GHOSCHT
108baeae60
i previously had to fall back to cloudflare dns which didn't have all custom dns entries from pihole
76 lines
1.8 KiB
Nix
76 lines
1.8 KiB
Nix
{pkgs, ...}: {
|
|
project.name = "dns";
|
|
|
|
networks.dmz = {
|
|
name = "dmz";
|
|
external = true;
|
|
};
|
|
|
|
networks.dns = {
|
|
name = "dns";
|
|
driver = "bridge";
|
|
ipam.config = [
|
|
{
|
|
subnet = "172.28.1.0/24";
|
|
ip_range = "172.28.1.5/30";
|
|
gateway = "172.28.1.1";
|
|
}
|
|
];
|
|
};
|
|
|
|
services = {
|
|
pihole.service = {
|
|
image = "pihole/pihole:2024.03.1";
|
|
container_name = "pihole";
|
|
hostname = "pihole";
|
|
environment = {
|
|
IPv6 = "True";
|
|
TZ = "Europe/Berlin";
|
|
SKIPGRAVITYONBOOT = 1;
|
|
VIRTUAL_HOST = "pihole.ghoscht.com";
|
|
};
|
|
volumes = [
|
|
"/storage/dataset/docker/dns/pihole_data:/etc/pihole"
|
|
"/storage/dataset/docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
|
|
];
|
|
labels = {
|
|
"traefik.enable" = "true";
|
|
"traefik.http.routers.pihole.entrypoints" = "websecure";
|
|
"traefik.http.routers.pihole.rule" = "Host(`pihole.ghoscht.com`)";
|
|
"traefik.http.services.pihole.loadbalancer.server.port" = "80";
|
|
"traefik.docker.network" = "dmz";
|
|
"traefik.http.routers.pihole.tls" = "true";
|
|
"traefik.http.routers.pihole.tls.certresolver" = "letsencrypt";
|
|
};
|
|
restart = "always";
|
|
networks = {
|
|
dmz = {};
|
|
dns = {
|
|
ipv4_address = "172.28.1.6";
|
|
};
|
|
};
|
|
capabilities = {
|
|
NET_ADMIN = true;
|
|
};
|
|
ports = [
|
|
"8420:80"
|
|
"53:53/tcp"
|
|
"53:53/udp"
|
|
];
|
|
};
|
|
unbound.service = {
|
|
image = "mvance/unbound:1.19.3";
|
|
container_name = "unbound";
|
|
useHostStore = true;
|
|
volumes = [
|
|
"/storage/dataset/docker/dns/unbound_data:/opt/unbound/etc/unbound"
|
|
];
|
|
restart = "always";
|
|
networks = {
|
|
dns = {
|
|
ipv4_address = "172.28.1.5";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|