«608 »
  • Post
  • Reply
Gay Retard
Jun 7, 2003



I use PiHole in an Unraid docker, but my router’s settings let me set up a backup DNS, so it’s not a big deal if my pihole docker is running or not.

I’ve got an extra Raspberry Pi 3 lying around that I could turn into a dedicated DNS/WireGuard box, but it seems like it might not be worth the hassle when Unraid is doing the job just fine.

Gay Retard fucked around with this message at 07:06 on Feb 10, 2020

Constellation I
Apr 3, 2005
I'm a sucker, a little fucker.

Smashing Link posted:

Does anyone have pihole running on an Unraid system? Docker vs. a VM? Spaceinvaderone's video (https://www.youtube.com/watch?v=2VnQxxn00jU&t=144s) is from 2018 and some comments refer to unraid not being able to route DNS through an IP within the Unraid system. Has anyone gotten this working?

No issue whatsoever. Pretty much plug and play. Basically set your DNS at the router level pointed to the docker as primary, then set the secondary to a proper public DNS like Google's as a failover.

H110Hawk
Dec 28, 2006


Buff Hardback posted:

From an reliability standpoint, it's a pretty awful idea to have a host use a container as its upstream DNS source. Way too many ways for things to break and require you to have to go and set the DNS of Unraid back to a real external resolver to get yourself back up and running.

You aren't increasing your risk surface for a standard home user. Unless you run redundant piholes then a single pihole failure brings you to needing to redo dns until it's resolved.

CopperHound
Feb 14, 2012



Today I encountered a problem that I never thought to hard about until today. Power went out at home and I'm out of town with an urge to watch my Plex backlog. What are ways to bring my system back online after it has been shutdown by a UPS after line power comes back?

I guess I should specify "system" is referring to unraid as opposed to a nas appliance.

HalloKitty
Sep 30, 2005

Adjust the bass and let the Alpine blast


CopperHound posted:

Today I encountered a problem that I never thought to hard about until today. Power went out at home and I'm out of town with an urge to watch my Plex backlog. What are ways to bring my system back online after it has been shutdown by a UPS after line power comes back?

I guess I should specify "system" is referring to unraid as opposed to a nas appliance.

There's almost always a setting in your bios that can change the behaviour after an outage.
Take a good look

BurgerQuest
Mar 17, 2009



Yep. Look for something like "Restore on AC/Power Loss" or "AC Power Recovery" or "After Power Loss

H110Hawk
Dec 28, 2006


This depends on if the system actually lost power or was merely ordered powered off by the ups. The former I forget the actual behavior of a system ordered off, which then actually loses power, and then has it restored. If it merely loses power entirely it should work to set the bios to last state or always on.

If the system is ordered off by the ups but never loses ac power you will need something to wake-on-lan it, a ipmi/bmc controller, or for the os to enter (basically) single user mode where it can still monitor the power state from the ups but have the disks safely r/o and restore itself to multiuser mode when the ups signals it.

Goon speed.

HalloKitty
Sep 30, 2005

Adjust the bass and let the Alpine blast


H110Hawk posted:

This depends on if the system actually lost power or was merely ordered powered off by the ups. The former I forget the actual behavior of a system ordered off, which then actually loses power, and then has it restored. If it merely loses power entirely it should work to set the bios to last state or always on.

If the system is ordered off by the ups but never loses ac power you will need something to wake-on-lan it, a ipmi/bmc controller, or for the os to enter (basically) single user mode where it can still monitor the power state from the ups but have the disks safely r/o and restore itself to multiuser mode when the ups signals it.

Goon speed.

Crap, I missed that. Yeah, if it shut down hard, then the bios setting will work. A graceful shutdown works against him here.

If the system is that important, needs a UPS and graceful shutdowns, a motherboard with out-of-band management is the right answer

HalloKitty fucked around with this message at 16:54 on Feb 10, 2020

nerox
May 20, 2001


I use the old fashioned remote method of turning on after a server after a power outage by calling my wife and asking her to do it.

I've never really looked into how wake on lan works, but I am sure you could get a raspberry pi that is set up to ping your NAS, if it doesn't get a response, it issues a wake on lan command. Then just have it check the NAS status every so often. Would that work for an automatic NAS booter?

