Add pihole docker container

configuration.nix

@@ -4,7 +4,7 @@
   boot.loader.grub.enable = false;
   # Enables the generation of /boot/extlinux/extlinux.conf
   boot.loader.generic-extlinux-compatible.enable = true;
-
+   
   # A bunch of boot parameters needed for optimal runtime on RPi 3B
   boot.kernelParams = ["cma=32M" "zfs.zfs_arc_max=12884901888"];
   boot.loader.raspberryPi = {
@@ -13,8 +13,7 @@
     uboot.enable = true;
     firmwareConfig = ''
         hdmi_force_hotplug=1
-      '';
+      '';};
-  };
 
   environment.systemPackages = with pkgs; [
     raspberrypi-tools
@@ -37,13 +36,13 @@
 
   # Set hostname
   networking.hostName = "zion";
-
+   
   # Create coolneng user
   users.users.coolneng = {
     isNormalUser = true;
     home = "/home/coolneng";
-    extraGroups = [ "wheel" "lp" "scanner" ];
+    extraGroups = [ "wheel" "lp" "scanner" "docker" ];
-    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDG7JtfAqcbZV28wkNTfSWSqTOo5buH+dyT0w6SlTqq+KFh5DxREB0yGuM1UfjLpyLQ0XI7UbhCwNG28Li4yv/hwPGq63TF1kl+w4sjQKFn4bOUv1NvsfSN3oTamjfYoVsrapCiXqOvZkzEKMF47MSwOfPkqZ6ihU5V3INA0IZbl1Ri+r9MsIzvY76ZHBiF6rVqQJjdXVDbcLMViOrM56FpyK+ICo+uTkErsEbYFwevVTv9memOh778RRPesBobpZjggWOI4HXXxqk35myInYjHve9K4ox6YZMjwnwnEftONr2HyoBBcBNT+wWd1jtYxCoCWQ3vVkn4LGBDOQ3+HKb4rT3JxI66VfFyQWGJPdgJL5/ZNRlBqA7CpAtE7JaR6l7d3mCCoGW2B0atWiEXecwb8dz4CzzYm1r9Wz27L74OtPzUqcV7mQjCVDcnRsY/MtfhzyWzhB3tujVqnRtF3VrFSrm0YXS1ZWG4dltX1cfgud8s8XwwBKcFw5NdCrVxq3nRMNlGcSqbXC+RnrkK/i6ciAriZdXgFrmnBl+6qEmqIO15u2IPvDhnQs18DzRkHnPQegphhHhHix5aaqNbLfSRZNCTQaqE774X+0kuU/RWylI4muIyf4k9x+et4txeU2OC6l0W0LMpbsELzXIRr/ZBFrGHbE7/KLi8HNiAJ0KmAQ== coolneng@monolith" ];
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8fkFEI0+DnBJvSBSyLdOYweweaD9CUslL6cjZ3VgKh+B+SXBvNG4n3P94eHGS/lX00B66EufWCe/TtYG0mCPlhDIXnxV3TAA+aXlJEAZEwVyTqCuWgrsh0WolNBtdL/ji6ke85eeFxRP0p8WsTKNtjN5EIX+3iF6SkloO53l+hsT3sQkEXjIZ7svzQ/B+qb7+wJ35VD5InJUtiEHq29rydQF7QyBrn8Q2SF/NrtJmftjBFA6QL3STksxyW++LE8hv+2mn1LtRwY9UP8n+YaEp9R+mO3LwImvScQwvk7GbkEEbjaCanvw10h4vIB5uY8fahTkF3lUMk6O/4Poe3ar/myTvYpNEmvuKofqOMZ8uuPxhSWSjQLGvajh2JHoxVSZZwgXdG+1PBpWTO3sarVFU8GKdGHwcI5WIG63+axekyxH2NIt5H0X3HLc71TsYYcoFXeC3a19i2Y5vlsLEpbyqDWzwdE2qQFPCtTdHmUjwEEZb5Xyc9wK39doYZubu19/UoM81K5Zm1dapiAQ5SWTZjehpyd539IBXFph67Xah25QRfFEGk2xjGGNhTVQmIMUHrtkQhHDAZ1qND7XqCaUG/nOpi80MPQ0BaemDfOJyRcy3ExssO2hZ50coAShW2t+0yXNHUy0xbeBBGskQta44AcsKkAnkJL0fwBTTscREQ== coolneng@monolith" ];
     shell = "/run/current-system/sw/bin/fish";
   };
 
@@ -100,6 +99,7 @@
     ./modules/hardware-configuration.nix
     ./modules/webstack.nix
     ./modules/devops.nix
+    ./modules/containers.nix
   ];
 
 }

modules/containers.nix

@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Enable Docker
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "overlay2";
+  };
+
+  # Container setup
+  docker-containers = {
+    pihole = {
+      image = "pihole/pihole:latest";
+      ports = [
+        "53:53/tcp"
+        "53:53/udp"
+        "3080:80"
+        "30443:443"
+      ];
+      volumes = [
+        "/var/lib/pihole/:/etc/pihole/"
+        "/var/lib/dnsmasq/.d:/etc/dnsmasq.d/"
+      ];
+      environment = {
+        ServerIP = "192.168.1.2";
+      };
+      extraDockerOptions = [
+        "--cap-add=NET_ADMIN"
+        "--dns=127.0.0.1"
+        "--dns=1.1.1.1"
+      ];
+      workdir = "/var/lib/pihole/";
+    };
+  };
+
+}

modules/networking.nix

@@ -21,6 +21,7 @@
       enable = true;
       userServices = true;
     };
+    reflector = true;
   };
 
 

modules/webstack.nix

@@ -133,6 +133,6 @@
     };
   };
 
-  # Restart nginx after
+  # Restart reverse proxy after services startup
   systemd.services.nginx.after = [ "gitea.service" "syncthing.service" "miniflux.service" "radicale.service" ];
 }