free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedombone/src/freedombone-app-pihole

459 lines
13 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# pi-hole ad blocker
#
# Adapted from instructions at:
# http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup
#
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim adblocker'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
PIHOLE_IFACE=eth0
PIHOLE_DNS1='85.214.73.63'
PIHOLE_DNS2='213.73.91.35'
piholeBasename=pihole
piholeDir=/etc/$piholeBasename
PIHOLE_CUSTOM_ADLIST=$piholeDir/adlists.list
PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
PIHOLE_WHITELIST=$piholeDir/whitelist.txt
PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
PIHOLE_COMMIT='e602008459128c233899b1e9d70cca0f38f41670'
pihole_variables=(ONION_ONLY
PIHOLE_IFACE
PIHOLE_DNS1
PIHOLE_DNS2)
function logging_on_pihole {
echo -n ''
}
function logging_off_pihole {
echo -n ''
}
function pihole_copy_files {
if [ ! -d /etc/.pihole ]; then
mkdir /etc/.pihole
fi
cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
fi
cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
rm /etc/dnsmasq.d/01-pihole.conf
fi
cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
chmod +x /opt/pihole/*.sh
}
function pihole_change_ipv4 {
new_ipv4="$1"
if [ -f /usr/local/bin/pihole ]; then
setupVars=$piholeDir/setupVars.conf
if [ -f $setupVars ]; then
sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars
fi
fi
}
function pihole_update {
if [ ! -f /usr/local/bin/gravity.sh ]; then
return
fi
if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
PIHOLE_IFACE=eth0
else
read_config_param WIFI_INTERFACE
PIHOLE_IFACE=$WIFI_INTERFACE
fi
IPv4_address="$(get_ipv4_address)"
IPv6_address="$(get_ipv6_address)"
setupVars=$piholeDir/setupVars.conf
echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars}
echo "IPV4_ADDRESS=${IPv4_address}" >> ${setupVars}
if [ ${#IPv6_address} -gt 0 ]; then
echo "IPV6_ADDRESS=${IPv6_address}" >> ${setupVars}
fi
echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
echo 'domain-needed' > /etc/dnsmasq.conf
echo 'bogus-priv' >> /etc/dnsmasq.conf
echo 'no-resolv' >> /etc/dnsmasq.conf
echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
pihole -g
systemctl restart dnsmasq
# avoid having the tripwire report pihole updates
if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/pihole ;' /etc/tripwire/twpol.txt
fi
}
function pihole_change_upstream_dns {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Ad Blocker Upstream DNS" \
--radiolist $"Pick a domain name service (DNS):" 28 50 19 \
1 $"Digital Courage" on \
2 $"German Privacy Foundation 1" off \
3 $"German Privacy Foundation 2" off \
4 $"Chaos Computer Club" off \
5 $"ClaraNet" off \
6 $"OpenNIC 1" off \
7 $"OpenNIC 2" off \
8 $"OpenNIC 3" off \
9 $"OpenNIC 4" off \
10 $"OpenNIC 5" off \
11 $"OpenNIC 6" off \
12 $"OpenNIC 7" off \
13 $"PowerNS" off \
14 $"ValiDOM" off \
15 $"Freie Unzensierte" off \
16 $"DNS.Watch" off \
17 $"uncensoreddns.org" off \
18 $"Lorraine Data Network" off \
19 $"Google" off 2> $data
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
case $(cat $data) in
1) PIHOLE_DNS1='85.214.73.63'
PIHOLE_DNS2='213.73.91.35'
;;
2) PIHOLE_DNS1='87.118.100.175'
PIHOLE_DNS2='94.75.228.29'
;;
3) PIHOLE_DNS1='85.25.251.254'
PIHOLE_DNS2='2.141.58.13'
;;
4) PIHOLE_DNS1='213.73.91.35'
PIHOLE_DNS2='85.214.73.63'
;;
5) PIHOLE_DNS1='212.82.225.7'
PIHOLE_DNS2='212.82.226.212'
;;
6) PIHOLE_DNS1='58.6.115.42'
PIHOLE_DNS2='58.6.115.43'
;;
7) PIHOLE_DNS1='119.31.230.42'
PIHOLE_DNS2='200.252.98.162'
;;
8) PIHOLE_DNS1='217.79.186.148'
PIHOLE_DNS2='81.89.98.6'
;;
9) PIHOLE_DNS1='78.159.101.37'
PIHOLE_DNS2='203.167.220.153'
;;
10) PIHOLE_DNS1='82.229.244.191'
PIHOLE_DNS2='82.229.244.191'
;;
11) PIHOLE_DNS1='216.87.84.211'
PIHOLE_DNS2='66.244.95.20'
;;
12) PIHOLE_DNS1='207.192.69.155'
PIHOLE_DNS2='72.14.189.120'
;;
13) PIHOLE_DNS1='194.145.226.26'
PIHOLE_DNS2='77.220.232.44'
;;
14) PIHOLE_DNS1='78.46.89.147'
PIHOLE_DNS2='88.198.75.145'
;;
15) PIHOLE_DNS1='85.25.149.144'
PIHOLE_DNS2='87.106.37.196'
;;
16) PIHOLE_DNS1='84.200.69.80'
PIHOLE_DNS2='84.200.70.40'
;;
17) PIHOLE_DNS1='91.239.100.100'
PIHOLE_DNS2='89.233.43.71'
;;
18) PIHOLE_DNS1='80.67.188.188'
PIHOLE_DNS2='89.234.141.66'
;;
19) PIHOLE_DNS1='8.8.8.8'
PIHOLE_DNS2='4.4.4.4'
dialog --title $"WARNING" \
--msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