H110Hawk
Dec 28, 2006


nerox posted:

I use the old fashioned remote method of turning on after a server after a power outage by calling my wife and asking her to do it.

I've never really looked into how wake on lan works, but I am sure you could get a raspberry pi that is set up to ping your NAS, if it doesn't get a response, it issues a wake on lan command. Then just have it check the NAS status every so often. Would that work for an automatic NAS booter?

You would want the pi to not be on ups power, so that it only works when line power is restored. (Also your NAS motherboard+NIC must support WOL for it to work.)

Smashing Link
Jul 8, 2003

I'll keep chucking bombs at you til you fall off that ledge!

Grimey Drawer

Constellation I posted:

No issue whatsoever. Pretty much plug and play. Basically set your DNS at the router level pointed to the docker as primary, then set the secondary to a proper public DNS like Google's as a failover.

Cool I'll give it a try then.

Buff Hardback
Jun 11, 2019


Constellation I posted:

No issue whatsoever. Pretty much plug and play. Basically set your DNS at the router level pointed to the docker as primary, then set the secondary to a proper public DNS like Google's as a failover.

To clarify: doing it this way will result in not all of your DNS queries going to your pihole. There's no way to set priority of DNS servers in DHCP, so clients will just pick whichever one first for a given query.

Enos Cabell
Nov 3, 2004



Just setup pihole this morning, and unfortunately it does a terrible job with youtube ads. Does a treat on other sites I've tested, but was hoping to get away from needing AdBlock Plus

Flipperwaldt
Nov 11, 2011

Won't somebody think of the starving hamsters in China?



Enos Cabell posted:

was hoping to get away from needing AdBlock Plus
With what benefit in mind?

Enos Cabell
Nov 3, 2004



Well the whole point of pihole is to have basically a network level ad blocker so you don't have to put adblockers on each individual device. If pihole doesn't work against youtube ads then I'm still going to need to use an adblocker for those. Kinda defeats the purpose.

H110Hawk
Dec 28, 2006


Flipperwaldt posted:

With what benefit in mind?

Chrome is going to break adblockers Soon(tm) for one. Plus you get blocking on mobile devices without the battery drain. In theory it actually boosts your battery life.

Enos Cabell posted:

Just setup pihole this morning, and unfortunately it does a terrible job with youtube ads. Does a treat on other sites I've tested, but was hoping to get away from needing AdBlock Plus

Also use ublock origin.

CopperHound
Feb 14, 2012



HalloKitty posted:

If the system is that important, needs a UPS and graceful shutdowns, a motherboard with out-of-band management is the right answer
I am both not smart enough or stupid enough to set up my IPMI for remote access.

nerox posted:

I've never really looked into how wake on lan works, but I am sure you could get a raspberry pi that is set up to ping your NAS, if it doesn't get a response, it issues a wake on lan command. Then just have it check the NAS status every so often. Would that work for an automatic NAS booter?
While this seems a little Rube Goldberg-ey it might be the best solution. I could even add a delay to give the ups time to recharge.

I guess my next hobby project can involve learning how to write shell scripts. Most shell scripts I've looked at are about as readable as Perl, so I'm open to other scripting solutions... Like Scratch

H110Hawk
Dec 28, 2006


CopperHound posted:

I am both not smart enough or stupid enough to set up my IPMI for remote access.

While this seems a little Rube Goldberg-ey it might be the best solution. I could even add a delay to give the ups time to recharge.

I guess my next hobby project can involve learning how to write shell scripts. Most shell scripts I've looked at are about as readable as Perl, so I'm open to other scripting solutions... Like Scratch

If you have IPMI already you're almost there. Follow a guide to get wireguard going. Then stop exposing things that aren't Wireguard to the internet.

Actuarial Fables
Jul 29, 2014



Taco Defender

CopperHound posted:

I am both not smart enough or stupid enough to set up my IPMI for remote access.

Does your router support any sort of client VPN? You wouldn't (and shouldn't) expose your IPMI to the internet - instead, you'd connect to your home VPN and then through that reach the IPMI.

WoL is a good automated solution though.

Flipperwaldt
Nov 11, 2011

Won't somebody think of the starving hamsters in China?



H110Hawk posted:

Chrome is going to break adblockers Soon(tm) for one. Plus you get blocking on mobile devices without the battery drain. In theory it actually boosts your battery life.
I'm fine with Firefox + uBlock Origin everywhere. I also have AdGuard's dns servers set on some devices, which seems to work, but probably isn't too privacy conscious idk. If you need chrome for some reason then yeah, that blows. I mean, I know what pihole is for, I just asked because maybe they had an issue with ABP specifically, in which case:

H110Hawk posted:

Also use ublock origin.

And in case there was some other motivation, I was curious about that.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell



Buff Hardback posted:

From an reliability standpoint, it's a pretty awful idea to have a host use a container as its upstream DNS source. Way too many ways for things to break and require you to have to go and set the DNS of Unraid back to a real external resolver to get yourself back up and running.

Whats your concern here? It sounds like you're concerned about the extra layer the container inserts into the process instead of running DNS directly on the source.

If that's the case, it's far from "pretty awful" as containers are very reliable. I mean, yeah it's an extra layer that may not be needed but there are literally dozens of layers of abstractions between here and there anyway. Let's not overstate the risks.

Buff Hardback
Jun 11, 2019


Thermopyle posted:

Whats your concern here? It sounds like you're concerned about the extra layer the container inserts into the process instead of running DNS directly on the source.

If that's the case, it's far from "pretty awful" as containers are very reliable. I mean, yeah it's an extra layer that may not be needed but there are literally dozens of layers of abstractions between here and there anyway. Let's not overstate the risks.

What I mean is that if you're using the Pihole container as the DNS resolver for Unraid, you end up in a dependency hell where updating the pihole container requires shutting down DNS resolving, but getting the update requires resolving that DNS.

To me it just seems like an overcomplication of things, and it makes more sense to either: run Pihole on Unraid, but don't have Unraid use the Pihole for DNS resolving; or have Pihole running on a separate physical device and let Unraid use it as it's resolver.

Heners_UK
Jun 1, 2002


Gay Retard posted:

I use PiHole in an Unraid docker, but my router’s settings let me set up a backup DNS, so it’s not a big deal if my pihole docker is running or not.

I’ve got an extra Raspberry Pi 3 lying around that I could turn into a dedicated DNS/WireGuard box, but it seems like it might not be worth the hassle when Unraid is doing the job just fine.

I do this too. Currently Unraid is primary and the Pi is secondary DNS, both run pihole.

Never have an issue and I can restart my unraid box in peace.

Smashing Link
Jul 8, 2003

I'll keep chucking bombs at you til you fall off that ledge!

Grimey Drawer

Heners_UK posted:

I do this too. Currently Unraid is primary and the Pi is secondary DNS, both run pihole.

Never have an issue and I can restart my unraid box in peace.

How are you sure the pihole DNS is handling all the traffic? Do you still get any ads?

IOwnCalculus
Apr 2, 2003





Smashing Link posted:

How are you sure the pihole DNS is handling all the traffic? Do you still get any ads?

In that case every device on the network is going to have pihole1 and pihole2 as the only DNS resolvers they see. So long as both of them aren't dead simultaneously, either one can be rebooted at any given time without a loss of DNS, and the clients aren't going to have any other DNS configured to try and leak ads past pihole.

Crunchy Black
Oct 24, 2017

CASTOR: Uh, it was all fine and you don't remember?
VINDMAN: No, it was bad and I do remember.




Thermopyle posted:

How does encryption work for ZFS?

I've never encrypted anything like this...do you enter a password on boot or mount or how is the key stored?

Don't.

Heners_UK
Jun 1, 2002


Smashing Link posted:

How are you sure the pihole DNS is handling all the traffic? Do you still get any ads?

In my case my router remains my DHCP server and hands out only the two pihole addresses as DNS servers.

The Home Networking thread has some good further information, for example, https://firebog.net/ has a good collection of blocklists. I've added those to both PiHoles and had to do minimal whitelisting.

I don't get many ads. YouTube on the SheildTV appears to have beaten it, but otherwise I can't think of the last time I saw one. I also get nice, quick, always availabel DNS service with the redudancy of having a Docker Container on Unraid and a Pi both running PiHole.

