vikunja

pihole/Caddyfilepart

@@ -0,0 +1,7 @@
+pihole.domr.ovh, 
+pihole.home.domroese.eu {
+    tls soenke@domroese.eu 
+    reverse_proxy 192.168.1.65:2000
+}
+
+

pihole/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3"
+
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
+      - "2000:80/tcp"
+    environment:
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: 'Diavid9600'
+    # Volumes store your data between container upgrades
+    volumes:
+      - '/home/soenke/docker-data/pihole/etc-pihole:/etc/pihole'
+      - '/home/soenke/docker-data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
+    restart: unless-stopped
+

pihole/etc-pihole/adlists.list

@@ -0,0 +1 @@
+https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

pihole/etc-pihole/dns-servers.conf

@@ -0,0 +1,9 @@
+Google (ECS, DNSSEC);8.8.8.8;8.8.4.4;2001:4860:4860:0:0:0:0:8888;2001:4860:4860:0:0:0:0:8844
+OpenDNS (ECS, DNSSEC);208.67.222.222;208.67.220.220;2620:119:35::35;2620:119:53::53
+Level3;4.2.2.1;4.2.2.2;;
+Comodo;8.26.56.26;8.20.247.20;;
+DNS.WATCH (DNSSEC);84.200.69.80;84.200.70.40;2001:1608:10:25:0:0:1c04:b12f;2001:1608:10:25:0:0:9249:d69b
+Quad9 (filtered, DNSSEC);9.9.9.9;149.112.112.112;2620:fe::fe;2620:fe::9
+Quad9 (unfiltered, no DNSSEC);9.9.9.10;149.112.112.10;2620:fe::10;2620:fe::fe:10
+Quad9 (filtered, ECS, DNSSEC);9.9.9.11;149.112.112.11;2620:fe::11;2620:fe::fe:11
+Cloudflare (DNSSEC);1.1.1.1;1.0.0.1;2606:4700:4700::1111;2606:4700:4700::1001

pihole/etc-pihole/dnsmasq.conf

@@ -0,0 +1,106 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Dnsmasq config for Pi-hole's FTLDNS
+#
+##################################################################################
+#                                                                                #
+#                     FILE AUTOMATICALLY POPULATED BY PI-HOLE                    #
+#    ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES   #
+#                                                                                #
+#            IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN           #
+#                             /etc/pihole/pihole.toml                            #
+#                             and restart pihole-FTL                             #
+#                                                                                #
+#           ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                       WITHIN /etc/dnsmasq.d/yourname.conf                      #
+#    (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml)    #
+#                                                                                #
+#                      Last updated: 2025-03-07 13:21:22 CET                     #
+#                              by FTL version v6.0.2                             #
+#                                                                                #
+##################################################################################
+hostsdir=/etc/pihole/hosts
+
+# Don't read /etc/resolv.conf. Get upstream servers only from the configuration
+no-resolv
+
+# DNS port to be used
+port=53
+
+# List of upstream DNS server
+server=8.8.8.8
+server=8.8.4.4
+
+# Set the size of dnsmasq's cache. The default is 150 names. Setting the cache
+# size to zero disables caching. Note: huge cache size impacts performance
+cache-size=10000
+
+# Return answers to DNS queries from /etc/hosts and interface-name and
+# dynamic-host which depend on the interface over which the query was
+# received. If a name has more than one address associated with it, and
+# at least one of those addresses is on the same subnet as the interface
+# to which the query was sent, then return only the address(es) on that
+# subnet and return all the available addresses otherwise.
+localise-queries
+
+# Enable query logging
+log-queries
+log-async
+
+# Specify the log file to use
+# We set this even if logging is disabled to store warnings
+# and errors in this file. This is useful for debugging.
+log-facility=/var/log/pihole/pihole.log
+
+# Use stale cache entries for a given number of seconds to optimize cache utilization
+# Setting the time to zero will serve stale cache data regardless how long it has expired.
+use-stale-cache=3600
+
+# Listen on one interface
+interface=eth0
+
+# DNS domain for both the DNS and DHCP server
+# This DNS domain in purely local. FTL may answer queries from
+# /etc/hosts or DHCP but should never forward queries on that
+# domain to any upstream servers
+domain=lan
+local=/lan/
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
+#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
+#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
+#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
+#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
+#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" above
+# (if enabled!) as this option also covers IPv6.
+
+# OpenWRT furthermore blocks bind, local, onion domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/
+
+# Cache all DNS records
+cache-rr=ANY
+
+# RFC 8482: Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY
+# Filters replies to queries for type ANY. Everything other than A, AAAA, MX and CNAME
+# records are removed. Since ANY queries with forged source addresses can be used in DNS amplification attacks
+# replies to ANY queries can be large) this defangs such attacks, whilst still supporting the
+# one remaining possible use of ANY queries. See RFC 8482 para 4.3 for details.
+filter-rr=ANY
+

