Add Pi-Hole container

README.md

@@ -314,12 +314,10 @@ TODO
 ----
 
 - Install and enable Nextcloud apps automatically
-- DNS
 - XMPP
 - Wordpress
 - VPN
 - Open social networks (GNU social, Diaspora)
 - Transmission
 - Sia storage
-- Use PHP7 for Nextcloud
 - Alternative: run your own registry for images.

add_dns_entries.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+STACK_NAME=$1
+
+if [ $# -eq 0 ]; then
+    echo "You must pass stack name as a parameter"
+    exit 1
+fi
+
+CONF_FILE=custom_dnsmasq.conf
+
+IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"  # May not work for VPN / tun0
+
+# read variables, for domain and host names
+source .env
+
+# global domain
+echo server=/${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE}
+# mail
+#echo address=/${MAIL_HOSTNAME}.${LDAP_DOMAIN}/${IP_LOOKUP} > /tmp/${CONF_FILE}
+# Nextcloud
+#echo address=/${NEXTCLOUD_SERVER_NAME}.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE}
+# gogs
+#echo address=/gogs.${LDAP_DOMAIN}/${IP_LOOKUP} >> /tmp/${CONF_FILE}
+
+# ##### Add entries to PiHole ###### #
+
+host=$(docker stack ps ${STACK_NAME} | grep -v Shutdown | grep Running | grep pihole | awk '{ print $4 }')
+#echo Host=$host
+if [ -z $host ]; then
+    echo "No host found!";
+    exit 1;
+fi
+container=$(ssh $host 'docker ps | grep pihole | cut -f1 -d" "')
+#echo Container=$container
+if [ -z $container ]; then
+    echo "Qué me estás container?!";
+    exit 1;
+fi
+
+echo Copying user files to Host $host
+scp -r /tmp/${CONF_FILE} $host:/tmp/
+
+echo Copying user files to Container $container in Host $host
+ssh $host "docker cp /tmp/${CONF_FILE} $container:/etc/dnsmasq.d/99-local-addresses.conf"
+# restart dns
+ssh $host "docker exec ${container} pihole restartdns"
+
+echo Removing copied user files
+ssh $host "docker exec ${container} sh -c 'rm -Rf /tmp/${CONF_FILE}'"
+ssh $host "rm -Rf /tmp/${CONF_FILE}"

deploy.sh

@@ -36,6 +36,9 @@ sleep 60
 
 ./add_users.sh ${STACK_NAME}
 
+# Add local domains
+./add_dns_entries.sh ${STACK_NAME}
+
 # Wait for Nextcloud
 NC_UP=0
 while [ $NC_UP -eq 0 ]; do

docker-compose.yml

@@ -197,6 +197,27 @@ services:
         uid: '999'
         mode: 0440
 
+  pihole:
+    image: pihole/pihole:v4.0_armhf
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+    env_file:
+      - pihole.env
+    # cap_add: # for DHCP
+      # - NET_ADMIN
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      # - "67:67/udp" # for DHCP
+      - "8314:80"
+      - "3443:443"
+    volumes:
+      - ${PIHOLE_CONFIG_VOLUME_PATH}:/etc/pihole/
+      - ${PIHOLE_DNSMASQ_VOLUME_PATH}:/etc/dnsmasq.d/
+    restart: always
+
   #wordpress:
 
   #transmission:

env.template

@@ -47,6 +47,11 @@ PAPERLESS_EXPORT_PATH=/export
 
 GOGS_DATA_VOLUME_PATH=${VOLUMES_PATH}/gogs/data
 
+# PI-HOLE
+
+PIHOLE_CONFIG_VOLUME_PATH=${VOLUMES_PATH}/pihole/pihole
+PIHOLE_DNSMASQ_VOLUME_PATH=${VOLUMES_PATH}/pihole/dnsmasq.d
+
 # LET'S ENCRYPT
 
