diff --git a/.envrc b/.envrc
index 74d84a7..3550a30 100644
--- a/.envrc
+++ b/.envrc
@@ -1,2 +1 @@
 use flake
-export SHELL=$(which bash)
diff --git a/helm/values/externaldns.values.yaml b/helm/values/externaldns.values.yaml
index 4abd9a9..bb1870c 100644
--- a/helm/values/externaldns.values.yaml
+++ b/helm/values/externaldns.values.yaml
@@ -3,7 +3,7 @@ provider: pihole
 policy: upsert-only
 txtOwnerId: "homelab"
 pihole:
-  server: https://pihole.dogar.dev
+  server: http://pihole-web.pihole-system.svc.cluster.local
 extraEnvVars:
   - name: EXTERNAL_DNS_PIHOLE_PASSWORD
     valueFrom:
diff --git a/main.ts b/main.ts
index 452b6b0..243d096 100644
--- a/main.ts
+++ b/main.ts
@@ -13,6 +13,7 @@ import { AuthentikServer } from "./authentik";
 import { RedisCluster } from "./redis";
 import { CertManager } from "./cert-manager";
 import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
+import { PiHole } from "./pihole";
 
 dotenv.config();
 
@@ -55,8 +56,6 @@ class Homelab extends TerraformStack {
       },
     });
 
-    const certManagerApiVersion = "cert-manager.io/v1";
-
     new Longhorn(this, "longhorn", {
       namespace: "longhorn-system",
       name: "longhorn",
@@ -67,6 +66,15 @@ class Homelab extends TerraformStack {
       },
     });
 
+    new PiHole(this, "pihole", {
+      namespace: "pihole-system",
+      provider: helm,
+      name: "pihole",
+      version: "2.26.1",
+    });
+
+    const certManagerApiVersion = "cert-manager.io/v1";
+
     new CertManager(this, "cert-manager", {
       certManagerApiVersion,
       name: "cert-manager",
diff --git a/pihole/index.ts b/pihole/index.ts
new file mode 100644
index 0000000..bf1ee6f
--- /dev/null
+++ b/pihole/index.ts
@@ -0,0 +1,42 @@
+import * as fs from "fs";
+import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
+import { Release } from "@cdktf/provider-helm/lib/release";
+import { Construct } from "constructs";
+
+type PiHoleOptions = {
+  provider: HelmProvider;
+  version: string;
+  name: string;
+  namespace: string;
+};
+
+export class PiHole extends Construct {
+  constructor(scope: Construct, id: string, options: PiHoleOptions) {
+    super(scope, id);
+
+    new Release(this, id, {
+      ...options,
+      repository: "https://mojo2600.github.io/pihole-kubernetes",
+      chart: "pihole",
+      createNamespace: true,
+      values: [
+        fs.readFileSync("helm/values/pihole.values.yaml", {
+          encoding: "utf8",
+        }),
+      ],
+    });
+
+    new Release(this, "external-dns", {
+      provider: options.provider,
+      name: "externaldns-pihole",
+      namespace: options.namespace,
+      repository: "https://charts.bitnami.com/bitnami",
+      chart: "external-dns",
+      values: [
+        fs.readFileSync("helm/values/externaldns.values.yaml", {
+          encoding: "utf8",
+        }),
+      ],
+    });
+  }
+}