Replacing Pihole with NixOS and NextDNS
I started playing with NixOS a few weeks ago when I set up my Raspberry Pi Kubernetes cluster. For my next project, I wanted to replace my Rasbperry Pi OS based Pihole with something based on NixOS. Pihole does not have a NixOS module available and a friend of mine (thanks William!) told me about NextDNS so I decided to take a look. I loved the easy to use web ui and the simplicity of their Privacy Policy.
Before officially moving away from Pihole I decided to write down what I wanted out of my home network DNS solution.
- Support for ad, tracker and malware blocking
- DNS requests are encrypted before leaving the network
NextDNS supports both of these requirements as long as I continue to run a DNS proxy on my home network. Luckily, NextDNS distributes their own golang based DNS-over-HTTPS (DOH) proxy and luckier yet, it’s already packaged for NixOS. Here’s the NixOS config I’m using to proxy DNS to NextDNS:
{ config, pkgs, ... }:
let
nextdnsConfig = "YOUR_CONFIG_ID";
in {
environment.systemPackages = with pkgs; [ nextdns ];
services.nextdns = {
enable = true;
arguments = [ "-config" nextdnsConfig "-listen" "0.0.0.0:53" ];
};
networking = {
firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
nameservers = [ "45.90.28.239" "45.90.30.239" ];
};
}