Added Pi-hole service

[cjnewbs]

Summary

• Added Pi-hole as requested here,
• Set time-zone based on shell environment variable,
• WEBPASSWORD auto-generated by coolify,
• DNSMASQ_LISTENING=all requirered otherwise DNS queries are ignored by the docker version of Pi-hole,
• I have mapped port 80 to 8080 as coolify is already listening on 80.

Questions:

• Is it possible to remove the ip:53 from the links section as it's not something directly accessed by users,
• Is it possible to change the ip:8080 link from the public-facing IP of coolify to the LAN IP as this should only really need to be accessed locally,
• For the logo image I just grabbed the png from the Pi-hole website, is there a specific image size thats needed or is the one in the PR ok?

[Thijmen]

I would suggest to let Traefik handle the reverse proxy. You can then make a service "publicly available" within Coolify to expose the public port. I can agree on port 53 though.

[iamEvanYT]

Should be removed, and instead, let reverse proxy handle it.

add the key SERVICE_FQDN_PIHOLE_80 in environment, and coolify will automatically handle it.

example:

environment:
  - SERVICE_FQDN_PIHOLE_80

[martonsz]

I agree. Line 7 should be removed.

It is also safer to not expose the application port directly. Traefik can put some security in front of it if someone needs it.

[martonsz]

You forgot to add the metadata that is mentioned here: https://coolify.io/docs/knowledge-base/add-a-service#metadata

The port part will tell Coolify which port to use when configuring the proxy.
Now you can skip the postfix_80 when using SERVICE_FQDN_PIHOLE

If you want to test your service you can do it in the dev mode mentioned here: https://github.com/coollabsio/coolify/blob/main/CONTRIBUTION.md#1-setup-your-development-environment

When the Coolify container is running you can generate a new service-templates.json. More info here: #2375 (comment)

[martonsz]

I just tested this locally. And the traefik proxy is still using port 53 when trying to reach the WEB UI.
This is because traefik defaults to automatically proxy to exposed ports and Coolify doesn't override this.

I even tried using the postfix _80 but it did not help.

I also tried to remove the ports: part from the docker-compose file. But traefik still sees the exposed ports that are hard coded into the original docker image. I.e. traefik will proxy to port 53.

I have to add labels manually to configure traefik. But that requires me to use the generated UID.

labels:
      - traefik.http.routers.http-0-t4wgc4w-pihole.service=pi-hole
      - traefik.http.services.pi-hole.loadbalancer.server.port=80

I thought I knew how Coolify did its magic. But it seems that I was wrong :(

[Rehaeel]

really keen on including that in my VPS. Come on, let's gooo

[VoQZHD]

Since you managed to get pi-hole working, could a similar template for adguard be a possibility?

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
-	-	GitHub App Keys	ccbbfd8	database/seeders/GithubAppSeeder.php	View secret
-	-	Generic Password	e1bcae7	templates/compose/resend.yaml	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[peaklabs-dev]

@cjnewbs This template does not really work in its current state, could you please update it with a domain and the Coolify magic https://coolify.io/docs/contribute/service ? Thank you so much.