I stumbled over Pi-hole roughly 2.5 years ago. My wife's school had a lot of problems with kids downloading sexual content, games, ... onto school devices. As the small company running the infrastructure really couldn't come up with a solution, I looked around. And Pi-hole looked promising. So I donated two PI 3Bs to the school, installed them and the next day we already saw some very unhappy faces - since then basically no unwanted downloads happened anymore So Kudos to the Pi-hole developers.
But what bugged me from day 1 is that there's no package available. This led to quite some issues. And also other schools showed an interest in our solution, but whenever I showed them how to install Pi-hole the show was over. From small 1-man to larger companies, no-one would go for a deployment without a package. That's where the story started. I took up many suggestions from others, finally resulting in the following design criteria:
-
Make a Debian package in the first place, ensuring proper dependency management etc. I try to be as much compliant to Debian policy as my time allows (e.g. respecting the FHS, dynamically link binaries, ...). Unfortunately this also means that the pihole Package isn't compatible with manual installs from Github. If you want to try the package, I suggest doing it initially on a new VM or something so you get the idea. If you want to keep it, save your Pi-hole DBs and dnsmasq.d files and go from there. Running "pihole reconfigure" right after initial install is your friend.
-
Don't touch any existing configurations. Some people have spent lots of times customizing their DHCP, Web, ... setups and Pi-hole shouldn't break any of them. So pihole just advises on changes that should be done, but in the end the administrator is responsible to integrate it into the existing setup. This is usually only required once for initial install.
-
Use of PHP FPM. That way the Pi-hole web interface can run as user 'pihole' and the need to grant sudo to the Web server account is eliminated.
-
Simplify the admin interface. It now uses an ini-style file for input which allows atomic application of any number of changes, not requiring lots & lots of individual pihole commands being submitted. This also allows for a more industrial style administration support, as you can build your ini-file on a test system and once find it ok, you can deploy these settings on your production machine with just a single command - or even automate it.
As part of this, the entire configuration shell scripts have been replaced by a family of Perl classes (Config::Pihole*) that do a very thorough analysis of both the existing config and the newly deployed ini-style file. If they find something looks broken, changes won't be made - so in case don't make things worse by messing around more.
And yes, I know it's still limited in its features, e.g. no adlist management (but as everyone so far has been happy to use the web interface, this doesn't rank very high on the todo list).
- The web interface is perfect, as far as I'm concerned. But still I made two changes here: First, config settings are now read from golden source and not (only) from setupVars.conf. This data duplication (being out of sync for different reasons) had led to some problems on some of my installations and so I worked on not being dependent on it. The config data is now stored in the session data and only re-read if any config file changed. Secondly, each call from PHP now evaluates the pihole command's return code and if something went wrong, the last few lines of output are appended to the error splash message for easier diagnosis (the full output can be found in lighttpd's error.log file).
If you're interested, the packages are available on https://c.gmx.net/@329593023048457079/YnjiHVTQRLuY7qJiW5pzbg. I currently don't have the means to set up a public apt archive, so this is the only way to download.
Feel free to send comments, suggestions, bug reports, ... I can't possibly test everything as I'm doing this just as a private hobby - so I'm also not on a fixed release schedule and changes to the packages are made whenever there's time.
Thanks & enjoy,
Mirko