From 5c840bc5cd3bcc9f6f009150653c45124b2be14e Mon Sep 17 00:00:00 2001 From: Daniel Mann Date: Thu, 19 Mar 2026 16:21:54 +0100 Subject: [PATCH] pihole: add Pi-hole + Unbound stack --- .env.example | 5 +-- Makefile | 15 +++++-- services/pihole/config/dnsmasq.d/local.conf | 5 +++ services/pihole/docker-compose.yaml | 46 +++++++++++++++++++++ 4 files changed, 64 insertions(+), 7 deletions(-) create mode 100644 services/pihole/config/dnsmasq.d/local.conf create mode 100644 services/pihole/docker-compose.yaml diff --git a/.env.example b/.env.example index eacb4c7..ff59577 100644 --- a/.env.example +++ b/.env.example @@ -9,6 +9,5 @@ CF_DNS_API_TOKEN= # Cloudflare Tunnel Token (Zero Trust → Networks → Tunnels → Tunnel erstellen) CLOUDFLARE_TUNNEL_TOKEN= -# Traefik Dashboard Basic Auth -# Generieren: echo $(htpasswd -nb admin PASSWORT) | sed -e 's/\$/\$\$/g' -TRAEFIK_DASHBOARD_USER=admin:$$apr1$$... +# Pi-hole Admin Passwort +PIHOLE_PASSWORD= diff --git a/Makefile b/Makefile index e071739..71fa100 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ define compose docker compose --env-file $(ENV_FILE) -f $(ROOT_DIR)/services/$(1)/docker-compose.yaml endef -.PHONY: setup traefik-up traefik-down gitea-up gitea-down cloudflared-up cloudflared-down all-up all-down +.PHONY: setup traefik-up traefik-down gitea-up gitea-down cloudflared-up cloudflared-down pihole-up pihole-down all-up all-down ## Einmalige Einrichtung (nach erstem `cp .env.example .env`) setup: @@ -45,8 +45,15 @@ cloudflared-up: cloudflared-down: $(call compose,cloudflared) down -## Alle Services starten (Reihenfolge: Traefik → cloudflared → Gitea) -all-up: traefik-up cloudflared-up gitea-up +## Pi-hole + Unbound +pihole-up: + $(call compose,pihole) up -d + +pihole-down: + $(call compose,pihole) down + +## Alle Services starten (Reihenfolge: Traefik → cloudflared → Gitea → Pi-hole) +all-up: traefik-up cloudflared-up gitea-up pihole-up ## Alle Services stoppen -all-down: gitea-down cloudflared-down traefik-down +all-down: pihole-down gitea-down cloudflared-down traefik-down diff --git a/services/pihole/config/dnsmasq.d/local.conf b/services/pihole/config/dnsmasq.d/local.conf new file mode 100644 index 0000000..dc1f45a --- /dev/null +++ b/services/pihole/config/dnsmasq.d/local.conf @@ -0,0 +1,5 @@ +# Lokale Domain nicht upstream weiterleiten +local=/home.dnlm.de/ + +# Wildcard: *.dama.casa → dell01 (Traefik), umgeht Cloudflare lokal +address=/.dama.casa/192.168.188.211 diff --git a/services/pihole/docker-compose.yaml b/services/pihole/docker-compose.yaml new file mode 100644 index 0000000..09452a6 --- /dev/null +++ b/services/pihole/docker-compose.yaml @@ -0,0 +1,46 @@ +services: + unbound: + image: mvance/unbound:latest + container_name: unbound + restart: unless-stopped + networks: + - dns + + pihole: + image: pihole/pihole:latest + container_name: pihole + restart: unless-stopped + depends_on: + - unbound + ports: + - "192.168.188.211:53:53/tcp" + - "192.168.188.211:53:53/udp" + environment: + TZ: Europe/Berlin + WEBPASSWORD: ${PIHOLE_PASSWORD} + FTLCONF_LOCAL_IPV4: "192.168.188.211" + FTLCONF_dns_upstreams: "unbound#53" + FTLCONF_dns_hosts: >- + 192.168.188.130 home.dnlm.de, + 192.168.188.130 dm-nas02.fritz.box, + 192.168.188.118 octopi.fritz.box + volumes: + - ./data/etc-pihole:/etc/pihole + - ./config/dnsmasq.d:/etc/dnsmasq.d + networks: + - proxy + - dns + labels: + - "traefik.enable=true" + - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)" + - "traefik.http.routers.pihole.entrypoints=websecure" + - "traefik.http.routers.pihole.tls=true" + - "traefik.http.routers.pihole.tls.certresolver=cloudflare" + - "traefik.http.services.pihole.loadbalancer.server.port=80" + - "traefik.docker.network=proxy" + +networks: + proxy: + external: true + dns: + internal: true