Hi all,

just wanted to let ppl know that running pi-hole in a rootless container without any tricks works fine.
As rafael mentioned, this is only usefull for really small environments.

I tweaked the docker start script a bit so it would run with podman as a rootless container using an ordinary user (see attachment)
Then configured the global forwarder to the ip of the ipa server with the port 6053.
That's was it, now my ipa-server forwards all the queries to the local rootless pi-hole container.

Rob

Op do 10 feb. 2022 om 09:50 schreef Rob Verduijn <rob.verduijn@gmail.com>:
Hi,

You are right, it is only usefull for a very small environment.
It is for home, at work I really don't care about adding one (or more) systems to the environment. (ansible plays will keep them up2date and configured properly)

But I think I have figured it out.
It is possible to specify a global forwarder with an alternative port, hence I could configure a container on the ipa server system listening on a different portĀ  and add that one as a forwarder.
If it starts complaining about the ip being its own I will use cni to assign a different external ip to that container.

I will test this in the next few days.

Rob


Op wo 9 feb. 2022 om 22:39 schreef Rafael Jeffman <rjeffman@redhat.com>:
Hi Rob,

On Wed, Feb 9, 2022 at 9:32 AM Rob Verduijn via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
Hi all,

I'm trying to reduce the number of systems in my network.
Currently if I want to use a pi-hole in combination with freeipa one of them is going to use the other as a forwarder.

And without some firewall/router port redirection magic (also hopelessly complicating things) this is not going to run on one system.

Did anybody manage to integrate pi-hole into freeipa as a plugin or some other nifty solution making it possible to run it all on one system ?


This doesn't seem likely to be done soon, or ever, even if it is
something I'd personally have use for.

You could have a single pi-hole in your network, but you would
like to have at least two IPA servers, a master and a replica.

For very small setups, it would be a nice exercise, but apart
from that I don't see much use in having both in the system
(and sharing scarce resources).

Rafael


Rob

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


--
Rafael Guterres Jeffman
Senior Software EngineerĀ 
FreeIPA - Red Hat