Update documentation for Pihole v6

maintenance.md

@@ -2,7 +2,40 @@
 
 ## Raspberry Pi
 
-Common commands:
+### Installation
+
+Write the Raspberry Pi image to a SD card with the Raspberry Pi imager.
+
+Since the server should be lightweight and will be accessed only via ssh, the image `Raspberry Pi OS Lite (64 bit)` is chosen.
+
+To activate ssh from the beginning, press `Ctrl` + `Shift` + `X` and input a username and password combination or a public key.
+
+After the installation is finished, let the device connect to the network and find out its IP address.
+
+In the router settings, it is recommended to set the Raspberry Pi's IP address to a static value (this is needed to more easily configure the Raspberry Pi as the DNS).
+
+Connect to the Raspberry Pi via `ssh <IP address> -l pi`.
+
+Adjust the time zone (Europe/Berlin) with `raspi-config`:
+
+```sh
+sudo raspi-config
+Localisation Options -> Timezone -> Europe -> Berlin
+Finish
+```
+
+Update all system packages:
+
+```sh
+sudo apt-get update 
+sudo apt-get upgrade 
+sudo apt-get dist-upgrade 
+sudo apt-get autoremove
+
+sudo reboot
+```
+
+### Common commands
 
 | Command | Description |
 | :-: | :-- |

router.md

@@ -20,8 +20,31 @@ Like Fritz!Box, many routers offer a built-in DHCP server. To use this setup, en
 
 Now, add public DNS servers to the router's settings under `Internet/Zugangsdaten/DNS-Server`.
 
-In Pi-hole, only the Fritz!Box should be added as an upstream server. Check `Use Conditional Forwarding` and type in the following values:
+## Using DNS over TLS (DoT)
 
+DNS requests from the local network should be encrypted via TLS before being sent to an upstream DNS server. This can be configured in the router under `Internet/Zugangsart/DNS-Server`. Here are some as an example:
+
+DNSv4-Server:
+
+- Andere DNSv4-Server verwenden: Check
+  - Bevorzugter DNSv4-Server: 94.140.14.140
+  - Alternativer DNSv4-Server: 176.9.93.198
+
+DNS over TLS (DoT):
+
+- Verschlüsselte Namensauflösung im Internet (DNS over TLS): Check
+  - Zertifikatsprüfung für verschlüsselte Namensauflösung im Internet erzwingen: Check
+
+Auflösungsnamen der DNS-Server
+
+- unfiltered.adguard-dns.com
+- dnsforge.de
+
+## Conditional forwarding
+
+In Pi-hole, only the Fritz!Box should be added as an upstream server. Uncheck every other upstream server in the web interface. Under `Use Conditional Forwarding` type in the following values, separated with commas:
+
+- Enabled as a boolean value
 - Local network in CIDR notation: 192.168.50.0/24 (adjust to the network)
 - IP address of your DHCP server (router): 192.168.50.1 (IPv4 address of the Fritz!Box)
 - Local domain name (optional): fritz.box

tools/pihole/pihole.md

@@ -6,42 +6,23 @@ Tutorials:
   - [Anleitungen](https://github.com/RPiList/specials/tree/master/Anleitungen)
   - [Benötigte Hardware](https://github.com/RPiList/specials/blob/master/Ben%C3%B6tigte%20Hardware.md)
 - [DAS halbiert eure Ladezeiten | Pi-Hole-Tutorial](https://youtu.be/FjNkv2aPiiA)
+- [Pi-hole: Einrichtung und Konfiguration mit Fritz!Box](https://www.kuketz-blog.de/pi-hole-einrichtung-und-konfiguration-mit-fritzbox-adblocker-teil1/)
 
 ## Installation
 
-Write the Raspberry Pi image to a SD card with the Raspberry Pi imager.
-
-Since the server should be lightweight and will be accessed only via ssh, the image `Raspberry Pi OS Lite (32 bit)` is chosen.
-
-<!--There's now also a 64 bit image available?-->
-
-To activate ssh from the beginning, press `Ctrl` + `Shift` + `X` and input a username and passwort combination or a public key.
-
-After the installation has finished, let the device connect to the network and find out its IP address.
-
-In the router settings, it is recommended to set the Raspberry Pi's IP address to a static value (this is needed to more easily configure the Raspberry PI as the DNS).
-
-Connect to the Raspberry Pi via `ssh <IP address> -l pi`.
-
-Then, install pihole with `curl -sSL https://install.pi-hole.net | bash`.
+Pihole can be installed with `sudo curl -sSL https://install.pi-hole.net | bash`.
 
 While installing, note down the web interface password that is shown in the terminal to later access the web interface for the first time.
 
 Now add the Raspberry Pi's IP address as a DNS to your router's settings.[^router-settings]
 
 The web interface is now accessible via `http://<IP address>/admin`. The standard port of the web interface is 80.
 
-### Pihole v6
-
-The next major version uses a different webserver. Thus all PHP components and the old webserver should be removed upon migration.
-
-```sh
-apt remove php lighttpd
-```
-
 ## Serving the pihole service over SSL
 
-When installing SSL on a web server, it is crucial to understand what web server is used and what the configuration looks like. Examples for web servers are `Nginx` and `Apache`. In the case of pihole, it's `lighttpd`.
+<!--TODO: Move to ssl.md?-->
+
+When installing SSL on a web server, it is crucial to understand what web server is used and what the configuration looks like. Examples for web servers are `Nginx` and `Apache`. In the case of pihole v5, it's `lighttpd`.
 
 **Step 1:** Use OpenSSL to create the pem file.
 
@@ -51,7 +32,7 @@ openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -noenc
 
 This pem file now contains a key and a certificate (.crt) file.
 
-Following the above, the `.pem` file needs to be moved to `/etc/lighttpd/ssl/`. The location doesn’t really matter here as long as access is given to the files needed (*sudo chown www-data [pem file]*). "SSL" or "TLS" as the folder name is the most common setup.
+Following the above, the `.pem` file needs to be moved to `/etc/lighttpd/ssl/`. The location doesn't really matter here as long as access is given to the files needed (*sudo chown www-data [pem file]*). "SSL" or "TLS" as the folder name is the most common setup.
 
 **Step 2:** Add the SSL config in the `/etc/lighttpd/conf-available/10-ssl.conf` file, where "10" notes down the order in which the config files are loaded in (which number is used is not important here).
 
@@ -164,17 +145,19 @@ There is also unbound, enabling recursive dns lookup.
 | Command | Description |
 | :-: | :-- |
 | pihole -up | Update pihole |
-| pihole -a -p | Set password for the web interface |
+| pihole setpassword | Set password for the web interface |
 
 ### Reduce memory access
 
-To minimise load on the SD card, pihole can be configured to not save as often to disk. In `/etc/pihole/pihole-FTL.conf`, type in the following settings:
+To minimise load on the SD card, pihole can be configured to not save as often to disk. In `/etc/pihole/pihole.toml`, type in the following settings:
 
 ```sh
-#; How often are queries stored in FTL's database [minutes] | Default: 1.0
-DBINTERVAL=30
-#; IP addresses older than the specified number of days are removed from database | Default: 365
-MAXDBDAYS=14
+# How long should queries be stored in the database [days]? | Default: 91
+maxDBdays = 14
+# How often do we store queries in FTL's database [seconds]? | Default: 60
+DBinterval = 300
+# How long should IP addresses be kept in the network_addresses table [days]? | Default: 91
+expire = 14
 ```
 
 ## Annotations