Jump to content

Pi-Hole: Difference between revisions

From Official NixOS Wiki
← Older editNewer edit →
J7 (talk | contribs)
10 edits
VisualWikitext
J7 (talk | contribs)
10 edits
J7 (talk | contribs)
10 edits
Line 4: Line 4:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
services.pihole-ftl = {
services.pihole-ftl = {
    enable = true;
  enable = true;
    openFirewallDNS = true;             # To open port 53 for DNS traffic
  openFirewallDNS = true;   # Open port 53 (DNS traffic)
  settings = {              # See <https://docs.pi-hole.net/ftldns/configfile/>
    dns.upstreams = [ "9.9.9.9" "1.1.1.1" ];  # Use Quad9/Cloudflare's DNS Servers
    hosts = [ "192.168.1.188 some.domain" ];  # Optionally resolve local domains
  };
};
</syntaxhighlight>
 
You can test it's working
 
<syntaxhighlight>
  systemctl status pihole-ftl.service
  dig @localhost nixos.org
</syntaxhighlight>


    # Settings documented at <https://docs.pi-hole.net/ftldns/configfile/>
Now, setting your routers DNS server to your IP will direct your traffic to the Pi-Hole. Blocked domains will not be resolved.
    settings = {
        dns.upstreams = [ "9.9.9.9" "1.1.1.1" ];  # To use Quad9 and Cloudflare's DNS Servers
        hosts = [                        # Optionally resolve local domains
            "192.168.1.188 some.domain"
        ];
    };


    # Lists can be added via URL
== Adding lists ==
     lists = [
<syntaxhighlight lang="nix">
        {
services.pihole-ftl = {
            url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt";
  lists = [    # Lists can be added via URL
            type = "block";
     {
            enabled = true;
      url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt";
            description = "Sample blocklist by hagezi";
      type = "block";
        }
      enabled = true;
    ];
      description = "Sample blocklist by hagezi";
    }
  ];
};
};
</syntaxhighlight>At your option, a web interface can be enabled via <code>services.pihole-web.enable = true;</code>. You will have to open the corresponding ports when doing so.
services.pihole-web = { # If lists are enabled then pihole-web must be configured
  enable = true;
  ports = [ "443s" ];
};
</syntaxhighlight>


Now, setting your routers DNS server to your IP will direct your traffic to the Pi-Hole. Blocked domains will not be resolved.
Now you can access pihole web interface at https://localhost:443

Revision as of 12:09, 27 February 2026

Pi-Hole is a DNS service that functions as network ad-blocker.

Minimal Configuration Example

services.pihole-ftl = {
  enable = true;
  openFirewallDNS = true;    # Open port 53 (DNS traffic)
  settings = {               # See <https://docs.pi-hole.net/ftldns/configfile/>
    dns.upstreams = [ "9.9.9.9" "1.1.1.1" ];   # Use Quad9/Cloudflare's DNS Servers
    hosts = [ "192.168.1.188 some.domain" ];   # Optionally resolve local domains
  };
};

You can test it's working 

  systemctl status pihole-ftl.service
  dig @localhost nixos.org

Now, setting your routers DNS server to your IP will direct your traffic to the Pi-Hole. Blocked domains will not be resolved.

Adding lists

services.pihole-ftl = {
  lists = [    # Lists can be added via URL
    {
      url = "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt";
      type = "block";
      enabled = true;
      description = "Sample blocklist by hagezi";
    }
  ];
};
services.pihole-web = { # If lists are enabled then pihole-web must be configured
  enable = true;
  ports = [ "443s" ];
};

Now you can access pihole web interface at https://localhost:443

Retrieved from "https://wiki.nixos.org/w/index.php?title=Pi-Hole&oldid=30165"