====== Pi-Hole - Setup Pi-Hole running in LXC - Not Working ======

<WRAP todo>
**TODO:**  These instructions do not work completely.

Best to not use lxc-xxxx but instead the lxc xxxx instructions.

</WRAP>

----

===== Create an LXC Container =====

<code bash>
lxc-create -t download -n pihole -- --keyserver hkp://p80.pool.sks-keyservers.net:80 -d ubuntu -r xenial -a amd64
</code>

<WRAP info>
**NOTE:**  Some versions of lxc allow this, which would replaced the installation of additional packages below:

<code bash>
lxc-create -t ubuntu -n pihole -- -r bionic --package=cron,curl,wget,openssh-server,vim,ping,ca-certificates
</code>

</WRAP>


----

===== Start the Container =====

<code bash>
lxc-start -n pihole
</code>

----

===== Check the status =====

<code bash>
lxc-info -n pihole
</code>

----

===== Get a Shell inside the Container =====

<code bash>
lxc-attach -n pihole
</code>

----

===== Install additional packages =====

<code bash>
sudo apt install cron curl wget openssh-server vim ca-certificates
</code>

<WRAP info>
**NOTE:**  Some of these additional packages may already be installed.  Not a concern.

The **ca-certificates** package is needed to prevent errors later with curl.

Without this, errors such as: **curl: (60) SSL certificate problem: unable to get local issuer certificate** may be seen.

Of course, this package, as well as any other package can be installed later with commands such as:

<code bash>
apt install ca-certificates
</code>

</WRAP>



----

===== Check the Network =====

Ensure that LXC is configured properly in that it is able to access the internet.

<code bash>
ip a
</code>

Determine the IP subnet.

Try to ping.

<code bash>
ping 192.168.1.1 -c 1
</code>

<WRAP info>
**NOTE:**  Change the ping address as needed to the correct subnet.


LXC should ideally be configured in macvlan mode:  

See [[LXC:Make your LXD containers get IP addresses from your LAN using macvlan|Make your LXD containers get IP addresses from your LAN using macvlan]]

</WRAP>

----

===== Install Pi-Hole =====

<code bash>
curl -sSL https://install.pi-hole.net | bash
</code>

or

<code bash>
curl -sSL https://install.pi-hole.net -o pihole.sh
</code>

<WRAP alert>
**NOTE:**  The 2nd option here just downloads the script.  It does not actually install Pi-Hole until it is run.

This is a little safer, as it allows you to check the code in the script against trojans etc.  Once you are sure it is okay then run:

<code bash>
bash pihole.sh
</code>

</WRAP>

Select the defaults until the DNS screen and then choose Cloudflare as your DNS.

  * Accept all the rest of the defaults and be careful not to change them. This will assure that you get the admin web interface and that statistics are logged.
  * The installation will continue for a few minutes after you answer the prompts.
  * After your installation completes, you will receive a message telling you to set up the DHCP settings on your router to make the address of your Pi-Hole the primary DNS for your network.
  * That will insert the Pi-Hole as the “man-in-the-middle” to scrutinize all DNS names before they are either passed to the Internet or “Pi-Holed”.

When you return to the prompt in the terminal session, enter the following command to set your Pi-hole password:

<code bash>
pihole -a -p
</code>

----

===== Have the LXC Container Start Automatically =====

By default, LXC containers may not start automatically.

To fix this, edit the container config file:

<file bash /var/lib/lxc/pihole/config>
lxc.start.auto = 1
lxc.start.delay = 1
</file>

<WRAP info>
**NOTE:**  Autostart is mainly used to select which containers to start. 

When the host system boots, LXC decides the order and the delay between each startup.

In this case:

  * The first line actually does the autostart.
  * The second line is optional and will delay the start of this container to give the current container time to begin initialization and reduce overloading the host system.

</WRAP>

----