search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.6k stars 13.76k forks source link

Package request: pi-hole #61617

Open LinArcX opened 5 years ago

LinArcX commented 5 years ago

https://github.com/pi-hole/pi-hole Arch package to get ideas how to package it: https://aur.archlinux.org/packages/pi-hole-server/

boredom101 commented 5 years ago

I think I'll give this package a try.

expipiplus1 commented 5 years ago

@boredom101 looking forward to it!

FWIW I've got pihole running quite nicely in docker from nix with 

  docker-containers.pihole = {
    image = "pihole/pihole:latest";
    ports = [
      "${serverIP}:53:53/tcp"
      "${serverIP}:53:53/udp"
      "3080:80"
      "30443:443"
    ];
    volumes = [
      "/var/lib/pihole/:/etc/pihole/"
      "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
    ];
    environment = {
      ServerIP = serverIP;
    };
    extraDockerOptions = [
      "--cap-add=NET_ADMIN"
      "--dns=127.0.0.1"
      "--dns=1.1.1.1"
    ];
    workdir = "/var/lib/pihole/";
  };
LinArcX commented 5 years ago

@expipiplus1 Hi, thank you for your reply. But i don't have docker on my system. How to use it like a normal package in nixos?

expipiplus1 commented 5 years ago

Hopefully this issue will help answer that very question, @LinArcX

On Thu, 13 Jun 2019, 00:35 LinArcX, notifications@github.com wrote:

@expipiplus1 https://github.com/expipiplus1 Hi, thank you for your reply. But i don't have docker on my system. How to use it like a normal package in nixos?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/61617?email_source=notifications&email_token=AAGRJXA5PUGYE3UMU2VSEH3P2EQUBA5CNFSM4HNS3R42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXRBB4A#issuecomment-501354736, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGRJXCOZBIRHWXOSXBDXL3P2EQUBANCNFSM4HNS3R4Q .

lovesegfault commented 5 years ago

@expipiplus1 It's not clear to me how to use that snippet you posted. Can you show me a complete example?

lovesegfault commented 5 years ago

Oh, I think it got renamed to https://nixos.org/nixpkgs/manual/#ssec-pkgs-dockerTools-buildImage

expipiplus1 commented 5 years ago

The docker-containers module is a recent addition (last few months I think).

I also have an nginx virtualhost forwarding http to port 3080 for access to the pihole admin console.

Hope this helps

On Wed, 28 Aug 2019, 02:34 Bernardo Meurer, notifications@github.com wrote:

Oh, I think it got renamed to https://nixos.org/nixpkgs/manual/#ssec-pkgs-dockerTools-buildImage

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/NixOS/nixpkgs/issues/61617?email_source=notifications&email_token=AAGRJXFQCFXDWIQSF7AVVYLQGVXS3A5CNFSM4HNS3R42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5IWPTQ#issuecomment-525428686, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGRJXFAEETAMGYAOXT3PKLQGVXS3ANCNFSM4HNS3R4Q .

expipiplus1 commented 5 years ago

@boredom101 Did you end up making anything?

matthiasbeyer commented 4 years ago

Any updates here?

ashkan-leo commented 4 years ago

this would be an extremely valuable addition!

nuxeh commented 4 years ago

Any updates? I would consider assisting, or packaging this myself if not.

ksevelyar commented 4 years ago

Any updates? I would consider assisting, or packaging this myself if not.

Could you explain why you want pi-hole? Why you don't want to use plain dnsmasq? Is it dashboard or performance?

 services.dnsmasq.enable = true;
  services.dnsmasq.extraConfig = ''
    domain-needed
    bogus-priv
    no-resolv

    server=208.67.220.220
    server=8.8.4.4

    listen-address=::1,127.0.0.1,192.168.0.1
    bind-interfaces

    cache-size=10000
    log-queries
    log-facility=/tmp/ad-block.log
    local-ttl=300

    conf-file=/etc/nixos/assets/hosts-blocklists/domains.txt
    addn-hosts=/etc/nixos/assets/hosts-blocklists/hostnames.txt
  '';

https://github.com/ksevelyar/dotfiles/blob/b633fa5b725988c8b521e5f99984e25bc13be1e5/modules/router.nix#L36-L55

https://github.com/notracking/hosts-blocklists

nuxeh commented 4 years ago

Pi hole is a well established turnkey solution, which additionally provides monitoring and configuration as you say. I for one wasn't aware that it was so easy to configure dnsmasq to do the same thing so easily, albeit in a slightly less user friendly or visible way.

