Basic Raspberry Pi on DietPi with Pi-Hole and Unbound for more privacy.
Ingredients:
DietPi: DietPi is an extremely lightweight Debian-based OS. It is highly optimised for minimal CPU and RAM resource usage, ensuring your SBC always runs at its maximum potential.
Pi-Hole: Pi-Hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software.
pihole-updatelists: Update Pi-Hole's lists from remote sources.
Unbound: Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards.
See DietPi install guide here.
After completed flash the SD card open dietpi.txt from the card and change basic settings for auto-configuration.
⚠️ This config applied on first boot of DietPi only!
Modified settings example:
# -----------------------------------------------------------------------------
# Language/Regional options
# -----------------------------------------------------------------------------
AUTO_SETUP_KEYBOARD_LAYOUT=us
AUTO_SETUP_TIMEZONE=Europe/Warsaw
# -----------------------------------------------------------------------------
# Network options
# -----------------------------------------------------------------------------
AUTO_SETUP_NET_USESTATIC=1
AUTO_SETUP_NET_STATIC_IP=192.168.50.5
AUTO_SETUP_NET_STATIC_GATEWAY=192.168.50.1
AUTO_SETUP_NET_HOSTNAME=raspberrypi-eth
# -----------------------------------------------------------------------------
# Misc options
# -----------------------------------------------------------------------------
# disable swap
AUTO_SETUP_SWAPFILE_SIZE=0
# disable HDMI/video output and framebuffers
AUTO_SETUP_HEADLESS=1
# post-install and configuration
AUTO_SETUP_CUSTOM_SCRIPT_EXEC=https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/dietpi-postinstall.sh
# -----------------------------------------------------------------------------
# Software options
# -----------------------------------------------------------------------------
# software to automatically install
AUTO_SETUP_AUTOMATED=1
# global password [!]
AUTO_SETUP_GLOBAL_PASSWORD=password
# software to automatically install
# Git
AUTO_SETUP_INSTALL_SOFTWARE_ID=17
# SQLite, PHP
AUTO_SETUP_INSTALL_SOFTWARE_ID=87 89
# Unbound
AUTO_SETUP_INSTALL_SOFTWARE_ID=182
# -----------------------------------------------------------------------------
# Misc DietPi program settings
# -----------------------------------------------------------------------------
# disable obtain information regarding your system and installed software
SURVEY_OPTED_IN=0
# -----------------------------------------------------------------------------
# DietPi-Config settings
# -----------------------------------------------------------------------------
# CPU Governor
CONFIG_CPU_GOVERNOR=powersave
# disable IPv6
CONFIG_ENABLE_IPV6=0Also for additional configuration see dietpi-install.sh file.
Connect to your berry on the console with global password:
... and wait [!] few minutes to install and update completed.
Currently, Pi-Hole doesn't support auto-install.
Run this for execute Pi-Hole installation wizard:
dietpi-software install 93Setup and set custom DNS server (Unbound):
127.0.0.1#5335After all is completed – update Pi-Hole settings by default:
pihole-FTL --config database.maxDBdays 91And install pihole-updatelists for import and auto-update lists and rules:
wget -O - https://raw.githubusercontent.com/jacklul/pihole-updatelists/master/install.sh | sudo bashRecommended block lists and rules repositories:
- DNS Blocklists – see included source lists
- Regex Filters for Pi-Hole – basic blacklist regex
Set your personal lists on config file:
cat > /etc/pihole-updatelists.conf << EOF
BLOCKLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blocklists.txt"
ALLOWLISTS_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/allowlists.txt"
WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist.txt"
REGEX_WHITELIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/whitelist_regex.txt"
BLACKLIST_URL="https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist.txt"
REGEX_BLACKLIST_URL="https://raw.githubusercontent.com/mmotti/pihole-regex/master/regex.list https://raw.githubusercontent.com/denis-g/rpi4-pihole-settings/master/rules/blacklist_regex.txt https://raw.githubusercontent.com/MajkiIT/polish-ads-filter/master/polish-pihole-filters/hostfile_regex.txt"
EOFClear all preinstalled Pi-Hole lists and rules:
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM adlist_by_group;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist;" && \
sqlite3 /etc/pihole/gravity.db "DELETE FROM domainlist_by_group;"And update lists and rules on Pi-Hole:
pihole-updatelistsSet schedule timer for update all lists. For example, every day at 4am:
cat > /etc/cron.d/pihole-updatelists << EOF
0 4 * * * root /usr/local/sbin/pihole-updatelists
EOFSee cron schedule expressions editor for details.
Update, upgrade system, all packages, lists and rules:
pihole-updatelists --update -y && \
pihole-updatelists && \
pihole -up && \
dietpi-update 1 && \
apt-get update -y && \
apt-get upgrade -y && \
apt-get dist-upgrade -y