A few weeks ago I switched to DuckDuckGo from Google (sometimes I still need to Google, but overall it is great). About that time I found out about DNS Sinkhole for ads - Pi-Hole. I use AdGuard on my laptop, but I thought that blocking ads and trackers on DNS level is a great idea and it will block ads and trackers on my Android phone also, so I decided to set it up on my secondary Raspberry Pi 3 (Model B v1.2).
Installing OS (Arch Linux)
I installed Arch Linux [AArch64] (on Ubuntu bsdtar = tar) on this Raspberry Pi, because I have the same OS for Raspberry Pi devices at my work. If you follow guide from link above - it will be easy, this installation even enables SSH server by default.
SSH into the device and run some basic commands to make things easy and secure (make sure you run all commands from guide above first):
# Change alarm user password for something more secure than alarm passwd # Become root su # Update system pacman -Syu # Install sudo pacman -S sudo # Yeah, vi is not for me, yet export EDITOR=nano # Add line "alarm ALL=(ALL) ALL" visudo # Change root password for something random and long (32+ symbols) passwd
Now your alarm user is sudoer and you can logout from root user and proceed as alarm user:
# Change your SSH configuration for more security # (disable password authentications and root login for example) sudo nano /etc/ssh/sshd_config # Change your timezone sudo timedatectl set-timezone Europe/Tallinn # Change your hostname sudo hostnamectl set-hostname igor-pi-secondary
I use command from their website (I know that this is not secure):
curl -sSL https://install.pi-hole.net | sudo bash
And I get first problem:
[alarm@igor-pi-secondary ~]$ curl -sSL https://install.pi-hole.net | sudo bash [sudo] password for alarm: stty: 'standard input': Inappropriate ioctl for device [✓] Root user check .;;,. .ccccc:,. :cccclll:. ..,, :ccccclll. ;ooodc 'ccll:;ll .oooodc .;cll.;;looo:. .. ','. .',,,,,,'. .',,,,,,,,,,. .',,,,,,,,,,,,.... ....''',,,,,,,'....... ......... .... ......... .......... .......... .......... .......... ......... .... ......... ........,,,,,,,'...... ....',,,,,,,,,,,,. .',,,,,,,,,'. .',,,,,,'. ..'''. [✗] OS distribution not supported
My reaction when I remember that Docker exists:
So I just install Docker with docker-compose to make it work:
sudo pacman -S docker sudo systemctl enable docker.service sudo pacman -S python-pip sudo pip install docker-compose sudo pacman -S git # Add content of "~/.ssh/id_rsa.pub" as your GitHub account SSH key ssh-keygen git clone firstname.lastname@example.org:pi-hole/docker-pi-hole.git cd docker-pi-hole # Port 53 is reserved by systemd-resolved, disable this service sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved
Then you need to change docker-compose.yml file to something like this:
version: "3" services: pihole: image: pihole/pihole:latest cap_add: - NET_ADMIN dns: - 127.0.0.1 - 18.104.22.168 ports: - "53:53/tcp" - "53:53/udp" - "80:80/tcp" - "443:443/tcp" environment: ServerIP: '192.168.42.5' TZ: 'Europe/Tallinn' WEBPASSWORD: 'yoursecurepass' DNS1: '22.214.171.124' DNS2: '126.96.36.199' IPv6: 'False' volumes: - '/home/alarm/docker-pi-hole/etc:/etc/pihole' - '/home/alarm/docker-pi-hole/dnsmasq.d:/etc/dnsmasq.d' restart: always
It should work as soon as you run it via:
sudo docker-compose up -d
Set it as your DNS server in your device's network configuration and go to http://pi.hole/admin to configure it as you like.
P.S. Because it is Docker - it should work the same on any platform :)
How To Update
Go to folder with repository and execute commands below:
sudo docker-compose pull sudo docker-compose down sudo docker-compose up -d