├── .github └── FUNDING.yml ├── README.md ├── assets └── logo.png ├── dietpi-postinstall.sh └── rules ├── allowlists.txt ├── blacklist.txt ├── blacklist_regex.txt ├── blocklists.txt ├── whitelist.txt └── whitelist_regex.txt /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | buy_me_a_coffee: denis_g 2 | tipeee: denisg 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Raspberry Pi and Pi-Hole 2 | 3 |
4 | DietPi, Pi-hole, Unbound 5 |
6 | 7 | --- 8 | 9 | - [Overview](#-overview) 10 | - [Install DietPi](#-install-dietpi) 11 | - [Prepare Pi-Hole](#-prepare-pi-hole) 12 | - [Update](#-update) 13 | 14 | --- 15 | 16 | ## 🔹 Overview 17 | 18 | Basic Raspberry Pi on DietPi with Pi-Hole and Unbound for more privacy. 19 | 20 | Ingredients: 21 | 22 | > **[DietPi](https://github.com/MichaIng/DietPi)**: DietPi is an extremely lightweight Debian-based OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential. 23 | 24 | > **[Pi-Hole](https://docs.pi-hole.net/)**: Pi-Hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. 25 | 26 | > **[pihole-updatelists](https://github.com/jacklul/pihole-updatelists)**: Update Pi-Hole's lists from remote sources. 27 | 28 | > **[Unbound](https://unbound.docs.nlnetlabs.nl/en/latest/)**: Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. 29 | 30 | --- 31 | 32 | ## 🔹 Install DietPi 33 | 34 | See `DietPi` install guide [here](https://dietpi.com/docs/install/). 35 | 36 | After completed flash the SD card open `dietpi.txt` from the card and change basic settings for auto-configuration. 37 | 38 | > ⚠️ This config applied on first boot of DietPi only! 39 | 40 | Modified settings example: 41 | 42 | ```ini 43 | # ----------------------------------------------------------------------------- 44 | # Language/Regional options 45 | # ----------------------------------------------------------------------------- 46 | 47 | AUTO_SETUP_KEYBOARD_LAYOUT=us 48 | AUTO_SETUP_TIMEZONE=Europe/Warsaw 49 | 50 | # ----------------------------------------------------------------------------- 51 | # Network options 52 | # ----------------------------------------------------------------------------- 53 | 54 | AUTO_SETUP_NET_USESTATIC=1 55 | AUTO_SETUP_NET_STATIC_IP=192.168.50.5 56 | AUTO_SETUP_NET_STATIC_GATEWAY=192.168.50.1 57 | 58 | AUTO_SETUP_NET_HOSTNAME=raspberrypi-eth 59 | 60 | # ----------------------------------------------------------------------------- 61 | # Misc options 62 | # ----------------------------------------------------------------------------- 63 | 64 | # disable swap 65 | AUTO_SETUP_SWAPFILE_SIZE=0 66 | 67 | # disable HDMI/video output and framebuffers 68 | AUTO_SETUP_HEADLESS=1 69 | 70 | # post-install and configuration 71 | AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/dietpi-postinstall.sh 72 | 73 | # ----------------------------------------------------------------------------- 74 | # Software options 75 | # ----------------------------------------------------------------------------- 76 | 77 | # software to automatically install 78 | AUTO_SETUP_AUTOMATED=1 79 | 80 | # global password [!] 81 | AUTO_SETUP_GLOBAL_PASSWORD=password 82 | 83 | # software to automatically install 84 | # Git 85 | AUTO_SETUP_INSTALL_SOFTWARE_ID=17 86 | # SQLite, PHP 87 | AUTO_SETUP_INSTALL_SOFTWARE_ID=87 89 88 | # Unbound 89 | AUTO_SETUP_INSTALL_SOFTWARE_ID=182 90 | 91 | # ----------------------------------------------------------------------------- 92 | # Misc DietPi program settings 93 | # ----------------------------------------------------------------------------- 94 | 95 | # disable obtain information regarding your system and installed software 96 | SURVEY_OPTED_IN=0 97 | 98 | # ----------------------------------------------------------------------------- 