# Pi-hole + DNSCrypt

<div align="center">
  <img src="https://i0.wp.com/pi-hole.net/wp-content/uploads/2018/12/dashboard.png?zoom=1.75&w=3840&ssl=1" />
</div>

## Descrizione

[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (Pi-hole)>)](https://pi-hole.net/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (Pi-Hole)>)](https://github.com/pi-hole/docker-pi-hole) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (Pi-hole)>)](https://hub.docker.com/r/pihole/pihole) [![Docs (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (Pi-hole)>)](https://docs.pi-hole.net/) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)

[![Sito ufficiale](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=firefoxbrowser&style=flat&label=&message=Homepage (DNSCrypt)>)](https://dnscrypt.info/) [![Sorgente (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=github&style=flat&label=&message=Sorgente (DNSCrypt)>)](https://github.com/klutchell/dnscrypt-proxy) [![Docker Hub (Pi-hole)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=docker&style=flat&label=&message=Docker Hub (DNSCrypt)>)](https://hub.docker.com/r/klutchell/dnscrypt-proxy/) [![Docs (DNSCrypt)](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=readthedocs&style=flat&label=&message=Docs (DNSCrypt)>)](https://github.com/DNSCrypt/dnscrypt-proxy/wiki) ![RPI Friendly](<https://img.shields.io/static/v1.svg?color=555555&logoColor=ffffff&logo=raspberrypi&style=flat&label=&message=RPi Friendly>)

Pi-hole + DNSCrypt è un mix tra un adblock di rete e un caching proxy DNS:

- Interfaccia web semplice per una semplice gestione
- Pieno supporto alle [blacklist](https://firebog.net/) e alle [whitelist](https://github.com/ijhuang/allowlist)
- Pieno supporto ai seguenti protocolli [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt), [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt) e [ODoH (Oblivious DoH)](https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/odoh.md)

## Struttura file e cartelle

```
/home/
└── docker/
    └── pihole+dnscrypt/
        ├── dnscrypt/
        ├── dnsmasq.d/
        ├── pihole/
        ├── .env
        └── docker-compose.yml
```

- `dnscrypt/` - cartella dove risiedono i dati che servono a dnscrypt
- `dnsmasq.d/` - cartella dove risiedono i dati che servono a dnsmasq.d
- `pihole/` - cartella dove risiedono i dati che servono a pihole
- `.env` - file contenenti le variabili environment per il docker-compose
- `docker-compose.yml` - file usato per creare il container

**N.B. Tutti i file e le cartelle devono essere creati a mano**

## Esempi

Semplice esempio per iniziare ad usare subito il container

### network

Con docker

```bash
docker network create custom-bridge
```

oppure usando podman

```bash
podman network create custom-bridge
```

### docker-compose

`docker-compose.yml`

```yml
version: "3"
services:
  dnscrypt:
    container_name: dnscrypt-proxy
    image: klutchell/dnscrypt-proxy
    security_opt:
      - no-new-privileges:true
    networks:
      custom-bridge:
        ipv4_address: 10.0.1.2
    expose:
      - 5053/udp
      - 5053/tcp
    env_file: .env
    volumes:
      - ${DNSCRYPT_CONFIG:-/home/docker/pihole+dnscrypt/dnscrypt}:/config
    dns:
      - 185.222.222.222 # https://dns.sb/privacy/
      - 45.11.11.11
    restart: unless-stopped

  pihole:
    container_name: pihole
    image: pihole/pihole
    security_opt:
      - no-new-privileges:true
    networks:
      custom-bridge:
        ipv4_address: 10.0.1.3
    ports:
      - ${PIHOLE_DNS_PORT:-53}:53/tcp
      - ${PIHOLE_DNS_PORT:-53}:53/udp
      - ${PIHOLE_DHCP_PORT:-67}:67/udp
      - ${PIHOLE_WEBUI_PORT:-80}:80/tcp
    env_file: .env
    volumes:
      - ${PIHOLE_CONFIG:-/home/docker/pihole+dnscrypt/pihole}:/etc/pihole/
      - ${PIHOLE_DNSMASQD:-/home/docker/pihole+dnscrypt/dnsmasq.d}:/etc/dnsmasq.d/
    dns:
      - 185.222.222.222 # https://dns.sb/privacy
      - 45.11.11.11
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    depends_on:
      - dnscrypt

networks:
  custom-bridge:
    name: custom-bridge
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.1.0/24
```

`.env`

```bash
# Generale
PIHOLE_DNS_PORT=53
PIHOLE_DHCP_PORT=67
PIHOLE_WEBUI_PORT=80
DNSCRYPT_CONFIG=/home/docker/pihole+dnscrypt/dnscrypt
PIHOLE_CONFIG=/home/docker/pihole+dnscrypt/pihole
PIHOLE_DNSMASQD=/home/docker/pihole+dnscrypt/dnsmasq.d
TZ=Europe/Amdsterdam

# Pi-hole
WEBPASSWORD=cambiamiperfavore
DNS1: "10.0.1.2#5053"
DNS2: "no"
```

## Reverse proxy

Vedi [Todo](#Todo)

## Aggiornamento

### Automatico

Usando [watchtower](../watchtower) il container si aggiorna automaticamente

### Manuale

1. `docker-compose up -d`
2. `docker image prune`

## Backup e ripristino

### Backup

Usate [borg](../borg) per fare i backup giornalieri dell'intera cartella `pihole+dnscrypt`

### Ripristino

Per una maggiore spiegazione sui passaggi da fare, controllate [qua](../borg#user-content-controllare-la-cartella-dei-backup)

1. fermare il container con `docker-compose down`
2. cancellare l'intera cartella `pihole+dnscrypt`
3. dal backup copiare la cartella `pihole+dnscrypt`
4. far ripartire il container con `docker-compose up -d`

## Todo

Implementare:

- reverse proxy: **[caddy](https://caddyserver.com/)** o **[traefik](https://doc.traefik.io/traefik/)**

---

Licenza: [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt)