I decided to try and set up a pihole instance, using NixOS. Why? Honestly, I’m not sure. I think I was more curious to play with NixOS’s virtualisation.oci-containers options more than anything else. The setup covers every1 device in a headscale tailnet, with the pihole only being accessible through tailscale. This is done by exposing a pihole instance in a docker container’s DNS settings over tailscale, end then configuring headscale to use that IP for DNS.