I use pihole extensively for blocking advertisements in my home network as well as on my servers. It’s a very easy to use tool which also gives you basic analytics. Pihole is no rocket science – it’s just a bunch of great utilities packaged together. A few weeks back I was lurking around trying to see if I can quickly deploy it on my servers using puppet instead of the manual way. Finally I found that there’s a docker image available for pihole and then I quickly wrote a puppet wrapper around it. Originally pi-hole was made for using raspberry pi as a DNS blocker but since then the project has moved ahead quite a lot. You can read up more about it here https://pi-hole.net/
Please note that this would require docker module to be present in your environment.
BE CAREFUL
- Don’t deploy on a server which has public IP attached to it.
- If you still have to (Please don’t unless you know what you’re doing), make sure the $interface_ip is a private interface which is not exposed publicly.
- For things to work correctly it requires –cap-ad NET_ADMIN – which is a security issue.
class profile::pihole(
$interface_ip,
){
if !defined(Class["docker"]){
include docker
}
docker::run{'pihole':
image => 'pihole/pihole:4.3.1',
ports => [
"${interface_ip}:53:53/tcp",
"${interface_ip}:53:53/udp",
"${interface_ip}:8090:80/tcp"
],
volumes => [
'pihole:/etc/pihole',
'dnsmasq.d:/etc/dnsmasq.d'
],
extra_parameters => ['--cap-add NET_ADMIN'],
dns => ['127.0.0.1', '8.8.8.8'],
env => [
"SERVER_IP=${interface_ip}",
'TZ=Asia/Calcutta'
]
}
}