This wiki was updated to MediaWiki 1.37. If you notice any issues, please report them to admin[at]opensuse.org

SDB:Howto-pihole

Jump to: navigation, search


Tested on openSUSE

Recommended articles

Icon-manual.png

Related articles


Pihole is a network-wide blocker for advertising and trackers. The pihole-projects provides installation scripts, but unfortunately not for openSUSE. A systemd-service for pihole is missing as well.

Our community member Herbster0815 did a pretty good job in packaging pihole for openSUSE. This how-to describes how you get it running.

Preface

Pihole provides a DNS Server for the local network, which uses block- and filter lists to block calls to known advertising servers. Once pihole is set-up, one needs to instruct the DHCP-Server to use pihole as DNS server. This is usually set in your router. The pi-hole server should receive a fix IP address (can be set in Router as well)

Pihole does not need much resources and can be run on a NAS, a virtual machine or on an old Raspberry Pi. Below installation runs on a Raspi 3 with 1GB RAM and MicroOS for pihole - see notes)

Pihole comes with various packages:

  • pi-hole - the command-line program to manage settings
  • pi-hole-ftl - the Faster Than Light (FTL) pihole-DNS-Server.
  • pi-hole-admin-lte-config-lighttpd - Pi-hole AdminLTE configuration files for lighttpd

You need at least the first two packages, if you want a webfrontend to manage settings and see the statistics, the third package must be installed as well.


Installation

The easiest way to install pihole is the openSUSE Package Installer opi:

Pihole Installation
Pihole Installation

Select pi-hole-admin-lte-config-lighttpd for installation - required packages are installed automatically.

Select home:Herbster0815:pihole repository (and keep it after installation)


Configuration

The package installation provides some basic setup of the configuration files, however, some small manual work is required

  • edit /etc/pihole/setupVars.conf

Add your preferred DNS servers or use the preset. In any case you need to edit your local IP address! Note that your pihole should receive a fix IP address from your router, which needs to be configured in the DHCP server as well. Find details in the pihole documentation

  • edit /etc/dnsmasq.d/01-pihole.conf

Change the DNS servers as well

  • start the services:

systemctl enable --now pi-hole-lighttpd

systemctl enable --now pi-hole-ftl

Now is a good time to update the blocklists:

pihole -g

and to set a password for the pihole webfrontend:

pihole -a -p

The pihole dashboard is now accessible at htp://<your-IP-address>

Installation on MicroOS - RPM

As self-maintained, transactional and basically immutable system is MicroOS the weapon of choice for a fire-and-forget solution like pihole. Here are the steps to set it up (on a Raspi3 with 1GB RAM).

Installation of MicroOS

I used a USB stick with a recent copy of MicroOS, booted the Raspi from the same and installed the system on a 32GB SD card. For the installation, a monitor, keyboard and mouse were attached to the Raspi, and removed after the installation was completed.

As pihole is installed to /var, we need to make sure that this folder is available during installation.

Open a transactional shell:

transactional-update shell

Mount /var manually:

mount /var

and continue directly with the installation (see below) in the same transactional shell.

Installation

For the installation of opi and pihole, open a transactional shell:

transactional-update shell

From here you can use zypper to install opi, and with opi in place, proceed as described above. Leave the shell with exit Reboot the system for the changes to take place. After reboot, continue with the configuration as described above.

SELinux

Pihole does currently not work well with SELinux, so it should be switched off until a pihole module for SELinux is in place (see Bugzilla)

In /etc/default/grub, add the following line to the GRUB_CMDLINE_LINUX_DEFAULT= line:

GRUB_CMDLINE_LINUX_DEFAULT="security=selinux selinux=0 enforcing=0"

Afterwards run

grub2-mkconfig -o /boot/grub2/grub.cfg

and reboot.

Raspberry Pi

The Raspi does not come with a Real-Time-Clock (RTC). Although a NTP daemon is started by default, it needs some seconds until the correct time is available. This confuses the logging of pihole, and results in a broken dashboard.

If you are using chronyd to synchronize time (default on MicroOS) you can easily overcome this situation with

systemctl enable chrony-wait

Another option could be to install fake-hwclock using opi. Afterwards, enable the service with

systemctl enable --now fake-hwclock

Installation on MicroOS - Container

The preferred way to run software on MicroOS is continerized. To do so, either select the MicroOS version with podman during installation, or install podman afterwards (transactional-update pkg install podman)

Log in as root (su -) and run the container installation:

podman run -d --name pihole --label io.containers.autoupdate=image -e TZ=Europe/Berlin -e VIRTUAL_HOST=pi.hole -e PROXY_LOCATION=pi_hole -e ServerIP=127.0.0.1 -e WEBPASSWORD=test --cap-add=NET_ADMIN -p 8080:80 -p 53:53/udp -p 53:53/tcp -p 443:443 -v /root/etc-pihole:/etc/pihole:z -v /root/etc-dnsmasq:/etc/dnsmasq.d:z pihole/pihole:latest

(Select docker.io when asked to install the pihole container)

The container folders /etc/pihole and /etc/dnsmasq.d are mapped to the local folders /root/etc-pihole and /root/etc-dnsmasq. You need to create the local folders beforehand! Configuration files can be edited as above.

Now generate a systemd service to start the container automatically, copy it to the respective folder and restart the systemd-daemon:

podman generate systemd --new --name --files pihole

cp container-pihole.service /etc/systemd/system/.

systemctl daemon-reload && systemctl enable --now container-pihole.service

As pihole is now running, the dashboard can be accessed on port 8080 (-p 8080:80 - chose port as you like)

To set a password (pihole -a -p), open a podman shell:

podman exec -it pihole sh

Now pihole is ready to use, and will be updated automatically as well

Communication

Feedback is welcome. You can email the support mailing list to provide feedback or visit the openSUSE Bar and someone might be able to discuss it with you.

See also

External links