Basic Raspberry Pi on DietPi with Pi-Hole and Unbound for more privacy.
Ingredients:
DietPi: DietPi is an extremely lightweight Debian-based OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential.
Pi-Hole: Pi-Hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.
pihole-updatelists: Update Pi-Hole's lists from remote sources.
Unbound: Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
See DietPi install guide here.
After completed flash the SD card open dietpi.txt from the card and change basic settings for auto-configuration.
β οΈ This config applied on first boot of DietPi only!
Modified settings example:
# global password [!]
AUTO_SETUP_GLOBAL_PASSWORD=password
# -----------------------------------------------------------------------------
# Language/Regional options
# -----------------------------------------------------------------------------
AUTO_SETUP_KEYBOARD_LAYOUT=us
AUTO_SETUP_TIMEZONE=Europe/Warsaw
# -----------------------------------------------------------------------------
# Network options
# -----------------------------------------------------------------------------
AUTO_SETUP_NET_USESTATIC=1
AUTO_SETUP_NET_STATIC_IP=192.168.50.5
AUTO_SETUP_NET_STATIC_GATEWAY=192.168.50.1
AUTO_SETUP_NET_HOSTNAME=raspberrypi-eth
# -----------------------------------------------------------------------------
# Misc options
# -----------------------------------------------------------------------------
# disable swap
AUTO_SETUP_SWAPFILE_SIZE=0
# disable HDMI/video output and framebuffers
AUTO_SETUP_HEADLESS=1
# post-install and configuration
AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/dietpi-postinstall.sh
# -----------------------------------------------------------------------------
# Software options
# -----------------------------------------------------------------------------
# software to automatically install
AUTO_SETUP_AUTOMATED=1
# software to automatically install
# Git, SQLite, PHP, Unbound
AUTO_SETUP_INSTALL_SOFTWARE_ID=17 87 89 182
# -----------------------------------------------------------------------------
# Misc DietPi program settings
# -----------------------------------------------------------------------------
# disable obtain information regarding your system and installed software
SURVEY_OPTED_IN=0
# -----------------------------------------------------------------------------
# DietPi-Config settings
# -----------------------------------------------------------------------------
# CPU Governor
CONFIG_CPU_GOVERNOR=powersave
# disable IPv6
CONFIG_ENABLE_IPV6=0Also for additional configuration see dietpi-install.sh file.
Connect to your berry on the console with global password:
ssh root@192.168.50.5... and wait [!] few minutes to install and update completed.
cat << '_EOF_' > /etc/unbound/unbound.conf.d/dietpi-dot.conf
# Adding DNS-over-TLS support
server:
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
## Cloudflare
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
## Quad9
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
_EOF_More details on documentation.
Currently, Pi-Hole doesn't support auto-install.
Run this for execute Pi-Hole installation wizard:
dietpi-software install 93Setup and set custom DNS server (Unbound):
127.0.0.1#5335After all is completed β update Pi-Hole settings by default:
# settings for local network
pihole-FTL --config database.maxDBdays 91
pihole-FTL --config dns.rateLimit.count "0"
pihole-FTL --config dns.rateLimit.interval "0"
# disable IPv6 support
pihole-FTL --config ntp.ipv6.active false
pihole-FTL --config resolver.resolveIPv6 falseAnd install pihole-updatelists for import and auto-update lists and rules:
wget -O - https://raw.githubusercontent.com/jacklul/pihole-updatelists/master/install.sh | sudo bashRecommended block lists and rules repositories:
- DNS Blocklists β see included source lists
- Regex Filters for Pi-Hole β basic blacklist regex
Set your personal lists on config file:
cat > /etc/pihole-updatelists.conf << EOF
BLOCKLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blocklists.txt"
ALLOWLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/allowlists.txt"
WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist.txt"
REGEX_WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist_regex.txt"
BLACKLIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist.txt"
REGEX_BLACKLIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist_regex.txt"
EOFClear all preinstalled Pi-Hole lists and rules:
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist_by_group;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist_by_group;"And update lists and rules on Pi-Hole:
pihole-updatelistsSet schedule timer for update all lists. For example, every day:
cat > /etc/cron.daily/pihole-updatelists << EOF
#!/bin/sh
/usr/local/sbin/pihole-updatelists
EOF
chmod 755 /etc/cron.daily/pihole-updatelistsSee dietpi-cron tools for details.
Update, upgrade system and all packages via Shell Functions, DietPi and Pi-Hole:
G_AGUP && \
G_AGUG && \
G_AGDUG && \
pihole-updatelists --update -y && \
pihole -up && \
dietpi-update 1 && \
G_INTERACTIVE=0 dietpi-cleaner 2