Skip to content

Instantly share code, notes, and snippets.

@simbo
Created November 25, 2020 15:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save simbo/8d4131de3d436d71954ce2fb916fe6b7 to your computer and use it in GitHub Desktop.
Save simbo/8d4131de3d436d71954ce2fb916fe6b7 to your computer and use it in GitHub Desktop.
Setting up a Raspberry Pi for pi-hole

Setting up a Raspberry Pi for pi-hole

Used Model: Raspberry Pi (Model B Rev 2, armv6l)

Prepare SD Card

Download the Raspberry Pi Imager, start it and follow the instructions to create an image using the Raspberry Pi OS Lite (32-bit) (a debian port without desktop environment).

First Login

  • User: pi
  • Password: raspberry

Using raspi-config

sudo raspi-config
  • set timezone and keyboard
  • enable ssh server
  • set hostname to pi-hole
  • whatever else fits your needs...

Afterwards, everything else can be done via ssh.

ssh <USERNAME>@<PI-IP>

Create your user

sudo adduser <USERNAME>
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi <USERNAME>

Afterwards, you can login with your new user account and remove the pi user and its home directory:

sudo pkill -u pi
sudo deluser -remove-home pi

No Password for sudo

sudo visudo

Edit the line for the sudoers group:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

SSH

Copy your ssh id from your local machine to the pi:

ssh-copy-id -i ~/.ssh/id_rsa.pub <USERNAME>@<PI-IP>

You can also add an entry to your local .ssh/config for convenient connect:

Host pi-hole
  HostName <PI-IP>
  User <USERNAME>
  IdentityFile ~/.ssh/id_rsa

Afterwards, you can connect via ssh pi-hole.

Update Packages

sudo apt-get update
sudo apt-get upgrade

Install Pi-Hole

curl -sSL https://install.pi-hole.net | bash
# change or remove pihole password
pihole -a -p

Setup Firewall

# install
sudo apt-get install ufw
# reboot afterwards
sudo shutdown -r now
# deny all incoming traffic
sudo ufw default deny incoming
# allow ssh from local network
sudo ufw allow from 192.168.0.0/24 to any app OpenSSH
# limit ssh connections
sudo ufw limit ssh/tcp
# allow http from local network
sudo ufw allow from 192.168.0.0/24 to any app WWW
# allow dns for pi hole
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
sudo ufw allow 67/tcp
sudo ufw allow 67/udp
sudo ufw allow 546:547/udp
# enable firewall (WARNING: misconfiguration may lock you out!)
sudo ufw enable
sudo ufw status verbose

Cleanup

sudo apt-get autoremove
sudo apt-get autoclean
sudo apt-get clean
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment