Ollama Project Commands:

1) Open the Command Prompt or Terminal on Win 11 (Run Admin)

2) run "wsl --install"

3) Hit "Enter"

4) Let WSL install by default it will pull and install Ubuntu

5) Note you may need to reboot your machine for the changes to take affect

Install Docker

Add Docker's official GPG key:

sudo apt-get update

sudo apt-get install ca-certificates curl

sudo install -m 0755 -d /etc/apt/keyrings

sudo curl -fsSL [https://download.docker.com/linux/ubuntu/gpg](https://download.docker.com/linux/ubuntu/gpg) -o /etc/apt/keyrings/docker.asc

sudo chmod a+r /etc/apt/keyrings/docker.asc

Add the repository to Apt sources:

echo \

"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) \

$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \

sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

Install Docker

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Run Open WebUi Docker Container

docker run -d --network=host -v open-webui:/app/backend/data -e OLLAMA_BASE_URL=http://127.0.0.1:11434 --name open-webui --restart always ghcr.io/open-webui/open-webui:main

Pi-Hole Project Commands:

PiHole One-Step Automated Installer:

curl -sSL https://install.pi-hole.net | bash

Unbound Recursive Setup:

sudo apt install unbound

sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

Paste the below info into pi-hole.conf:

server:

# If no logfile is specified, syslog is used

# logfile: "/var/log/unbound/unbound.log"

verbosity: 0

interface: 127.0.0.1

port: 5335

do-ip4: yes

do-udp: yes

do-tcp: yes

# May be set to yes if you have IPv6 connectivity

do-ip6: no

# You want to leave this to no unless you have native IPv6. With 6to4 and

# Terredo tunnels your web browser should favor IPv4 for the same reasons

prefer-ip6: no

# Use this only when you downloaded the list of primary root servers!

# If you use the default dns-root-data package, unbound will find it automatically

#root-hints: "/var/lib/unbound/root.hints"

# Trust glue only if it is within the server's authority

harden-glue: yes

# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS

harden-dnssec-stripped: yes

# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes

# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details

use-caps-for-id: no

# Reduce EDNS reassembly buffer size.

# IP fragmentation is unreliable on the Internet today, and can cause

# transmission failures when large DNS messages are sent via UDP. Even

# when fragmentation does work, it may not be secure; it is theoretically

# possible to spoof parts of a fragmented DNS message, without easy

# detection at the receiving end. Recently, there was an excellent study

# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<

# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)

# in collaboration with NLnet Labs explored DNS using real world data from the

# the RIPE Atlas probes and the researchers suggested different values for

# IPv4 and IPv6 and in different scenarios. They advise that servers should

# be configured to limit DNS messages sent over UDP to a size that will not

# trigger fragmentation on typical network links. DNS servers can switch

# from UDP to TCP when a DNS response is too big to fit in this limited

# buffer size. This value has also been suggested in DNS Flag Day 2020.

edns-buffer-size: 1232

# Perform prefetching of close to expired message cache entries

# This only applies to domains that have been frequently queried

prefetch: yes

# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.

num-threads: 1

# Ensure kernel buffer is large enough to not lose messages in traffic spikes

so-rcvbuf: 1m

# Ensure privacy of local IP ranges

private-address: 192.168.0.0/16

private-address: 169.254.0.0/16

private-address: 172.16.0.0/12

private-address: 10.0.0.0/8

private-address: fd00::/8

private-address: fe80::/10

sudo service unbound restart

Validate configuration:

dig pi-hole.net @127.0.0.1 -p 5335

Modify eDNS bitrate:

sudo nano /etc/dnsmasq.d/99-edns.conf

Paste following into new 99-edns.conf:

# Modifying eDNS Bitrate

edns-packet-max=1232

Validate configuration change:

dig fail01.dnssec.works @127.0.0.1 -p 5335

dig dnssec.works @127.0.0.1 -p 5335

Recursive IP:

127.0.0.1#5335

Ad Lists:

https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt - Suspicious Lists

https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt - Advertising Lists

https://v.firebog.net/hosts/Easyprivacy.txt - Trackign & Telemetry Lists

https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt - Malicious - Anti-Malware

https://v.firebog.net/hosts/RPiList-Phishing.txt - Malicious - Phishing

https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser - Coin Blocker Lists

IT Passion Project

info@itpassionproject.com

Socials