diff --git a/kubenix-modules/pihole.nix b/kubenix-modules/pihole.nix
index 5ced1f0..51031b1 100644
--- a/kubenix-modules/pihole.nix
+++ b/kubenix-modules/pihole.nix
@@ -51,6 +51,11 @@
               data.persistentVolumeClaim.claimName = "pihole-data";
               dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
             };
+
+            securityContext = {
+              fsGroup = 1000;
+              fsGroupChangePolicy = "OnRootMismatch";
+            };
           };
         };
       };
diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix
index a2f9995..e21b77e 100644
--- a/kubenix-modules/volumes.nix
+++ b/kubenix-modules/volumes.nix
@@ -5,14 +5,19 @@
 
   #     volumeMounts = [
   #       {
-  #         name = "nextcloud";
-  #         mountPath = "/nextcloud";
+  #         name = "pihole-data";
+  #         mountPath = "/pihole/data";
+  #       }
+  #       {
+  #         name = "pihole-dnsmasq";
+  #         mountPath = "/pihole/dnsmasq";
   #       }
   #     ];
   #   };
 
   #   volumes = {
-  #     nextcloud.persistentVolumeClaim.claimName = "nextcloud";
+  #     pihole-data.persistentVolumeClaim.claimName = "pihole-data";
+  #     pihole-dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
   #   };
   # };
 
@@ -23,6 +28,8 @@
       radicale.storage = "200Mi";
       minecraft.storage = "1Gi";
       nextcloud.storage = "50Gi";
+      pihole-data.storage = "750Mi";
+      pihole-dnsmasq.storage = "16Mi";
     };
 
     nfsVolumes = {
@@ -38,8 +45,6 @@
       atticd.path = "atticd";
       syncthing.path = "syncthing/config";
       kitchenowl.path = "kitchenowl/data";
-      pihole-data.path = "pihole/data";
-      pihole-dnsmasq.path = "pihole/dnsmasq";
       paperless-ngx-redisdata.path = "paperless-ngx/redisdata";
       paperless-ngx-data.path = "paperless-ngx/data";
       forgejo.path = "forgejo/data";