pihole

3 minute read Published: 2026-04-13

I've had an old Raspberry Pi 3B+ lying around, retired from its days as shortstop the GroupMe bot. For self hosting, pihole is pretty low stakes and low barrier to entry. I want to self host more, especially LLMs. If only I had been collecting hardware since my last post way back in 2022 :/

Anyways, the pihole.

I'm as of writing using these lists:

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt
https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt
https://adaway.org/hosts.txt

Now, I'm currently watching Goodfellas Ad-free on Tubi thanks to a small list I created (some ad servers, some telemetry):

abproxy.production-public.tubi.io
ads.production-public.tubi.io
ads4.production-public.tubi.io
ads-image.production-public.tubi.io
analytics-ingestion.production-public.tubi.io
analytics-ingestion-v3.main-production-custom.production.k8s.tubi.io
ark.tubi.video
pixel.production-public.tubi.io
realtime-logger.production-public.tubi.io
rainmaker.production-public.tubi.io
rainmaker4.production-public.tubi.io
user-signals.production-public.tubi.io

I decided to use Tubi as a testing grounds for my setup given my frustration of watching Memories of Murder (awesome movie btw) in 3 hours instead of 2 thanks to ads...

Blocking my phone after 10pm with good old fashioned DNS

I've been recently too absorbed in my phone. The various screen-time limiting apps and "brick"-offering services haven't done the trick for me. Why not extend my pihole for the same?

My rationale here is that the added effort in configuring this will be a benefit - it will take more effort for me to re-enable these. Plus I don't have to pay a subscription for essentially the same thing. The how to:

  1. Create a group in the pihole admin portal

  2. In the "Clients" tab of the pihole admin portal, select the MAC address(es) relevant and assign to the group

  3. Add these domains to the group:

    Instagram:

    instagram.com
*.instagram.com
graph.instagram.com

    YouTube:

    youtube.com
*.youtube.com
youtube-nocookie.com
googlevideo.com
ytimg.com

    LinkedIn:

    linkedin.com
*.linkedin.com
licdn.com
lnkd.in

    Facebook:

    facebook.com
*.facebook.com
fbcdn.net
fb.com

  4. Dynamically configure the pihole to block these domains for the pihole group

I found this script from @Data-Monkey on Github which provides exactly what I want here - the ability to enable/disable a group.

I trimmed it to just

#!/bin/bash
# Usage: ./pihole-group-toggle.sh <API_URL> <PASSWORD> <GROUP_NAME> <enable|disable>

API_URL="${1%/}"
PASSWORD="$2"
GROUP_NAME="$3"
ACTION="$4"

# Open session
SID=$(curl -s -X POST "$API_URL/auth" -d '{"password":"'$PASSWORD'"}' | jq -r .session.sid)

# Get current group details
COMMENT=$(curl -s "$API_URL/groups/$GROUP_NAME" -H "sid: $SID" | jq -r '.groups[0].comment')

# Enable or disable
if [ "$ACTION" = "enable" ]; then
  ENABLED=true
else
  ENABLED=false
fi

curl -s -X PUT "$API_URL/groups/$GROUP_NAME" \
  -H "accept: application/json" \
  -H "sid: $SID" \
  -d '{"name":"'$GROUP_NAME'","comment":"'$COMMENT'","enabled":'$ENABLED'}'

# Close session
curl -s -X DELETE "$API_URL/auth" -H "sid: $SID"

And I set up cronjobs to enable/disable this on the pi.

Static MAC Address for the Pi

When setting up a pihole, a static IP address is required - else you'll have to reconfigure your router if the pi is ever rebooted. however, the MAC address of the pi (at least the 3B+) is also dynamic. To make that static, edit/create /etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf on the pi with:

[connection]
wifi.mac-address-randomization=1

[device]
wifi.scan-rand-mac-address=no

and now you won't have to worry about moving the pi around, reboots for upgrades, etc.

Turns out you can just do this on eero (my router)

My apartment building offered Astound wifi with an eero router and mesh point. The eero app has a number of ways to filter content for specific devices on the network. It even claims to have ad blocking via a toggle...

And of course there are many other ways to be sure. Firewall rules being another.

But I prefer the pi approach. I own the hardware and it's running oss. Whenever I move, the pi moves with me, as do my custom rules for blocking social media DNS at certain times.

The friction is the point - while it wasn't necessarily hard to set all this up, it did take multiple steps. I see myself more likely to hit "Ignore for 15 more minutes" on my phone while doomscrolling than to reconfigure my pihole.