I am currently moving to a new house and I want to setup many local technology solutions like a central home server, a NAS storage and so on.
This post brings the first step I always wanted: block ads for all devices in the network! I always used browser extensions at my desktop to do so, but this didn't extend to our smart TVs and smartphones.
I was first introduced to PiHole and I knew other solutions like
Blocky, that is my choice.
Blocky allows you to set it up using docker, but it obviously requires a computer to be active 24/7. For this, I will be using a OrangePi Zero 3 that is very small and fits well in the space I have in the internet's wall box.
Choosing an OS image
Setting up the device takes more time than setting Blocky itself. It starts by downloading an mage to be written directly into the MicroSD card that will be plugged into the OrangePI.
OrangePI's official website provides a link for a customized Armbian that has some extra facilities, but I will be downloading a Debian 12 (Bookwork) - Minimal / IoT directly from Armbian's website.
It is also prudent to check the file's integrity with the provided SHA1's file by downloading both files and running the following code and expecting for a OK:
shasum -a 256 -c Armbian_community_25.2.0-trunk.124_Orangepizero3_bookworm_current_6.6.62_minimal.img.xz.shaBurning the SDCard
Armbian's docs provide a guide about preparing a SD card here. It recommends using Balena's Etcher to burn the image into the SD, that can be found here.
After downloading it, the interface is very simple to be used: First select the Armbian image you just downloaded, then select the SD Card that is plugged into your computer, then click Flash.
After finished, keep your SD Card plugged (and mounted) to execute the next step.
Configuring the image
While the SD Card is still plugged in, it is time to pre-configure it. It means that during the first boot, the system will assume some defaults rather than expecting you to connect into the device and setting it, like WiFi connection, static ip, user credentials and so on.
From the terminal, go to the mounted folder (mine is /media/$USER/armbi_root) and then edit the file at ./root/.not_logged_in_yet (the "root" folder in the SD Card's). Mine looks like:
PRESET_NET_CHANGE_DEFAULTS=1
PRESET_NET_ETHERNET_ENABLED=1
PRESET_NET_WIFI_ENABLED=0
PRESET_NET_USE_STATIC=1
PRESET_NET_STATIC_IP="192.168.1.10"
PRESET_NET_STATIC_GATEWAY="192.168.1.1"
PRESET_NET_STATIC_MASK="255.255.255.0"
PRESET_NET_STATIC_DNS="1.1.1.1 1.0.0.1"
SET_LANG_BASED_ON_LOCATION="Y"
PRESET_LOCALE="en_US.UTF-8"
PRESET_TIMEZONE="Etc/UTC"
PRESET_ROOT_PASSWORD="passwd123"This means that I will be using ethernet, not WiFi and that I have a static IP configured under my router's DHCP subnet (192.168.1.0/24).
There are more details about it at [Armbian's website](https://docs.armbian.com/User-Guide_Autoconfig/).
In my case, something wrong happened and the default network config that comes with Armbian wasn't removed giving place to the one configured above (the file is https://github.com/armbian/build/blob/f4457a3df56fccd5701f259336e4aa395b13305f/packages/bsp/common/usr/lib/armbian/armbian-firstlogin#L129)
Para previnir isso, delete manualmente o arquivo padrão de rede durante a configuração da imagem: ``` sudo rm /etc/netplan/10-dhcp-all-interfaces.yaml ```
Você está pronto para ejetar o cartão SD de seu computador e inicializar o dispositivo pela primeira vez. Nos próximos passos, será feita uma conexão SSH usando o endereço e credenciais configurados acima para inicializar o Blocky.
Configurando o Blocky
Com o dispositivo online, conecte através de SSH para instalar os softwares necessários: docker, docker compose e o yml para definição do serviço do Blocky.
Para instalar o Docker, siga o guia oficial: https://docs.docker.com/engine/install/debian/. A instalação do "docker-compose-plugin" é sugerido na documentação e é necessário para subir o projeto.
Com o Docker e Docker Compose instalados, é hora de definir o arquivo do Compose e escrever a configuração necessária para o Blocky, baseado neste guia.
Comece criando o arquivo que define as bases de domínios a bloquear. Esse arquivo deve ficar em /home/blocky.config.yaml:
upstreams:
strategy: strict
groups:
default:
# From https://0xerr0r.github.io/blocky/latest/additional_information/
- https://anycast.uncensoreddns.org/dns-query
- https://dns.digitale-gesellschaft.ch/dns-query
# Open NIC (https://servers.opennic.org/)
- 168.235.111.72
- 185.181.61.24
# Cloudflare
- 1.1.1.1
- 1.0.0.1
blocking:
denylists:
ads:
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://perflyst.github.io/PiHoleBlocklist/android-tracking.txt
ports:
dns: 53
http: 4000Com isso feito, escreva o arquivo de configuração do Compose em /home/blocky/docker-compose.yml:
services:
blocky:
image: spx01/blocky
container_name: blocky
restart: unless-stopped
hostname: blocky
ports:
- "53:53/tcp"
- "53:53/udp"
- "4000:4000/tcp"
environment:
- TZ=Etc/UTC
volumes:
- ./config.yaml:/app/config.ymlComo a porta 53 já estará em uso por padrão, você deve desabilitar o systemd-resolved. Primeiro, edite o arquivo /etc/systemd/resolved.conf e coloque as seguintes linhas:
DNS=1.1.1.1
DNSStubListener=noAgora, reinicie para ter efeito.
Depois da reinicialização, inicialize o Blocky pelo docker compose:
docker compose up -dConfigurando o Roteador
Os passos a seguir variam de roteador para roteador. Mas em resumo, você precisa ir até a página de seu roteador, geralmente na porta 80 do IP 192.168.0.1 (mas o meu, por exemplo, fica acessível em 192.168.1.1:18099). O usuário e senha geralmente são admin (mas o meu tinha um usuário e senha específico definidos pelo provedor, mas eles me enviaram quando solicitei).
Após tendo feito o login, você precisa ir até uma seção de rede (Network) e alterar o DNS Server para o IP estático que direcionou para seu dispositivo (em meu exemplo, 192.168.1.10).
O Blocky possui um guia para isso aqui.