pihole/etc-pihole/hosts/custom.list

@@ -0,0 +1,32 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Custom DNS entries (HOSTS file)
+#
+##################################################################################
+#                                                                                #
+#                     FILE AUTOMATICALLY POPULATED BY PI-HOLE                    #
+#    ANY CHANGES MADE TO THIS FILE WILL BE LOST WHEN THE CONFIGURATION CHANGES   #
+#                                                                                #
+#            IF YOU WISH TO CHANGE ANY OF THESE VALUES, CHANGE THEM IN           #
+#                             /etc/pihole/pihole.toml                            #
+#                             and restart pihole-FTL                             #
+#                                                                                #
+#           ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                       WITHIN /etc/dnsmasq.d/yourname.conf                      #
+#    (make sure misc.etc_dnsmasq_d is set to true in /etc/pihole/pihole.toml)    #
+#                                                                                #
+#                      Last updated: 2025-02-25 07:59:17 CET                     #
+#                              by FTL version v6.0.2                             #
+#                                                                                #
+##################################################################################
+
+213.209.115.117 proxy.voipslb.wtnet.de
+192.168.1.194 asgard.dom.local
+192.168.1.194 dom.local
+192.168.1.194 home.local
+192.168.1.65 home
+
+
+# There are 5 entries in this file

pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.etag

@@ -0,0 +1 @@
+W/"8caa9f75b909391b2db18bf240ac07e621dd2e393821d9a4ea052571edb33df9"

pihole/etc-pihole/listsCache/list.1.raw.githubusercontent.com.domains.sha1

@@ -0,0 +1 @@
+2b74510cd4f1dffab5b7dd4f59dcbc00d19ad0d2  /etc/pihole/listsCache/list.1.raw.githubusercontent.com.domains

pihole/etc-pihole/local.list

@@ -0,0 +1 @@
+### Do not modify this file, it will be overwritten by pihole -g

pihole/etc-pihole/logrotate

@@ -0,0 +1,32 @@
+/var/log/pihole/pihole.log {
+    # su #
+    daily
+    copytruncate
+    rotate 5
+    compress
+    delaycompress
+    notifempty
+    nomail
+}
+
+/var/log/pihole/FTL.log {
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
+}
+
+/var/log/pihole/webserver.log {
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
+}

pihole/etc-pihole/migration_backup/adlists.list

@@ -0,0 +1 @@
+https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

pihole/etc-pihole/migration_backup_v6/01-pihole.conf

@@ -0,0 +1,37 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Dnsmasq config for Pi-hole's FTLDNS
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+#                                                                             #
+#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
+#                      /etc/pihole/setupVars.conf                             #
+#                                                                             #
+#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+###############################################################################
+
+addn-hosts=/etc/pihole/local.list
+addn-hosts=/etc/pihole/custom.list
+
+
+localise-queries
+
+
+no-resolv
+
+log-queries
+log-facility=/var/log/pihole/pihole.log
+
+log-async
+cache-size=10000
+server=8.8.8.8
+server=8.8.4.4
+interface=eth0

