nixos/pihole-ftl: init

Add a module for pihole-ftl, which allows declaratively defining the
setupVars.conf and pihole-FTL.conf configuration files.

Also provide options for adlists to use, which can be added through the pihole
script (packaged as "pihole"). Other state such as clients and groups require
complex database operations, which is normally performed by the pihole admin
webapp (packaged as "pihole-admin").

Extend the dnsmasq module to avoid duplication, since pihole-ftl is a soft-fork
of dnsmasq which maintains compatibility.

Provide the pihole script in `environment.systemPackages` so pihole-ftl can be
easily administrated.

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -24,6 +24,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).
 
+- [Pi-hole](https://pi-hole.net/), a DNS sinkhole for advertisements based on Dnsmasq. Available as [services.pihole-ftl](#opt-services.pihole-ftl.enable), and [services.pihole-adminlte](#opt-services.pihole-adminlte.enable) for the web GUI.
+
 - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).
 The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares.
 

nixos/modules/module-list.nix

@@ -1052,6 +1052,7 @@
   ./services/networking/pdnsd.nix
   ./services/networking/peroxide.nix
   ./services/networking/picosnitch.nix
+  ./services/networking/pihole-ftl.nix
   ./services/networking/pixiecore.nix
   ./services/networking/pleroma.nix
   ./services/networking/polipo.nix

nixos/modules/services/networking/pihole-ftl.md

@@ -0,0 +1,53 @@
+# pihole-FTL {#module-services-networking-pihole-ftl}
+
+*Upstream documentation*: <https://docs.pi-hole.net/ftldns/>
+
+pihole-FTL is a fork of [Dnsmasq](#module-services-networking-dnsmasq),
+providing some additional features, including an API for analysis and
+statistics.
+
+This module uses the configuration [options of the Dnsmasq
+module](#module-services-networking-dnsmasq).
+Note that pihole-FTL and Dnsmasq cannot be enabled at
+the same time.
+
+## Configuration {#module-services-networking-pihole-configuration}
+
+See the [Dnsmasq
+example](#module-services-networking-dnsmasq-configuration-home) for the
+required Dnsmasq configuration. Make sure to set
+[](#opt-services.dnsmasq.enable) to false and
+[](#opt-services.pihole-ftl.enable) to true instead:
+
+```nix
+{
+  services.pihole-ftl = {
+    enable = true;
+    adlists = [
+      {
+        url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
+        comment = "Steven Black's unified adlist";
+      }
+    ];
+    extraSetupVars = {
+      API_QUERY_LOG_SHOW = "blockedonly";
+    };
+  };
+}
+```
+
+## Administration {#module-services-networking-pihole-ftl-administration}
+
+*pihole command documentation*: <https://docs.pi-hole.net/core/pihole-command>
+
+Enabling pihole-FTL provides the `pihole` command, which can be used to control
+the daemon and the configuration database in `/etc/pihole/`. This includes
+blocking/allowing specific URLs, and adding adlists, e.g. **pihole -a adlist add
+https://example.com/adlist.txt**.
+
+Note that in NixOS the script has been patched to remove the reinstallation,
+update, and Dnsmasq configuration commands. In NixOS, Pi-hole's configuration is
+immutable and must be done with NixOS options.
+
+For more convenient administration and monitoring, see [Pi-hole
+Dashboard](#module-services-web-apps-pihole-web)