrmnBl+6qEmqIO15u2IPvDhnQs18DzRkHnPQegphhHhHix5aaqNbLfSRZNCTQaqE774X+0kuU/RWylI4muIyf4k9x+et4txeU2OC6l0W0LMpbsELzXIRr/ZBFrGHbE7/KLi8HNiAJ0KmAQ== coolneng@monolith" ];
+    extraGroups = [ "wheel" "lp" "scanner" "docker" ];
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8fkFEI0+DnBJvSBSyLdOYweweaD9CUslL6cjZ3VgKh+B+SXBvNG4n3P94eHGS/lX00B66EufWCe/TtYG0mCPlhDIXnxV3TAA+aXlJEAZEwVyTqCuWgrsh0WolNBtdL/ji6ke85eeFxRP0p8WsTKNtjN5EIX+3iF6SkloO53l+hsT3sQkEXjIZ7svzQ/B+qb7+wJ35VD5InJUtiEHq29rydQF7QyBrn8Q2SF/NrtJmftjBFA6QL3STksxyW++LE8hv+2mn1LtRwY9UP8n+YaEp9R+mO3LwImvScQwvk7GbkEEbjaCanvw10h4vIB5uY8fahTkF3lUMk6O/4Poe3ar/myTvYpNEmvuKofqOMZ8uuPxhSWSjQLGvajh2JHoxVSZZwgXdG+1PBpWTO3sarVFU8GKdGHwcI5WIG63+axekyxH2NIt5H0X3HLc71TsYYcoFXeC3a19i2Y5vlsLEpbyqDWzwdE2qQFPCtTdHmUjwEEZb5Xyc9wK39doYZubu19/UoM81K5Zm1dapiAQ5SWTZjehpyd539IBXFph67Xah25QRfFEGk2xjGGNhTVQmIMUHrtkQhHDAZ1qND7XqCaUG/nOpi80MPQ0BaemDfOJyRcy3ExssO2hZ50coAShW2t+0yXNHUy0xbeBBGskQta44AcsKkAnkJL0fwBTTscREQ== coolneng@monolith" ];
     shell = "/run/current-system/sw/bin/fish";
   };
 
@@ -100,6 +99,7 @@
     ./modules/hardware-configuration.nix
     ./modules/webstack.nix
     ./modules/devops.nix
+    ./modules/containers.nix
   ];
 
 }
diff --git a/modules/containers.nix b/modules/containers.nix
new file mode 100644
index 0000000..5457251
--- /dev/null
+++ b/modules/containers.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Enable Docker
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "overlay2";
+  };
+
+  # Container setup
+  docker-containers = {
+    pihole = {
+      image = "pihole/pihole:latest";
+      ports = [
+        "53:53/tcp"
+        "53:53/udp"
+        "3080:80"
+        "30443:443"
+      ];
+      volumes = [
+        "/var/lib/pihole/:/etc/pihole/"
+        "/var/lib/dnsmasq/.d:/etc/dnsmasq.d/"
+      ];
+      environment = {
+        ServerIP = "192.168.1.2";
+      };
+      extraDockerOptions = [
+        "--cap-add=NET_ADMIN"
+        "--dns=127.0.0.1"
+        "--dns=1.1.1.1"
+      ];
+      workdir = "/var/lib/pihole/";
+    };
+  };
+
+}
diff --git a/modules/networking.nix b/modules/networking.nix
index 8bef1e8..1bd9a00 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -21,6 +21,7 @@
       enable = true;
       userServices = true;
     };
+    reflector = true;
   };
 
 
diff --git a/modules/webstack.nix b/modules/webstack.nix
index 2936eb8..4a330a4 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -133,6 +133,6 @@
     };
   };
 
-  # Restart nginx after
+  # Restart reverse proxy after services startup
   systemd.services.nginx.after = [ "gitea.service" "syncthing.service" "miniflux.service" "radicale.service" ];
 }