PiHole 5 (and 6) enable/disable groups - block internet

will this survive an upgrade of the docker container?
or do you have to do this every time you upgrade the container?

I will do HA update to 2021.11 and report back and I am sure it would not break it as I do not update the container to update HA - just like hassio on pi I just go to supervisor and update. That is how my install work. However if you install HA in docker say via docker compose etc it as long as you have config outside the container I cannot see why that would break it

well you are right. when I update HA it break the thing so need to do it each time I update HA. Not a big deal but not good. Need to figure out to change the location of tocken so it would in a folder like config where it would not get deleted each time docker update happen.

I will look at the API you are developing before I do the next HA update.

Not sure if there is a way to pass the password via shell_command rather than command_line. Only thing to fix is find a way to pass the password in the ssh command or have rsa tockens in a place where it will not get deleted

you could run a script after every update to re-establish the keys.
I think you would need to do the same in the PiHole container as well.

there is a dockerfile in my dbAPI and a docker on docker hub (Docker Hub).
But I only built it for my arch.

You need to map the directory that has the gravity.db into the container.
The API is on port 8000
and some basic documentation here host:8000/docs

OK, a bit of a disappointment.
I have the API ready, but if we can’t execute the
pihole restartdns reload-lists command then there is no point.
To run that command the whole SSH problem is back.

I might have to have another look at ssh from one container to the other and the keys have to survive a docker update.
Another idea I had was to add my dbAPI on into the pihole container, but I am not sure about that yet.

A little update.
I gave up on the API as I still need to call a command anyway.

But I found a solution.
I created the SSH keys in the config folder of HA so it does survive an update.
(following the top of this guide: Turn on/off UnRaid Server from Hassio & Voice Assistant)

Now I ssh from my HA Container to the docker host and then execute the script inside the PiHole docker as before.
So my switch config changed to this:

platform: command_line
switches:
  pihole_kids_nogames:
    command_on:    ssh -i /config/ssh_keys/.ssh/id_rsa [email protected] 'docker exec pihole5 bash /etc/pihole/setGroupStatus.sh Kids-NoGames enable'
    command_off:   ssh -i /config/ssh_keys/.ssh/id_rsa [email protected] 'docker exec pihole5 bash /etc/pihole/setGroupStatus.sh Kids-NoGames disable'
    command_state: ssh -i /config/ssh_keys/.ssh/id_rsa [email protected] 'docker exec pihole5 bash /etc/pihole/setGroupStatus.sh Kids-NoGames status'
    value_template: '{{ value == "1" }}'
    friendly_name: Block Games

I also changed the setGroupStatus.sh script a bit to not restart pihole DNS on every status check.

#!/bin/bash

# takes the group name and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists

# Data Monkey January 2021


case "$2" in
   "enable")
       sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "disable")
       sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "status")
       stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'group' where name = '$1';"`
       echo $stat
       exit 0
       ;;
   *)
   echo $"Usage: $0 {GroupName enable|disable|status}"
   exit 1
esac

Thank you for this. I looked around the database file and was able to modify your script to work with blacklist. You use domainlist table and change from name to domain.

Credit to Data Monkey for the script.

#!/bin/bash

# takes the domain and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists

# Data Monkey January 2021


case "$2" in
   "enable")
       sqlite3 /etc/pihole/gravity.db "update 'domainlist' set 'enabled'=1 where domain='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "disable")
       sqlite3 /etc/pihole/gravity.db "update 'domainlist' set 'enabled'=0 where domain='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "status")
       stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'domainlist' where domain = '$1';"`
       echo $stat
       exit 0
       ;;
   *)
   echo $"Usage: $0 {domain enable|disable|status}"
   exit 1
esac
1 Like

I have a question around the switch configuration. My config only seems to turn the pihole on. I am not trying to implement specific gravity or use groups. I simply want to toggle the pihole on and off completely using the switch. Is there something I’m missing or another way to configure just a basic toggle on/off? The toggle slides to the ‘on’ indication, but then slides back to the ‘off’. Nothing happens if pihole is on. However, if I turn pihole off manually, either through command line or the gui, and then toggle it in home assistant it will turn back on. It’s like the command_off can’t be executed, and I’m not sure the command_state is even doing anything.

Also, what exactly is the value_template supposed to be doing?

platform: command_line
switches:
  4gb:
    command_on: ssh [email protected] 'docker exec pihole bash pihole enable'
    command_off: ssh [email protected] 'docker exec pihole bash pihole disable'
    command_state: ssh [email protected] 'docker exec pihole bash pihole status'
    value_template: '{{ value == "1" }}'
    friendly_name: Toggle pihole 4gb

EDIT:
Checked documentation, and found that command_state wasn’t helping and value_template needed to be changed in order to send the right command, based on the switch.
New code:

platform: command_line
switches:
  4gb:
    friendly_name: Toggle pihole 4gb
    command_on: ssh [email protected] 'docker exec pihole bash pihole enable'
    command_off: ssh [email protected] 'docker exec pihole bash pihole disable'
    value_template: >
      {{value_json.config.on}}

Last thing I would like to see is the icon_template variable to work. It would be nice for the icon to be of the pi-hole mdi and change color based on if pihole is enabled or disabled.

