I am writing this because I am waiting for Gentoo (specifically Portage) to finish compiling and installing packages (It is taking forever!). This isn't a guide, I'm just documenting what I'm doing. I recently acquired a Raspberry π 3 B and want to setup a network-wide ad-block on my home WiFi.
First thing to do was choose an operating system to run on the device. I have pretty much no experience with Gentoo or any *BSD OS. So I Startpage-ed a little and settled on choosing between Gentoo or FreeBSD. If you read the first line of this blog, you already know what I went with. I installed Gentoo not in a traditional way (compiling kernel from source with USE flags, based) but I used an install script (cringe). I used Sakaki's gentoo-on-rpi-64bit (unmaintained) script but after the installation I found the (maintained) fork, which is what I should have been using.
The easiest way to setup an ad-block is to get a list of ad/ad-related domains and just forward them to 0.0.0.0 (nullifying the request) in "/etc/hosts" (like this) but that is too easy (and isn't network-wide), so what I have chosen to do is install Pi-hole, which also uses the previously mentioned list. Pi-hole's list of supported OSes does not include either Gentoo or FreeBSD so why did I chose between two advanced-level operating system which aren't officially support to do such a mundane task? This question is left as an exercise for the reader.
Now, we do the usual stuff when installing a new system, syncing repositories, updating preinstalled packages, installing docker, installing a good text editor (i.e. neovim), etc. The Pi-hole project provides a docker image which can be used on any OS. Following the Pi-hole installation guide, opening the necessary ports and running the docker container.
On my home internet, I have to type the local IP address of my server to actually access it which is inconvenient due to numerous reasons. Pi-hole can be used as a DNS server which can be used to map my domains to my server using the local IP. I created a file "/etc/dnsmasq/<something-something-02-wildcard>" located inside the docker container. I added my domains to it. Now, services which rely on a domain name or a SSL certificate (e.g. Matrix) work without a VPN or proxy on the same network it is hosted on.
Client and server without DNS server:
client ---> server (local/public IP address)
Client and server with DNS server:
client ---> Pi-hole DNS server ---> server (domain name)