giteaadmin
/
HomeLabDocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
HomeLabDocs/pihole-complete.md

124 lines
5.2 KiB
Markdown
Raw Permalink Blame History

# 🛡️ Pi-hole - LXC Container 103 (Complete)
Pi-hole is a DNS sinkhole and network-wide ad blocker that improves privacy, performance, and security by filtering known ad, tracker, and malicious domains. This instance is running inside an unprivileged LXC container on Proxmox with Docker installed.
---
## 🧾 Container Overview
| Field | Value |
|---------------------|----------------------------------|
| **Container ID** | 103 |
| **Hostname** | pihole |
| **IP Address** | 192.168.1.3 |
| **MAC Address** | BC:24:11:7F:B8:80 |
| **Bridge** | vmbr0 |
| **Gateway** | 192.168.1.1 |
| **Memory** | 512 MB |
| **Swap** | 512 MB |
| **CPU Cores** | 1 |
| **OS** | Debian 12 (Bookworm) |
| **Privileges** | Unprivileged |
| **Features** | nesting=1, keyctl=1 |
| **On Boot** | Enabled |
---
## 🧱 Hosting & Platform
| Component | Value |
|------------------|--------------------------------------|
| **Proxmox Host** | proxmox04 |
| **ZFS Dataset** | `vm_data/subvol-103-disk-0` |
| **Storage Pool** | `vm_data` (2TB NVMe) |
| **Container Engine** | Docker (inside LXC) |
| **Install Method** | Community-script or custom build |
---
## 🌐 Network & DNS
| Setting | Value |
|--------------------------|---------------------------------------------------|
| **Web UI URL** | `http://192.168.1.3/admin` |
| **DNS Ports** | 53 (TCP/UDP), 4711 (API) |
| **Web UI Ports** | 80 (HTTP), 443 (not used), 4711 (admin API) |
| **Exposed Domain** | Not exposed externally |
| **Reverse Proxy** | None |
| **DHCP Server** | Disabled |
| **Conditional Forwarding** | Disabled |
| **Local DNS Records** | None configured |
| **Query Logging** | Enabled |
---
## 🔒 Authentication
- **Web UI Login**: Single admin password
- **Username**: `root` (inside container)
- **Password Storage**: Bitwarden → `homelab/pihole`
- **Password Location**: Not available in `setupVars.conf`; configured via UI or reset via `pihole -a -p`
---
## 🧩 DNS Upstreams & Blocklists
| Category | Value / Source |
|------------------|------------------------------------------------------------|
| **Upstreams** | Google DNS, OpenDNS (ECS), Cloudflare (DNSSEC) |
| **Blocklist Sources** | StevenBlack Unified, Firebog, EasyList, Adaway, etc. |
| **Adlist Count** | > 20 blocklists active |
| **Gravity DB** | `/etc/pihole/gravity.db` |
---
## 🛠️ Configuration Files
| Path | Description |
|-----------------------------|----------------------------------------|
| `/etc/pihole/` | Main Pi-hole config directory |
| `/etc/pihole/gravity.db` | SQLite DB with adlists and domains |
| `/etc/dnsmasq.d/` | Custom DNS rules |
| `/var/log/pihole.log` | Live DNS query log |
| `/etc/pihole/setupVars.conf`| ❌ Not found |
---
## 🔁 Backup & Recovery
| Method | Details |
|--------------------|------------------------------------------|
| **ZFS Snapshots** | Enabled on dataset via Proxmox host |
| **Manual Export** | Available via Web UI → Settings → Teleporter |
| **Restore** | ZFS rollback or reimport via Teleporter |
---
## 🧪 Monitoring & Logs
- **Log File**: `/var/log/pihole.log`
- **Dashboard**: Available at `/admin` on port 80
- **Health Check**: Web UI + Docker container logs
- **External Monitoring**: Uptime Kuma planned
- **Syslog Export**: Not yet configured
---
## 🐳 Container Image & Version
| Field | Value |
|---------------------|----------------------------|
| **Image** | `pihole/pihole:latest` |
| **Container Engine**| Docker in LXC |
| **Management** | CLI + Web UI |
| **Installed Via** | Community-script installer |
---
## 📝 Notes
- Container is static-IP (`192.168.1.3`) and referenced by other services
- DNS services are LAN-only and not exposed to WAN
- Blocklist effectiveness and uptime are critical for local browsing
- No VPN or external access tunnels configured
- Log retention and upstream filtering could be extended in future
Reference in New Issue View Git Blame Copy Permalink