initial commit

configuration/pihole.nix

@@ -0,0 +1,30 @@
+{ config, ... }:
+let port = "9123";
+host = "pihole.${config.domainName}";
+in {
+  services.pihole-ftl = {
+    enable = false;
+    openFirewallDNS = true;
+    lists = [ {
+      url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt";
+      type = "block";
+      enabled = true;
+      description = "hagezi blocklist";
+    } ];
+    settings.dns.upstreams = [ "9.9.9.9" "1.1.1.1" ];
+  };
+  services.pihole-web = {
+    enable = config.services.pihole-ftl.enable;
+    ports = [ "${port}s" ];
+    hostName = host;
+  };
+
+  security.acme.certs."${config.domainName}".extraDomainNames = [ host ];
+  services.nginx.virtualHosts.${host} = {
+    # TODO get secrets from sops
+    basicAuth.admin = "";
+    useACMEHost = config.domainName;
+    addSSL = true;
+    locations."/".proxyPass = "https://localhost:${port}";
+  };
+}