Pi-hole
Pi-hole
Get Started with Apps!
Get Started with Apps!
App Version: 2025.04.0
(Changelog)
Keywords: networking, dns
Train: Stable
Home Page: https://pi-hole.net
Keywords: networking, dns
Train: Stable
Home Page: https://pi-hole.net
Pi-hole Details
Added: 2024-07-30
Last Updated: 2025-04-23
Added: 2024-07-30
Last Updated: 2025-04-23
DNS and Ad-filtering for your network.
Run as Context- Pi-hole runs as root user.
Group: 0 / root
User: 0 / root
Screenshots
×
![Full Screenshot]()
Security Capabilities
- Pi-hole is able to chown files.
- Pi-hole is able to bypass permission checks.
- Pi-hole is able to bypass permission checks for it's sub-processes.
- Pi-hole is able to kill processes.
- Pi-hole is able to perform various network-related operations.
- Pi-hole is able to bind to a privileged port.
- Pi-hole is able to access the network.
- Pi-hole is able to set the capabilities on a file.
- Pi-hole is able to bypass permission checks.
- Pi-hole is able to set the capabilities.
- Pi-hole is able to bypass permission checks.
- Pi-hole is able to set the nice level on a process.
- Pi-hole is able to set system time.
App Metadata (Raw File)
{
"1.2.25": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/stable/pihole/1.2.25",
"last_update": "2025-04-23 17:40:39",
"required_features": [],
"human_version": "2025.04.0_1.2.25",
"version": "1.2.25",
"app_metadata": {
"app_version": "2025.04.0",
"capabilities": [
{
"description": "Pi-hole is able to chown files.",
"name": "CHOWN"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
},
{
"description": "Pi-hole is able to bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Pi-hole is able to kill processes.",
"name": "KILL"
},
{
"description": "Pi-hole is able to perform various network-related operations.",
"name": "NET_ADMIN"
},
{
"description": "Pi-hole is able to bind to a privileged port.",
"name": "NET_BIND_SERVICE"
},
{
"description": "Pi-hole is able to access the network.",
"name": "NET_RAW"
},
{
"description": "Pi-hole is able to set the capabilities on a file.",
"name": "SETFCAP"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "SETGID"
},
{
"description": "Pi-hole is able to set the capabilities.",
"name": "SETPCAP"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "SETUID"
},
{
"description": "Pi-hole is able to set the nice level on a process.",
"name": "SYS_NICE"
},
{
"description": "Pi-hole is able to set system time.",
"name": "SYS_TIME"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/pi-hole/docker-pi-hole/releases",
"date_added": "2024-07-30",
"description": "DNS and Ad-filtering for your network.",
"home": "https://pi-hole.net",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/pihole/icons/icon.png",
"keywords": [
"networking",
"dns"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "pihole",
"run_as_context": [
{
"description": "Pi-hole runs as root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/pihole/screenshots/screenshot1.png"
],
"sources": [
"https://pi-hole.net/",
"https://github.com/pi-hole/docker-pi-hole"
],
"title": "Pi-hole",
"train": "stable",
"version": "1.2.25"
},
"schema": {
"groups": [
{
"name": "Pi-Hole Configuration",
"description": "Configure Pi-Hole"
},
{
"name": "User and Group Configuration",
"description": "Configure User and Group for Pi-Hole"
},
{
"name": "Network Configuration",
"description": "Configure Network for Pi-Hole"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Pi-Hole"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Pi-Hole"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Pi-Hole"
}
],
"questions": [
{
"variable": "TZ",
"group": "Pi-Hole Configuration",
"label": "Timezone",
"schema": {
"type": "string",
"default": "Etc/UTC",
"required": true,
"$ref": [
"definitions/timezone"
]
}
},
{
"variable": "pihole",
"label": "",
"group": "Pi-Hole Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "web_password",
"label": "Web Password",
"description": "The password for Pi-Hole WebUI.",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"description": "Configure additional environment variables for Pi-Hole.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "web_port",
"label": "WebUI Port",
"description": "The port for Pi-Hole WebUI",
"schema": {
"type": "int",
"default": 20720,
"required": true,
"$ref": [
"definitions/port"
]
}
},
{
"variable": "https_port",
"label": "HTTPS Port",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "bind_mode",
"label": "Port Bind Mode",
"description": "The port bind mode.</br>\n- Publish: The port will be published on the host for external access.</br>\n- Expose: The port will be exposed for inter-container communication.</br>\n- None: The port will not be exposed or published.</br>\nNote: If the Dockerfile defines an EXPOSE directive,\nthe port will still be exposed for inter-container communication regardless of this setting.\n",
"schema": {
"type": "string",
"default": "",
"enum": [
{
"value": "published",
"description": "Publish port on the host for external access"
},
{
"value": "exposed",
"description": "Expose port for inter-container communication"
},
{
"value": "",
"description": "None"
}
]
}
},
{
"variable": "port_number",
"label": "Port Number",
"schema": {
"type": "int",
"default": 30132,
"required": true,
"$ref": [
"definitions/port"
]
}
},
{
"variable": "host_ips",
"label": "Host IPs",
"description": "IPs on the host to bind this port",
"schema": {
"type": "list",
"show_if": [
[
"bind_mode",
"=",
"published"
]
],
"default": [],
"items": [
{
"variable": "host_ip",
"label": "Host IP",
"schema": {
"type": "string",
"required": true,
"$ref": [
"definitions/node_bind_ip"
]
}
}
]
}
}
]
}
},
{
"variable": "dns_port",
"label": "DNS Port",
"description": "The port for Pi-Hole DNS",
"schema": {
"type": "int",
"default": 53,
"required": true,
"show_if": [
[
"host_network",
"=",
false
]
],
"$ref": [
"definitions/port"
]
}
},
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network. It's recommended to keep this disabled.</br>\nOnly enable this if you are going to use DHCP.\n",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "interface_name",
"label": "Interface Name",
"description": "The name of the physical interface to use for Pi-Hole.",
"schema": {
"type": "string",
"show_if": [
[
"host_network",
"=",
true
]
],
"default": ""
}
},
{
"variable": "dns_listening_mode",
"label": "DNS Listening Mode",
"description": "The DNS listening mode for Pi-Hole.",
"schema": {
"type": "string",
"default": "single",
"required": true,
"enum": [
{
"value": "single",
"description": "Single"
},
{
"value": "all",
"description": "All"
}
]
}
},
{
"variable": "dhcp_config",
"label": "DHCP Configuration",
"description": "The configuration for DHCP.",
"schema": {
"type": "dict",
"show_if": [
[
"host_network",
"=",
true
]
],
"attrs": [
{
"variable": "dhcp_enabled",
"label": "DHCP",
"description": "Enable DHCP for Pi-Hole",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "start",
"label": "Start",
"description": "The start IP for DHCP.",
"schema": {
"type": "ipaddr",
"show_if": [
[
"dhcp_enabled",
"=",
true
]
],
"cidr": false,
"required": true,
"default": ""
}
},
{
"variable": "end",
"label": "End",
"description": "The end IP for DHCP.",
"schema": {
"type": "ipaddr",
"show_if": [
[
"dhcp_enabled",
"=",
true
]
],
"cidr": false,
"required": true,
"default": ""
}
},
{
"variable": "gateway",
"label": "Gateway",
"description": "The gateway for DHCP.",
"schema": {
"type": "ipaddr",
"show_if": [
[
"dhcp_enabled",
"=",
true
]
],
"cidr": false,
"required": true,
"default": ""
}
}
]
}
},
{
"variable": "dns_opts",
"label": "DNS Options",
"description": "DNS options for the container.</br>\nFormat: key:value</br>\nExample: attempts:3\n",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "option",
"label": "Option",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "config",
"label": "Pi-Hole Config Storage",
"description": "The path to store Pi-Hole Config.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "config"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "dnsmasq",
"label": "Pi-Hole DNSMASQ Configuration",
"description": "The path to store Pi-Hole DNSMASQ Config.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\n",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "dnsmasq"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for Pi-Hole.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "pihole",
"description": "pihole"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Pihole.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Pihole.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Pi-hole</h1> <p><a href=\"https://pi-hole.net/\">Pi-hole</a> is a black hole for Internet advertisements</p>",
"changelog": null,
"chart_metadata": {
"app_version": "2025.04.0",
"capabilities": [
{
"description": "Pi-hole is able to chown files.",
"name": "CHOWN"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
},
{
"description": "Pi-hole is able to bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Pi-hole is able to kill processes.",
"name": "KILL"
},
{
"description": "Pi-hole is able to perform various network-related operations.",
"name": "NET_ADMIN"
},
{
"description": "Pi-hole is able to bind to a privileged port.",
"name": "NET_BIND_SERVICE"
},
{
"description": "Pi-hole is able to access the network.",
"name": "NET_RAW"
},
{
"description": "Pi-hole is able to set the capabilities on a file.",
"name": "SETFCAP"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "SETGID"
},
{
"description": "Pi-hole is able to set the capabilities.",
"name": "SETPCAP"
},
{
"description": "Pi-hole is able to bypass permission checks.",
"name": "SETUID"
},
{
"description": "Pi-hole is able to set the nice level on a process.",
"name": "SYS_NICE"
},
{
"description": "Pi-hole is able to set system time.",
"name": "SYS_TIME"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/pi-hole/docker-pi-hole/releases",
"date_added": "2024-07-30",
"description": "DNS and Ad-filtering for your network.",
"home": "https://pi-hole.net",
"host_mounts": [],
"icon": "https://media.sys.truenas.net/apps/pihole/icons/icon.png",
"keywords": [
"networking",
"dns"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "pihole",
"run_as_context": [
{
"description": "Pi-hole runs as root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [
"https://media.sys.truenas.net/apps/pihole/screenshots/screenshot1.png"
],
"sources": [
"https://pi-hole.net/",
"https://github.com/pi-hole/docker-pi-hole"
],
"title": "Pi-hole",
"train": "stable",
"version": "1.2.25"
}
}
}Support and documentation for applications within the Stable catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.