RaspberryPi with PiHole

Randy Usegnu

Building a High-Performance Raspberry Pi 5 Home Server & NAS

This guide covers the full setup of a Raspberry Pi 5 (8GB) acting as a Network Attached Storage (NAS) and a network-wide ad-blocker (Pi-hole).

1. Hardware Overview & Initialization

The Raspberry Pi 5 is a significant upgrade, featuring the Cortex-A76 architecture.

Initial Identification

To check your board revision and hardware capabilities, use the pinout and lscpu commands:

Bash

pinout
lscpu
  • Performance Tip: Pi 5 is power-hungry. If you see throttling, check your status with vcgencmd get_throttled. A code like 0x50000 indicates past under-voltage events.
  • Power Fix: Add usb_max_current_enable=1 to /boot/firmware/config.txt to ensure USB ports receive full current (1.6A) for external drives.

2. Storage & NAS Configuration

This setup uses multiple external USB drives formatted to ext4 for stability and Linux compatibility.

Mounting Drives Permanently

  1. Find your drive UUIDs: lsblk -f
  2. Create mount points: sudo mkdir -p /mnt/drive1 /mnt/drive2
  3. Edit /etc/fstab to auto-mount on boot:PlaintextUUID=your-uuid-here /mnt/drive1 ext4 defaults,noatime 0 2

Sharing via Samba (SMB)

To share these folders with Windows, macOS, or Linux (Nemo/Nautilus):

  1. Install Samba: sudo apt install samba
  2. Set a Samba password: sudo smbpasswd -a yourusername
  3. Configure shares in /etc/smb.conf:Ini, TOML[SharedDrive] path = /mnt/drive1 writeable = yes force user = yourusername force group = users create mask = 0664 directory mask = 0775

3. System Optimization

For an 8GB model, we want to maximize RAM usage and minimize SD card wear.

  • Swappiness: Force the Pi to use RAM instead of the slow SD card.
    • Edit /etc/sysctl.conf and add: vm.swappiness=10
  • Full Upgrade: Always use full-upgrade to ensure the kernel and firmware are synced.Bashsudo apt update && sudo apt full-upgrade -y sudo rpi-eeprom-update -a

4. Network-Wide Ad-Blocking (Pi-hole)

Pi-hole intercepts DNS requests to block ads before they reach your devices.

Installation

Bash

curl -sSL https://install.pi-hole.net | bash

Enabling HTTPS for the Dashboard

By default, the dashboard uses HTTP. To enable secure HTTPS with a self-signed certificate that supports IP address access:

Create a config file (pihole-cert.cnf):

    [req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = pi.hole
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = pi.hole
IP.1 = 192.168.1.XX  # Use your static IP here

    Generate the Cert:

    Bash

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/lighttpd/server.key \
-out /etc/lighttpd/server.pem \
-config pihole-cert.cnf -extensions v3_req

    Configure Lighttpd: Enable the SSL module and point it to your .pem file.

    5. Client-Side Setup (Linux/EndeavourOS)

    To trust your new server’s certificate on a Linux laptop:

    1. Import the CA:Bashsudo trust anchor --store server.pem sudo update-ca-trust
    2. Verify via CLI:Bashcurl -v https://<your-pi-ip>/admin

    High-Speed Searching

    Install plocate to find files across all your NAS drives instantly:

    Bash

    sudo apt install plocate
sudo updatedb
locate filename

    Summary of Security Best Practices

    • No Default Passwords: Change your user and Samba passwords immediately.
    • Static IPs: Always assign static IPs to your server via your router’s DHCP reservation.
    • Privacy Levels: Use Pi-hole “Privacy Level 1 or 2” if you have multiple users and don’t want to log individual browsing habits.

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.