Pihole Install

README.md

System Setup

# If on a recent ubuntu-server release on a rasp pi:
sudo apt update
sudo apt install linux-modules-extra-raspi
# reboot

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Container Time

Pull up https://github.com/pi-hole/docker-pi-hole#environment-variables so you can configure things here in a moment.

# Place the other files in this gist into `/opt/pihole`
cd /opt/pihole
# Replace the CHANGEME items in compose.yml. You probably want to set up Cloudflare Zero Trust to grab the TUNNEL_DNS_UPSTREAM.
# You should also change the 192.168.8.x subnet with the one your server/pi is running on. Make sure to set the macvlan ip (192.168.8.4 in this example) to something outside of your dhcp range.
docker compose up -d
docker compose logs -f
# Your pihole should be up and sending dns request through DoH to cloudflare!

compose.yml

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    environment:
      TZ: CHANGEME
      WEBPASSWORD: 'CHANGEME'
      FTLCONF_REPLY_ADDR4: 192.168.8.4
      PIHOLE_DNS_: 127.0.0.1#5053
      DNSSEC: "true"
      REV_SERVER: "true"
      REV_SERVER_TARGET: 192.168.8.1
      REV_SERVER_DOMAIN: localdomain
      REV_SERVER_CIDR: 192.168.8.0/24
    volumes:
      - 'pihole:/etc/pihole/'
      - 'dnsmasq:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 1.1.1.1
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: always
    networks:
      macvlan:
        ipv4_address: 192.168.8.4

  proxy-dns:
    build:
      context: .
      dockerfile: Dockerfile.cloudflared
    command: proxy-dns --port=5053
    environment:
      TUNNEL_DNS_UPSTREAM: CHANGEME
    restart: always
    network_mode: "container:pihole"

volumes:
  pihole:
  dnsmasq:

networks:
  macvlan:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.8.0/24

Dockerfile.cloudflared

FROM ubuntu:jammy
LABEL maintainer="Ryan Schlesinger <[email protected]>"

SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND=noninteractive

RUN set -eux; \
      \
      apt-get update -y; \
      apt-get install -y \
        ca-certificates \
        wget \
      ; \
      apt-get clean; \
      rm -f /var/lib/apt/lists/*_*

RUN set -eux; \
      \
      wget -O /tmp/cloudflared-linux-arm64 https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64; \
      mv /tmp/cloudflared-linux-arm64 /usr/local/bin/cloudflared; \
      chmod +x /usr/local/bin/cloudflared; \
      cloudflared -v

ENTRYPOINT ["cloudflared", "--no-autoupdate"]
CMD ["version"]

pihole.service

[Unit]
Description=pihole
Requires=docker.service multi-user.target
After=docker.service network-online.target dhcpd.service

[Service]
TimeoutStartSec=0
TimeoutStopSec=30
Restart=always
RestartSec=10

WorkingDirectory=/opt/pihole

ExecStartPre=-/usr/bin/docker compose kill
ExecStartPre=-/usr/bin/docker compose rm -f

ExecStartPre=/sbin/ip link add shim link eth0 type macvlan mode bridge
ExecStartPre=/sbin/ip addr add 192.168.8.20/24 dev shim
ExecStartPre=/sbin/ip link set shim up
ExecStartPre=/sbin/ip route add 192.168.8.4/32 dev shim

ExecStopPost=/sbin/ip link del shim link eth0 type macvlan mode bridge

ExecStart=/usr/bin/docker compose up --force-recreate

ExecStop=/usr/bin/docker compose stop

[Install]
WantedBy=multi-user.target