feat: bump Pi-hole version

ben-grande · Feb 24, 2025 · 61c5e5f · 61c5e5f
1 parent 599f044
commit 61c5e5f
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 69 deletions.
diff --git a/salt/sys-pihole/README.md b/salt/sys-pihole/README.md
@@ -29,7 +29,9 @@ to it.
 Pi-Hole commits and tags are not signed by individuals, but as they are done
 through the web interface, they have GitHub Web-Flow signature. This is the
 best verification we can get for Pi-Hole. If you don't trust the hosting
-provider however, don't install this package.
+provider however, don't install this package. Besides that, future updates to
+Pi-hole modules are not verified as it is done via by the native update
+mechanism provided by upstream.
 
 *   Top:
 

diff --git a/salt/sys-pihole/files/server/lighttpd/50-pihole.conf b/salt/sys-pihole/files/server/lighttpd/50-pihole.conf
diff --git a/salt/sys-pihole/files/server/pihole/setupVars.conf b/salt/sys-pihole/files/server/pihole/setupVars.conf
diff --git a/salt/sys-pihole/install.sls b/salt/sys-pihole/install.sls
@@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 {% if grains['nodename'] != 'dom0' %}
 
-{% set pihole_tag = 'v5.18.4' -%}
+{% set pihole_tag = 'v6.0.4' -%}
 
 include:
   - utils.tools.common.update
@@ -28,53 +28,19 @@ include:
       - qubes-core-agent-dom0-updates
       - qubes-core-agent-networking
       - systemd-timesyncd
-      - ca-certificates
-      - curl
-      - dnsutils
       - git
       - idn2
-      - lighttpd
-      - netcat-openbsd
-      - php-cgi
-      - php-common
-      - php-intl
-      - php-json
-      - php-sqlite3
-      - php-xml
-      - unzip
-      - bash-completion
       - man-db
+      ## Other dependencies brought by local package pihole-meta.
 
-"{{ slsdotpath }}-disable-external-admin-interface":
-  file.managed:
-    - name: /etc/lighttpd/conf-available/50-pihole.conf
-    - source: salt://{{ slsdotpath }}/files/server/lighttpd/50-pihole.conf
-    - mode: '0644'
-    - user: root
-    - group: root
-    - makedirs: True
-
-"{{ slsdotpath }}-disable-external-admin-interface-symlink":
-  file.symlink:
-    - require:
-      - file: "{{ slsdotpath }}-disable-external-admin-interface"
-    - name: /etc/lighttpd/conf-enabled/50-pihole.conf
-    - target: /etc/lighttpd/conf-available/50-pihole.conf
-    - force: True
+"{{ slsdotpath }}-disable-lighttpd":
+  service.disabled:
+    - name: lighttpd
 
 "{{ slsdotpath }}-disable-systemd-resolved":
   service.disabled:
     - name: systemd-resolved
 
-"{{ slsdotpath }}-setupVars.conf":
-  file.managed:
-    - name: /etc/pihole/setupVars.conf
-    - source: salt://{{ slsdotpath }}/files/server/pihole/setupVars.conf
-    - mode: '0644'
-    - user: root
-    - group: root
-    - makedirs: True
-
 "{{ slsdotpath }}-git-clone":
   git.latest:
     - name: https://github.com/pi-hole/pi-hole.git
@@ -146,6 +112,69 @@ include:
     - cwd: '/root/pi-hole/automated install'
     - runas: root
 
+"{{ slsdotpath }}-set-empty-api-password":
+  cmd.run:
+    - name: printf '' | pihole setpassword
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-set-upstream-dns-servers":
+  cmd.run:
+    - name: pihole-FTL --config dns.upstreams '[ "9.9.9.9", "149.112.112.112" ]'
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-set-domain-needed-fqdn":
+  cmd.run:
+    - name: pihole-FTL --config dns.domainNeeded true
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-set-dark-theme":
+  cmd.run:
+    - name: pihole-FTL --config webserver.interface.theme default-dark
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-restrict-webserver-acl-to-localhost":
+  cmd.run:
+    - name: pihole-FTL --config webserver.acl "+127.0.0.1,+[::1]"
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-disable-ntp-sync":
+  cmd.run:
+    - name: pihole-FTL --config ntp.sync.active false
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-disable-ntp-ipv4":
+  cmd.run:
+    - name: pihole-FTL --config ntp.ipv4.active false
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-disable-ntp-ipv6":
+  cmd.run:
+    - name: pihole-FTL --config ntp.ipv6.active false
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
+"{{ slsdotpath }}-enable-loading-dnsmasq.d":
+  cmd.run:
+    - name: pihole-FTL --config misc.etc_dnsmasq_d true
+    - require:
+      - cmd: "{{ slsdotpath }}-setup"
+    - runas: root
+
 "{{ slsdotpath }}-firewall":
   file.managed:
     - name: /rw/config/qubes-firewall.d/50-sys-pihole