Linux Lite as a Pi-hole LAN-wide ad blocking headless server


#1

ASUS 1201HAB Netbook (with damaged but usable screen) running Linux Lite as a Pi-hole LAN-wide ad blocking headless server.

This machine had been dual booted with XP and a previous version of LL. It was configured to use Win XP to bridge the residential gateway wifi here to my own private wireless router. This setup had provided a private subnet with four Ethernet ports and a WAP.

I happened to find a WRT54g ver. 6 Wireless G Router, added a suitable wall-wart, loaded it with the WRT-DD (micro) firmware, and configured it to Client Bridge mode. Thus I was able to replace the netbook bridge and say goodbye to Windows XP. Also, the WRT54g provides not one but five Ethernet ports directly connected to the residential gateway via wifi. My own private wireless router is plugged into one of these ports leaving four available to access the residential LAN.

So now I set about deploying the unused netbook as a Pi-hole DNS server. First thing was to load the latest version of Linux Lite so I took the opportunity to eliminate the dual boot configuration. I also upgraded the RAM from one to two GB but I doubt this yields any value, it may have actually slowed things down. Pi-hole is very easy to install and administer so all I really had to deal with was making the Linux Lite system work like a headless server. I expect the configuration changes here would apply to any Ubuntu based distro. It took a lot of experimentation but the end result is a pretty simple configuration process. I am so grateful for all those contributions of knowledge, here and elsewhere, which I liberally stole these ideas from.

The first issue to address is that, by default, the lid switch will put the system into a suspend state. This happens in two different contexts, the display manager’s (lightdm) greeter and the window manager (Xfwm). Fortunately there is a simple way to defeat the suspend response for both.

In /etc/systemd/logind.conf modify "suspend" to "lock" in this fashion:

     HandleLidSwitch=lock

In addition to this, you’ll want to configure the usual power management settings in the obvious ways including locking the system after a period of inactivity for security purposes. Basically, don’t let the system suspend, hibernate, or power off when on AC.

Next we have to deal with getting NetworkManager to automatically connect to the network at a static ip address during unattended boot. The easiest way that I’ve found to do this is to add a few lines to /etc/rc.local. First you need to set up the NetworkManger connection with the static address on the LAN and proper upstream DNS servers through the normal nm-applet means. Just give it a name you can use from the command line, I’ll use EthCon in my example. Also, due to a race condition bug in Pi-hole on Ubuntu, you’ll need to get Pi-hole to restart its DNS server after the connection is made.

In /etc/rc.local add these lines before the "exit 0" line at the bottom, replacing EthCon appropriately of course.

    /usr/bin/nmcli con up id EthCon 2>/dev/null &
    sleep 60
    /usr/local/bin/pihole restartdns 2>/dev/null &

For access from a remote system on the LAN one can further install vnc4server using the Synaptic Package Manager (as opposed to the Linux Lite software installer). One must run vncserver from the command line to initially set up the password and config files. Then simply comment out the two lines according to the instructions at the top of ~/.vnc/xstartup so that the normal GUI server will be started when you remote in. (If using vnc4viewer on the client machine, one might type “vncviewer static-ip-of-the-Pi-hole-server :1” and then enter the password you configured for the vncserver.) To insure the vnc server is loaded at boot time do the following. (There is undoubtedly a better way to launch this but I despise fooling with the init/systemd/whatever problems.)

In /etc/rc.local add this line before the "exit 0" line at the bottom after the lines inserted above replacing <username> appropriately.

    su - <username> -c "cd && vncserver :1" 2>/dev/null &

That’s it, all I recall doing anyway; I may test these instructions from scratch at some point. Please note that Pi-hole has limitations and supplementing it with ad blocking extensions where possible is an option. For example, YouTube commercials are blocked by the uBlock Origin extension in Firefox and Chrome but not by Pi-hole. I do not know how much overhead this overkill incurs.