Basic Raspberry Pi 4 on DietPi with Pi-hole and Unbound for more privacy.
Ingredients:
DietPi: DietPi is an extremely lightweight Debian-based OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential.
Pi-hole: Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.
pihole-updatelists: Update Pi-hole's lists from remote sources.
Unbound: Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
See DietPi
install guide here.
After completed flash the SD card open dietpi.txt
from the card and change basic settings for auto-configuration.
⚠️ This config applied on first boot of DietPi only!
Example modified settings:
# -----------------------------------------------------------------------------
# Language/Regional options
# -----------------------------------------------------------------------------
AUTO_SETUP_KEYBOARD_LAYOUT=us
AUTO_SETUP_TIMEZONE=Europe/Warsaw
# -----------------------------------------------------------------------------
# Network options
# -----------------------------------------------------------------------------
AUTO_SETUP_NET_USESTATIC=1
AUTO_SETUP_NET_STATIC_IP=192.168.50.2
AUTO_SETUP_NET_STATIC_GATEWAY=192.168.50.1
AUTO_SETUP_NET_HOSTNAME=raspberrypi-eth
# -----------------------------------------------------------------------------
# Misc options
# -----------------------------------------------------------------------------
# disable swap
AUTO_SETUP_SWAPFILE_SIZE=0
# disable HDMI/video output and framebuffers
AUTO_SETUP_HEADLESS=1
# post-install and configuration
AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/dietpi-install.sh
# -----------------------------------------------------------------------------
# Software options
# -----------------------------------------------------------------------------
# dependency preferences
# Lighttpd
AUTO_SETUP_WEB_SERVER_INDEX=-2
# software to automatically install
AUTO_SETUP_AUTOMATED=1
# global password [!]
AUTO_SETUP_GLOBAL_PASSWORD=password
# software to automatically install
# Git
AUTO_SETUP_INSTALL_SOFTWARE_ID=17
# Lighttpd
AUTO_SETUP_INSTALL_SOFTWARE_ID=84
# SQLite
AUTO_SETUP_INSTALL_SOFTWARE_ID=87
# PHP
AUTO_SETUP_INSTALL_SOFTWARE_ID=89
# Unbound
AUTO_SETUP_INSTALL_SOFTWARE_ID=182
# -----------------------------------------------------------------------------
# Misc DietPi program settings
# -----------------------------------------------------------------------------
# disable obtain information regarding your system and installed software
SURVEY_OPTED_IN=0
# -----------------------------------------------------------------------------
# DietPi-Config settings
# -----------------------------------------------------------------------------
# CPU Governor
CONFIG_CPU_GOVERNOR=powersave
# disable IPv6
CONFIG_ENABLE_IPV6=0
Now
Pi-hole
not support auto-install.
Also for additional configuration see dietpi-install.sh
file.
Connect to your berry on the console with global password:
ssh root@192.168.50.2
... and wait [!]
few minutes to auto-install completed.
Run this for execute Pi-hole
installation wizard:
dietpi-software install 93
Set custom DNS server (Unbound):
127.0.0.1#5335
After all is completed install pihole-updatelists
:
wget -O - https://raw.githubusercontent.com/jacklul/pihole-updatelists/master/install.sh | sudo bash
Recommended ad-lists:
- DNS Blocklists, see included source lists
- Regex Filters for Pi-hole, basic blacklist regex
Set your personal ad-lists on config file:
cat > /etc/pihole-updatelists.conf << EOF
ADLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/adlist.txt"
WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/whitelist.txt"
REGEX_WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/whitelist_regex.txt"
BLACKLIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/blacklist.txt"
REGEX_BLACKLIST_URL="https://raw.githubusercontent.com/mmotti/pihole-regex/master/regex.list https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/blacklist_regex.txt https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile_regex.txt"
EOF
Clear all preinstalled Pi-hole ad-lists and rules:
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist_by_group;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist_by_group;"
And update ad-lists and rules on Pi-hole
:
pihole-updatelists
Set schedule timer for update ad-lists. For example, every day at 4am
:
cat > /etc/cron.d/pihole-updatelists << EOF
0 4 * * * root /usr/local/sbin/pihole-updatelists
EOF
See cron schedule expressions editor for details.
Update, upgrade system, all packages and ad-lists:
dietpi-update 1 && \
apt-get update -y && \
apt-get upgrade -y && \
apt-get dist-upgrade -y && \
pihole -up && \
pihole-updatelists --update && \
pihole-updatelists && \
reboot