Sys-blocky automated installation (5min you're done!) revisions

Go back to topic: Sys-blocky automated installation (5min you're done!)

  1. v3 anchor; v3 full version
  2. v2 anchor; v2 full version

Revision #3

Edited on
2025-05-02
Edited by user
den1ed
**Result:** A lightweight, secure, self-contained DNS server for all Qubes VMs. **Result:** A lightweight, secure, self-contained DNS server for all Qubes VMs. **"This script is outdated; a newer version is available in the post further down."**

Revision #2

Edited on
2025-04-23
Edited by user
curbs94
Lightweight - Single Go binary (vs Pi-hole's PHP/SQLite/dnsmasq stack) Qubes-optimized - Native NFTables support & vif* interface handling No web UI - Reduced attack surface (Pi-hole's admin portal is a risk) Simpler maintenance - Config = one YAML file (vs Pi-hole's multiple configs/SQL DB) Built for containers - Statically compiled Go binary works better in Qubes VMs Native Prometheus - Metrics without add-ons (Pi-hole needs exporters) * Lightweight - Single Go binary (vs Pi-hole's PHP/SQLite/dnsmasq stack) * Qubes-optimized - Native NFTables support & vif* interface handling * No web UI - Reduced attack surface (Pi-hole's admin portal is a risk) * Simpler maintenance - Config = one YAML file (vs Pi-hole's multiple configs/SQL DB) * Built for containers - Statically compiled Go binary works better in Qubes VMs * Native Prometheus - Metrics without add-ons (Pi-hole needs exporters)
Minimal template bloat Secure by design (no unnecessary services) Easier to firewall Clean integration with Qubes networking * Minimal template bloat * Secure by design (no unnecessary services) * Easier to firewall * Clean integration with Qubes networking
Heavy dependencies (200MB+ footprint) Web UI requires opening ports dnsmasq often conflicts with Qubes networking Complex backup/restore * Heavy dependencies (200MB+ footprint) * Web UI requires opening ports * dnsmasq often conflicts with Qubes networking * Complex backup/restore