Pihole in debian container on balenaOS


#1

Trying to get pihole running on a raspberry pi 3. After multiple attempts of the default install script from https://install.pi-hole.net it was apparent that resolvconf was causing issues and the install necessitated the openresolv package to be installed.

Here’s the link to my current progress on GitHub: balena-pihole

Having trouble now getting the DNS resolver (pihole-FTL which actually isn’t using dnsmasq) to work. The web control panel is accessible from the device’s public URL with the suffix /admin.


#2

Hey @wwalker, yeah, this sounds somewhat familiar, I believe there were other people who tried to deploy PiHole on balena, but I’m not sure of the results. Searching Github, there are a few different projects, but unclear if they’ve succeeded or not.

The tricky part is I guess to not hole the device’s own DNS service. Would need to try out your project and an actual working device, to see what happens.

Personally I would also start to use docker-compose.yml for the project, as there are a lot more aspects of the setup adjustable than just using the Dockerfile (exposed ports, volumes, permissions, etc…). Just a first impression, the single-Dockerfile setup is basically one extreme of openness from the application’s point of view, which is usually good / best for debugging, but can’t always sure there’s no knob that needs adjustment in this cases when the application is related to networking.

Will give the project a try, and see if we find anything obvious or not that obvious.


#3

I was able to get this working with the official pihole docker image.

The trick was to configure dnsmasq to use the --bind-interfaces flag so it wouldn’t conflict with the Balena services. From the dnsmasq man pages:

-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address, even when it is listening on only some interfaces. It then discards requests that it shouldn't reply to. This has the advantage of working even when interfaces come and go and change address. This option forces dnsmasq to really bind only the interfaces it is listening on. About the only time when this is useful is when running another nameserver (or another instance of dnsmasq) on the same machine. Setting this option also enables multiple instances of dnsmasq which provide DHCP service to run in the same machine.

Here’s a snippet from my compose file.

services:
  # https://github.com/pi-hole/docker-pi-hole/
  # https://hub.docker.com/r/pihole/pihole/
  pihole:
    image: pihole/pihole:v4.0_armhf
    ports:
      - '80:80/tcp'
      - '80:80/udp'
    volumes:
      - 'pihole_config:/etc/pihole'
      - 'dnsmasq_config:/etc/dnsmasq.d'
    entrypoint: ['/bin/bash', '-c', 'echo "bind-interfaces" >> /etc/dnsmasq.conf; /s6-init']
    network_mode: host

Here’s my entire stack for reference. I can confirm it’s working on multiple devices today. I’m hoping to update to the latest pihole build this week once the new docker image is available.


#4

Thanks @klutchell, you’re the man!


#5

Here’s a variation of the repo by @klutchell https://github.com/williamwalker88/balena-pihole which includes the updated 4.1.1 docker image for arm devices.


#6

Great job @wwalker, thank you for sharing it!