I have 4-5 pi-holes running at home, work and various VPS'. I would like to sync the whitelist and blacklist amongst them so changes made on one pi-hole will automatically update the other pi-holes.
I'm thinking either I have the whitelist and blacklist stored on a public server that is polled for changes by the pihole servers every 5 minutes and pull that down (when making changes, new white/blacklist gets pushed up).
Alternatively, from each pi-hole, it scp's the whitelist and blacklist to the other pi-holes and then restarts pihole on each server for the changes to take effect.
Going with central location means less issues when adding/removing servers, and going with the scp method means faster updates. Since I only expect to make changes at one location, I think having a central configuration location and polling pi-holes is the easiest. Some servers are behind NAT routers, others are on public IP's.
Has anyone implemented some to keep them in sync? If so, how did you go about it?
Brainstorming this one, what if you NFS export the /etc/pihole folder on the master,
mount it on the slaves via SSH port forwarding NFS or use openvpn,
have cron job on slaves md5 check for changes in that folder and if changed,
have dnsmasq slave reload settings (pulling changed settings from NFS export).
I have one public VPS that is reachable from all the rpi's behind NAT routers. On each of the rpi's, I use the program unison to sync and cron to check every 10 minutes. You also need to setup ssh keys so that the login is unattended.
My cron entry is:
*/10 * * * * /usr/bin/unison default &>/dev/null
My unison /root/.unison/default.prf config contains:
So on each of my rpi's, they'll check every 10 minutes for a change to the central lists. If it changes locally or remotely, it'll update each side. I don't automatically restart the servers, but that would be easy enough in the cron job.
If I never had a public VPS that was reachable by all, I'd probably create a repo with whitelist and blacklist that each client checks against, or use a vpn connection like Neorouter so that they'd all see each other as if they were local.