First off, we need port 5353 because that's where mDNS does its thing.
It's like DNS and port 53, but doubled, right?
Next, we have to enable MulticastDNS for the network in question,
specifically the "wan" interface.
Finally, we add avahi which ... does... stuff.
At this point I have a working system that hands out container IPv6
addresses that I can, at least, _ping_ from outside the LAN. I can't yet
get HTTP traffic.
I'm not sure if the defaultNetwork subnet changes are necessary, I was trying
lots of stuff. There are some whitespace changes as well, don't get
distracted by them.
Most critically the --network=bridge is and the dns_enabled=false avoid
starting the aardvark-dns thing that podman does for internal dns on
port 53 and make it so the container gets the IPv6 address for listening
to incoming requests.
I want pihole to bind all available addresses itself, without listing
them, so I need all the port 53s to be free on all addresses. This will
also mean that the server itself will go through pihole.
It cost about 2 hours to figure this out from reading the networkd.nix
definition. It doesn't actually do what I need it to do, however,
because I misunderstood what I need. Still though, I want to save it
since it was so hard-earned.
Turns out the other method, the default method, is a series of bash
scripts (?). That's according to online documentation. By switching to
using networkd I can get proper declarative network configuration. With
this config I'm getting an IPv6 address from my router that is globally
routable, and another address that is static that I can let the router
configure for users of the local network to reach the pihole for IPv6.
I've manually redacted the api key until I can figure out a solution
that I like for keeping the key out of the configuration itself.
This depends a great deal on setting up the source code in the right
place and the right way. Specifically cloning the repository to
/opt/src/scan-uploader, creating a virtual environment at
/opt/src/scan-uploader/ve and installing the package with `pip install
-e .` such that the `scan-uploader` entrypoint is properly created.
There's various things I did wrong in the first setup, but that's okay
since I was just copying from the wiki to understand how to get things
started. I could never get smbclient to connect to any of these shares
for any users.
Rather, I'm using this minimalist configuration from the samba project
itself, and I can connect to it, so long as the directory is created and
belongs to the correct group. Which it does now.
Hat tip to https://discourse.nixos.org/t/nixos-configuration-for-samba/17079
for the guidance.
Within my home networks home.arpa resolves to DNS for the home domain.
From there the pihole service will provide DNS for all the connected
clients and custom service names.
Includes a few basics like my user, docker, network management, my suit
of CLI tools, and my attempts to get unifi-controller working.
That was essentially a failure, so unifi is mostly disabled.
Eli Ribble