Adding pihole. - selfhost - Incus configurations for my self-hosted setup.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit aa41dd9d04b1969a786e70ea1d80477b710ce38b
(HTM) Author: Jay Scott <me@jay.scot>
Date: Sun, 9 Jun 2024 16:15:05 +0100
Adding pihole.
Diffstat:
A config.yaml | 24 ++++++++++++++++++++++++
A pi-hole/files/15-pihole-admin.conf | 67 +++++++++++++++++++++++++++++++
A pi-hole/files/custom.list | 1 +
A pi-hole/files/setupVars.conf | 17 +++++++++++++++++
A pi-hole/init.sh | 22 ++++++++++++++++++++++
A pi-hole/pihole.yaml | 22 ++++++++++++++++++++++
6 files changed, 153 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/config.yaml b/config.yaml
@@ -0,0 +1,24 @@
+config:
+ cloud-init.network-config: |
+ version: 2
+ ethernets:
+ eth0:
+ addresses:
+ - 192.168.2.10/24
+ gateway4: 192.168.2.1
+ cloud-init.user-data: |
+ #cloud-config
+ manage_resolv_conf: true
+ resolv_conf:
+ nameservers: ['192.168.2.197', '1.1.1.1']
+ package_upgrade: true
+ timezone: Europe/London
+ users:
+ - name: jay
+ groups: wheel
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLmKYxwXTbyRWLG0S24RTpyfyBO6AL8Dcy0XvVZ97Do
+ packages:
+ - git
+ - curl
+ - coredns
(DIR) diff --git a/pi-hole/files/15-pihole-admin.conf b/pi-hole/files/15-pihole-admin.conf
@@ -0,0 +1,67 @@
+server.errorlog := "/var/log/lighttpd/error-pihole.log"
+
+$HTTP["url"] =~ "^/admin/" {
+ server.document-root = "/var/www/html"
+ server.stream-response-body = 1
+ accesslog.filename = "/var/log/lighttpd/access-pihole.log"
+ accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
+
+ fastcgi.server = (
+ ".php" => (
+ "localhost" => (
+ "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
+ "bin-path" => "/usr/bin/php-cgi",
+ "min-procs" => 1,
+ "max-procs" => 1,
+ "bin-environment" => (
+ "PHP_FCGI_CHILDREN" => "4",
+ "PHP_FCGI_MAX_REQUESTS" => "10000",
+ ),
+ "bin-copy-environment" => (
+ "PATH", "SHELL", "USER"
+ ),
+ "broken-scriptfilename" => "enable",
+ )
+ )
+ )
+
+ setenv.add-response-header = (
+ "X-Pi-hole" => "The Pi-hole Web interface is working!",
+ "X-Frame-Options" => "DENY",
+ "X-XSS-Protection" => "0",
+ "X-Content-Type-Options" => "nosniff",
+ "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
+ "X-Permitted-Cross-Domain-Policies" => "none",
+ "Referrer-Policy" => "same-origin"
+ )
+
+ $HTTP["url"] =~ "^/admin/\." {
+ url.access-deny = ("")
+ }
+
+ $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
+ $HTTP["referer"] =~ "/admin/settings\.php" {
+ setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+ }
+ }
+}
+else $HTTP["url"] == "/admin" {
+ url.redirect = ("" => "/admin/")
+}
+
+$HTTP["host"] == "pi.hole" {
+ $HTTP["url"] == "/" {
+ url.redirect = ("" => "/admin/")
+ }
+}
+
+$HTTP["host"] == "pihole.jay.scot" {
+ $HTTP["url"] == "/" {
+ url.redirect = ("" => "/admin/")
+ }
+}
+
+
+
+# (keep this on one line for basic-install.sh filtering during install)
+server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )
(DIR) diff --git a/pi-hole/files/custom.list b/pi-hole/files/custom.list
@@ -0,0 +1 @@
+192.168.2.10 hole.jay.scot
(DIR) diff --git a/pi-hole/files/setupVars.conf b/pi-hole/files/setupVars.conf
@@ -0,0 +1,17 @@
+PIHOLE_INTERFACE=eth0
+QUERY_LOGGING=true
+INSTALL_WEB_SERVER=true
+INSTALL_WEB_INTERFACE=true
+LIGHTTPD_ENABLED=true
+CACHE_SIZE=10000
+DNS_FQDN_REQUIRED=true
+DNS_BOGUS_PRIV=true
+DNSMASQ_LISTENING=single
+WEBPASSWORD=974e6d8bfdeb7de0495e90f30ecca7fbfd0ce54998fe4b4aa54686d1732b9f6d
+BLOCKING_ENABLED=true
+PIHOLE_DNS_1=1.1.1.1
+PIHOLE_DNS_2=1.0.0.1
+DNSSEC=false
+REV_SERVER=false
+WEBUIBOXEDLAYOUT=boxed
+WEBTHEME=default-darker
(DIR) diff --git a/pi-hole/init.sh b/pi-hole/init.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+HOST=pihole
+
+set -x
+
+incus stop $HOST
+incus delete $HOST
+incus launch images:ubuntu/23.10/cloud $HOST < $HOST.yaml
+
+curl -fsSL https://install.pi-hole.net -o basic-install.sh
+
+incus file push ./files/setupVars.conf $HOST/etc/pihole/ -pv --mode 644
+incus file push ./files/custom.list $HOST/etc/pihole/ -pv --mode 644
+incus file push ./basic-install.sh $HOST/tmp/basic-install.sh -pv --mode 755
+
+incus exec $HOST -- bash -c /tmp/basic-install.sh --unattended
+
+incus file push ./files/15-pihole-admin.conf $HOST/etc/lighttpd/conf-enabled/15-pihole-admin.conf -pv --mode 644
+
+incus exec $HOST -- systemctl restart pihole-FTL
+incus exec $HOST -- systemctl restart lighttpd.service
(DIR) diff --git a/pi-hole/pihole.yaml b/pi-hole/pihole.yaml
@@ -0,0 +1,22 @@
+config:
+ cloud-init.network-config: |
+ version: 2
+ ethernets:
+ eth0:
+ addresses:
+ - 192.168.2.10/24
+ gateway4: 192.168.2.1
+ cloud-init.user-data: |
+ #cloud-config
+ package_upgrade: true
+ hostname: hole.jay.scot
+ timezone: Europe/London
+ users:
+ - name: jay
+ groups: sudo
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ ssh_authorized_keys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLmKYxwXTbyRWLG0S24RTpyfyBO6AL8Dcy0XvVZ97Do
+ packages:
+ - git
+ - curl