I am currently moving to a new house and I want to setup many local technology solutions like a central home server, a NAS storage and so on.
This post brings the first step I always wanted: block ads for all devices in the network! I always used browser extensions at my desktop to do so, but this didn't extend to our smart TVs and smartphones.
I was first introduced to PiHole and I knew other solutions like
Blocky, that is my choice.
Blocky allows you to set it up using docker, but it obviously requires a computer to be active 24/7. For this, I will be using a OrangePi Zero 3 that is very small and fits well in the space I have in the internet's wall box.
Choosing an OS image
Setting up the device takes more time than setting Blocky itself. It starts by downloading an mage to be written directly into the MicroSD card that will be plugged into the OrangePI.
OrangePI's official website provides a link for a customized Armbian that has some extra facilities, but I will be downloading a Debian 12 (Bookwork) - Minimal / IoT directly from Armbian's website.
It is also prudent to check the file's integrity with the provided SHA1's file by downloading both files and running the following code and expecting for a OK:
shasum -a 256 -c Armbian_community_25.2.0-trunk.124_Orangepizero3_bookworm_current_6.6.62_minimal.img.xz.shaBurning the SDCard
Armbian's docs provide a guide about preparing a SD card here. It recommends using Balena's Etcher to burn the image into the SD, that can be found here.
After downloading it, the interface is very simple to be used: First select the Armbian image you just downloaded, then select the SD Card that is plugged into your computer, then click Flash.
After finished, keep your SD Card plugged (and mounted) to execute the next step.
Configuring the image
While the SD Card is still plugged in, it is time to pre-configure it. It means that during the first boot, the system will assume some defaults rather than expecting you to connect into the device and setting it, like WiFi connection, static ip, user credentials and so on.
From the terminal, go to the mounted folder (mine is /media/$USER/armbi_root) and then edit the file at ./root/.not_logged_in_yet (the "root" folder in the SD Card's). Mine looks like:
PRESET_NET_CHANGE_DEFAULTS=1
PRESET_NET_ETHERNET_ENABLED=1
PRESET_NET_WIFI_ENABLED=0
PRESET_NET_USE_STATIC=1
PRESET_NET_STATIC_IP="192.168.1.10"
PRESET_NET_STATIC_GATEWAY="192.168.1.1"
PRESET_NET_STATIC_MASK="255.255.255.0"
PRESET_NET_STATIC_DNS="1.1.1.1 1.0.0.1"
SET_LANG_BASED_ON_LOCATION="Y"
PRESET_LOCALE="en_US.UTF-8"
PRESET_TIMEZONE="Etc/UTC"
PRESET_ROOT_PASSWORD="passwd123"This means that I will be using ethernet, not WiFi and that I have a static IP configured under my router's DHCP subnet (192.168.1.0/24).
There are more details about it at [Armbian's website](https://docs.armbian.com/User-Guide_Autoconfig/).
In my case, something wrong happened during the first boot and the default network config that comes with Armbian wasn't removed giving place to the one configured above (the file is https://github.com/armbian/build/blob/f4457a3df56fccd5701f259336e4aa395b13305f/packages/bsp/common/usr/lib/armbian/armbian-firstlogin#L129)
To prevent this from happening, it is better to delete this file during the SD Card image preparation: ``` sudo rm /etc/netplan/10-dhcp-all-interfaces.yaml ```
You're ready to eject the SD Card from your computer and boot the device using it. In next steps, a SSH connection will be made using the assigned IP addresses and user/password to install Blocky.
Setting up Blocky
With the device online, SSH into it and start installing the needed software: docker, docker-compose and the manifest for having Blocky up.
To get Docker installed, follow the official guide: https://docs.docker.com/engine/install/debian/. The "docker-compose-plugin" is suggested by the doc to be installed and will be needed to setup blocky.
With Docker and Docker Compose installed, it is time to define the compose file and the Blocky's configuration (based in this guide).
Start by creating the file that defines the sources with blocked domains at /home/blocky.config.yaml:
upstreams:
strategy: strict
groups:
default:
# From https://0xerr0r.github.io/blocky/latest/additional_information/
- https://anycast.uncensoreddns.org/dns-query
- https://dns.digitale-gesellschaft.ch/dns-query
# Open NIC (https://servers.opennic.org/)
- 168.235.111.72
- 185.181.61.24
# Cloudflare
- 1.1.1.1
- 1.0.0.1
blocking:
denylists:
ads:
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://perflyst.github.io/PiHoleBlocklist/android-tracking.txt
ports:
dns: 53
http: 4000After this, setup the compose file at /home/blocky/docker-compose.yml:
services:
blocky:
image: spx01/blocky
container_name: blocky
restart: unless-stopped
hostname: blocky
ports:
- "53:53/tcp"
- "53:53/udp"
- "4000:4000/tcp"
environment:
- TZ=Etc/UTC
volumes:
- ./config.yaml:/app/config.ymlSince port 53 is already in use, you must disable systemd-resolved. First, edit the file /etc/systemd/resolved.conf and put the following line:
DNS=1.1.1.1
DNSStubListener=noNow, reboot the system to take effect!.
And then, after the reboot, start the docker compose up:
docker compose up -dConfiguring the Router
This step varies a lot on each provider's router. But in short, you need to go to your router's page, that is generally on port 80 at 192.168.0.1 (but mine, for example is at 192.168.1.1:18099). The username and password is generally admin (mine is a specific username and password defined by the provider, but they sent it to me).
After logged in, you need to something like Network configuration and change the DNS Server to the static ip assigned to your device.
Blocky has an explanation for it here.