.dotfiles/nixos/docker/pihole/default.nix

{ pkgs, lib, config, ... }: let
	cfg = config.r5e.containers.pihole;
in with lib; {
	options.r5e.containers.pihole = {
		enable = mkEnableOption "Pi-hole";
		openFirewall = mkOption {
			type = types.bool;
			default = false;
		};
		listenPortHTTP = mkOption {
			type = types.int;
			default = 80;
		};
		listenPortHTTPS = mkOption {
			type = types.int;
			default = 443;
		};
		api-password = mkOption {
			type = types.str;
			default = "";
		};

		dhcp = {
			enable = mkEnableOption "the Pi-hole DHCP server";
		};
	};

	config = mkIf cfg.enable (mkMerge [
		(import ./docker-compose.nix { inherit pkgs lib; })
		{
			virtualisation.oci-containers.containers.pihole = {
				environment = {
					TZ = config.time.timeZone;
					FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password;
				};
				ports = [
					(builtins.toString cfg.listenPortHTTP + ":80/tcp")
					(builtins.toString cfg.listenPortHTTPS + ":443/tcp")
				] ++ (optional cfg.dhcp.enable "67:67/udp");
			};

			networking.firewall = mkIf cfg.openFirewall {
				allowedTCPPorts = [ 53 cfg.listenPortHTTP cfg.listenPortHTTPS ];
				allowedUDPPorts = [ 53 ] ++ (optional cfg.dhcp.enable 67);
			};
		}
	]);
}
~ 2025-03-07 21:13:38 -05:00			`{ pkgs, lib, config, ... }: let`
			`cfg = config.r5e.containers.pihole;`
			`in with lib; {`
			`options.r5e.containers.pihole = {`
~ 2025-03-08 22:11:17 -05:00			`enable = mkEnableOption "Pi-hole";`
~ 2025-03-07 21:21:47 -05:00			`openFirewall = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`
~ 2025-03-07 22:21:40 -05:00			`listenPortHTTP = mkOption {`
			`type = types.int;`
			`default = 80;`
			`};`
			`listenPortHTTPS = mkOption {`
			`type = types.int;`
			`default = 443;`
			`};`
~ 2025-03-07 21:13:38 -05:00			`api-password = mkOption {`
~ 2025-03-07 21:21:47 -05:00			`type = types.str;`
~ 2025-03-07 21:13:38 -05:00			`default = "";`
			`};`
~ 2025-03-08 22:11:17 -05:00
			`dhcp = {`
			`enable = mkEnableOption "the Pi-hole DHCP server";`
			`};`
~ 2025-03-07 21:13:38 -05:00			`};`

~ 2025-03-07 21:21:47 -05:00			`config = mkIf cfg.enable (mkMerge [`
~ 2025-03-07 21:13:38 -05:00			`(import ./docker-compose.nix { inherit pkgs lib; })`
			`{`
			`virtualisation.oci-containers.containers.pihole = {`
			`environment = {`
			`TZ = config.time.timeZone;`
~ 2025-03-07 21:21:47 -05:00			`FTLCONF_webserver_api_password = mkIf (cfg.api-password != "") cfg.api-password;`
~ 2025-03-07 21:13:38 -05:00			`};`
~ 2025-03-07 22:21:40 -05:00			`ports = [`
~ 2025-03-07 22:59:33 -05:00			`(builtins.toString cfg.listenPortHTTP + ":80/tcp")`
			`(builtins.toString cfg.listenPortHTTPS + ":443/tcp")`
~ 2025-03-08 22:11:17 -05:00			`] ++ (optional cfg.dhcp.enable "67:67/udp");`
~ 2025-03-07 21:13:38 -05:00			`};`
~ 2025-03-07 21:21:47 -05:00
			`networking.firewall = mkIf cfg.openFirewall {`
~ 2025-03-07 22:21:40 -05:00			`allowedTCPPorts = [ 53 cfg.listenPortHTTP cfg.listenPortHTTPS ];`
~ 2025-03-08 22:11:17 -05:00			`allowedUDPPorts = [ 53 ] ++ (optional cfg.dhcp.enable 67);`
~ 2025-03-07 21:21:47 -05:00			`};`
~ 2025-03-07 21:13:38 -05:00			`}`
~ 2025-03-07 21:21:47 -05:00			`]);`
~ 2025-03-07 21:13:38 -05:00			`}`