Integrated box host

2025-10-02 13:56:28 +03:00
parent 82a4fa9169
commit db42fd7021
13 changed files with 394 additions and 5 deletions
--- a/hosts/box/dns.nix
+++ b/hosts/box/dns.nix
@@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  services.pihole-web = {
+    enable = true;
+    ports = [8085];
+  };
+
+  services.pihole-ftl = {
+    enable = true;
+    #openFirewallDNS = true;
+    #openFirewallDHCP = true;
+    queryLogDeleter.enable = true;
+    lists = [
+      {
+        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
+        # Alternatively, use the file from nixpkgs. Note its contents won't be
+        # automatically updated by Pi-hole, as it would with an online URL.
+        # url = "file://${pkgs.stevenblack-blocklist}/hosts";
+        description = "Steven Black's unified adlist";
+      }
+      {
+        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt";
+        description = "Hagezi Ultimate";
+      }
+      {
+        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt";
+        description = "Hazegi NSFW";
+      }
+    ];
+    settings = {
+      files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
+      dns = {
+        domainNeeded = true;
+        expandHosts = true;
+        interface = "end0";
+        listeningMode = "BIND";
+        domain = "lan";
+        upstreams = ["9.9.9.11"];
+        hosts = [
+          "*.bigbox.lan 192.168.0.131"
+          "bigbox.lan 192.168.0.131"
+          "inv.bigbox.lan 192.168.0.131"
+          "media.bigbox.lan 192.168.0.131"
+          "type.bigbox.lan 192.168.0.131"
+          "bookmarks.bigbox.lan 192.168.0.131"
+          "bin.bigbox.lan 192.168.0.131"
+          "ai.bigbox.lan 192.168.0.131"
+          "speed.bigbox.lan 192.168.0.131"
+          "syncthing.bigbox.lan 192.168.0.131"
+          "kiwix.bigbox.lan 192.168.0.131"
+          "torrent.bigbox.lan 192.168.0.131"
+          "gitea.bigbox.lan 192.168.0.131"
+          "news.bigbox.lan 192.168.0.131"
+        ];
+      };
+      dhcp = {
+        active = false;
+        router = "192.168.0.1";
+        start = "192.168.0.2";
+        end = "192.168.0.99";
+        netmask = "255.255.255.0";
+        leaseTime = "1d";
+        #ipv6 = true;
+        multiDNS = true;
+        rapidCommit = true;
+        hosts = [
+          # Static address for the current host
+          "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite"
+          "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite"
+          "60:30:d4:6b:89:10,192.168.0.100,puter,infinite"
+        ];
+      };
+      misc.dnsmasq_lines = [
+        # This DHCP server is the only one on the network
+        #"dhcp-authoritative"
+        # Source: https://data.iana.org/root-anchors/root-anchors.xml
+        "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"
+      ];
+    };
+  };
+}