pihole in a container with podman on fedora

podman-pihole.sh

#!/usr/bin/env bash
# Fedora 35 VM using libvirt on Fedora 36 workstation
# Clean OS install with with user account 'admin' created with administrator privileges

# turning off firewalld for testing purposes
# refer to firewall-cmd documentation to configure firewall ports on container host
sudo systemctl stop firewalld

sudo dnf install -y podman-compose
mkdir -p /home/admin/pihole/etc-pihole
mkdir -p /home/admin/pihole/etc-dmsmasq

# allow binding to port 53 (below 1024)
echo 'net.ipv4.ip_unprivileged_port_start=53' | sudo tee -a /etc/sysctl.d/pihole.conf
sudo sysctl -p /etc/sysctl.d/pihole.conf

# disable dns stub listener
sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved

# create compose file with the following contents:
cat >pihole-compose.yml <<EOL
version: '3'

services:
  pihole:
    image: docker.io/pihole/pihole:latest
    container_name: pihole
    restart: unless-stopped
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "8082:80/tcp"
    volumes:
      - /home/admin/pihole/etc-pihole:/etc/pihole:z
      - /home/admin/pihole/etc-dnsmasq:/etc/dnsmasq.d:z
    environment:
      - TZ
      - WEBPASSWD
      - PIHOLE_DNS_=9.9.9.9;149.112.112.112
      - DHCP_ACTIVE=true
      - DHCP_START=192.168.1.2
      - DHCP_END=192.168.1.200
      - DHCP_ROUTER=192.168.1.1
      - DHCP_rapid_commit=true
    cap_add:
      - NET_ADMIN
      - NET_RAW
EOL

# start via compose
podman-compose -f pihole-compose.yml up -d