I went down the hole of installing Linux on my phone (Samsung Galaxy S7). The easiest path is compiling and installing UBports, some people have heavily started the process but it is still a work in progress.

This is the first part: step by step description to build and boot the system, with helpers scripts to setup the system once flashed.

I had to move my previous Wireguard VPN + Pi-hole ad blocker to another server, but this time I was not able to expose Pi-hole DNS port (53) to the host machine. It was also better to have Wireguard VPN inside a Docker container… so I did!

As a reminder, Wireguard is a stateless and easy to configure VPN: share a pair of public keys between the client(s) and server then you are good to go! Moreover, stateless is great when used from a phone as there is no power-hungry keep-alive like OpenVPN, nor reconnection time when switching from Wi-FI to 4G.

I was looking to use InteractiveHtmlBom plugin for KiCad but unfortunately, Debian maintainers did not set KICAD_SCRIPTING option in the official package. After a few failing attempts I even tested the official flatpak package but it is an old version (currently 4.x) and scripting is not enabled too.

So I dug further until it actually succeeds to compile :-)

There are a lot of pages stating that the Thinkpad T440p fingerprint sensor is not working well under Linux, but those are old and outdated. For me it worked well after figured out which packets to install:

WireGuard is a new VPN software, which is described as It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache and using state-of-the-art cryptography. Pi-hole is a black hole for Internet advertisements, ie a server blocking advertisements at DNS level.

I have Pi-hole on my home network but wanted to have it also as DNS server on my phone when I am not at home. As I have a bad DSL connection, I can not rely on my home server. So I put Pi-hole on a VPS server I rent: it works, flawlessly.
Nevertheless, it was an open DNS resolver, which can be used to amplify DDoS attacks; there is already 2212 unsecured Pi-hole on the Internet, so I do not want to add another one.

Pi-hole provides documentation to use OpenVPN, even to redirect only DNS requests but it is not efficient on a phone as it is not a stateless connection, so it consumes battery; moreover, GSM/Wifi switch is not really handled, you have to reconnect. The solution comes from WireGuard which is stateless, and provides Android & iOS apps. I struggle to configure everything, so here is what I did: