Greg Boone

Menu

How I turned an IBM ThinkPad T30 into a Pi-hole

The IBM ThinkPad T30 was the premier business laptop of 2002 – 2004. It was sturdy, had a 14″ screen, and an Intel Pentium 4 CPU which, at the time, was pretty fast. I found one in at my Mother in-law’s old house back in 2020. It’s been sitting on a shelf turned off ever since.

I didn’t really know what to do with a Windows XP laptop in 2022. It seemed risky even to plug an ethernet cable into it. I considered trying to run Windows 7 on it, but that seemed silly, too. Enter this past winter: Frustrated by the network load that internet ads put on an already-strained DSL connection up north, I moved my Raspberry Pi Zero W there and configured it as a Pi-hole: A network wide ad and spam blocker that intercepts DNS requests for certain domains and sends them to a black hole called 0.0.0.0.

Why do this?

Ads are essential to the funding model of news organizations around the world and have been for ages. This is not new, but they are increasingly important for keeping news free-of-charge online. As a status quo, this puts a lot of trust into the hands third parties who have so far proven themselves to be unsavory at best, if not in fact alicious. The National Security Administration recently identified ad networks as a “major risk” to browsers and end-users.

Up north we block ads because of how much weight they add to a basic page load. The New York Times published a good visualization of just how much ads bloat the data footprint of a given website. On a limited connection, that bandwidth should go to more important work like Zoom, Google Meet, or just sending emails. Especially when someone is trying to work.

In an attempt to balance out our ad blocking, we’ve also increased our subscriptions and memberships for the news sites we read regularly.

Step one: Find the right Linux

On Raspberry Pi the go-to is Raspberry Pi OS. It’s designed for and optimized for the ARM systems in these efficient computers. For a 20 year old laptop, it’s a little more complicated. 20 years ago, all processors were 32 bit, now they’re all 64 bit. This particular machine has an early model Pentium 4 M 32 bit chip. My priority was to have a supported version of Linux if possible.

I didn’t rule it out Ubuntu 16.04, the last LTS to support 32 bit, but if I could find a major distribution with full support, that’d be better. Eventually, I found Debian 11 (“Bullseye“, the current LTS version released in August 2021). Debian continue to publish an i386 version with the 5.10 kernel, so it was worth a try.

Step two: Install Debian

I used balenaEtcher to flash a USB drive with the Debian installer iso. This was pretty quick and easy. Then I plugged it in and hit F1 to set the start up disk in the IBM BIOS. It took me a bit of trial and error to figure out that the laptop considered the USB stick a “hard drive” and not a USB device. Once I had that sorted I was on my way.

I imagine the installation goes much faster on a newer machine. With USB 1.1 ports and a 5400 RPM HDD, though, this thing was pretty sluggish. To speed things up I chose a mirror for apt that was close to me: University of Chicago.

Step three: pick a lightweight GUI

Linux in general, and especially Debian, support many options for a user interface to install from the beginning. Gnome is what I was familiar with from past Linux adventures. After I installed it, the entire system froze up when I tried to login the first time. After quite a bit of research, I found LXDE which is designed to run well with very few system resources.

So, I reinstalled Debian with only LXDE and logged in. It ran just fine. Running one application at a time was fine, but having a terminal window up alongside a browser (especially a full-featured one like the built-in Firefox) slowed me down quickly.

Fortunately, there was little I actually needed this for, and it was mostly some insurance in case SSH didn’t work on install. Still, I found the lightweight GUI useful, especially after installing the Midori browser. I didn’t try using it with any modern web applications, but I imagine my system’s resources would be the bigger block than anything else.

Step four: Run updates and add myself to sudoers

One thing I didn’t realize during the install was that Debian’s initial user isn’t in the sudoers list. I added myself to the sudoers by running usermod. First I had to su root to login as root and then run usermod -aG sudo <username>.

Before I did that I ran apt update and apt upgrade to make sure the system was updated. While I was in there I also deleted the pre-installed LibreOffice. I won’t need anything like that on the server.

Step five: Install Pi-hole and setup a firewall over SSH

From here on out everything basically worked out the way I expected it to. I followed the directions for Pi-hole and tested it out. Other than the server running much warmer than a Pi Zero, it was basically fine.

I don’t think a firewall is strictly necessary for a Pi-hole. It’s behind the router, only accessible within the local area network with no port forwarding. Still, just in case, I decided to setup a firewall. I tried my hand at iptables first and found it super annoying trying to work out the syntax for a few simple rules: Allow HTTP, SSH, and DNS; disallow everything else. I even locked myself out of over SSH for a bit (lucky for LXDE). Fortunately, there’s a simple solution for servers like mine, ufw, the Uncomplicated Firewall. This was super easy to set up.

Step six: Disable the GUI on boot

The easiest way to disable the GUI on boot is to just never install one to begin in the first place. Since I didn’t do that, I had a couple steps ahead of me:

  1. Stop the laptop from sleeping when the lid closes
  2. Disable the GUI entirely when it boots or reboots.

Part one was easy enough. Following Debian’s guidance, I opened up /etc/systemd/login.conf and set HandleLidSwitch=ignore. The second was a little harder to work out. It seems most people just don’t install the GUI. I found (and a co-worker later reminded me about), a ServerFault answer about how this works for Gnome, and the general guidance was correct: Change a grub parameter for default boot. In my case, I updated /etc/defaults/grub and set

GRUB_CMDLINE_LINUX_DEFAULT="text"

The ServerFault answer recommended quiet splash text, but that didn’t work. I also ran:

sudo systemctl enable multi-user.target --force
sudo systemctl set-default multi-user.target

And then updated grub: sudo update-grub before restarting. It took a bit of sleuthing to figure it out, but in the end it worked easy.

Now I can reboot the server, close the lid, and let the Pi-hole run in the background.

How’s it going?

About a month in, I noticed my network requests were slowing down when I was connected through the pi-hole when there were a lot of devices on the network. The Pi-hole software doesn’t require a ton of resources so I tried to limit how much work it had to do as best I could. I disabled logging, which would in theory prevent disk writing. My hypothesis is that more devices all making requests at the same time was too much for this 20 year old laptop to process efficiently.

I still have the ThinkPad and I might give it another shot since Raspberry Pis are still in extremely short supply. Until then, we’ll just have to deal with ads on our network, which is fine.