31 lines
839 B
Nix
31 lines
839 B
Nix
{ config, ... }:
|
|
let port = "9123";
|
|
host = "pihole.${config.domainName}";
|
|
in {
|
|
services.pihole-ftl = {
|
|
enable = false;
|
|
openFirewallDNS = true;
|
|
lists = [ {
|
|
url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt";
|
|
type = "block";
|
|
enabled = true;
|
|
description = "hagezi blocklist";
|
|
} ];
|
|
settings.dns.upstreams = [ "9.9.9.9" "1.1.1.1" ];
|
|
};
|
|
services.pihole-web = {
|
|
enable = config.services.pihole-ftl.enable;
|
|
ports = [ "${port}s" ];
|
|
hostName = host;
|
|
};
|
|
|
|
security.acme.certs."${config.domainName}".extraDomainNames = [ host ];
|
|
services.nginx.virtualHosts.${host} = {
|
|
# TODO get secrets from sops
|
|
basicAuth.admin = "";
|
|
useACMEHost = config.domainName;
|
|
addSSL = true;
|
|
locations."/".proxyPass = "https://localhost:${port}";
|
|
};
|
|
}
|