Puppet profile for pihole

I use pihole extensively for blocking advertisements in my home network as well as on my servers. It’s a very easy to use tool which also gives you basic analytics. Pihole is no rocket science – it’s just a bunch of great utilities packaged together. A few weeks back I was lurking around trying to see if I can quickly deploy it on my servers using puppet instead of the manual way. Finally I found that there’s a docker image available for pihole and then I quickly wrote a puppet wrapper around it. Originally pi-hole was made for using raspberry pi as a DNS blocker but since then the project has moved ahead quite a lot. You can read up more about it here https://pi-hole.net/

Please note that this would require docker module to be present in your environment.


  • Don’t deploy on a server which has public IP attached to it.
  • If you still have to (Please don’t unless you know what you’re doing), make sure the $interface_ip is a private interface which is not exposed publicly.
  • For things to work correctly it requires –cap-ad NET_ADMIN – which is a security issue.
class profile::pihole(
if !defined(Class["docker"]){
include docker
image => 'pihole/pihole:4.3.1',
ports => [
volumes => [
extra_parameters => ['--cap-add NET_ADMIN'],
dns => ['', ''],
env => [