Monat: April 2024

Ziel

pihole und unbound in jeweils einem eigenen Container, um mögliche Port Konflikte zu vermeinden.
Es wird macvlan verwendet

Quelle: https://forum.openmediavault.org/index.php?thread/50758-pihole-and-unbound-in-docker/
Was gegen diese Lösung mit den macvlan spricht: https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/

Netzwerk einrichtung MACVLAN

Erstelle unter „Networks“ ein neues Netzwerk:

• Name: mypiholevlan
• Driver: macvlan
• Parent network: eth0 (den richtigen Adapter auswählen, mit dem das VLan verknüpft sein soll)
• Subnet: „192.168.130.0/24“
• Gateway: „192.168.130.1“ (Im Regelfall der Router)
• IP range: „192.168.130.12/30 # 192.168.130.12 and 192.168.130.13“ (Kann frei bleiben, sofern man die IP-Adressen selbst und ohne DHCP verteilet.
  Alternativ reserviert man ein paar IP-Adressen, die von Docker verwendet werden dürfen und nicht per DHCP genutzt werden.)

Der pihole

# Pihole
#
# https://github.com/pi-hole/docker-pi-hole?tab=readme-ov-file
#
version: "3"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: pihole #Choose your hostname
    dns:
     - "192.168.130.13" #DNS1: Should be the address of your unbound system
     - "9.9.9.9"        #DNS2: Quad9 as an example, optional
    networks:
      mypiholevlan:    #the network name you specified in the first step
        ipv4_address: 192.168.130.12    #The IP address you want to assign to your pihole. Make sure this address is available to be used in your network
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      # - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    environment:
      - TZ='Europe/Berlin'
      - WEBPASSWORD=${PIHOLE_WEBPASSWORD}
      - DHCP_ACTIVE=false
    labels:
      - com.centurylinklabs.watchtower.enable=false
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    restart: unless-stopped
    # Required if you are using Pi-hole as your DHCP server, else not needed
    # cap_add:
      # - NET_ADMIN

networks:
  mypiholevlan:  #network name
    external: true

Unbound-Container

version: "3"

services:
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    hostname: unbound
    networks:
      mypiholevlan: #the network name you specified in the first step
        ipv4_address: 192.168.130.13 #The IP address you want to assign to Unbound. Make sure this address is available to be used in your network
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    #volumes:    #It's important to comment out these two lines if you don't want to use your own unbound configuration! An own configuration can be tricky as you have to provide several config files manually.
    #  - './etc-unbound:/opt/unbound/etc/unbound'
    restart: unless-stopped
networks:
  mypiholevlan:  #the network name you specified in the first step
    external: true