Running Pi-hole as a Docker Container on HiFiBerryOS

2024-02-10

In the digital age, online advertisements are ubiquitous, often intrusive, and can compromise both privacy and browsing experience. Pi-hole, a popular open-source network-level advertisement and internet tracker blocking application, offers a solution to this issue. By running Pi-hole on a network, users can block ads before they reach devices, leading to faster browsing and enhanced privacy.

In this blog post, we’ll explore how to configure Pi-hole to run as a Docker container on HiFiBerryOS, providing a streamlined approach to ad blocking for users of HiFiBerry audio products.

What is HiFiBerryOS?

HiFiBerryOS is a dedicated audio operating system designed for HiFiBerry’s range of audio products, including DACs (Digital-to-Analog Converters) and amplifiers. It offers a minimalist, purpose-built environment optimized for high-quality audio playback, making it a popular choice among audiophiles and DIY audio enthusiasts.

Why Pi-hole on HiFiBerryOS?

If you already have setup an audio streaming server like I do, then you will realize its idle most of the time. So why not put it to good use blocking ads for all devices connected to the local network.

Configuring Pi-hole as a Docker Container on HiFiBerryOS

Fortunately since release 20201213 of HiFiBerryOS, there is builtin support for running docker containers.

Create a new folder for the pihole docker config mkdir -p /data/docker/pihole
Create a compose file nano /data/docker/pihole/docker-compose.yml

# /data/docker/pihole/docker-compose.yml
version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "0.0.0.0:53:53/tcp"
      - "0.0.0.0:53:53/udp"
      - "0.0.0.0:8080:80/tcp"
    environment:
      TZ: "Europa/Berlin"
      WEBPASSWORD: "SET_YOUR_PASSWORD_HERE"
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: always

You have to add 0.0.0.0 to the exposed ports to avoid a known bug, that prevents containers from starting on HiFiBerryOS.

As pihole takes over the DNS that normally is a part of HiFiBerryOS, we have to disable the default service

systemctl stop tempap-dnsmasq.service
systemctl mask tempap-dnsmasq.service
systemctl stop systemd-resolve.service

systemctl disable systemd-resolve.service

Configure nameservers to use in case pihole is down by editing /etc/resolv.conf

# /etc/resolv.conf
nameserver 9.9.9.9
nameserver 1.1.1.1
nameserver 2a02:8071:6190:3740:ca52:61ff:febd:a5cc
search .

Start pihole by running /opt/hifiberry/bin/start-containers or restarting

Check if the pihole container is running:

# docker container list
CONTAINER ID   IMAGE                  COMMAND      CREATED       STATUS                 PORTS                                                                  NAMES
7dfcccfca64e   pihole/pihole:latest   "/s6-init"   3 weeks ago   Up 3 weeks (healthy)   0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, 67/udp, 0.0.0.0:8080->80/tcp   pihole

Conclusion

By configuring Pi-hole as a Docker container on HiFiBerryOS, you can easily integrate network-level ad blocking into your audio setup, ensuring a cleaner browsing and streaming experience. With Pi-hole actively blocking ads and internet trackers, you can enjoy your favorite content without interruptions or privacy concerns. Try it out and take control of your online experience today!