I read a story on my Nexus 6P (Project Fi) about blocking ads and while I'm 71 and still kicking, I'm not getting that this is possible.
Some ads I see reading Google news I can just scroll by but others are so obnoxious, click the X over and over to get back to the story drive me crazy.
Is is really possible to install pi-hole on a Nexus 6P with Google hovering over me and if not can I install this on an Apple Xeon tower with Yosimite.
I'm great at programming phone systems, not cell phones.
I am using Pi-Hole with my Nexus 6P on Verizon's network. The thing with Pi-Hole is that you don't install it on your device you use for browsing, but on a Raspberry Pi (www.raspberrypi.org) or computer running Debian Linux. Raspberry Pi is definitely the cheaper and easier of the 2 options, and exactly what Pi-Hole was designed to run on.
A Raspberry Pi 3 will cost you $35 for just the board, and you provide your own Micro SD card and MicroUSB charger, or you can buy kits as cheap as $50 on Amazon (CanaKit Raspberry Pi 3 Kit with Clear Case and 2.5A Power Supply https://www.amazon.com/dp/B01C6EQNNK/ref=cm_sw_r_other_apa_Os-gyb8HZMSZZ).
There are 2 methods for setting your new Raspberry Pi to be your Nexus 6P's DNS server so it will block ads. You can either setup an OpenVPN server on your Pi and connect to it from your phone, or install a DNS changer on your phone, open port 53 on your router, and forward port 53 to your Pi. OpenVPN is definitely the better of the 2 options because it's infinitely more secure and doesn't involve opening ports on your router.
I installed pi-hole on my Nexus 6P with no carrier and rooted Android 8.0.
The hardest parts for me were:
I had never rooted an Android device with encrypted storage before. The guide I used says to put a new filesystem down and it won't be encrypted. Turned out that the bootloader automatically encrypted the new filesystem on the storage without asking and it demolished TWRP at the same time. Lesson: just install TWRP and when TWRP starts and asks you for a "password" use whatever code you used to unlock the storage normally at boot time.
Android firewall was new to me. I was used to iptables with IP addresses and ports but I learned about other modules.
Android permissions are new to me. I ended up adding all of them to /etc/group "shotgun style" instead of figuring out which were needed. I could always go back.
Install "Linux Deploy" https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy and put Debian chroot on the phone. I set "Installation Type" to "Directory" to use an Android directory for the chroot instead of a mountable image file. I turned on "lock screen" (really leave screen on always), "lock wifi" (again really leave wifi on always) and "wake lock" (leave CPU on always). I set "Architecture" to armaf but maybe arm64 would work too. I touched up the source path from http://ftp.debian.org/debian to http://ftp.us.debian.org/debian since I'm in the US and there are more US server and they are fewer network hops away. I added a username and password to the setting for a non-root user. I enabled the ssh server. I left "DNS" on "Automatic detection" which is the default.
Let her rip. Hit the "install", "configure" menu items and the "start" button. Then ssh in and start using apt to add packages. You will need to "apt-get install curl" for instance. To make this easier try "apt-get install command-not-found" then update the database like the prompt says to. Then log out and in again. When you type the name of a missing command it will tell you what package to install to get it.
Install pi-hole. Stop me if you've heard this one before:
Firewall redux. You still need three more firewall rules, put these three in your AFWall+ custom "scripts", see the AFWall+ wiki for details: https://github.com/ukanth/afwall/wiki/CustomScripts
The uid 33 should be the UID of www-data (try running: id www-data to check) and the uid 4999 should be the UID of the pihole account (try running: id pihole to check).
The UID for dnsmasq needs to be added too. Use id dnsmasq to find it and substitute "UID-of-dnsmasq" below for the UID number.
Android permissions. After you run the "Linux Deploy" "configure" option it generates a new /etc/group file. You have to further customize it but it will stay in place over a reboot, just not over a second run of "configure". You have to add "www-data" and "pihole" users to the needed "aid_*" groups but I don't know which ones are needed yet so I add both of the accounts to all of the aid_ groups.
#! /bin/bash
sed -i 's/^\(aid_.*\)/\1,www-data,pihole/' /etc/group
8 . Yet more permissions issues. The www-data account can't see the entire process table. This is true down to the /proc/* level. This croaks php from finding pihole-FTL unless you cheat by making /bin/pidof setuid root. There may be other ways to get around this issue.
#! /bin/bash
# break the link between /bin/pidof and /sbin/killall5 so that only /bin/pidof will be setuid root
rm /bin/pidof
cp /sbin/killall5 /bin/pidof
chmod u+s /bin/pidof
systemd (sigh). Android does not use systemd and the Debian chroot is not in control of pid 1 which means systemd is down. Debian is enmeshed with systemd so you can't "apt-get purge systemd" from Debian stretch. The following helps because pi-hole won't find systemctl and will work around that.
#! /bin/bash
rm /bin/systemctl
Startup. Something like this:
#! /bin/bash
service rsyslog start
service cron start
service dbus start
service dnsmasq start
service lighttpd start
service pihole-FTL start