Really I think it comes down to the fact that people know about pi hole and want to install it on their NixOS system, if there's a package for it that's an advantage, surely?

horkhork commented 4 years ago

I came to a similar conclusion as ksevelyar. I've used pihole for quite a while and it is very nice, but it's got a lot of bells and whistles that aren't really necessary.

I'm in the process of switching to dnscrypt-proxy2, which looks like it will do the job of adblocking just as well as pihole.

I started started to create my own custom channel + derivation for wrapping https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/utils/generate-domains-blacklists/generate-domains-blacklist.py to automate blacklist updates, and while it does work, it might be a bit too crufty to share at this point.

nuxeh commented 4 years ago

It's been a while, but I have the pi-hole tools (pihole and pihole-FTL) packaged and working, and the web interface running. Now I'm just working on the modules, and configuring it all to work as it should.

It's not the easiest project in the world to package, lots of hard-coded paths for the files it needs at runtime, many of which have a mysterious function that needs some research to find out what it's needed for, across quite a lot of bash scripts. Also a couple of small hurdles needed to be overcome to get FTL building with the currently packaged Nix build tools and libraries, and being able to have it spawned by systemd correctly at runtime.

When it's doing something useful, I'll put it on a branch/draft PR so that anyone who's interested can test it.

JamieMagee commented 3 years ago

@nuxeh Thank you for your effort in packaging pi-hole. Could you share your configuration so that others can continue to work on it?

nuxeh commented 3 years ago

@JamieMagee sure, I'll review it and point you to a branch in the next few days. I'm away at the moment and don't have access to my development computer until next week.

JamieMagee commented 3 years ago

@nuxeh Have you had a chance to create a branch for your work?

nuxeh commented 3 years ago

Hey @JamieMagee, apologies, I've had some difficulty getting a chance to look a this again, but here is a branch for the original work I did on it.

https://github.com/nuxeh/nixpkgs/tree/add-pi-hole

I was planning to upgrade all the packages, but they changed the pihole-FTL to using CMake recently, so that turned out to be a non-trivial change, and since I did a certain amount of testing with the 5.0 I thought it could be better to share it with that "working" version.

Here is a vm.nix for testing with nixos-shell:

{ config, pkgs, ... }:

{
  boot.kernelPackages = pkgs.linuxPackages_latest;
  services.openssh.enable = true;

  virtualisation.qemu.networkingOptions = [
    "-net nic,netdev=user.0,model=virtio"
    "-netdev user,id=user.0,hostfwd=tcp::8888-:80"
  ];

  services.pihole = {
    enable = true;
    interface = "eth0";
    webInterface = true;
  };

  networking.firewall.enable = false;
}

Which can be run with the following from a checked out nixpkgs tree:

NIX_PATH=nixpkgs=. nixos-shell

From there, you can access the port-forwarded web UI at http://localhost:8888/pihole/.

Generally regarding my original progress on this, I got the pihole-FTL service to build and run, and the web interface hosted with lighttpd, but after that point, since I haven't actually used pihole before, I wasn't very sure what a "working" install would look like, so I lost some momentum.

The pihole core is a bunch of bash scripts with hard-coded paths, I took a naive approach of attempting to patch all those paths, but somehow feel that there might be a better way to get it working.

Hope this helps!

stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info

JamieMagee commented 3 years ago

Not stale. There is a PR in progress.

nixos-discourse commented 3 years ago

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/is-pi-hole-available-in-nixpkgs/14916/2

mausch commented 2 years ago

Another easy alternative that even got a flake last October: https://github.com/StevenBlack/hosts#nixos

nixos-discourse commented 2 years ago

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/why-did-pihole-container-stop-working/19066/1

bjornfor commented 1 year ago

PSA: In addition to AdGuard Home, NixOS also has a module for blocky. Both seem like nice alternatives to Pi-hole.

SgtPooki commented 6 months ago

Thanks samhh for https://github.com/samhh/dotfiles/commit/8193c3e407306e6f41b291923e6d8be8db19e36a. I tried blocky and dnsmasq and as a NixOS noob I couldn't get them working, but your pihole in docker container .nix file worked flawlessly

FabianRig commented 5 months ago

PSA: In addition to AdGuard Home, NixOS also has a module for blocky. Both seem like nice alternatives to Pi-hole.

https://github.com/TechnitiumSoftware/DnsServer is another alternative. It replaced Pi-hole and Unbound for me. I recently added a package and a module for it.