From 10576d7c0a63c0b141553a1fafc7a8080e902dfb Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 26 May 2025 22:05:55 +0200 Subject: [PATCH] Delete Pihole --- README.md | 1 - deployments.nix | 5 -- globals.nix | 2 - modules/bootstrap-default.nix | 2 - modules/default.nix | 1 - modules/pihole.nix | 117 ---------------------------------- secrets.yml | 2 - 7 files changed, 130 deletions(-) delete mode 100644 modules/pihole.nix diff --git a/README.md b/README.md index cbf1cd4..e4bcd63 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,6 @@ Legend: | ✅ | `inbucket/inbucket` | | | ✅ | `lscr.io/linuxserver/syncthing` | | | ✅ | `codeberg.org/forgejo/forgejo` | | -| ✅ | `pihole/pihole` | | | ✅ | `ghcr.io/immich-app/immich-server` | | | ✅ | `ghcr.io/immich-app/immich-machine-learning` | | | ✅ | `docker.io/redis:6.2-alpine` | Database for Immich | diff --git a/deployments.nix b/deployments.nix index 6469c14..3a9c4f3 100644 --- a/deployments.nix +++ b/deployments.nix @@ -69,11 +69,6 @@ namespace = "syncthing"; }; - pihole = { - module.pihole.enable = true; - namespace = "dns"; - }; - immich = { module.immich.enable = true; namespace = "immich"; diff --git a/globals.nix b/globals.nix index 38146d1..89a2b74 100644 --- a/globals.nix +++ b/globals.nix @@ -11,7 +11,6 @@ _: { inbucket = "inbucket/inbucket:edge"; syncthing = "lscr.io/linuxserver/syncthing:1.29.6"; forgejo = "codeberg.org/forgejo/forgejo:11.0.1"; - pihole = "pihole/pihole:2025.02.1"; immich = "ghcr.io/immich-app/immich-server:v1.132.1"; immich-machine-learning = "ghcr.io/immich-app/immich-machine-learning:v1.132.1"; immich-redis = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1"; @@ -42,7 +41,6 @@ _: { traefikIPv4 = "192.168.30.128"; kmsIPv4 = "192.168.30.129"; inbucketIPv4 = "192.168.30.130"; - piholeIPv4 = "192.168.30.131"; gitIPv4 = "192.168.30.132"; delugeIPv4 = "192.168.30.133"; bind9IPv4 = "192.168.30.134"; diff --git a/modules/bootstrap-default.nix b/modules/bootstrap-default.nix index 1c9a716..0a3dd90 100644 --- a/modules/bootstrap-default.nix +++ b/modules/bootstrap-default.nix @@ -88,8 +88,6 @@ lab = { longhorn.persistentVolume = { kitchenowl.storage = "100Mi"; - pihole-data.storage = "750Mi"; - pihole-dnsmasq.storage = "16Mi"; immich.storage = "50Gi"; immich-db.storage = "5Gi"; attic.storage = "15Gi"; diff --git a/modules/default.nix b/modules/default.nix index f730e1c..d5b64f8 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -20,7 +20,6 @@ ./forgejo ./paperless.nix ./syncthing.nix - ./pihole.nix ./immich.nix ./attic.nix ./bind9 diff --git a/modules/pihole.nix b/modules/pihole.nix deleted file mode 100644 index c437325..0000000 --- a/modules/pihole.