Posted on 2024-09-20
I set up Pi-hole on my home network recently. If you're reading this, there's a good chance you've heard of it. It's a network-wide DNS-level ad and tracker blocker designed to run on a single-board computer like a Raspberry Pi, hence the name. Instead of a Pi, I used a Libre Computer Le Potato, an alternative board that's almost as good as a Pi 4, and a lot cheaper. I'm gonna show you how to do that.
Before you do anything, and especially before you buy anything, make sure your router lets you both assign static IP addresses in some way and set your own DNS servers. This functionality is necessary to use Pi-hole. I can't help you do this, unfortunately — every router is different and many ISP Specials™ are missing these settings.
The Le Potato comes in two flavours: 1GB of RAM and 2GB of RAM. Either will suffice here, though I would go with the 2GB variant just because the 1GB version isn't really that much cheaper. Aside from the board itself, you'll also need a wired network connection1, a micro SD card, and an HDMI monitor and keyboard for initial setup, though you can use SSH to access it over the network after that.
As for power, the Le Potato draws about 4 watts at most and as such can run off of any spec-compliant USB port, but the official guides on the Libre Computer forum make a big deal of ensuring the power supply and cable you're using are high-quality and of a generous rating — they recommend at least a 1.5A USB power source and a suitably thick cable to avoid any power issues. Pi-hole is a pretty low-demand application, though, even for this class of hardware, so you'll probably be fine regardless of what you use.
Like the Pi, the Le Potato lacks any built-in storage, so you'll need to supply a micro SD card2. The docmentation for Armbian, the OS we'll be using, recommends an "A1" or "A2" class micro SD card, which you can more or less only get from Sandisk right now, for their significantly improved random access performance. Ideally you should use one of these, especially since they can be had quite cheaply nowadays, but it's not the end of the world if you have something else kicking around and use that instead. As for capacity, 16GB should be plenty, and you could probably get away with 8GB.
Finally, I'd recommend getting a case. Fortunately, the Le Potato has the same dimensions and layout as, and as such is compatible with cases for, the Raspberry Pi 3 Model B. I 3D printed this one in PETG, and a wide array of cases are available for cheap online if you can't do the same. I especially like the one that looks like a little NES.
Since I'd heard the Le Potato was broadly compatible with the Pi, I initially tried booting a Raspbian image from the official Raspberry Pi flasher tool. Maybe predictably, this did not work. The next thing I tried, and what we'll be using, is Armbian, a lightweight port of Debian designed for tiny SBCs like this one that happens to have a page on its website specifically for the Le Potato.
Go to that page and get one of the Server images. I used the latest Debian one. Then write it to the SD card using your favourite flashing tool (I recommend Balena Etcher), and insert that into the slot on the Le Potato.
To boot just connect it to power to turn it on and the boot sequence will start automatically. You can have the ethernet connected as you do this, but it seems like the keyboard and possibly display may need to be connected afterwards, so try that if it doesn't boot for you. The Le Potato has a series of indicator LEDs on it next to the micro USB port: essentially, red means it has power; red and blue means it's on; and red, green, and flashing blue means it's running software. Once you get to that last state, you should get output to the monitor soon.
Now we set up Armbian. This process is detailed in the official documentation for Armbian, and it's fortunately pretty straightforward. It'll ask you to change the default root password, and then give you a choice of shell. Either is perfectly fine, but I like ZSH. Then it will prompt you to create a login for your user account (make sure you're writing these logins down, btw) and then ask for your timezone and other basic local information. If you're connected to the network, it should auto-detect this stuff. If you're left with a root prompt here (it should look like this: lepotato:~:#) log out and log back in with the credentials you just created.
This is a good time to assign a static IP address to the Le Potato, so you can access it with SSH going forward. Once you have, reboot it and you should be able to access it via SSH at the local IP you just gave it. On Linux that's just ssh yourusername@yourlocalip in the terminal, and on Windows PuTTY is allegedly good for this.
Now that you're logged in, run a quick software update:
sudo apt update
sudo apt upgradeInstalling Pi-hole is pretty simple. Just download and run the install script:
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.shThe script will prompt you for some settings. Most of them are pretty straightforward. I selected "Yes" for everything and the first of the three entries for Quad93 as my upstream DNS provider. Set a privacy level to your preference, but maybe check with anyone else you live with before selecting "show everything". Once the installation is done, you can change the web admin password with pihole -a -p if desired, and then log in by typing the Le Potato's static IP into your browser.
The last step to get Pi-hole working on your network is to set its static IP as your router's primary DNS server. The Pi-hole devs recommend setting your Pi-hole device as the only DNS server for the network to guarantee it always gets every request, but I set a couple of fallbacks in case my Pi-hole server ever goes down and it seems to still work fine.
Pi-hole has a lot of powerful functionality, but here I'd like to focus on fine-tuning your blocklist. The default one is pretty good, but The Firebog has a lot of good ones if you'd like to broaden your coverage — I use one or two of the green ones from each category.
I live with other people who aren't as tolerant of tech weirdness as I am, so for something that'll affect everything on the network, convenience often takes priority over maximum adblocking. In other words, I don't want to break anything. There's an official list of commonly whitelisted domains that are important for certain functionality but get blocked by default, and I use this script to import them and keep the list up to date automatically with a crontab entry.
Beyond that, this article has a lot of good information blocklist-wise.
1. You can, theoretically, use wi-fi for this, but I would strongly recommend against it.
2. The Le Potato also has a connector for an EMMC module, but that's a whole different can of worms.
3. Quad9's filtering is intended to block malware domains. I like having it as an extra layer of security on top of Pi-hole. Any of the DNS providers in the list should work fine, and you can always change it later.