Skip to content

Instantly share code, notes, and snippets.

@simbo

simbo/raspberry-pi-setup-pihole.md

Created November 24, 2020 15:22
Show Gist options
  • Save simbo/e1f6b1ff8a4f5a96dad3f774a06ba965 to your computer and use it in GitHub Desktop.
Save simbo/e1f6b1ff8a4f5a96dad3f774a06ba965 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up a Raspberry Pi for pi-hole with nginx
Raw
raspberry-pi-setup-pihole.md

Setting up a Raspberry Pi for pi-hole with nginx

Model: Raspberry Pi (Model B Rev 2, armv6l)

Prepare SD Card

Download the Raspberry Pi Imager, start it and follow the instructions to create an image using the Raspberry Pi OS Lite (32-bit) (a debian port without desktop environment).

First Login

  • User: pi
  • Password: raspberry

Using raspi-config

sudo raspi-config
  • set timezone and keyboard
  • enable ssh server
  • set hostname to pi.hole
  • whatever else fits your needs...

Afterwards, everything else can be done via ssh.

ssh <USERNAME>@<PI-IP>

Create Users

sudo adduser <USERNAME>
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi <USERNAME>

Afterwards, you can remove the pi user and its home directory:

sudo pkill -u pi
sudo deluser -remove-home pi

No Password for sudo

sudo visudo

Edit the line for the sudoers group:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

SSH

Copy your ssh id from your local machine to the pi:

ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@<PI-IP>

You can also add an entry to your local .ssh/config for convenient connect:

Host pi.hole
  HostName <PI-IP>
  User <USERNAME>
  IdentityFile ~/.ssh/id_rsa

Afterwards, you can connect via ssh pi.hole.

Update Packages

sudo apt-get update
sudo apt-get upgrade

Install software

sudo apt-get install git zsh toilet nginx php7.3-fpm php7.3-cgi php7.3-xml php7.3-sqlite3 php7.3-intl apache2-utils ufw
# reboot afterwards
sudo shutdown -r now

Custom MOTD

sudo su
toilet --termwidth --filter border --gay --font future -k "PI.HOLE" > /etc/motd
cat /proc/device-tree/model >> /etc/motd
printf "\n" >> /etc/motd
exit

ZSH

# set zsh as default
chsh -s $(which zsh)

Install pure prompt

mkdir -p "$HOME/.zsh"
git clone https://github.com/sindresorhus/pure.git "$HOME/.zsh/pure"

.zshrc

# Aliases
alias ls='ls -h --color=auto'
alias ll='ls -l'
alias la='ls -la'
alias grep='grep --color=auto'

# edit .zshrc
alias ez="nano ~/.zshrc"
# reload .zshrc
alias sz="source ~/.zshrc && echo \"~/.zshrc reloaded.\""

# pure prompt
fpath+=$HOME/.zsh/pure
autoload -U promptinit
promptinit
prompt pure

# Use vi keybindings even if our EDITOR is set to vi
bindkey -e

# Do not enter command lines into the history list if they are duplicates of the previous event
setopt histignorealldups

# Import new commands from the history file and append typed commands to the history file
setopt sharehistory

# Keep lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=5000
SAVEHIST=5000
HISTFILE=~/.zsh_history

# Use modern completion system
autoload -Uz compinit
compinit

Nginx

After changing configuration:

# test config
sudo nginx -t
# reload config
sudo nginx -s reload

Download a Raspberry Pi Favicon

sudo curl -L https://www.raspberrypi.org/favicon.ico -o /var/www/html/favicon.png

Remove debian default index page

sudo rm /var/www/html/index.nginx-debian.html

/var/www/html/index.php

<?php
header('Location: /admin');
exit;
?>

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-available/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        index index.php index.html index.htm;

        server_name pi.hole;

        autoindex on;
        autoindex_localtime on;
        autoindex_exact_size on;

        location / {
                try_files $uri $uri/ =404;
        }

        location = /favicon.ico {
                rewrite . /favicon.png;
        }

        location ~ .php$ {
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
                fastcgi_pass unix:/run/php/php7.3-fpm.sock;
                fastcgi_param FQDN true;
        }
}

Pi-Hole

curl -sSL https://install.pi-hole.net | bash
# add user www-data to pihole group
sudo usermod -a -G pihole www-data
# change or remove pihole password
pihole -a -p

Firewall

sudo apt-get install ufw
# deny all incoming traffic
sudo ufw default deny incoming
# allow ssh from local network
sudo ufw allow from 192.168.23.0/24 to any app OpenSSH
# limit ssh connections
sudo ufw limit ssh/tcp
# allow http(s) from local network
sudo ufw allow from 192.168.23.0/24 to any app "NGINX HTTP"
# allow dns for pi hole
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
sudo ufw allow 67/tcp
sudo ufw allow 67/udp
sudo ufw allow 546:547/udp
# enable firewall (WARNING: misconfiguration may lock you out!)
sudo ufw enable
sudo ufw status verbose

Cleanup

sudo apt-get autoremove
sudo apt-get autoclean
sudo apt-get clean
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment