Here is how to install Pihole or any application available for Debian like letsencrypt, DOH, dnscrypt, speedtest-cli, ntp server, samba, nfs or even wireguard vpn! which is not available in homepro that i bought.
On a high level we leverage the LXC Container which is part of untangle. install pihole on the container, create automatic startup for container when untangle boots up. This is pretty secure from a networking perspective since virtual switch of lxc is tied to the internal network rather than the WAN network.
reference: https://wiki.untangle.com/index.php/LXC
shoutout: jcoffin for confirming the lxc container can do it.
1. enable ssh on untangle and run as root. Note that enabling it will expose ssh to the public internet. have a ruleset i made separately that will let it listen only on the private network.
2. initialize the LXC Container. This will pull debian buster, install some deb packages.
# /usr/share/untangle-lxc-client/bin/untangle-lxc-start
3. login to LXC Container
# /usr/share/untangle-lxc-client/bin/untangle-lxc-attach
3.1 You are now inside the container. all commands below are done in LXC rather than untangle. Don't confuse running commands in untangle! create account. this useful if you want to manage the container remotely via ssh.
# useradd -s /bin/bash -m balrog
# passwd balrog
3.2 install ssl certificates or else pihole install will fail. install curl as well.
# apt install ca-certificates curl -y
3.3 install pihole. note, won't dwell on how to configure pihole there are literally millions of howtos to do that in the internet.
# curl -sSL https://install.pi-hole.net | bash
3.4 exit from lxc container.
exit
4. You are back on untangle. time to create startup for the lxc container so that when untangle reboots, the lxc container will also start. Have chosen to recreate startup the /etc/rc.local ala sysV init style back (love hate relationship with systemd.) instead of creating a service specific to lxc. gives me more flexibility to add startup scripts in the future.
4.1 create service file. edit the file vi /etc/systemd/system/rc.local.service and add the following:
[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
4.2 create the rc.local file by editing vi /etc/rc.local and add the following:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Balrog # have to insert sleep 60 here to prevent it from hanging.
# Probably because of timing issue.
sleep 60 ; /usr/share/untangle-lxc-client/bin/untangle-lxc-start
exit 0
4.3 set permission and ownership:
# chmod 770 /etc/rc.local
# chown root:root /etc/rc.local
4.4 enable service and when untangle boots up.
# systemctl enable rc.local.service
4.5 start the service
# systemctl start rc.local.service
4.6 optional: if you want to see if the service is running.
# systemctl status rc.local.service
5. reboot untangle and the lxc should startup automatically. Please note that there is some delay for pihole due to some timing issue which i'm lazy to troubleshoot. have inserted 60 seconds of delay to fix this in rc.local file.
6. access pihole web admin interface on http://192.0.2.2/admin. attached screenshot below pihole_untangle.pngis proof it works. it has a hardcoded ip address of 192.0.2.2, and it does not matter if you set your internal ip to say, 192.168.1.x or 192.168.2.x. enjoy!
7. if everything works fine, you can add the ip address as a DNS on the internal network dhcp.