You could also setup PiVPN[1] on the same Raspberry Pi running Pi-hole with Wireguard and setup all your mobile devices to automatically connect back home when they're off the home wifi.I've had this setup running for a couple of months now and couldn't be happier with it.
The WireGuard apps for iOS and OSX have a configuration section titled “On-demand activation” that lets you do this. On the iOS app, I have it set to activate on cellular connection and WiFi connections to routers if the SSID != my home router’s SSID. Likewise on OSX, except for the cellular option.
You can also splurge and for under $10/mo set it up on a DigitalOcean (or similar) cheap hosting provider and have it available everywhere. And you can share with friends and family.
The cost in your example is far, far more than $10 USD a month. If you can set this up, your time is absolutely worth something and even if this is your area of expertise, you are now personally responsible for a critical piece of your internet browsing infrastructure.
There are tons of important details to keeping a critical service up and running almost all the time - even if you are competent in this, that is still time every month making sure it's running, secure and functional.
The only reasons in my opinion to DIY a solution would be a) learning, hobby or for fun or b) you have requirements that can't be met another way, like privacy goals.
The thing is that it's not really complicated anymore. It may be my area of expertise, but just following basic step-by-step instructions, it took me about 10 minutes to have a full ad-blocking, Wireguard VPN server on a DigitalOcean droplet by using Algo: https://github.com/trailofbits/algo , including the setup for my phone and iPad.
Algo is a great project and I also use it, but if you’re running it in production and not spending some time each month at least on security analysis and review, your self-assessd expertise may be more of the Dunning-Kruger variety.
I have had one up for around 2 years now and would say I have spent less than 5 minutes maintaining it over that time period. I did spend more than typical time setting it up because I added a custom php page so I could remotely add client ip addresses to the dns iptables whitelist, but I could have just done the basic setup in <20 minutes. It’s solid as a rock. Am I lazy about it? Sure. But I don’t quite consider it critical. It’s just personal use basic internet. And if something were to go wrong, most if not all client configurations have a backup/secondary dns option anyway so as long as that is configured things keep working fine, just with ads.