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ - globals, - config, - lib, - ... -}: { - options.pihole.enable = lib.mkEnableOption "pihole"; - - config = lib.mkIf config.pihole.enable { - kubernetes.resources = { - secrets.pihole.stringData.webPassword = "ref+sops://secrets.yml#/pihole/password"; - - deployments.pihole.spec = { - selector.matchLabels.app = "pihole"; - - strategy = { - type = "RollingUpdate"; - - rollingUpdate = { - maxSurge = 0; - maxUnavailable = 1; - }; - }; - - template = { - metadata.labels.app = "pihole"; - - spec = { - containers.pihole = { - image = globals.images.pihole; - - env = { - TZ.value = "Europe/Amsterdam"; - PIHOLE_DNS_.value = "192.168.30.1"; - - WEBPASSWORD.valueFrom.secretKeyRef = { - name = "pihole"; - key = "webPassword"; - }; - }; - - ports = { - web.containerPort = 80; - - dns = { - containerPort = 53; - protocol = "UDP"; - }; - }; - - volumeMounts = [ - { - name = "data"; - mountPath = "/etc/pihole"; - } - { - name = "dnsmasq"; - mountPath = "/etc/dnsmasq.d"; - } - ]; - }; - - volumes = { - data.persistentVolumeClaim.claimName = "pihole-data"; - dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq"; - }; - - securityContext = { - fsGroup = 1000; - fsGroupChangePolicy = "OnRootMismatch"; - }; - }; - }; - }; - - services = { - pihole.spec = { - type = "LoadBalancer"; - loadBalancerIP = globals.piholeIPv4; - selector.app = "pihole"; - - ports = { - dns = { - protocol = "UDP"; - port = 53; - targetPort = "dns"; - }; - - web = { - port = 80; - targetPort = "web"; - }; - }; - }; - }; - }; - - lab = { - longhorn.persistentVolumeClaim = { - pihole-data = { - volumeName = "pihole-data"; - storage = "750Mi"; - }; - - pihole-dnsmasq = { - volumeName = "pihole-dnsmasq"; - storage = "16Mi"; - }; - }; - - tailscaleIngresses.tailscale-pihole = { - host = "pihole"; - service.name = "pihole"; - }; - }; - }; -} diff --git a/secrets.yml b/secrets.yml index 8d8e5c1..2555978 100644 --- a/secrets.yml +++ b/secrets.yml @@ -1,8 +1,6 @@ freshrss: password: ENC[AES256_GCM,data:ECDPrW+VgO8PY9p2fLIreRETNiRL5ZGnu/PMC7aNj8KaWfyNYL+l3w==,iv:srR/r1EtOpC/CKKrCDKcTLVdMFPAYIJIB1CCg8mS0UU=,tag:YN4PqR5uvPkVskpJWD+91g==,type:str] oidc_crypto_key: ENC[AES256_GCM,data:dFQKZtFVd5l8W2go6WcK76o7O7hpQWnQKXCGTf9EhSVURvWigv6zzBULie7Y4lkJCsItG8oKmIiCYSy3MhFnU3DJTUJcenm4I7NHyINjvzHOBgUVPXbYQjQhouJwOlPkdqlSKv1f38ItZKNPJebMObZj+kACKbjdik6e6yM40RM=,iv:g6Ygval2qTQwKnrliI+n/r9OxJFePT9MKYyBLU6b3UQ=,tag:kWXTbm2JIR5aL/s4OX2Tqg==,type:str] -pihole: - password: ENC[AES256_GCM,data:MA60825Tl6aYEFVoPgo8k5Vjb9zmIxtPLJriQV1B3P1bOKu1KK7vxQ==,iv:RGZHox8CbJiEEEjMo2k/tNbtjCPy/QY7vOuMN/YNZcg=,tag:yphrq03IKpXM/tSDBLeSgA==,type:str] hedgedoc: databaseURL: ENC[AES256_GCM,data:6+IV4TaClIGE1XVkUf7JwXzqx3EvWiIKFx9X5x7QKvQKC7bIieD1ADVeAMQmiQfibnH/YV5TgjNY8Ft+3eX881c3yD+2j7mM+O1fX6taK/BCokDnqhIwTN2qxHsu+mrPcM/Pgg5Zqy8HvUgX8jM=,iv:bCwuNk5CVgK2T5IgLebcKwxwloi6FkWMWhnxwJek1GM=,tag:UDQ0KmRDVlDh35Fjm6eaAA==,type:str] sessionSecret: ENC[AES256_GCM,data:7FdRjAShjjue1fFwizCgK+94mkbT4ohAPxdyn/8Z8/f2nvGWPZHO/hGexOixbRGLPewJSaMunTMeJL+IzFlGlg==,iv:iz7640b8Mlb6mNps20b+TbphWDEFUbKwKNUXc0kR5NY=,tag:fdEr1tbes1h8VCA/q+0sOw==,type:str]