# Pi-hole Setup

Pi-hole DNS sinkhole that blocks ads and adult content for your entire network.

## Quick Start

1. **Deploy Pi-hole service:**
   ```bash
   sudo systemctl start pihole-docker.service
   sudo systemctl enable pihole-docker.service
   ```

2. **Configure blocklists:**
   ```bash
   cd /home/orangepi/dotfiles/orangepi/pihole
   ./setup-blocklists.sh
   ```

3. **Set your router's DNS to the Pi-hole IP address:**
   - Router DNS: `192.168.2.106`

## Access

- **Web Interface:** http://192.168.2.106:8888
- **Password:** `pihole123` (set via `pihole setpassword` command)

## Active Blocklists

The setup script adds the following blocklists:

### Ad Blocking
- **StevenBlack Unified Hosts** - Comprehensive ad/malware blocking
- **OISD Basic** - Basic ad blocking (may fail to download)

### Adult Content Blocking  
- **OISD NSFW** - Adult content blocking (may fail to download)
- **mhhakim Porn Blocking** - ~240k adult domains
- **StevenBlack Porn Hosts** - ~75k adult domains

**Total blocked domains:** ~445k unique domains

## Managing Blocklists

### View current blocklists:
```bash
sqlite3 /home/orangepi/dotfiles/orangepi/pihole/etc-pihole/gravity.db "SELECT id, address, comment FROM adlist"
```

### Disable a blocklist:
```bash
sqlite3 /home/orangepi/dotfiles/orangepi/pihole/etc-pihole/gravity.db "UPDATE adlist SET enabled=0 WHERE id=X"
docker exec pihole pihole -g
```

### Add a new blocklist:
```bash
sqlite3 /home/orangepi/dotfiles/orangepi/pihole/etc-pihole/gravity.db "INSERT INTO adlist (address, enabled, comment) VALUES ('https://example.com/blocklist.txt', 1, 'My Custom List');"
docker exec pihole pihole -g
```

### Remove a blocklist:
```bash
sqlite3 /home/orangepi/dotfiles/orangepi/pihole/etc-pihole/gravity.db "DELETE FROM adlist WHERE id=X"
docker exec pihole pihole -g
```

## Troubleshooting

### Check service status:
```bash
sudo systemctl status pihole-docker.service
docker ps | grep pihole
```

### View logs:
```bash
docker logs pihole
```

### Test DNS resolution:
```bash
nslookup google.com 192.168.2.106
nslookup doubleclick.net 192.168.2.106  # Should be blocked
```

### Whitelist a domain:
```bash
docker exec pihole pihole allow example.com
```

## Network Configuration

To use Pi-hole as your home DNS server:

1. **Router method (recommended):**
   - Access your router's admin panel
   - Set primary DNS to: `192.168.2.106`
   - Set secondary DNS to: `8.8.8.8` (fallback)

2. **Individual device method:**
   - Configure each device's network settings
   - Set DNS server to: `192.168.2.106`

## Password Management

The current setup uses a pre-configured password via the `WEBPASSWORD` environment variable. 

**To change the password:**
```bash
# Set a new password
docker exec pihole pihole setpassword

# Or set a specific password
docker exec pihole pihole setpassword 'your-new-password'

# Or disable password authentication (not recommended)
docker exec pihole pihole setpassword ''
```

**Alternative setup without pre-configured password:**
- Remove the `WEBPASSWORD` line from docker-compose.yml
- Pi-hole will generate a random password on first startup
- Check logs with: `docker logs pihole | grep "password"`

## Notes

- OISD lists may occasionally fail due to server issues
- Monitor the Query Log for false positives
- Consider whitelisting legitimate domains that get blocked
- The setup script is idempotent - safe to run multiple times