99 | # DietPi-Config settings 100 | # ----------------------------------------------------------------------------- 101 | 102 | # CPU Governor 103 | CONFIG_CPU_GOVERNOR=powersave 104 | 105 | # disable IPv6 106 | CONFIG_ENABLE_IPV6=0 107 | ``` 108 | 109 | Also for additional configuration see [dietpi-install.sh](https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/dietpi-postinstall.sh) file. 110 | 111 | --- 112 | 113 | Connect to your berry on the console with global password: 114 | 115 | ```shell 116 | ssh root@192.168.50.5 117 | ``` 118 | 119 | ... and wait `[!]` few minutes to install and update completed. 120 | 121 | --- 122 | 123 | ## 🔹 Prepare Pi-Hole 124 | 125 | > Currently, Pi-Hole doesn't support auto-install. 126 | 127 | Run this for execute Pi-Hole installation wizard: 128 | 129 | ```shell 130 | dietpi-software install 93 131 | ``` 132 | 133 | Setup and set custom DNS server (Unbound): 134 | 135 | ```ini 136 | 127.0.0.1#5335 137 | ``` 138 | 139 | After all is completed – update Pi-Hole settings by default: 140 | 141 | ```shell 142 | pihole-FTL --config database.maxDBdays 91 143 | ``` 144 | 145 | And install `pihole-updatelists` for import and auto-update lists and rules: 146 | 147 | ```shell 148 | wget -O - https://raw.githubusercontent.com/jacklul/pihole-updatelists/master/install.sh | sudo bash 149 | ``` 150 | 151 | ### Block Lists And Rules 152 | 153 | Recommended block lists and rules repositories: 154 | - [DNS Blocklists](https://github.com/hagezi/dns-blocklists) – see [included source lists](https://github.com/hagezi/dns-blocklists/blob/main/sources.md) 155 | - [Regex Filters for Pi-Hole](https://github.com/mmotti/pihole-regex) – basic blacklist regex 156 | 157 | Set your personal lists on config file: 158 | 159 | ```shell 160 | cat > /etc/pihole-updatelists.conf << EOF 161 | BLOCKLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blocklists.txt" 162 | ALLOWLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/allowlists.txt" 163 | WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist.txt" 164 | REGEX_WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist_regex.txt" 165 | BLACKLIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist.txt" 166 | REGEX_BLACKLIST_URL="https://raw.githubusercontent.com/mmotti/pihole-regex/master/regex.list https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist_regex.txt https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile_regex.txt" 167 | EOF 168 | ``` 169 | 170 | Clear all preinstalled Pi-Hole lists and rules: 171 | 172 | ```shell 173 | sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist;" && \ 174 | sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist_by_group;" && \ 175 | sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist;" && \ 176 | sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist_by_group;" 177 | ``` 178 | 179 | And update lists and rules on `Pi-Hole`: 180 | 181 | ```shell 182 | pihole-updatelists 183 | ``` 184 | 185 | ### Schedule 186 | 187 | Set schedule timer for update all lists. For example, `every day at 4am`: 188 | 189 | ```shell 190 | cat > /etc/cron.d/pihole-updatelists << EOF 191 | 0 4 * * * root /usr/local/sbin/pihole-updatelists 192 | EOF 193 | ``` 194 | 195 | See [cron schedule expressions editor](https://crontab.guru/#0_4_*_*) for details. 196 | 197 | --- 198 | 199 | ## 🔹 Update 200 | 201 | Update, upgrade system, all packages, lists and rules: 202 | 203 | ```shell 204 | pihole-updatelists --update -y && \ 205 | pihole-updatelists && \ 206 | pihole -up && \ 207 | dietpi-update 1 && \ 208 | apt-get update -y && \ 209 | apt-get upgrade -y && \ 210 | apt-get dist-upgrade -y 211 | ``` 212 | -------------------------------------------------------------------------------- /assets/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/87f12b6eea3bb4323a248ac72fb6f827639281f0/assets/logo.png -------------------------------------------------------------------------------- /dietpi-postinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ----------------------------------------------------------------------------- 4 | # Banner 5 | # [x] Device model 6 | # [x] Uptime 7 | # [x] CPU temp 8 | # [x] FQDN/hostname 9 | # [_] NIS domainname 10 | # [x] LAN IP 11 | # [x] WAN IP 12 | # [x] Freespace (RootFS) 13 | # [_] Weather (wttr.in) 14 | # [_] Custom banner entry 15 | # [_] Display DietPi useful commands? 16 | # [_] MOTD 17 | # [_] VPN status 18 | # [_] Large hostname 19 | # [_] Print credits 20 | # [_] Let's Encrypt cert status 21 | # ----------------------------------------------------------------------------- 22 | 23 | BANNER_FILE="/boot/dietpi/.dietpi-banner" 24 | 25 | cat > $BANNER_FILE << EOF 26 | aDESCRIPTION[10]='Custom banner entry' 27 | aENABLED[0]=1 28 | aENABLED[1]=1 29 | aENABLED[2]=1 30 | aENABLED[3]=1 31 | aENABLED[4]=0 32 | aENABLED[5]=1 33 | aENABLED[6]=1 34 | aENABLED[7]=1 35 | aENABLED[8]=0 36 | aENABLED[9]=0 37 | aENABLED[10]=0 38 | aENABLED[11]=0 39 | aENABLED[12]=0 40 | aENABLED[13]=0 41 | aENABLED[14]=0 42 | aENABLED[15]=0 43 | aENABLED[16]=0 44 | aCOLOUR[0]='\e[38;5;154m' 45 | aCOLOUR[1]='\e[1m' 46 | aCOLOUR[2]='\e[90m' 47 | aCOLOUR[3]='\e[91m' 48 | EOF 49 | 50 | 51 | # ----------------------------------------------------------------------------- 52 | # Hardware 53 | # ----------------------------------------------------------------------------- 54 | 55 | # disable wireless 56 | /boot/dietpi/func/dietpi-set_hardware bluetooth disable 57 | /boot/dietpi/func/dietpi-set_hardware wifimodules onboard_disable 58 | 59 | # disable buses 60 | /boot/dietpi/func/dietpi-set_hardware i2c disable 61 | /boot/dietpi/func/dietpi-set_hardware spi disable 62 | 63 | # disable HDMI/video output 64 | /boot/dietpi/func/dietpi-set_hardware headless enable 65 | 66 | # disable modules 67 | /boot/dietpi/func/dietpi-set_hardware rpi-camera disable 68 | /boot/dietpi/func/dietpi-set_hardware rpi-codec disable 69 | /boot/dietpi/func/dietpi-set_hardware rpi-opengl disable 70 | 71 | # disable IPv6 72 | /boot/dietpi/func/dietpi-set_hardware enableipv6 disable 73 | 74 | 75 | # ----------------------------------------------------------------------------- 76 | # Overclock 77 | # ----------------------------------------------------------------------------- 78 | 79 | CONFIG_FILE="/boot/config.txt" 80 | 81 | # Profile - `energy saving` 82 | sed -i "/^#over_voltage=/c\over_voltage=-2" $CONFIG_FILE 83 | sed -i "/^over_voltage=/c\over_voltage=-2" $CONFIG_FILE 84 | sed -i "/^#over_voltage_min=/c\over_voltage_min=-2" $CONFIG_FILE 85 | sed -i "/^over_voltage_min=/c\over_voltage_min=-2" $CONFIG_FILE 86 | 87 | # ARM Temp Limit - 65'C 88 | sed -i "/^#temp_limit=/c\temp_limit=65" $CONFIG_FILE 89 | sed -i "/^temp_limit=/c\temp_limit=65" $CONFIG_FILE 90 | 91 | # ARM Idle Frequency - 300 Mhz 92 | sed -i "/^#arm_freq_min=/c\arm_freq_min=300" $CONFIG_FILE 93 | sed -i "/^arm_freq_min=/c\arm_freq_min=300" $CONFIG_FILE 94 | -------------------------------------------------------------------------------- /rules/allowlists.txt: -------------------------------------------------------------------------------- 1 | # ALLOWLISTS 2 | # Add URLs to allow lists 3 | 4 | #-----------------------------------------------------------------------------# 5 | -------------------------------------------------------------------------------- /rules/blacklist.txt: -------------------------------------------------------------------------------- 