Add Pi-hole via Docker image #54
Comments
|
This one is on my radar. I just haven't found time to migrate my server over from FreeNAS as yet (it's frustrating not having time :D), but it is a high priority for me once I've done that. |
|
@c-j1 just a thought, when you do migrate, would it be a good idea to make extensive notes on any gotchas so we could add a guide for FreeNAS -> Ansible-NAS to the documentation? |
|
I'm giving some serious thought to going a bit left field now. A hyper converged solution running ESXi, then FreeNAS as a VM offering up the ZFS pool (HBA passed through). Then Ubuntu (using Ansible-NAS) to setup all the containers. That leaves things open for me to play a bit with VM's. I know I can do that under Ubuntu, but I'm still a big fan of ESX as a type 1 hypervisor. |
|
I've gone back and forth on this a couple of times in my head because I'll be rebuilding parts of my setup here soon. Currently thinking is to leave the primary PiHole on a RPi simply because that means I can power everything else in the house down and still have it work for our phones, TV etc. Still, a second PiHole should go on the main server just for backup reasons (sooner or later that little memory card in the RPi is going to wear out). As for storage and backups, it's still FreeNAS while I learn more about Ansible and Docker in virtual machines. With ZFS on Linux moving so fast now, though, and Canonical putting its weight behind it, it might just be a matter of time before Ubuntu overtakes FreeNAS (native encryption is the killer feature here). My switch to Ansible will probably start out with me running two systems parallel for a while, with bulk storage and Emby on Ansible-NAS until I get the hang of everything and backups still on FreeNAS. Doing that all on the basis of ESXi and VMs does sound like an easier way. (Pity Proxmox is dead set on LXC instead of Docker, or this all would be a lot easier.) One way or another, could you document the setup? I'm sure you're not going to be the only one going this way. |
|
If nobody is going to take a stab at this, I should have some time the next couple of days, though I'm going to need some help and probably have stupid questions ... |
|
Go for it mate. No such thing, apparently ;-)
…On Sat, 27 Apr 2019, 10:39 Scot W. Stevenson, ***@***.***> wrote:
If nobody is going to take a stab at this, I should have some time the
next couple of days, though I'm going to need some help and probably have
stupid questions ...
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#54 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFDGMFEAQ3GDWFWJ5B2DMDPSQNLPANCNFSM4GZC3I3Q>
.
|
|
I can probably do some documenting. I've just been screwing around for the last couple of days on a spare box I have here. I couldn't decide on whether to have the Ubuntu VM on iSCSI storage hosted by FreeNAS, or have it directly on local storage (under ESX). I'm probably going to go for the later, purely to make it easier for the missus to just turn the box on in the event of a power failure. Regards, CJ |
|
I've been thinking about doing something with ESXI like that as well C-J1. |
|
Pi-Hole requires port 80 and 443 so that it can act as a sink-hole for ads on your internal network. 80 and 443 are currently allocated to Traefik so that it can validate SSL certs for LetsEncrypt. Clearly this doesn't need to be the case for Traefik as any ports could be used for that, but would require a change that would break anybody that uses Traefik for external access, which I don't love the thought of. Alternatively another IP could be allocated for Pi-hole, but that comes with the added complexity of...another IP, and then ensuring the Pi-hole container grabs the right IP, etc etc etc. I personally think PI-Hole is better served by an actual Pi. Having a critical network service (DNS) on a box shared with other stuff that could explode if something were to go wrong on your Ansible-NAS is a bit daft, IMO. You want DNS to be snappy AF, not dragged down by your Ansible-NAS box being nailed by 4 million torrents in parallel, whilst serving streaming from Emby and pushing an enormous backup to AWS 😄 |
|
This looks pretty cool, and as far as I can see from the docs, doesn't require 80 and 443: https://github.com/AdguardTeam/AdGuardHome |
|
I second the idea that the primary instance of Pi-Hole on the network should be a RPi. My additional argument to yours is that this allows you to power down all computers in the house (assuming your router etc is in the cable modem) and still can use Pi-Hole for your mobile phones, smart TVs etc. I have exactly this setup for that reason. When you pay German power rates, electricity use become a major consideration for your home lab ... Having said that, the problem with RPis is that they always fail sooner or later because of the write decay on the SD card. A Docker instance of RPi on a NAS could be the fallback solution that normally sits there doing absolutely nothing unless (rather, until) the RPi fails. -- There are known solutions to working with Traefik (https://docs.pi-hole.net/guides/traefik-configuration-nodocker/), though to be honest I don't understand Traefik well enough to judge them. -- Note that AdGuard seems to have problems with Ubuntu 18.04 (https://www.reddit.com/r/pihole/comments/9oxdz0/adguard_home_vs_pihole_discussion/). However, the arguments not to include Pi-Hole are indeed strong. In the end, it's your call, which is why you get the big buc- uh, the big desk? 😄 Actually, I think there might be two larger problems here. The first one is which services does Ansible-NAS support out of the box. We already have a "downwards limit" (we don't set up your file system for you, but we'll point you in the right direction), perhaps we need an "upwards limit" or features list (we include services A, B, and C, and beyond that you're on your own). That would imply something of an exclusion list (with, say, LinuxGSM (https://linuxgsm.com/) right off the bat) with maybe a single-sentence explanation ("this is a NAS, not a game server"). We obviously can't go on adding services forever. The second one is how to keep all the ports straight and manage them. I know there is a list in |
|
I hadn't really thought about the limits of what I'd want Ansible-NAS to be
able to run. Part of the flexibility of using Docker is that you can run
pretty much anything - and it's not for me to say what people do/don't do
with it.
