Home-wide Ad-block
Table of Contents
I am writing this because I am waiting for Gentoo (specifically Portage) to finish compiling and installing packages (It is taking forever!). This isn’t a guide, I’m just documenting what I’m doing. I recently acquired a Raspberry π 3 B and want to setup a network-wide ad-block on my home network.
Choosing an OS
First thing to do was choose an operating system to run on the device. I used Gentoo for a bit but now I’m running Void Linux. I have pretty much no experience with Gentoo or any *BSD OS. So I Startpage-ed a little and settled on choosing between Gentoo or FreeBSD. If you read the first line of this blog, you already know what I went with. I installed Gentoo not in a traditional way (compiling kernel from source with USE flags, based) but I used an install script (cringe). I used Sakaki’s gentoo-on-rpi-64bit (unmaintained) script but after the installation I found the (maintained-ish) fork, which is what I should have been using.
Background
The easiest way to setup an ad-block is to get a list of ad/tracker domains and just forward them to 0.0.0.0 (nullifying the request) in /etc/hosts (like this) but this is not complicated enough for me (and isn’t network-wide), so what I have chosen to do is install Pi-hole, which happens to also uses the previously mentioned list. Pi-hole’s list of supported OSes does not include Void Linux either Gentoo or FreeBSD so why did I chose to run an advanced-level operating system which isn’t officially support to do such a mundane task? This question is left as an exercise for the reader.
Setting up
Now, we do the usual stuff when installing a new system, syncing repositories, updating preinstalled packages (not like there were many to begin with), installing docker and docker compose, installing a good text editor (i.e. neovim), changing the shell and themeing it, setting up ssh keys, etc. The Pi-hole project provides a docker image which can be used on any OS. I used the project’s quick start yaml script and created an executable shell script with docker compose -f docker-compose.yml up -d to easily update Pi-hole. I appended the domains and their respective IP addresses to the file custom.list located in /etc/pihole inside the docker container (on the host system, the folder etc-pihole relative to the working directory).
Mapping IPs
On my home internet, I have to type the local IP address of my server to actually access it which is inconvenient due to numerous reasons. Pi-hole can be used as a DNS server which can be used to map my domains to my server using the local IP. Mapping domain names to IP address can be done using the hosts file but editing this for every device is inconvenient and tedious. Using pi-hole, services which rely on a domain name or a SSL certificate (e.g. Matrix) work without a VPN or proxy on the same network it is hosted on.
Client and server without DNS server:
client ---> server (local/public IP address)
Client and server with DNS server:
client ---> Pi-hole DNS server ---> server (domain name)
Switching to Void Linux
After using the π with Gentoo for a couple months, I have decided to switch the operating system to Void Linux. Firstly, using prebuilt binaries is against the philosophy of using a source-based OS. Compiling packages on the π takes longer than I would like. Void Linux has better support for ARM CPUs, they even have builds specific for the Raspberry π. Installing on the Void on the π is far easier and quicker than Gentoo. I used Void’s rpi-aarch64 glibc live image. I would use the musl build for better security (i.e. less attack surface) among other things but some software may be incomparable (it probably does not matter in my use case, might actually be better to use musl but I do not want to run into any surprises).