chris

How'd it work out?

I mean in terms of hijacking DNS. Might be worth a look.

It runs quite well; Docker's not a full fledged virtual machine so much as a virtualization layer. I also love the portability of running this in Docker. I rsync a backup of this and the Appdata folder every night. When or if this server fails, I can be up and running again in minutes on another machine.

Is your ISP interfering?

services:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: sheldon
    environment:
      HOST_CONTAINERNAME: pihole
      TZ: ${TZ}
      WEBPASSWORD: ${WEBPASSWORD}
      DNSMASQ_LISTENING: "all"
      PIHOLE_DNS_1: "unbound#53"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "8080:80/tcp"
    # network_mode: host
    dns:
      - 127.0.0.1
    networks:
      dns:
        ipv4_address: 172.22.0.2
    volumes:
      - /mnt/appdata/pihole/etc-pihole:/etc/pihole
      - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped
    depends_on:
      unbound:
        condition: service_healthy

  unbound:
    container_name: unbound
    image: klutchell/unbound:latest
    networks:
      dns:
        ipv4_address: 172.22.0.3
    volumes:
      - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "dig", "google.com", "@127.0.0.1"]
      interval: 10s
      timeout: 5s
      retries: 5

  wg-easy:
    container_name: wg-easy
    image: ghcr.io/wg-easy/wg-easy:15
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    # environment:
    #   TZ: ${TZ}
    #   LANG: en
    #   WG_HOST: ${WG_HOST}
    #   PASSWORD_HASH: ${PASSWORD_HASH}
    #   WG_DEFAULT_DNS: 172.22.0.2
    #   WG_MTU: 1420
    networks:
      dns:
        ipv4_address: 172.22.0.4
    volumes:
      - /mnt/appdata/wg-easy:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
    restart: unless-stopped

networks:
  dns:
    external: true

Feel free to just delete the wg-easy service.

Very well could be!

Lineage sounds a lot like "Linux." Take it easy on the lad.

I think a lot of it is anxiety; being replaced by AI, the continued enshitification of the services I loved, and the ever present notion that AI is, "the answer." After a while, it gets old and that anxiety mixes in with annoyance -- a perfect cocktail of animosity.

And AI stole em dashes from me, but that's a me-problem.

Yeah. My TPM would trip every time Linux updated my hardware firmware... which was fairly common.

Boy howdy, you best keep that BitLocker key handy, though.

Back when I dual booted, I had the most success keeping Windows on a separate drive completely. After making the Linux drive the primary boot device, GRUB would pick it up and I'd be off to the races. I now just keep a Windows VM -- it's been much easier to deal with.