What is setupVars.conf and how do I use it?

/etc/pihole/setupVars.conf is a file Pi-hole uses to source information needed to setup and configure the installation.

WEBPASSWORD=a215bae8b5ec659b0980a76dlkds09644731cd439cab41494447a8705c22b3aa41c
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.1.250/24
IPV6_ADDRESS=2601:444:8111:403:55d6:2f11:41bf:13bb
QUERY_LOGGING=true
INSTALL_WEB=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=208.67.222.222
PIHOLE_DNS_2=208.67.220.220
PIHOLE_DNS_3=2620:0:ccc::2
PIHOLE_DNS_4=2620:0:ccd::2
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=true
TEMPERATUREUNIT=C
WEBUIBOXEDLAYOUT=traditional
API_EXCLUDE_DOMAINS=
API_EXCLUDE_CLIENTS=
API_QUERY_LOG_SHOW=all
API_PRIVACY_MODE=false

This file is basically a script that will set a bunch of variables, which Pi-hole can use when executing scripts.

If you edit this file manually and run pihole -r, it will apply the values set here. A good example of a time when you might need to edit this file is if your IPv6 address changes, preventing Pi-hole from effectively blocking IPv6 ads.

2 Likes

Thank you for this info.. Could you please tell what kind of hash is used in WEBPASSWORD var? Can it be salted?

It is double SHA256. It could be salted, but it is not atm.

1 Like

Do I get it right, that if I want my password say to be P@ssw0rd, then I have to do something like this:

echo -n P@ssw0rd | sha256sum | cut -d ' ' -f 1 | sha256sum

The result is:

1b94ca7848f898d49b964dfbb25c09c28ee107e2f033807b2487622a895b12a6

But when I add it to setupVars.conf and perform unattended install, then I can't login to web interface, getting 'Wrong password' message... Do I miss anything?

Just set the password with

pihole -a -p password
1 Like

I got it! the cut command also adds the \n symbol to the result so I have been suggested to use:

echo -n P@ssw0rd | sha256sum | awk '{printf "%s",$1 }' | sha256sum

And it works!

1 Like

A post was split to a new topic: How to propagate multiple DNS IPs to clients

If I miss some of the variables in the conf file, will pihole replace them by default values during unattended installation? (It is the behavior of pivpn.)
Thanks!

Looks like the template is not complete anymore. These are the vaules I found after a current installation and configuration:

WEBPASSWORD=<some_double_sha256_hash>
PIHOLE_INTERFACE=eth0
IPV4_ADDRESS=192.168.x.y/24
IPV6_ADDRESS=fd00::2
QUERY_LOGGING=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=false
INSTALL_WEB_SERVER=false
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=8.8.8.8
PIHOLE_DNS_2=8.8.4.4
PIHOLE_DNS_3=2001:4860:4860:0:0:0:0:8888
PIHOLE_DNS_4=2001:4860:4860:0:0:0:0:8844
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=false
TEMPERATUREUNIT=C
WEBUIBOXEDLAYOUT=traditional
API_EXCLUDE_DOMAINS=
API_EXCLUDE_CLIENTS=
API_QUERY_LOG_SHOW=all
API_PRIVACY_MODE=false
BLOCKING_ENABLED=true
REV_SERVER=true
REV_SERVER_CIDR=192.168.x.0/24
REV_SERVER_TARGET=192.168.x.z
REV_SERVER_DOMAIN=my.local.domain
CACHE_SIZE=10000

I use my own web server, so I chose to not install lighttp, but want to have the web interface scripts. This example uses Google DNS for both IPv4 and IPv6 name resolution.
Together with an adlists.list the complete setup of a pihole can be automated and used with the --unattended option.
I'm still not sure if this includes all possible options. E.g. I don't use DHCP. I'd expect some variables for it too. But it works for me and if the SD card dies, the pihole runs again in 10 mins.

You are replying to a very old FAQ. Much has changed in Pi-hole since June '17. New configuration options, etc.

And, each user will have different entries in their own file, based on the options they are using in Pi-hole. My config file looks quite different than yours, as one example.

The bottom line - setupVars.conf is typically controlled by Pi-hole, and the best way to populate it is with

pihole -r and the reconfigure option

and by changing options in the web admin GUI (DHCP, logging, DNSSEC, forwarding, DNS servers, etc.)