{ config, pkgs, lib, materusArg, ... }: { options.valkyrieService.pihole.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pihole"; options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; }; options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; }; config = let cfg = config.valkyrieService.pihole; dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" '' no-hosts ''; in lib.mkIf config.valkyrieService.pihole.enable { systemd.tmpfiles.rules = [ "d /var/lib/dnsmasq.d 0776 root root -" "d /var/lib/pihole 0776 root root -" "L+ /var/lib/dnsmasq.d/02-dnsmasq-custom.conf 0776 root root - ${dnsmasqConf}" ]; virtualisation.oci-containers.containers.pihole = { image = "pihole/pihole:latest"; ports = [ "${cfg.dnsIP}:53:53/tcp" "${cfg.dnsIP}:53:53/udp" "${cfg.webIP}:3000:80" ]; environment = { TZ = "Europe/Warsaw"; FTLCONF_LOCAL_IPV4 = "127.0.0.1"; DNSMASQ_USER = "root"; VIRTUAL_HOST = "pi.hole"; PROXY_LOCATION = "pi.hole"; }; volumes = [ "/var/lib/pihole/:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" "/nix/store:/nix/store" ]; extraOptions = [ "--cap-add=NET_ADMIN" "--dns=127.0.0.1" "--dns=9.9.9.9" "--hostname=pi.hole" ]; }; }; }