nixos-config/configurations/host/valkyrie/services/pihole.nix

{ config, pkgs, lib, materusPkgs, ... }:
{
  options.valkyrieService.pihole.enable = materusPkgs.lib.mkBoolOpt false "Enable pihole";
  options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1";};
  options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1";};


  
  config = let 
  cfg = config.valkyrieService.pihole;
  dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" ''
  no-hosts
  '';

  in lib.mkIf config.valkyrieService.pihole.enable {
    systemd.tmpfiles.rules = [
      "d    /var/lib/dnsmasq.d   0776    root    root     -"
      "d    /var/lib/pihole   0776    root    root     -"
      "L+   /var/lib/dnsmasq.d/02-dnsmasq-custom.conf  0776 root root - ${dnsmasqConf}"
    ];

    virtualisation.oci-containers.containers.pihole = {
      image = "pihole/pihole:latest";
      ports =
        [
          "${cfg.dnsIP}:53:53/tcp"
          "${cfg.dnsIP}:53:53/udp"
          "${cfg.webIP}:3000:80"
        ];
      environment = {
        TZ = "Europe/Warsaw";
        FTLCONF_LOCAL_IPV4="127.0.0.1";
        DNSMASQ_USER="root";
        VIRTUAL_HOST="pi.hole";
        PROXY_LOCATION="pi.hole";
      };
      volumes = [
        "/var/lib/pihole/:/etc/pihole/"
        "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
        "/nix/store:/nix/store"
      ];
      extraOptions =
        [
          "--cap-add=NET_ADMIN"
          "--dns=127.0.0.1"
          "--dns=9.9.9.9"
          "--hostname=pi.hole"
        ];
    };

  };


}