pihole/etc-pihole/migration_backup_v6/06-rfc6761.conf

@@ -0,0 +1,42 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# RFC 6761 config file for Pi-hole
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+###############################################################################
+#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
+# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
+#                                                                             #
+#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
+#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
+###############################################################################
+
+# RFC 6761: Caching DNS servers SHOULD recognize
+#     test, localhost, invalid
+# names as special and SHOULD NOT attempt to look up NS records for them, or
+# otherwise query authoritative DNS servers in an attempt to resolve these
+# names.
+server=/test/
+server=/localhost/
+server=/invalid/
+
+# The same RFC requests something similar for
+#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
+#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
+#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
+#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
+#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
+#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
+# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
+# 01-pihole.conf) because this also covers IPv6.
+
+# OpenWRT furthermore blocks    bind, local, onion    domains
+# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
+# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
+# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
+server=/bind/
+server=/onion/

pihole/etc-pihole/migration_backup_v6/custom.list

@@ -0,0 +1,5 @@
+213.209.115.117 proxy.voipslb.wtnet.de
+192.168.1.194 asgard.dom.local
+192.168.1.194 dom.local
+192.168.1.194 home.local
+192.168.1.65 home

pihole/etc-pihole/migration_backup_v6/pihole-FTL.conf

@@ -0,0 +1,4 @@
+#; Pi-hole FTL config file
+#; Comments should start with #; to avoid issues with PHP and bash reading this file
+MACVENDORDB=/macvendor.db
+LOCAL_IPV4=0.0.0.0

pihole/etc-pihole/migration_backup_v6/setupVars.conf

@@ -0,0 +1,7 @@
+INSTALL_WEB_INTERFACE=true
+WEBPASSWORD=b9ae8f6ef80e3800730670e95bcc192645b800d4fd10a5f723ac9a9aa55eef02
+PIHOLE_DNS_1=8.8.8.8
+PIHOLE_DNS_2=8.8.4.4
+PIHOLE_INTERFACE=eth0
+QUERY_LOGGING=true
+BLOCKING_ENABLED=true

pihole/etc-pihole/setupVars.conf.update.bak

@@ -0,0 +1,7 @@
+INSTALL_WEB_INTERFACE=true
+WEBPASSWORD=b9ae8f6ef80e3800730670e95bcc192645b800d4fd10a5f723ac9a9aa55eef02
+PIHOLE_DNS_1=8.8.8.8
+PIHOLE_DNS_2=8.8.4.4
+PIHOLE_INTERFACE=eth0
+QUERY_LOGGING=true
+BLOCKING_ENABLED=true

pihole/etc-pihole/tls.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAWagAwIBAgIPODgwNTYxMjM3NjYxOTg5MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjASMRAwDgYDVQQDDAdwaS5o
+b2xlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/f/Z8U9EJXIP7x35VkdOhloOflvu
+z+alAXj1YBegDAeDx5Kyn8nV6BWlUp5P323wQEnn08MfDNsRNQs9M7464sGfXMB+
+pb9aoGtWk8zRimVDdbAa7uAug6VKw6VizSIXo2EwXzAdBgNVHQ4EFgQUDYOSa+kg
+ddGjjx+H+CEDQ9gg2z4wHwYDVR0jBBgwFoAUtFaHpiFbr49DT83v/RvqHGvXNv0w
+CQYDVR0TBAIwADASBgNVHREECzAJggdwaS5ob2xlMAoGCCqGSM49BAMCA2cAMGQC
+MBVUaxx0HbOJbgrkpxH1deFeTliYxxxLT/Al8ZRztqPdlhCkcN7rXRgT1LVsKLj0
+JAIweGllt1mtLIxJYJIkPpIdNJuIXUOVCo0Ksrd9cMTJKHVwHUi68+yrnmLM3AoS
+fCAm
+-----END CERTIFICATE-----

