I wanted to have PiHole within the same subnet as my other devices and I wanted to have it within docker.
This is my docker compose file I came up with:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
environment:
TZ: 'Europe/Berlin'
FTLCONF_webserver_api_password: 'correct horse battery staple'
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
restart: unless-stopped
networks:
host_home:
ipv4_address: 192.168.33.151 # value of dns-server within router
ipv6_address: fd00::3f82:ac02:fe4a:5031 # value of dns-server within router
networks:
host_home:
name: host_home
driver: macvlan
enable_ipv6: true
driver_opts:
parent: eth0 #probably valid in most cases
ipam:
config:
- subnet: 192.168.33.0/24 # range must cover gateway and ip_range
gateway: 192.168.33.1 # IP of router
ip_range: 192.168.33.144/28 # IP-Range for Docker in HOST-Subnet
- subnet: fd00::3f82:ac02:fe4a:5193/64 # range must cover gateway and ip_range
gateway: fd00::3f82:ac02:fe4a:5193 # IP of router
ip_range: fd00::3f82:ac02:fe4a:5000/116 # IP-Range for Docker in HOST-Subnet
First of all it seems to work. I can see both 'A' and 'AAAA' requests from different devices and under network most of the devices are listed with both ipv4 and ipv6.
But still, I'm wondering is it a valid approach? And more important might I introduce valid security concerns? e.g. how does security of this approch compare to a native install of pihole on a raspberry?