1 | # BLACKLIST 2 | # Add only domain name (ex. fonts.gstatic.com) 3 | 4 | #-----------------------------------------------------------------------------# 5 | 6 | # Ads 7 | ## Yandex 8 | yastatic.net 9 | 10 | # Smart TV 11 | ## LG 12 | aic.cdpsvc.lgtvcommon.com 13 | eic.cdpsvc.lgtvcommon.com 14 | aic.recommend.lgtvcommon.com 15 | eic.recommend.lgtvcommon.com 16 | aic.sports.lgtviot.com 17 | eic.sports.lgtviot.com 18 | aic.homeprv.lgtvcommon.com 19 | eic.homeprv.lgtvcommon.com 20 | aic.rdl.lgtvcommon.com 21 | eic.rdl.lgtvcommon.com 22 | aic.lgtviot.com 23 | eic.lgtviot.com 24 | aic.nudge.lgtvcommon.com 25 | eic.nudge.lgtvcommon.com 26 | aic-gfts.lge.com 27 | eic-gfts.lge.com 28 | aic-ngfts.lge.com 29 | eic-ngfts.lge.com 30 | qt2-ngfts.lge.com 31 | aic.wiseconfig.lgtvcommon.com 32 | eic.wiseconfig.lgtvcommon.com 33 | ngfts.lge.com 34 | -------------------------------------------------------------------------------- /rules/blacklist_regex.txt: -------------------------------------------------------------------------------- 1 | # BLACKLIST REGEX 2 | # Add only regex domain name (ex. .*\.cloudfront\.net) 3 | 4 | #-----------------------------------------------------------------------------# 5 | -------------------------------------------------------------------------------- /rules/blocklists.txt: -------------------------------------------------------------------------------- 1 | # BLOCKLISTS 2 | # Add URLs to block lists 3 | 4 | #-----------------------------------------------------------------------------# 5 | 6 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.plus.txt 7 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/fake.txt 8 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/popupads.txt 9 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.txt 10 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/spam-tlds.txt 11 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/gambling.txt 12 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.amazon.txt 13 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.apple.txt 14 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.huawei.txt 15 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.winoffice.txt 16 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.samsung.txt 17 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/native.tiktok.txt 18 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.tiktok.extended.txt 19 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.lgwebos.txt 20 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.roku.txt 21 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.vivo.txt 22 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.oppo-realme.txt 23 | https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.xiaomi.txt 24 | https://raw.githubusercontent.com/FiltersHeroes/KADhosts/master/KADhosts.txt 25 | https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile.txt 26 | -------------------------------------------------------------------------------- /rules/whitelist.txt: -------------------------------------------------------------------------------- 1 | # WHITELIST 2 | # Add only domain name (ex. fonts.gstatic.com) 3 | 4 | #-----------------------------------------------------------------------------# 5 | -------------------------------------------------------------------------------- /rules/whitelist_regex.txt: -------------------------------------------------------------------------------- 1 | # WHITELIST REGEX 2 | # Add only regex domain name (ex. .*\.cloudfront\.net) 3 | 4 | #-----------------------------------------------------------------------------# 5 | --------------------------------------------------------------------------------