Hi all, just wanted to let ppl know that running pi-hole in a rootless container without any tricks works fine. As rafael mentioned, this is only usefull for really small environments.
I tweaked the docker start script a bit so it would run with podman as a rootless container using an ordinary user (see attachment) Then configured the global forwarder to the ip of the ipa server with the port 6053. That's was it, now my ipa-server forwards all the queries to the local rootless pi-hole container. Rob Op do 10 feb. 2022 om 09:50 schreef Rob Verduijn <rob.verdu...@gmail.com>: > Hi, > > You are right, it is only usefull for a very small environment. > It is for home, at work I really don't care about adding one (or more) > systems to the environment. (ansible plays will keep them up2date and > configured properly) > > But I think I have figured it out. > It is possible to specify a global forwarder with an alternative port, > hence I could configure a container on the ipa server system listening on a > different port and add that one as a forwarder. > If it starts complaining about the ip being its own I will use cni to > assign a different external ip to that container. > > I will test this in the next few days. > > Rob > > > Op wo 9 feb. 2022 om 22:39 schreef Rafael Jeffman <rjeff...@redhat.com>: > >> Hi Rob, >> >> On Wed, Feb 9, 2022 at 9:32 AM Rob Verduijn via FreeIPA-users < >> freeipa-users@lists.fedorahosted.org> wrote: >> >>> Hi all, >>> >>> I'm trying to reduce the number of systems in my network. >>> Currently if I want to use a pi-hole in combination with freeipa one of >>> them is going to use the other as a forwarder. >>> >>> And without some firewall/router port redirection magic (also hopelessly >>> complicating things) this is not going to run on one system. >>> >>> Did anybody manage to integrate pi-hole into freeipa as a plugin or some >>> other nifty solution making it possible to run it all on one system ? >>> >>> >> This doesn't seem likely to be done soon, or ever, even if it is >> something I'd personally have use for. >> >> You could have a single pi-hole in your network, but you would >> like to have at least two IPA servers, a master and a replica. >> >> For very small setups, it would be a nice exercise, but apart >> from that I don't see much use in having both in the system >> (and sharing scarce resources). >> >> Rafael >> >> >> Rob >>> >>> _______________________________________________ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >>> Do not reply to spam on the list, report it: >>> https://pagure.io/fedora-infrastructure >>> >> >> >> -- >> Rafael Guterres Jeffman >> Senior Software Engineer >> FreeIPA - Red Hat >> >>
#!/bin/bash # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; } [[ -d "$PIHOLE_BASE/etc-pihole" ]] || mkdir -p "$PIHOLE_BASE/etc-pihole" || { echo "Couldn't create storage directory: $PIHOLE_BASE/etc-pihole"; exit 1; } [[ -d "$PIHOLE_BASE/etc-dnsmasq.d" ]] || mkdir -p "$PIHOLE_BASE/etc-dnsmasq.d" || { echo "Couldn't create storage directory: $PIHOLE_BASE/etc-dnsmasq.d"; exit 1; } # Note: ServerIP should be replaced with your external ip. docker run -d \ --name pihole \ -p 6053:53/tcp -p 6053:53/udp \ -p 6080:80 \ -p 6443:443 \ -e TZ="Europe/Amsterdam" \ -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole:U,z" \ -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d:U,z" \ --dns=127.0.0.1 --dns=1.1.1.1 \ --restart=unless-stopped \ --hostname pi.hole \ -e VIRTUAL_HOST="pi.hole" \ -e PROXY_LOCATION="pi.hole" \ -e ServerIP="10.0.0.1" \ -e INTERFACE="tap0" \ -e WEBPASSWORD="xxxxxxxxxx" \ pihole/pihole:latest
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure