nixos-haus/hosts/oldbox/dns.nix

{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}: {
  services.pihole-web = {
    enable = true;
    ports = [8085];
  };

  services.pihole-ftl = {
    enable = true;
    #openFirewallDNS = true;
    #openFirewallDHCP = true;
    queryLogDeleter.enable = true;
    lists = [
      {
        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
        # Alternatively, use the file from nixpkgs. Note its contents won't be
        # automatically updated by Pi-hole, as it would with an online URL.
        # url = "file://${pkgs.stevenblack-blocklist}/hosts";
        description = "Steven Black's unified adlist";
      }
      {
        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt";
        description = "Hagezi Ultimate";
      }
      {
        url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt";
        description = "Hazegi NSFW";
      }
    ];
    settings = {
      files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
      dns = {
        domainNeeded = true;
        expandHosts = true;
        interface = "end0";
        listeningMode = "BIND";
        domain = "lan";
        upstreams = ["9.9.9.11"];
        hosts = [
          "*.bigbox.lan 192.168.0.131"
          "bigbox.lan 192.168.0.131"
          "inv.bigbox.lan 192.168.0.131"
          "media.bigbox.lan 192.168.0.131"
          "type.bigbox.lan 192.168.0.131"
          "bookmarks.bigbox.lan 192.168.0.131"
          "bin.bigbox.lan 192.168.0.131"
          "ai.bigbox.lan 192.168.0.131"
          "speed.bigbox.lan 192.168.0.131"
          "syncthing.bigbox.lan 192.168.0.131"
          "kiwix.bigbox.lan 192.168.0.131"
          "torrent.bigbox.lan 192.168.0.131"
          "gitea.bigbox.lan 192.168.0.131"
          "news.bigbox.lan 192.168.0.131"
        ];
      };
      dhcp = {
        active = false;
        router = "192.168.0.1";
        start = "192.168.0.2";
        end = "192.168.0.99";
        netmask = "255.255.255.0";
        leaseTime = "1d";
        #ipv6 = true;
        multiDNS = true;
        rapidCommit = true;
        hosts = [
          # Static address for the current host
          "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite"
          "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite"
          "60:30:d4:6b:89:10,192.168.0.100,puter,infinite"
        ];
      };
      misc.dnsmasq_lines = [
        # This DHCP server is the only one on the network
        #"dhcp-authoritative"
        # Source: https://data.iana.org/root-anchors/root-anchors.xml
        "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"
      ];
    };
  };
}