alvis/AgapHost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: Pi hole
Pages
3X UI AI Agap Installation Backups Gitea Hello Home Assistant Home Immich Juris Kanboard Marketplace MCP Matrix Network Omo Open WebUI Pi hole Radicale Seafile Storage Vaultwarden Zabbix qBittorrent unnamed
Clone
1
Pi hole
alvis edited this page 2026-05-22 13:04:02 +00:00
Table of Contents

Pi-hole

Network-wide DNS ad-blocking. Runs on Juris (192.168.1.4), not Agap.

Topology

[LAN clients] → DNS → 192.168.1.2 (pihole, macvlan on enp2s0)
                         ↓
                    8.8.8.8 / 1.1.1.1

Pi-hole is a Docker macvlan container with its own LAN IP 192.168.1.2, separate from lizacer's host IP 192.168.1.4. The router's DNS is set to 192.168.1.2 so every LAN client uses Pi-hole automatically.
Host lizacer (192.168.1.4)
Container IP 192.168.1.2
Web UI http://192.168.1.2/admin
API https://192.168.1.2/api
Compose /home/alvis/pihole/docker-compose.yaml on lizacer
Data /home/alvis/pihole/data/pihole/ on lizacer
Web password FTLCONF_webserver_api_password in compose

Operations

All commands run on lizacer (ssh alvis@192.168.1.4):

cd ~/pihole
docker compose up -d        # start
docker compose down         # stop
docker compose logs -f      # tail logs
docker compose pull && docker compose up -d   # update image

Macvlan host-isolation gotcha

A Docker macvlan container is invisible to its own host kernel by default. From lizacer's shell, ping 192.168.1.2 returns Destination Host Unreachable — even though every other LAN device can reach it fine. This breaks Zabbix monitoring, which runs on lizacer.

Fix: a macvlan-shim interface lets the host route to the container's IP. Persisted as a systemd unit at /etc/systemd/system/macvlan-shim.service:

[Unit]
Description=Macvlan shim for Pi-hole communication
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/bash -c 'ip link add macvlan-shim link enp2s0 type macvlan mode bridge && ip addr add 192.168.1.253/32 dev macvlan-shim && ip link set macvlan-shim up && ip route add 192.168.1.2/32 dev macvlan-shim'
ExecStop=/bin/bash -c 'ip link del macvlan-shim'

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now macvlan-shim.service

After this, the host reaches the container directly.

Monitoring

Zabbix host pihole (hostid 10778) polls https://192.168.1.2/api using the Pi-hole modern API by HTTP template. Host macros:

Macro Value
{$PIHOLE.API.URL} https://192.168.1.2/api
{$PIHOLE.PASSWORD} (matches FTLCONF_webserver_api_password)

History

Pi-hole originally ran on Agap (macvlan on br0). It was migrated to lizacer on 2026-05-03 to consolidate; Agap's compose, data dir (/mnt/ssd/dbs/pihole/), and macvlan-shim are retired stale state.