 LETSENCRYPT_VOLUME_PATH=${VOLUMES_PATH}/letsencrypt

pihole.env.template

@@ -0,0 +1,7 @@
+WEBPASSWORD=${PIHOLE_WEB_PWD}
+
+ServerIP=${IP_LOOKUP}
+ServerIPv6=${IPv6_LOOKUP}
+
+DNS1=1.1.1.1
+DNS2=1.0.0.1

setup.sh

@@ -70,6 +70,11 @@ if [[ ${#gogs_admin_pwd} -eq 0 ]]; then
     gogs_admin_pwd=`eval "$PWD_GEN"`
 fi
 
+read -p "Pi-Hole Web User Pwd (a random one will be generated if empty): " pihole_web_pwd
+if [[ ${#pihole_web_pwd} -eq 0 ]]; then
+    pihole_web_pwd=`eval "$PWD_GEN"`
+fi
+
 read -p "Admin E-mail, used for Let's Encrypt account and more (admin@${domain}): " admin_email
 if [[ ${#admin_email} -eq 0 ]]; then
     admin_email=admin@${domain}
@@ -139,10 +144,12 @@ echo $ldap_gogs_pwd | docker secret create ldap_gogs_pwd -
 echo $nextcloud_admin_pwd | docker secret create nextcloud_admin_pwd -
 echo $nextcloud_salt | docker secret create nextcloud_salt -
 echo $nextcloud_secret | docker secret create nextcloud_secret -
-echo $gogs_admin_pwd | docker secret create gogs_admin_pwd -
 echo $paperless_webserver_pwd | docker secret create paperless_webserver_pwd -
 echo $paperless_passphrase | docker secret create paperless_passphrase -
 echo $paperless_ftp_pwd | docker secret create paperless_ftp_pwd -
+echo $gogs_admin_pwd | docker secret create gogs_admin_pwd -
+#echo $pihole_web_pwd | docker secret create pihole_web_pwd -
+sed -i "s/\${PIHOLE_WEB_PWD}/${pihole_web_pwd}/g" pihole.env
 
 echo $'\E[33m'
 echo "//////////////////////////////////////////////////"
@@ -158,6 +165,11 @@ cp haproxy.env.template haproxy.env
 cp paperless.env.template paperless.env
 cp sftp.env.template sftp.env
 cp gogs.env.template gogs.env
+cp pihole.env.template pihole.env
+
+# IP for Pi-Hole
+IP_LOOKUP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')"  # May not work for VPN / tun0
+IPv6_LOOKUP="$(ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}')"  # May not work for VPN / tun0
 
 for i in `ls *.env .env`; do
     sed -i "s/\${DOMAIN}/${domain}/g" $i
@@ -170,6 +182,8 @@ for i in `ls *.env .env`; do
     sed -i "s/\${ADMIN_EMAIL}/${admin_email}/g" $i
     sed -i "s/\${PAPERLESS_WEBSERVER_USER}/${paperless_webserver_user}/g" $i
     sed -i "s/\${PAPERLESS_FTP_USER}/${paperless_ftp_user}/g" $i
+    sed -i "s/\${IP_LOOKUP}/${IP_LOOKUP}/g" $i
+    sed -i "s/\${IPv6_LOOKUP}/${IPv6_LOOKUP}/g" $i
     #sed -i "s/\${}/${}/g" $i
 done;
 
@@ -209,6 +223,11 @@ sudo mkdir -p ${PAPERLESS_DATA_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_MEDIA_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_CONSUMPTION_VOLUME_PATH}
 sudo mkdir -p ${PAPERLESS_EXPORT_VOLUME_PATH}
+# gogs
+sudo mkdir -p ${GOGS_DATA_VOLUME_PATH}
+# Pi-Hole
+sudo mkdir -p ${PIHOLE_CONFIG_VOLUME_PATH}
+sudo mkdir -p ${PIHOLE_DNSMASQ_VOLUME_PATH}
 # let's Encrypt
 sudo mkdir -p ${LETSENCRYPT_VOLUME_PATH}