admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Packages Projects Releases Wiki Activity
Files
ec3090d2ffb233eb2b8cbbbe4d8d00a705084525
homelab-manifests/helm/pihole/values.yaml
T
admin 6ea71dfdb7 pihole: split-horizon — forward demo-felhom.eu to the felhom-pve host resolver 
The stale `address=/demo-felhom.eu/192.168.0.162` pinned A to the host (pre-Proxmox
era, when the host ran traefik) and forwarded AAAA upstream → Cloudflare (split-brain),
so LAN clients hit 192.168.0.162:443 (nothing there) → ERR_CONNECTION_REFUSED.
Switch to a conditional forward `server=/demo-felhom.eu/192.168.0.162` so the Pi-hole
relays the zone to the felhom-agent-managed dnsmasq on the host, which answers the
guest's live IP (192.168.0.151) + AAAA NODATA and tracks the DHCP IP.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 18:39:52 +02:00

71 lines
2.8 KiB
YAML
Executable File
Raw Blame History

---
# Image tag override: bumps pihole/pihole to 2026.05.0 without changing
# the chart version. The 2026.05.0 release bundles FTL v6.6.2 which
# imports 6 upstream dnsmasq CVE fixes (covering the dnsmasq 2.92/2.93
# disclosures). No FTL-side config or API changes per the release notes.
# https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0
image:
tag: "2026.05.0"
DNS1: "1.1.1.1" # Cloudflare
DNS2: "8.8.8.8" # Google
DNS3: "9.9.9.9" #Quad9
DNS4: "208.67.222.222" #OpenDNS
admin:
enabled: false
extraEnvVars:
TZ: Europe/Budapest
persistentVolumeClaim:
enabled: true
size: 2Gi
ingress:
ingressClassName: nginx-internal
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: pihole.home,pihole.dooplex.hu
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "12m"
nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-pihole-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: https://pihole.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k"
tls:
- secretName: pihole-tls
hosts:
- "pihole.dooplex.hu"
enabled: true
path: /
pathType: Prefix
hosts:
- "pihole.dooplex.hu"
- "pihole.home"
serviceWeb:
loadBalancerIP: 192.168.0.250
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
serviceDns:
loadBalancerIP: 192.168.0.250
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
dnsmasq:
customDnsEntries:
# Split-horizon for the Felhom demo: CONDITIONAL FORWARD the whole zone to the felhom-pve host's
# agent-managed dnsmasq (192.168.0.162:53), which answers *.demo-felhom.eu with the guest's LIVE
# LAN IP (A) and NODATA for AAAA (no Cloudflare-IPv6 split-brain). `server=` (not `address=`) so
# BOTH A and AAAA are forwarded, and the guest's DHCP IP is tracked by the agent — not pinned here.
- server=/demo-felhom.eu/192.168.0.162
replicaCount: 1
dns:
adlist:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
- https://blocklistproject.github.io/Lists/ads.txt
- https://adaway.org/hosts.txt
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
Reference in New Issue View Git Blame Copy Permalink