Hi,
if you just want to disable all of Pi-Hole you would be better off using the official integration that will give you a service to disable Pi-Hole for a duration of your choice.

The topic here is to enable/disable specific groups in pi-hole that are not exposed via an official API (yet).

Yeah, I tried that, including adding the apikey generated from within the pi-hole instance, but the lovelace card it generates doesn’t really toggle too well. It turns on, but the toggle off doesn’t really work.

@datamonkey
Short note to thank you for sharing this. It’s exactly what I was looking for. I’ve set up as described and it just works.
As for the command line switch I’ve taken a simpler, however somewhat less secure approach. However I can live with it.

I run HA in docker and I’ve given HA access to the host docker engine, adding below to volumes:

    - /var/run/docker.sock:/var/run/docker.sock
    - /usr/bin/docker:/usr/bin/docker

my command is then like this:

    block_youtube: 
      friendly_name: Block Youtube
      command_on: docker exec pihole bash /etc/pihole/setGroupStatus.sh 1 enable
      command_off: docker exec pihole bash /etc/pihole/setGroupStatus.sh 1 disable
      command_state: docker exec pihole bash /etc/pihole/setGroupStatus.sh 1 status
      value_template: '{{ value == "1" }}'

Thank you

1 Like

emphasized textThank you so much for this. It’s done the job well.

I have Home Assistant now enabling/disabling Pi-Hole groups. Both are in separate docker containers.

The only issue I had is that the Lovelace switch cards didn’t appear to stay at the on position, but cycled to off, then on every 1 min. 1 min on, one min off and repeat. The actual group status in Pi-Hole was unaffected, it was just an annoyance in my dashboard.

Adding ‘scan_interval: 300’ to my configuration.yaml in an attempt to resolve this has only lengthened the cycle to 5 minutes. I can’t understand why the status is flipping at every scan.
Help please!

  - platform: command_line
    scan_interval: 300
    switches:
      pihole_videos:
      ...

This is the shell script I’m using.

#!/bin/bash
# takes the group name and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists
# Data Monkey January 2021
case "$2" in
   "enable")
       sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "disable")
       sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='$1'";
       # refresh PiHole
       /usr/local/bin/pihole restartdns reload-lists >/dev/null
       ;;
   "status")
       stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'group' where name = '$1';"`
       echo $stat
       exit 0
       ;;
   *)
   echo $"Usage: $0 {GroupName enable|disable|status}"
   exit 1
esac

UPDATE:

I’ve now sort of resolved the issue using the revisions offered above by the-bort-the. Thanks.

It address the strange unwanted toggle to off in HA, but I have lost the proper status checking unfortunately. So if I toggle a group on the Pi-Hole front end HA will not update.
But I’ll try to live with that for now.

FURTHER UPDATE:

I find that updating Home Assistant breaks the connection to Pi-hole.
Running the following command within the Home Assistant container (via Portainer) fixes it for me.

ssh -i /config/.ssh/pihole USERNAME@SERVER IP ADDRESS

Hope this helps someone else.

I’ve just spent ages struggling with this. Just switch to AdGuard. Their getting started guide documents the REST API.

Thank you for this! It has been the inspiration to build a small script that exposes PiHole groups via MQTT to HA with autoconf!
I can finally automate the site-blocking “parental control style” from Home Assistant!
https://github.com/Andrec83/pihole-ha-mqtt-service/tree/main

1 Like

This is a great idea.
But I am running pihole in docker, will need to see if I can make your script persistent in the docker container, that would be great!

I just checked the new PiHole v6 API and we might get an official API to enable/disable groups. Here is hoping …

https://ftl.pi-hole.net/development-v6/docs/#put-/groups/-name-

I see, thank you for this.

the install script for docker integration was next in line, I added yesterday a couple of features that were missing (and did some code clean-up, although still very ugly) and was planning to work on a set-up script in the next few days. I will hold on for now since the API route is of course preferred.

This is exactly what I was looking for. I use domains and groups to define what sites are accessible and then set my child’s device to the appropriate group to set the access.

Unfortunately, my HA server is accessible from the Internet via Nabu Casa cloud, so enabling ssh to root isn’t an option.

I looked at the MQTT approach but that doesn’t seem feasible for my situation.

I guess I just have to wait for an API.,…

PiHole 6Beta is out. I have been using it for a few months.
It has an API but I have not tried to implement this yet.

I managed to transfer my script to the PiHole6 (beta) API version.
No more ssh and root privileges required!