pihole/etc-pihole/tls.pem

@@ -0,0 +1,19 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCYymusF68i55FXn9YAByWFdkrllGbRrnEjKhnluJE/p9/M49HxniFV
+waDaZMP67YygBwYFK4EEACKhZANiAAT9/9nxT0Qlcg/vHflWR06GWg5+W+7P5qUB
+ePVgF6AMB4PHkrKfydXoFaVSnk/fbfBASefTwx8M2xE1Cz0zvjriwZ9cwH6lv1qg
+a1aTzNGKZUN1sBru4C6DpUrDpWLNIhc=
+-----END EC PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAWagAwIBAgIPODgwNTYxMjM3NjYxOTg5MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjASMRAwDgYDVQQDDAdwaS5o
+b2xlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/f/Z8U9EJXIP7x35VkdOhloOflvu
+z+alAXj1YBegDAeDx5Kyn8nV6BWlUp5P323wQEnn08MfDNsRNQs9M7464sGfXMB+
+pb9aoGtWk8zRimVDdbAa7uAug6VKw6VizSIXo2EwXzAdBgNVHQ4EFgQUDYOSa+kg
+ddGjjx+H+CEDQ9gg2z4wHwYDVR0jBBgwFoAUtFaHpiFbr49DT83v/RvqHGvXNv0w
+CQYDVR0TBAIwADASBgNVHREECzAJggdwaS5ob2xlMAoGCCqGSM49BAMCA2cAMGQC
+MBVUaxx0HbOJbgrkpxH1deFeTliYxxxLT/Al8ZRztqPdlhCkcN7rXRgT1LVsKLj0
+JAIweGllt1mtLIxJYJIkPpIdNJuIXUOVCo0Ksrd9cMTJKHVwHUi68+yrnmLM3AoS
+fCAm
+-----END CERTIFICATE-----

pihole/etc-pihole/tls_ca.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8TCCAXegAwIBAgIPNDYzMTI0ODQwNzA0NzQ1MAoGCCqGSM49BAMCMDExEDAO
+BgNVBAMMB3BpLmhvbGUxEDAOBgNVBAoMB1BpLWhvbGUxCzAJBgNVBAYTAkRFMCAX
+DTI1MDIyNTA2NTkxOVoYDzIwNTUwMjI1MDY1OTE5WjAxMRAwDgYDVQQDDAdwaS5o
+b2xlMRAwDgYDVQQKDAdQaS1ob2xlMQswCQYDVQQGEwJERTB2MBAGByqGSM49AgEG
+BSuBBAAiA2IABC16Zw0oMu1ZmCUGaFzbgahFCdWDpdlWMb60SDAVoTNgeJ4HEAL5
+OF8eHh2hLlk+ahL4M1J4eUeZOoPKk0jkytTS7Jpi3j5vITpvAFIrm5FyXI4Etrru
+kWtwdGnHTMUaH6NTMFEwHQYDVR0OBBYEFLRWh6YhW6+PQ0/N7/0b6hxr1zb9MB8G
+A1UdIwQYMBaAFLRWh6YhW6+PQ0/N7/0b6hxr1zb9MA8GA1UdEwEB/wQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOWeCByOstKQsF9RFkt9gw/4I6WDPRuafKGr2shz
+q2d2hv0WO/dgw8jU8za5KGRbfgIwdCxYfD4CFJiybzu0379jujLtgym6wurxpMjB
+HRLnjnHvipRXMZ0pGSVwyg7HE0oQ
+-----END CERTIFICATE-----

pihole/etc-pihole/versions

@@ -0,0 +1,17 @@
+CORE_VERSION=v6.0.4
+CORE_BRANCH=master
+CORE_HASH=567bb724
+GITHUB_CORE_VERSION=v6.0.6
+GITHUB_CORE_HASH=0f7803b7
+WEB_VERSION=v6.0.1
+WEB_BRANCH=master
+WEB_HASH=42e7279a
+GITHUB_WEB_VERSION=v6.1
+GITHUB_WEB_HASH=1eaddca8
+FTL_VERSION=v6.0.2
+FTL_BRANCH=master
+FTL_HASH=ac500d5f
+GITHUB_FTL_VERSION=v6.1
+GITHUB_FTL_HASH=a3313229
+DOCKER_VERSION=2025.02.6
+GITHUB_DOCKER_VERSION=2025.03.1