Install a Raspberry Pi device

How to get a Pi up and running in less than 15 minutes.

Install Raspbian

Headless setup

The following instructions are for macOS. Consult the official Raspberry Pi installation guide for Linux and Windows instructions.

# 2018-06-27-raspbian-stretch-lite.img

diskutil list
# Check for correct disk number
diskutil unmountDisk /dev/disk2
# Unmount of all volumes on disk2 was successful

sudo dd \
    bs=1m \
    if=2018-06-27-raspbian-stretch-lite.img \
    of=/dev/rdisk2 \

Before removing the SD card, we need to enable ssh support, which is disabled by default. To enable remote access, you must write an empty file named ssh to the boot partition.

cd /Volumes/boot
sudo touch ssh
cd ~

Now we’re ready to eject the disk and boot up the Raspberry Pi device.

sudo diskutil eject /dev/rdisk2
# Now safe to remove SD card

Monitor-enabled setup

Initial configuration

The default admin account is pi, with the password raspberry. Be sure to change this.

sudo raspi-config
# Change user password


Reboot and run the necessary system updates.

sudo apt-get update && sudo apt-get upgrade -y

For a new installation, it doesn’t hurt to reboot after applying updates.

sudo reboot

To remove old packages, use autoremove, but inspect each package manually, rather than running automatically with the -y flag.

sudo apt-get autoremove

Enable automatic updates

Automatic updates are an essential part of Linux security. The preferred method on Debian is to use unattended-upgrades.

sudo apt-get install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades

Alternatively, you can use the root crontab method.

sudo su
crontab -e
0 0 * * 0 apt-get update && sudo apt-get upgrade -y

Dynamic DNS

Get a free subdomain at FreeDNS. Copy their update key and set a cron entry to run hourly.

crontab -e
0 * * * * curl >> ~/freedns.log 2>&1


Load the default configuration with the setup script.

curl -sSL | bash

We recommend using the CloudFlare service for DNS, rather than Google

Set it to update automatically, every Sunday at 4 AM, for example.

crontab -e
0 4 * * 0 pihole -up >> ~/log/pihole.log 2>&1

Note: We recommend DNS on the router and enabling Pi-Hole ad-blocking per device, rather than using Pi-Hole DNS directly on the router. This software can cause issues with some devices and it can make re-configuration of a fresh Raspberry Pi device install cumbersome.


Load the default configuration with the setup script.

curl -L | bash

Use port 1194 over UDP instead of TCP. UDP is faster for tunneling. Ensure that UDP port forwarding is used in the router configuration.

Pi-Hole and PiVPN can be installed together. The setup process is easier if you install Pi-Hole first then PiVPN. After both are installed, edit the /etc/dnsmasq.conf file to allow DNS resolution from the VPN interface: listen-address=, XXX, Note here that is the address for Pi-Hole.

If PiVPN isn’t working with the OpenVPN client, check to make sure that dynamic DNS is working, using ping to the VPN domain/IP address. This can look like a problem with frequent disconnect and reconnect attempts in the Tunnelblick client, for example.


Samba (SMB/CIFS) is a commonly used file sharing protocol compatible with macOS and Windows.

sudo apt-get install samba samba-common-bin
sudo smbpasswd -a pi
sudo service smbd restart


JRE is not installed on the Raspberry Pi by default.

sudo apt-get install default-jre