Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Pihole Install

System Setup

# If on a recent ubuntu-server release on a rasp pi:
sudo apt update
sudo apt install linux-modules-extra-raspi
# reboot

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Container Time

Pull up https://github.com/pi-hole/docker-pi-hole#environment-variables so you can configure things here in a moment.

# Place the other files in this gist into `/opt/pihole`
cd /opt/pihole
# Replace the CHANGEME items in compose.yml. You probably want to set up Cloudflare Zero Trust to grab the TUNNEL_DNS_UPSTREAM.
# You should also change the 192.168.8.x subnet with the one your server/pi is running on. Make sure to set the macvlan ip (192.168.8.4 in this example) to something outside of your dhcp range.
docker compose up -d
docker compose logs -f
# Your pihole should be up and sending dns request through DoH to cloudflare!
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
environment:
TZ: CHANGEME
WEBPASSWORD: 'CHANGEME'
FTLCONF_REPLY_ADDR4: 192.168.8.4
PIHOLE_DNS_: 127.0.0.1#5053
DNSSEC: "true"
REV_SERVER: "true"
REV_SERVER_TARGET: 192.168.8.1
REV_SERVER_DOMAIN: localdomain
REV_SERVER_CIDR: 192.168.8.0/24
volumes:
- 'pihole:/etc/pihole/'
- 'dnsmasq:/etc/dnsmasq.d/'
dns:
- 127.0.0.1
- 1.1.1.1
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
restart: always
networks:
macvlan:
ipv4_address: 192.168.8.4
proxy-dns:
build:
context: .
dockerfile: Dockerfile.cloudflared
command: proxy-dns --port=5053
environment:
TUNNEL_DNS_UPSTREAM: CHANGEME
restart: always
network_mode: "container:pihole"
volumes:
pihole:
dnsmasq:
networks:
macvlan:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.8.0/24
FROM ubuntu:jammy
LABEL maintainer="Ryan Schlesinger <ryan@ryanschlesinger.com>"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND=noninteractive
RUN set -eux; \
\
apt-get update -y; \
apt-get install -y \
ca-certificates \
wget \
; \
apt-get clean; \
rm -f /var/lib/apt/lists/*_*
RUN set -eux; \
\
wget -O /tmp/cloudflared-linux-arm64 https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64; \
mv /tmp/cloudflared-linux-arm64 /usr/local/bin/cloudflared; \
chmod +x /usr/local/bin/cloudflared; \
cloudflared -v
ENTRYPOINT ["cloudflared", "--no-autoupdate"]
CMD ["version"]
[Unit]
Description=pihole
Requires=docker.service multi-user.target
After=docker.service network-online.target dhcpd.service
[Service]
TimeoutStartSec=0
TimeoutStopSec=30
Restart=always
RestartSec=10
WorkingDirectory=/opt/pihole
ExecStartPre=-/usr/bin/docker compose kill
ExecStartPre=-/usr/bin/docker compose rm -f
ExecStartPre=/sbin/ip link add shim link eth0 type macvlan mode bridge
ExecStartPre=/sbin/ip addr add 192.168.8.20/24 dev shim
ExecStartPre=/sbin/ip link set shim up
ExecStartPre=/sbin/ip route add 192.168.8.4/32 dev shim
ExecStopPost=/sbin/ip link del shim link eth0 type macvlan mode bridge
ExecStart=/usr/bin/docker compose up --force-recreate
ExecStop=/usr/bin/docker compose stop
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment