diff --git a/.github/workflows/build_dev.yml b/.github/workflows/build_dev.yml deleted file mode 100755 index eef3479..0000000 --- a/.github/workflows/build_dev.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: build dev image - -on: - push: - branches: [ dev ] - -jobs: - build-dev: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_ACCESS_TOKEN }} - - - name: Set up variables - run: | - VER=$(cat ./docker-build/VERSION) - echo "VERSION=$VER" >> $GITHUB_ENV - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: ./docker-build - file: ./docker-build/Dockerfile - platforms: | - linux/amd64 - linux/arm/v7 - linux/arm64 - linux/riscv64 - push: true - tags: | - ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }}-dev - ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:dev - ghcr.io/${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }}-dev - ghcr.io/${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:dev diff --git a/.github/workflows/build_main.yml b/.github/workflows/build_main.yml deleted file mode 100755 index e59c43d..0000000 --- a/.github/workflows/build_main.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: build prod image - -on: - push: - branches: [ main ] - -jobs: - build-dev: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USER }} - password: ${{ secrets.DOCKER_ACCESS_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_ACCESS_TOKEN }} - - - name: Set up variables - run: | - VER=$(cat ./docker-build/VERSION) - echo "VERSION=$VER" >> $GITHUB_ENV - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: ./docker-build - file: ./docker-build/Dockerfile - platforms: | - linux/amd64 - linux/arm/v7 - linux/arm64 - linux/riscv64 - push: true - tags: | - ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }} - ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:latest - ghcr.io/${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }} - ghcr.io/${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:latest diff --git a/.github/workflows/docker_build_push_dev.yml b/.github/workflows/docker_build_push_dev.yml new file mode 100755 index 0000000..03dc4aa --- /dev/null +++ b/.github/workflows/docker_build_push_dev.yml @@ -0,0 +1,43 @@ +name: Build and push pihole-unbound-hyperlocal with tag dev + +on: + push: + branches: [ dev ] +jobs: + build: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + - + name: Set up variables + run: | + VER=$(cat ./docker-build/VERSION) + echo "VERSION=$VER" >> $GITHUB_ENV + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: ./docker-build + file: ./docker-build/Dockerfile + platforms: | + linux/arm/v7 + linux/arm64 + linux/amd64 + push: true + tags: | + ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }} + ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:dev diff --git a/.github/workflows/docker_build_push_main.yml b/.github/workflows/docker_build_push_main.yml new file mode 100755 index 0000000..bb17a1e --- /dev/null +++ b/.github/workflows/docker_build_push_main.yml @@ -0,0 +1,43 @@ +name: Build and push pihole-unbound-hyperlocal + +on: + push: + branches: [ main ] +jobs: + build: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + - + name: Set up variables + run: | + VER=$(cat ./docker-build/VERSION) + echo "VERSION=$VER" >> $GITHUB_ENV + - + name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Build and push + uses: docker/build-push-action@v2 + with: + context: ./docker-build + file: ./docker-build/Dockerfile + platforms: | + linux/arm/v7 + linux/arm64 + linux/amd64 + push: true + tags: | + ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:${{ env.VERSION }} + ${{ secrets.DOCKER_USER }}/pihole-unbound-hyperlocal:latest diff --git a/.gitignore b/.gitignore index aa4e09d..d6aca4f 100755 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ .env etc-pihole/ -pihole.env \ No newline at end of file diff --git a/README.md b/README.md index 4580f7e..858e62a 100755 --- a/README.md +++ b/README.md @@ -1,48 +1,16 @@ # Pihole + Unbound + Hyperlocal -> [!NOTE] -> -> **IMPORTANT**: When using this Docker image, please report any bugs or suggestions to this repository directly. +**IMPORTANT**: When using this Docker image, please report any bugs or suggestions to this repository directly. - -## Upgrade Notes - -> [!CAUTION] -> -> ## !!! THE LATEST VERSION CONTAINS BREAKING CHANGES -> -> **Pi-hole v6 has been entirely redesigned from the ground up and contains many breaking changes.** -> -> Read https://github.com/pi-hole/docker-pi-hole - -> [!tip] -> Firstly pull the new image with `docker pull ghcr.io/sujiba/pihole-unbound-hyperlocal:latest`. -> Next stop the old container with `docker compose down`. -> Follow the steps described under [First startup](#first-startup). -> For the upgrade transition you're going to have two folders -> - old: pihole-unbound-hyperlocal -> - new: pihole-unbound-hyperlocal-v6 -> -> You can delete the old folder if everything is up and running. - -## Overview - -- [Pihole + Unbound + Hyperlocal](#pihole--unbound--hyperlocal) - - [Overview](#overview) - - [Acknowledgement](#acknowledgement) - - [Introduction](#introduction) - - [Prerequisites](#prerequisites) - - [First startup](#first-startup) - - [Testing](#testing) - - [DNS problems](#dns-problems) - - [Blocklists](#blocklists) - -## Acknowledgement -- [Docker Pi-hole](https://github.com/pi-hole/docker-pi-hole) -- [Unbound](https://nlnetlabs.nl/projects/unbound/about/) -- [Pi-hole Unbound](https://docs.pi-hole.net/guides/dns/unbound/) -- [mpgirro/docker-pihole-unbound](https://github.com/mpgirro/docker-pihole-unbound) -- [Pi-hole: Einrichtung und Konfiguration mit unbound – AdBlocker Teil2](https://www.kuketz-blog.de/pi-hole-einrichtung-und-konfiguration-mit-unbound-adblocker-teil2/) +### Overview +- [Introduction](https://github.com/sujiba/pihole-unbound-hyperlocal#introduction) +- [Prerequisites](https://github.com/sujiba/pihole-unbound-hyperlocal#prerequisites) +- [First startup](https://github.com/sujiba/pihole-unbound-hyperlocal#first-startup) + - [Testing](https://github.com/sujiba/pihole-unbound-hyperlocal#testing) + - [Additional configuration](https://github.com/sujiba/pihole-unbound-hyperlocal#additional-configuration) +- [DNS Problems](https://github.com/sujiba/pihole-unbound-hyperlocal#dns-problems) +- [Blocklists](https://github.com/sujiba/pihole-unbound-hyperlocal#blocklists) +- [Acknowledgement](https://github.com/sujiba/pihole-unbound-hyperlocal#acknowledgement) ## Introduction **Pi-hole**: @@ -57,49 +25,49 @@ ## Prerequisites - Install [Docker](https://docs.docker.com/get-docker/) - Install [Docker-Compose](https://docs.docker.com/compose/install/) +- Download the repository to your favored directory ## First startup -Clone the repository to your favored location and change the config. +Copy example.env to .env and change the parameters ``` -git clone -b main https://github.com/sujiba/pihole-unbound-hyperlocal.git pihole-unbound-hyperlocal-v6 - -# Change the timezone, password and other pi-hole settings -cp example.pihole.env pihole.env -vi pihole.env - -# Change the ports if you're running a reverse proxy on ports 80 and 443 -vi docker-compose.yml +cp example.env .env +vi .env ``` - Start the container ``` -docker compose up -d -``` - -Check the logs -``` -docker compose logs -f +docker-compose up -d ``` ### Testing ``` -docker compose exec -it pihole-unbound sh +docker exec -it pihole-unbound bash dig github.com @127.0.0.1 +short dig sigfail.verteiltesysteme.net @127.0.0.1 | grep status -dig sigok.verteiltesysteme.net @127.0.0.1 | grep status +dig sigok.verteiltesysteme.net @127.0.0.1 | grep status ``` - First dig should show an IP address - Second dig should show status: SERVFAIL - Last dig should show status: NOERROR +#### resolv.conf +If you are having problems with the pihole deployment inside the container, uncomment the following line in the docker-compose.yaml +``` +#- ./resolv.conf:/etc/resolv.conf +``` + +### Restart the container +``` +docker-compose up -d --force-recreate +``` + ## DNS problems -If you are running other docker containers on the same host and cannot use name resolution within these containers, you have to modify /etc/resolvconf.conf on your host system and uncomment the following: +If you are running other docker containers on the same host and cannot use name resolution within those containers, you have to modify /etc/resolvconf.conf on your host system and uncomment the following: ``` # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. name_servers=127.0.0.1 ``` -Write the changes to your resolv.conf: +The following command writes the changes to resolv.conf: ``` sudo resolvconf -u ``` @@ -111,4 +79,10 @@ See also [StackExchange](https://unix.stackexchange.com/questions/647996/docker- - [Perflyst SmartTV](https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt) - [mmotti Pi-hole RegEx](https://raw.githubusercontent.com/mmotti/pihole-regex/master/regex.list) - [Privacy-Handbuch Windows 10 Telemetry](https://www.privacy-handbuch.de/handbuch_90a2.htm) -- [hagezi dns-blocklists](https://github.com/hagezi/dns-blocklists) + +## Acknowledgement +- [Docker Pi-hole](https://github.com/pi-hole/docker-pi-hole) +- [Unbound](https://nlnetlabs.nl/projects/unbound/about/) +- [Pi-hole Unbound](https://docs.pi-hole.net/guides/dns/unbound/) +- [Pi-Hole + Unbound - 1 Container](https://github.com/chriscrowe/docker-pihole-unbound/tree/master/one-container) +- [[Pi-hole][Unbound] Mit dem Pi zur größtmöglichen Unabhängigkeit – DNS](https://forum.kuketz-blog.de/viewtopic.php?f=53&t=8759) diff --git a/docker-build/99-edns.conf b/docker-build/99-edns.conf index fc3a011..5e2dac2 100755 --- a/docker-build/99-edns.conf +++ b/docker-build/99-edns.conf @@ -1,2 +1,2 @@ # signal FTL to adhere to this limit -edns-packet-max=1232 \ No newline at end of file +edns-packet-max=1232 diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile index 890f489..1bb82eb 100755 --- a/docker-build/Dockerfile +++ b/docker-build/Dockerfile @@ -1,26 +1,34 @@ # Get the latest Pi-hole version -FROM pihole/pihole:2025.06.2 +FROM pihole/pihole:2024.03.2 -# Install necessary programs without repository caching -RUN apk upgrade --no-cache && \ - apk add --no-cache \ - unbound \ +# Install necessary programs +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y \ + unbound \ wget # Additional configs # unbound -COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pihole.conf +COPY unbound-pihole.conf /etc/unbound/unbound.conf.d/pihole.conf # Set edns packet limit for dnsmasq COPY 99-edns.conf /etc/dnsmasq.d/99-edns.conf -# Download DNS-Root-Zone and move file -RUN wget -S https://www.internic.net/domain/named.root -O /etc/unbound/root.hints +# Download DNS-Root-Zone. +# Create the chroot directory and generate root.key. +# Copy / move files and change owner. +RUN wget -O root.hints https://www.internic.net/domain/named.root && \ + mv root.hints /var/lib/unbound/ && \ + chown -R unbound:unbound /var/lib/unbound/root.hints -# Create unbound log dir -RUN install -o unbound -g unbound -Dm755 -d /var/log/unbound +# Remove unnecessary programs +RUN apt-get remove -y \ + wget -# Add unbound start up script -COPY --chmod=0755 unbound-entrypoint.sh /usr/bin/unbound-entrypoint.sh +# Unbound startup script +RUN mkdir -p /etc/services.d/unbound +COPY unbound-run /etc/services.d/unbound/run +RUN chmod ug+x /etc/services.d/unbound/run -ENTRYPOINT ["unbound-entrypoint.sh"] +ENTRYPOINT ./s6-init diff --git a/docker-build/README.md b/docker-build/README.md new file mode 100755 index 0000000..df61ef0 --- /dev/null +++ b/docker-build/README.md @@ -0,0 +1,20 @@ +# Build it yourself + +https://docs.docker.com/buildx/working-with-buildx/#work-with-builder-instances + + ``` + # This creates a new builder instance with a single node based on your current configuration. + docker buildx create + # To list all available builders, use + docker buildx ls + # To switch between different builders, use + docker buildx use + # After creating a new instance, you can delete it with + docker buildx rm +``` + +Build it as a multi-platform image: +``` +chmod +x build_and_push.sh +./build_and_push.sh +``` \ No newline at end of file diff --git a/docker-build/VERSION b/docker-build/VERSION index ce34564..9342053 100755 --- a/docker-build/VERSION +++ b/docker-build/VERSION @@ -1 +1 @@ -2025.06.2 \ No newline at end of file +2024.03.2 diff --git a/docker-build/build_and_push.sh b/docker-build/build_and_push.sh new file mode 100755 index 0000000..a81b959 --- /dev/null +++ b/docker-build/build_and_push.sh @@ -0,0 +1,2 @@ +docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t sujiba/pihole-unbound-hyperlocal:`cat VERSION` --push . +docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 -t sujiba/pihole-unbound-hyperlocal:latest --push . \ No newline at end of file diff --git a/docker-build/unbound-entrypoint.sh b/docker-build/unbound-entrypoint.sh deleted file mode 100644 index 4fe8cb8..0000000 --- a/docker-build/unbound-entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -# Start unbound -echo " [i] Starting Unbound" -/usr/sbin/unbound -d -c /etc/unbound/unbound.conf.d/pihole.conf & -# Get most recent process id for error checking -UNBOUND_PID=$! - -# Wait for a second and check if unbound is running -sleep 1 -if [ -d "/proc/$UNBOUND_PID" ]; -then - echo " [i] Unbound started successfully." -else - echo " [i] Unbound startup failed." - echo " [i] Take a look at /var/log/unbound/unbound.log" -fi - -# Start pi-hole -exec /usr/bin/start.sh \ No newline at end of file diff --git a/docker-build/unbound-pihole.conf b/docker-build/unbound-pihole.conf index 8268abc..89d7ac9 100755 --- a/docker-build/unbound-pihole.conf +++ b/docker-build/unbound-pihole.conf @@ -2,7 +2,7 @@ server: # https://manpages.debian.org/bullseye/unbound/unbound.conf.5.en.html # # If no logfile is specified, syslog is used - logfile: "/var/log/unbound/unbound.log" + # logfile: "/var/log/unbound/unbound.log" verbosity: 0 interface: 127.0.0.1 @@ -11,27 +11,16 @@ server: do-udp: yes do-tcp: yes - # Maybe set to no if you don't have IPv6 connectivity - do-ip6: yes + # Maybe set to yes if you have IPv6 connectivity + do-ip6: no # You want to leave this to no unless you have *native* IPv6. With 6to4 and # Terredo tunnels your web browser should favor IPv4 for the same reasons prefer-ip6: no - # if given, user privileges are dropped (after binding port), - # and the given username is assumed. Default is user "unbound". - # If you give "" no privileges are dropped. - username: "unbound" - # Use this only when you downloaded the list of primary root servers! # If you use the default dns-root-data package, unbound will find it automatically - root-hints: "/etc/unbound/root.hints" - - # File with trusted keys for validation. Specify more than one file - # with several entries, one file per entry. - # Zone file format, with DS and DNSKEY entries. - # Note this gets out of date, use auto-trust-anchor-file please. - trust-anchor-file: "/usr/share/dnssec-root/trusted-key.key" + root-hints: "/var/lib/unbound/root.hints" # Trust glue only if it is within the server's authority harden-glue: yes @@ -76,7 +65,7 @@ server: # Ensure kernel buffer is large enough to not lose messages in traffic spikes so-rcvbuf: 1m - # increase cache size to utilize more RAM | msg * 2 = rrset + # increase cache size to utilize more RAM msg-cache-size: 128m rrset-cache-size: 256m @@ -95,5 +84,5 @@ server: private-address: 169.254.0.0/16 private-address: 172.16.0.0/12 private-address: 10.0.0.0/8 - private-address: fd00::/8 - private-address: fe80::/10 \ No newline at end of file + #private-address: fd00::/8 + #private-address: fe80::/10 diff --git a/docker-build/unbound-run b/docker-build/unbound-run new file mode 100755 index 0000000..e289182 --- /dev/null +++ b/docker-build/unbound-run @@ -0,0 +1,24 @@ +#!/command/with-contenv bash + +s6-echo "Starting unbound" + +NAME="unbound" +DESC="DNS server" +DAEMON="/usr/sbin/unbound" +PIDFILE="/run/unbound.pid" + +HELPER="/usr/lib/unbound/package-helper" + +test -x $DAEMON || exit 0 + +# Override this variable by editing or creating /etc/default/unbound. +DAEMON_OPTS="" + +if [ -f /etc/default/unbound ]; then + . /etc/default/unbound +fi + +$HELPER chroot_setup +$HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor + +$DAEMON -d $DAEMON_OPTS diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100755 index 0000000..236e87c --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,37 @@ +version: "3" + +services: +# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ + pihole-unbound: + image: ${IMAGE} + container_name: ${NAME} + hostname: ${HOSTNAME} + ports: + - "53:53/tcp" + - "53:53/udp" + - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server + - "${HTTP_PORT}:80/tcp" + # - 5335:5335/tcp # For testing purposes, uncomment to enable unbound access on local server + environment: + TZ: ${TZ} + WEBPASSWORD: ${WEBPASSWORD} + PIHOLE_DNS_: ${PIHOLE_DNS} + DNSSEC: ${DNSSEC} + CUSTOM_CACHE_SIZE: ${CUSTOM_CACHE_SIZE} + DNS_BOGUS_PRIV: ${DNS_BOGUS_PRIV} + DNS_FQDN_REQUIRED: ${DNS_FQDN_REQUIRED} + TEMPERATUREUNIT: ${TEMPERATUREUNIT} + WEBTHEME: ${WEBTHEME} + FTLCONF_MAXDBDAYS: ${MAXDBDAYS} + FTLCONF_DBINTERVAL: ${DBINTERVAL} + # Volumes store your data between container upgrades + volumes: + - ./etc-pihole/:/etc/pihole/ + - ./etc-dnsmasq.d/:/etc/dnsmasq.d/ + # You'll need this, if you are using a self-created network + #- ./resolv.conf:/etc/resolv.conf + # Recommended but not required (DHCP needs NET_ADMIN) + # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + #cap_add: + # - NET_ADMIN + restart: unless-stopped diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100755 index 6b87f61..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ -services: - pihole-unbound: - # You can also use latest | yyyy.mm.x | dev | yyyy.mm.x-dev - image: ghcr.io/sujiba/pihole-unbound-hyperlocal:latest - container_name: pihole-unbound - hostname: raspi-01 - ports: - - "53:53/tcp" # DNS Ports - - "53:53/udp" # DNS Ports - - "80:80/tcp" # Default HTTP Port or an alternative port if you use a reverse proxy like nginx. - - "443:443/tcp" # Default HTTPs Port or an alternative port if you use a reverse proxy like nginx. FTL will generate a self-signed certificate - # - "67:67/udp" # Uncomment if you are using Pi-hole as your DHCP server - # - "123:123/udp" # Uncomment if you are using Pi-hole as your NTP server - # - 5335:5335/tcp # For testing purposes, uncomment to enable unbound access on local server - env_file: - - ./pihole.env - volumes: - # For persisting Pi-hole's databases and common configuration file - - ./etc-pihole:/etc/pihole - # cap_add: - # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - # Required if you are using Pi-hole as your DHCP server, else not needed - # - NET_ADMIN - # Required if you are using Pi-hole as your NTP client to be able to set the host's system time - # - SYS_TIME - # Optional, if Pi-hole should get some more processing time - # - SYS_NICE - restart: unless-stopped diff --git a/etc-dnsmasq.d/10-pihole-extra.conf b/etc-dnsmasq.d/10-pihole-extra.conf new file mode 100755 index 0000000..efe69b7 --- /dev/null +++ b/etc-dnsmasq.d/10-pihole-extra.conf @@ -0,0 +1,6 @@ +# https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html +# Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients. +# This is an alternative to having dnsmasq validate DNSSEC, +# but it depends on the security of the network between dnsmasq and the upstream servers, +# and the trustworthiness of the upstream servers. +proxy-dnssec \ No newline at end of file diff --git a/example.env b/example.env new file mode 100755 index 0000000..c40a8b3 --- /dev/null +++ b/example.env @@ -0,0 +1,49 @@ +# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ + +IMAGE=sujiba/pihole-unbound-hyperlocal:latest + +NAME=pihole +HOSTNAME=raspi-01 + +# 80 or an alternative port if you use a reverse proxy like nginx +HTTP_PORT=80 + +# Set your timezone to make sure logs rotate at local midnight instead of at UTC midnight. +TZ='Europe/Berlin' + +# http://pi.hole/admin password. Run docker logs pihole | grep random to find your random pass. +WEBPASSWORD=PASSWORD + +# Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon +# (supports non-standard ports with #[port number]) e.g 127.0.0.1#5053;8.8.8.8;8.8.4.4 +# Hardcoded to our Unbound server +PIHOLE_DNS='127.0.0.1#5335' + +# We disable DNSSEC because it is done by Unbound +DNSSEC=false + +# Set the cache size for dnsmasq. +# Useful for increasing the default cache size or to set it to 0. +# Note that when DNSSEC is "true", then this setting is ignored. +CUSTOM_CACHE_SIZE=10000 + +# Never forward reverse lookups for private ranges +DNS_BOGUS_PRIV=true + +# Never forward non-FQDNs +DNS_FQDN_REQUIRED=true + +# Set preferred temperature unit to +# c: Celsius, k: Kelvin, or f Fahrenheit units. +TEMPERATUREUNIT=c + +# User interface theme to use. +# default-dark | default-darker | default-light | default-auto | lcars +WEBTHEME=default-dark + +# pihole-FTL.conf +# How many days should Pi-hole store requests - discard older entries +MAXDBDAYS=30 + +# Write FTL database from RAM to SD card every x minutes. - Save SD card +DBINTERVAL=60 \ No newline at end of file diff --git a/example.pihole.env b/example.pihole.env deleted file mode 100755 index a073cdb..0000000 --- a/example.pihole.env +++ /dev/null @@ -1,27 +0,0 @@ -# Settings that are set via environment variables effectively become read-only, -# meaning that you will not be able to change them in the web interface or CLI. -# This is to ensure a "single source of truth" on the config. If you later unset -# an environment variable, then FTL will revert to the default value for that setting. -# You can find all settings under /etc/pihole/pihole.toml. - -# Set your timezone to make sure logs rotate at local midnight instead of at UTC midnight. -# List of timezones https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -TZ=Europe/Berlin - -# Set your admin password for https://pi.hole/admin. -FTLCONF_webserver_api_password=Super_Secure_Password - -# If using Docker's default `bridge` network setting the dns listening mode should be set to 'all' -FTLCONF_dns_listeningMode=all - -# Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon -# (supports non-standard ports with #[port number]) e.g 127.0.0.1#5053;8.8.8.8;8.8.4.4 -# Hardcoded to our Unbound server -FTLCONF_dns_upstreams=127.0.0.1#5335 - -# Validate DNS replies using DNSSEC? -FTLCONF_dns_dnssec = true - -# Theme used by the Pi-hole web interface -# default-dark | default-darker | default-light | high-contrast | high-contrast-dark | default-auto | lcars -FTLCONF_webserver_interface_theme=default-dark diff --git a/resolv.conf b/resolv.conf new file mode 100755 index 0000000..0b8ccee --- /dev/null +++ b/resolv.conf @@ -0,0 +1,2 @@ +nameserver 127.0.0.1 +options ndots:0 \ No newline at end of file