;;
255) exit 1;;
esac
write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
}
function update_pihole_interactive {
clear
echo $'Updating Ad Blocker Lists'
echo ''
pihole_update
}
function configure_firewall_for_pihole {
firewall_add DNS 53
}
function pihole_pause {
pihole disable
dialog --title $"Pause Ad Blocker" \
--msgbox $"Ad blocking is paused" 6 60
}
function pihole_resume {
pihole enable
dialog --title $"Resume Ad Blocker" \
--msgbox $"Ad blocking has resumed" 6 60
}
function configure_interactive_pihole {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Ad Blocker" \
--radiolist $"Choose an operation:" 16 70 7 \
1 $"Edit ads list" off \
2 $"Edit blacklisted domain names" off \
3 $"Edit whitelisted domain names" off \
4 $"Change upstream DNS servers" off \
5 $"Pause blocker" off \
6 $"Resume blocker" off \
7 $"Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
255) exit 1;;
esac
case $(cat $data) in
1) editor $PIHOLE_CUSTOM_ADLIST
update_pihole_interactive
;;
2) editor $PIHOLE_BLACKLIST
update_pihole_interactive
;;
3) editor $PIHOLE_WHITELIST
update_pihole_interactive
;;
4) pihole_change_upstream_dns
update_pihole_interactive
;;
5) pihole_pause
;;
6) pihole_resume
;;
7) break;;
esac
done
}
function install_interactive_pihole {
APP_INSTALLED=1
}
function reconfigure_pihole {
echo -n ''
}
function upgrade_pihole {
CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
return
fi
function_check set_repo_commit
set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
pihole_copy_files
pihole_update
}
function backup_local_pihole {
function_check backup_directory_to_usb
backup_directory_to_usb $piholeDir pihole
}
function restore_local_pihole {
function_check restore_directory_from_usb
restore_directory_from_usb / pihole
}
function backup_remote_pihole {
function_check backup_directory_to_friend
backup_directory_to_friend $piholeDir pihole
}
function restore_remote_pihole {
function_check restore_directory_from_friend
restore_directory_from_friend / pihole
}
function remove_pihole {
apt-get -yq remove --purge dnsmasq
if [ ! -d /var/www/pihole ]; then
rm -rf /var/www/pihole
fi
if [ -f /usr/local/bin/gravity.sh ]; then
rm /usr/local/bin/gravity.sh
fi
if [ -f /usr/local/bin/pihole ]; then
rm /usr/local/bin/pihole
fi
if [ -d /opt/pihole ]; then
rm -rf /opt/pihole
fi
if [ -d $piholeDir ]; then
rm -rf $piholeDir
fi
if [ -d /etc/.pihole ]; then
rm -rf /etc/.pihole
fi
if [ -f /var/log/pihole.log ]; then
rm /var/log/pihole.log
fi
if [ -f /etc/cron.d/pihole ]; then
rm /etc/cron.d/pihole
fi
if [ -d $INSTALL_DIR/pihole ]; then
rm -rf $INSTALL_DIR/pihole
fi
firewall_remove 53
userdel -r pihole
}
function install_pihole {
apt-get -yq install dnsmasq curl
adduser --disabled-login --gecos 'pi-hole' pihole
if [ ! -d /home/pihole ]; then
echo $"/home/pihole directory not created"
exit 538929
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -a -G www-data pihole
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
systemctl enable dnsmasq
if [ ! -d $INSTALL_DIR ]; then
mkdir -p $INSTALL_DIR
fi
if [ ! -d $INSTALL_DIR/pihole ]; then
cd $INSTALL_DIR
if [ -d /repos/pihole ]; then
mkdir pihole
cp -r -p /repos/pihole/. pihole
cd pihole
git pull
else
git_clone $PIHOLE_REPO pihole
fi
if [ ! -d $INSTALL_DIR/pihole ]; then
exit 523925
fi
cd $INSTALL_DIR/pihole
git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
set_completion_param "pihole commit" "$PIHOLE_COMMIT"
fi
if [ ! -d /var/www/pihole/htdocs ]; then
mkdir -p /var/www/pihole/htdocs
fi
# blank file which takes the place of ads
echo '<html>' > /var/www/pihole/htdocs/index.html
echo '<body>' >> /var/www/pihole/htdocs/index.html
echo '</body>' >> /var/www/pihole/htdocs/index.html
echo '</html>' >> /var/www/pihole/htdocs/index.html
if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
exit 26738
fi
cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
chmod 755 /usr/local/bin/gravity.sh
if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
exit 52935
fi
cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
chmod 755 /usr/local/bin/pihole
if [ ! -d $piholeDir ]; then
mkdir $piholeDir
fi
if [ ! -d /opt/pihole ]; then
mkdir -p /opt/pihole
fi
pihole_copy_files
chown -R www-data:www-data /var/www/pihole/htdocs
configure_firewall_for_pihole
pihole_update
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0
Reference in New Issue View Git Blame Copy Permalink