Home Explore Blog CI



nixpkgs
2nd chunk of `nixos/modules/services/networking/pihole-ftl.md`
93c08156273661c4d99774f95b12d646e17c4775b68488450000000100000ca2
        domainNeeded = true;
        expandHosts = true;
        interface = "br-lan";
        listeningMode = "BIND";
        upstreams = [ "127.0.0.1#5053" ];
      };
      dhcp = {
        active = true;
        router = "192.168.10.1";
        start = "192.168.10.2";
        end = "192.168.10.254";
        leaseTime = "1d";
        ipv6 = true;
        multiDNS = true;
        hosts = [
          # Static address for the current host
          "aa:bb:cc:dd:ee:ff,192.168.10.1,${config.networking.hostName},infinite"
        ];
        rapidCommit = true;
      };
      misc.dnsmasq_lines = [
        # This DHCP server is the only one on the network
        "dhcp-authoritative"
        # Source: https://data.iana.org/root-anchors/root-anchors.xml
        "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"
      ];
    };
  };
}
```

### Inheriting configuration from Dnsmasq {#module-services-networking-pihole-ftl-configuration-inherit-dnsmasq}

If [{option}`services.pihole-ftl.useDnsmasqConfig`](options.html#opt-services.pihole-ftl.useDnsmasqConfig) is enabled, the configuration [options of the Dnsmasq
module](index.html#module-services-networking-dnsmasq) will be automatically
used by pihole-FTL. Note that this may cause duplicate option errors
depending on pihole-FTL settings.

See the [Dnsmasq
example](index.html#module-services-networking-dnsmasq-configuration-home) for
an exemplar Dnsmasq configuration. Make sure to set
[{option}`services.dnsmasq.enable`](options.html#opt-services.dnsmasq.enable) to false and
[{option}`services.pihole-ftl.enable`](options.html#opt-services.pihole-ftl.enable) to true instead:

```nix
{
  services.pihole-ftl = {
    enable = true;
    useDnsmasqConfig = true;
  };
}
```

### Serving on multiple interfaces {#module-services-networking-pihole-ftl-configuration-multiple-interfaces}

Pi-hole's configuration only supports specifying a single interface. If you want
to configure additional interfaces with different configuration, use
`misc.dnsmasq_lines` to append extra Dnsmasq options.

```nix
{
  services.pihole-ftl = {
    settings.misc.dnsmasq_lines = [
        # Specify the secondary interface
        "interface=enp1s0"
        # A different device is the router on this network, e.g. the one
        # provided by your ISP
        "dhcp-option=enp1s0,option:router,192.168.0.1"
        # Specify the IPv4 ranges to allocate, with a 1-day lease time
        "dhcp-range=enp1s0,192.168.0.10,192.168.0.253,1d"
        # Enable IPv6
        "dhcp-range=::f,::ff,constructor:enp1s0,ra-names,ra-stateless"
      ];
    };
  };
}
```

## Administration {#module-services-networking-pihole-ftl-administration}

*pihole command documentation*: <https://docs.pi-hole.net/main/pihole-command>

Enabling pihole-FTL provides the `pihole` command, which can be used to control
the daemon and some configuration.

Note that in NixOS the script has been patched to remove the reinstallation,
update, and Dnsmasq configuration commands. In NixOS, Pi-hole's configuration is
immutable and must be done with NixOS options.

For more convenient administration and monitoring, see [Pi-hole
Dashboard](#module-services-web-apps-pihole-web)
Title: pihole-FTL: Inheriting Dnsmasq Configuration, Multiple Interfaces, and Administration
Summary
This section details how pihole-FTL can inherit configuration options from Dnsmasq and serve on multiple interfaces by appending extra Dnsmasq options. It also describes the `pihole` command provided for controlling the daemon, while noting that some functionalities like reinstallation and Dnsmasq configuration are disabled in NixOS due to its immutable configuration approach. The section also references the Pi-hole Dashboard for convenient administration.