docker-pi-hole VS watchtower

Pi-hole (Docker Tag 2024.07.0 Pi-hole v5.18.3 FTL v5.25.2 Web Interface v5.21) configuration

Yesterday I deployed the official pi hole docker container on my raspberry pi 3 and set a custom DNS address on my phone addressing to the pi.

#pihole   pihole:     container_name: pihole     image: pihole/pihole:latest     ports:       - target: 53         published: 53         protocol: tcp         mode: host       - target: 53         published: 53         protocol: udp         mode: host       - "67:67/udp"       - "8070:80/tcp"       - "8073:443/tcp"     environment:       TZ: 'America/Indianapolis'       WEBPASSWORD: #'TEMP_PASSWORD' #'set a secure password here or it will be random'       WEBPASSWORD_FILE: '/etc/pihole/adminpw.txt'     # Volumes store your data between container upgrades     volumes:       - '~/pihole/etc-pihole:/etc/pihole'       - '~/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'     #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities     cap_add:       - NET_ADMIN # Recommended but not required (DHCP needs NET_ADMIN)     #network_mode: host     restart: unless-stopped     #UPTIME KUMA   uptime_kuma:     image: louislam/uptime-kuma:1     container_name: uptime-kuma     volumes:      - uptime-kuma:/app/data     ports:      - 8060:3001     restart: always

version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ networks: dns_net: driver: bridge ipam: config: - subnet: 10.2.0.0/24 services: pihole: depends_on: [unbound] container_name: pihole image: pihole/pihole:latest hostname: pihole networks: dns_net: ipv4_address: 10.2.0.100 ports: - "5335:53/tcp" - "5335:53/udp" - "7000:80/tcp" environment: TZ: ${TZ} WEBPASSWORD: ${PWD} FTLCONF_LOCAL_IPV4: ${HOST_IP} # Set to server's LAN IP, used by web block modes. PIHOLE_DNS_: 10.2.0.200 # Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon DNSMASQ_LISTENING: all # "Listen on all interfaces, permit all origins" # Volumes store your data between container upgrades volumes: - /var/lib/docker/volumes/pihole/etc-pihole:/etc/pihole - /var/lib/docker/volumes/pihole/etc-dnsmasq.d:/etc/dnsmasq.d healthcheck: disable: true restart: unless-stopped unbound: # https://github.com/MatthewVance/unbound-docker container_name: unbound image: mvance/unbound:latest hostname: unbound networks: dns_net: ipv4_address: 10.2.0.200 ports: - "${HOST_IP}:53:53/udp" - "${HOST_IP}:53:53/tcp" healthcheck: disable: true restart: unless-stopped

services: pihole: container_name: pihole image: pihole/pihole:latest hostname: pihole # Container hostname (optional) domainname: mynetwork.local # Container domain (optional) mac_address: f7:55:63:b0:68:83 # Random MAC address (optional) networks: virtualnet: # Name of macvlan ipv4_address: 192.168.100.249 # Desired IP for pihole dns: - 127.0.0.1 - 1.1.1.1 ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" volumes: - ./pihole-configs/:/etc/pihole/ - ./dnsmasq.d-configs/:/etc/dnsmasq.d/ # DNSMASQ_USER # https://github.com/pi-hole/docker-pi-hole/issues/963 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md#upgrade-notes environment: FTLCONF_LOCAL_IPV4: 10.59.0.6 # Desired IP for pihole VIRTUAL_HOST: pihole.mynetwork.local DNSMASQ_USER: root PIHOLE_DNS_: 1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001 restart: unless-stopped # Set container to always restart

You could have a look at docker and try to run a more recent Ubuntu image on the Nano https://github.com/pi-hole/docker-pi-hole

My advice would be either use the docker-pi-hole documentation/quick start, or contact the content creator.

compose-updater (python, api-service) – a project for updating the version of a docker image from CI in a closed infrastructure. I didn't find anything ready to solve this task. There is watchtower, but it's more about keeping up-to-date docker images, rather than updating a specific one, and also I couldn't run it with ECR repos – the author made a super minimalist image in which I couldn't enter through sh to debug. The second alternative is umputun/updater, but it's more about running different shell commands through a webhook. I chose Python because I didn't find a Rust crate for Docker API (most likely it exists, I just didn't understand which one is really good). Score: – (I didn't promote the project anywhere, I use it for my own purposes for now).

WatchTower is one of my favorite projects because it is super useful, and it was also my start in DevOps. WatchTower is a containerized application that monitors your running containers, and will automatically update your images when a newer version is available. Pretty simple, but super useful if you want to run your own infrastructure. Awesome learning experience, and it has over 18k stars!

Interesting- my first time reading about Kamal. I personally used watchtower (https://github.com/containrrr/watchtower) to check for and deploy container updates from the GitHub Container Registry and push new images there from Actions. I also used OpenTofu to automate the VPS provisioning in GH Actions.

For a single server I’d rather have one config management system - Chef/Ansible/… - and just have that set up docker & nginx, rather than have config management set up Kubernetes, and then also need to write Kubernetes manifest YAML files in addition to my config management thingies.

On my home server I use Chef. I have a recipe for each service that sets up a docker container plus an NGINX config that does the TLS and port mapping stuff. To handle container updates I run Watchtower (https://containrrr.dev/watchtower/) which pulls and then restarts my containers when I send a POST.

Deploys are super easy, just docker build, docker push, curl -h $DEPLOY_TOKEN $DEPLOY_URL.

don’t need anything complicated for rollback, just retag and curl again.

Related: https://github.com/containrrr/watchtower

> if you're using the docker image, upgrades are a breeze. Just bump the tag on the image, redeploy, and you're done.

Or you could just run Watchtower beside it and it will automatically update your docker containers. https://github.com/containrrr/watchtower If you are OK with automated updates.