blob: 225c632c3c9f881bc3853eba916e78de060c216e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# PI Phase 2.2 Pi-hole on pi2/pi3
Task 2.2 for the Raspberry Pi cluster was completed on:
- `pi2.lan.buetow.org`
- `pi3.lan.buetow.org`
Completed actions:
- Created `~/pihole` on each host
- Deployed `pihole/pihole:latest` with `docker compose`
- Used `network_mode: host` so Pi-hole binds directly to the host network stack
- Set `TZ=Europe/Sofia`
- Set `DNS1=1.1.1.1` and `DNS2=1.0.0.1`
- Stored `WEBPASSWORD` in a host-local `~/pihole/.env` file instead of committing it to git
- Installed `bind-utils` so `dig` was available for verification
- Applied firewall changes only after confirming `firewalld` was running
Firewall changes applied on each host:
- `53/udp`
- `53/tcp`
- `http`
Verification:
- `docker compose ps` showed the Pi-hole container running and healthy on both hosts
- `curl -fsI http://localhost/admin/` returned `HTTP/1.1 302 Found`, confirming the admin UI was reachable
- `dig @localhost google.com +short` returned an A record on both hosts
Notes:
- The admin password is intentionally not stored in this repository.
- The same strong host-local password was used on both Pi-hole nodes for simpler failover handling.
- Firewall rule application followed the plan note: `firewall-cmd --state` was checked first, then the port and service rules were added with separate commands.
|