Smashing Link
Jul 8, 2003

I'll keep chucking bombs at you til you fall off that ledge!

Grimey Drawer

Heners_UK posted:

In my case my router remains my DHCP server and hands out only the two pihole addresses as DNS servers.

The Home Networking thread has some good further information, for example, https://firebog.net/ has a good collection of blocklists. I've added those to both PiHoles and had to do minimal whitelisting.

I don't get many ads. YouTube on the SheildTV appears to have beaten it, but otherwise I can't think of the last time I saw one. I also get nice, quick, always availabel DNS service with the redudancy of having a Docker Container on Unraid and a Pi both running PiHole.

Nice. A good excuse to get a Pi for me as well.

necrobobsledder
Mar 21, 2005
Lay down your soul to the gods rock 'n roll

Nap Ghost

Youtube ads are one of the hardest ads to block with PiHole. It's kind of the White Whale of the whitelist community

Enos Cabell
Nov 3, 2004



necrobobsledder posted:

Youtube ads are one of the hardest ads to block with PiHole. It's kind of the White Whale of the whitelist community

How are local browser extensions like adblock plus (and presumably ublock origin, I'll look into switching) able to manage it? I've never really looked into how these work.

DrDork
Dec 29, 2003
commanding officer of the Army of Dorkness

A lot of them don't manage it particularly well, to be honest.

Enos Cabell
Nov 3, 2004



I literally hadn't seen an ad on youtube in years running adblock plus, until I disabled it and switched to pihole earlier today.

phosdex
Dec 16, 2005



Tortured By Flan

They inspect the code and are blocking the html elements that contain the ads.

Pihole works by blocking domains. If an ad is being served from the same domains as the content, then you can't selectively block one but not the other.

Sniep
Mar 28, 2004

All I needed was that fatty blunt...



King of Breakfast


Fun Shoe

phosdex posted:

They inspect the code and are blocking the html elements that contain the ads.

Pihole works by blocking domains. If an ad is being served from the same domains as the content, then you can't selectively block one but not the other.

Twitch does the same thing. You wont be able to tell the difference from one video segment to the next, one with ads and one without. They get muxed together per-viewer at the edge lmao.

Atomizer
Jun 24, 2007

Bote McBoteface. so what


I'm perfectly happy paying for YT premium (through Google Music or whatever, I think) and throwing a few cents towards the content creators I actually watch while simultaneously not having to watch any ads, ever.

D. Ebdrup
Mar 13, 2009



I'm curious about this, why are you saying not to encrypt?

Sniep posted:

Twitch does the same thing. You wont be able to tell the difference from one video segment to the next, one with ads and one without. They get muxed together per-viewer at the edge lmao.
So far as I know, Twitch uses the EXT-X-DISCONTINUITY functionality to embed ads into the video stream itself whereas YouTube uses html containers and classes (usually with machine-generated IDs) which are possible to block via DOM and network inspection in a browser (what uBlock Origin does, which is why Google wants to deprecate the APIs used by uBlock Origin). Mind you, Google also wants the ability to insert ads directly into the stream.

D. Ebdrup fucked around with this message at 12:20 on Feb 11, 2020

HalloKitty
Sep 30, 2005

Adjust the bass and let the Alpine blast


Enos Cabell posted:

How are local browser extensions like adblock plus (and presumably ublock origin, I'll look into switching) able to manage it? I've never really looked into how these work.

Perfectly. I run uBlock Origin and never see Youtube ads.

Tamba
Apr 5, 2010



D. Ebdrup posted:

I'm curious about this, why are you saying not to encrypt?

It's more "Be really careful with encryption on FreeNAS".
It will work perfectly, until you need to replace a failed disk, don't do the extra necessary steps in exactly the right order and lose all data forever (because Raid was your backup).

D. Ebdrup
Mar 13, 2009



Tamba posted:

It's more "Be really careful with encryption on FreeNAS".
It will work perfectly, until you need to replace a failed disk, don't do the extra necessary steps in exactly the right order and lose all data forever (because Raid was your backup).
Ah, that's interesting - never had a problem on FreeBSD with it, so I was confused but it's clearly not an issue related to FreeBSD it seems?

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell




Why not?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«608 »