In theory I don't have an issue with people running Pi-Hole on Ansible-NAS,
whether I think it's daft or not the issue is more a practical one of how
it could be integrated without breaking a key component of what's already
there (Traefik) and/or causing a painful upgrade .
…On Thu, 2 May 2019, 07:28 Scot W. Stevenson, ***@***.***> wrote:
I second the idea that the primary instance of Pi-Hole on the network
should be a RPi. My additional argument to yours is that this allows you to
power down all computers in the house (assuming your router etc is in the
cable modem) and still can use Pi-Hole for your mobile phones, smart TVs
etc. I have exactly this setup for that reason. When you pay German power
rates, electricity use become a major consideration for your home lab ...
Having said that, the problem with RPis is that they *always* fail sooner
or later because of the write decay on the SD card. A Docker instance of
RPi on a NAS could be the fallback solution that normally sits there doing
absolutely nothing unless (rather, until) the RPi fails. -- There are known
solutions to working with Traefik (
https://docs.pi-hole.net/guides/traefik-configuration-nodocker/), though
to be honest I don't understand Traefik well enough to judge them. -- Note
that AdGuard seems to have problems with Ubuntu 18.04 (
https://www.reddit.com/r/pihole/comments/9oxdz0/adguard_home_vs_pihole_discussion/
).
However, the arguments not to include Pi-Hole are indeed strong. In the
end, it's your call, which is why you get the big buc- uh, the big desk?
😄
Actually, I think there might be two larger problems here. The first one
is *which services does Ansible-NAS support out of the box.* We already
have a "downwards limit" (we don't set up your file system for you, but
we'll point you in the right direction), perhaps we need an "upwards limit"
or features list (we include services A, B, and C, and beyond that you're
on your own). That would imply something of an exclusion list (with, say,
LinuxGSM (https://linuxgsm.com/) right off the bat) with maybe a
single-sentence explanation ("this is a NAS, not a game server"). We
obviously can't go on adding services forever.
The second one is how to *keep all the ports straight* and manage them. I
know there is a list in docs/configuration/application_ports.md, but
that's a lot of work, and sooner or later something is going to conflict
with them. Maybe some simple shell script or Python thingie to make sure a
new service isn't attempting to reuse ports? This can't be a new problem.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#54 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFDGMFDRPTU4KHJ45CBKF3PTKCZVANCNFSM4GZC3I3Q>
.
|
|
Okay, how about we pick up the "key component" part you just mentioned? We define a set of those - Traefik, Heimdahl, etc - and make sure these will always place nice with each other, document very well which resources they use, and collect information form users what else they've done with Ansible-NAS and what issues they ran into. For example, when using Pi-Hole, you have to change the ports X and Y. This way, nobody gets told what they can or can't do. |
|
I think we can close this for now and revisit the PiHole question if it turns out that the masses are clamoring for it? |
|
Looks possible, haven't tried yet: |
Feature request: As you probably know, Pi-hole (https://pi-hole.net/) is a DNS server that blocks ads. It was originally made for the RPi (hence the name) but also is available as a Docker image at https://hub.docker.com/r/pihole/pihole/ . If you have a NAS running anyway 24/7, you might want to have it running. (Note: AFAIK there is no way of running Pi-hole on FreeNAS/FreeBSD without installing a Linux VM).
And thanks for all the work!
The text was updated successfully, but these errors were encountered: