#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # pi-hole ad blocker # # Adapted from instructions at: # http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup # # License # ======= # # Copyright (C) 2016-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full full-vim adblocker' IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=0 PIHOLE_IFACE=eth0 PIHOLE_DNS1='91.239.100.100' PIHOLE_DNS2='89.233.43.71' piholeBasename=pihole piholeDir=/etc/$piholeBasename PIHOLE_CUSTOM_ADLIST=$piholeDir/adlists.list PIHOLE_BLACKLIST=$piholeDir/blacklist.txt PIHOLE_WHITELIST=$piholeDir/whitelist.txt PIHOLE_REPO="https://github.com/pi-hole/pi-hole" PIHOLE_COMMIT='fbee18e24d56b418e3329a56ae4156dbe8fe5e1f' pihole_variables=(ONION_ONLY PIHOLE_IFACE PIHOLE_DNS1 PIHOLE_DNS2) function logging_on_pihole { echo -n '' } function logging_off_pihole { echo -n '' } function pihole_copy_files { if [ ! -d /etc/.pihole ]; then mkdir /etc/.pihole fi cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST fi cp "$INSTALL_DIR/pihole/advanced/Scripts/"* /opt/$piholeBasename if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then rm /etc/dnsmasq.d/01-pihole.conf fi cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename chmod +x /opt/pihole/*.sh } function pihole_change_ipv4 { new_ipv4="$1" if [ -f /usr/local/bin/pihole ]; then setupVars=$piholeDir/setupVars.conf if [ -f $setupVars ]; then sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars fi fi } function pihole_update { if [ ! -f /usr/local/bin/gravity.sh ]; then return fi if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then PIHOLE_IFACE=eth0 else read_config_param WIFI_INTERFACE PIHOLE_IFACE=$WIFI_INTERFACE fi IPv4_address="$(get_ipv4_address)" IPv6_address="$(get_ipv6_address)" setupVars=$piholeDir/setupVars.conf echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars} echo "IPV4_ADDRESS=${IPv4_address}" >> ${setupVars} if [ ${#IPv6_address} -gt 0 ]; then echo "IPV6_ADDRESS=${IPv6_address}" >> ${setupVars} fi echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars} echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars} { echo 'domain-needed'; echo 'bogus-priv'; echo 'no-resolv'; echo "server=${PIHOLE_DNS1}"; echo "server=${PIHOLE_DNS2}"; echo "interface=${PIHOLE_IFACE}"; echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf pihole -g systemctl restart dnsmasq # avoid having the tripwire report pihole updates if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then sed -i '\|/etc\t\t->.*|a\ !/etc/pihole ;' /etc/tripwire/twpol.txt fi } function pihole_change_upstream_dns { data=$(mktemp 2>/dev/null) dialog --backtitle $"Ad Blocker Upstream DNS" \ --radiolist $"Pick a domain name service (DNS):" 29 50 20 \ 1 $"UncensoredDNS" on \ 2 $"Digital Courage" off \ 3 $"German Privacy Foundation 1" off \ 4 $"German Privacy Foundation 2" off \ 5 $"Chaos Computer Club" off \ 6 $"ClaraNet" off \ 7 $"OpenNIC 1" off \ 8 $"OpenNIC 2" off \ 9 $"OpenNIC 3" off \ 10 $"OpenNIC 4" off \ 11 $"OpenNIC 5" off \ 12 $"OpenNIC 6" off \ 13 $"OpenNIC 7" off \ 14 $"PowerNS" off \ 15 $"ValiDOM" off \ 16 $"Freie Unzensierte" off \ 17 $"DNS.Watch" off \ 18 $"uncensoreddns.org" off \ 19 $"Lorraine Data Network" off \ 20 $"Google" off 2> "$data" sel=$? case $sel in 1) rm -f "$data" exit 1;; 255) rm -f "$data" exit 1;; esac case $(cat "$data") in 1) PIHOLE_DNS1='91.239.100.100' PIHOLE_DNS2='89.233.43.71' ;; 2) PIHOLE_DNS1='85.214.73.63' PIHOLE_DNS2='213.73.91.35' ;; 3) PIHOLE_DNS1='87.118.100.175' PIHOLE_DNS2='94.75.228.29' ;; 4) PIHOLE_DNS1='85.25.251.254' PIHOLE_DNS2='2.141.58.13' ;; 5) PIHOLE_DNS1='213.73.91.35' PIHOLE_DNS2='85.214.73.63' ;; 6) PIHOLE_DNS1='212.82.225.7' PIHOLE_DNS2='212.82.226.212' ;; 7) PIHOLE_DNS1='58.6.115.42' PIHOLE_DNS2='58.6.115.43' ;; 8) PIHOLE_DNS1='119.31.230.42' PIHOLE_DNS2='200.252.98.162' ;; 9) PIHOLE_DNS1='217.79.186.148' PIHOLE_DNS2='81.89.98.6' ;; 10) PIHOLE_DNS1='78.159.101.37' PIHOLE_DNS2='203.167.220.153' ;; 11) PIHOLE_DNS1='82.229.244.191' PIHOLE_DNS2='82.229.244.191' ;; 12) PIHOLE_DNS1='216.87.84.211' PIHOLE_DNS2='66.244.95.20' ;; 13) PIHOLE_DNS1='207.192.69.155' PIHOLE_DNS2='72.14.189.120' ;; 14) PIHOLE_DNS1='194.145.226.26' PIHOLE_DNS2='77.220.232.44' ;; 15) PIHOLE_DNS1='78.46.89.147' PIHOLE_DNS2='88.198.75.145' ;; 16) PIHOLE_DNS1='85.25.149.144' PIHOLE_DNS2='87.106.37.196' ;; 17) PIHOLE_DNS1='84.200.69.80' PIHOLE_DNS2='84.200.70.40' ;; 18) PIHOLE_DNS1='91.239.100.100' PIHOLE_DNS2='89.233.43.71' ;; 19) PIHOLE_DNS1='80.67.188.188' PIHOLE_DNS2='89.234.141.66' ;; 20) PIHOLE_DNS1='8.8.8.8' PIHOLE_DNS2='4.4.4.4' dialog --title $"WARNING" \ --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60 ;; 255) rm -f "$data" exit 1;; esac rm -f "$data" write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1" write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2" } function update_pihole_interactive { clear echo $'Updating Ad Blocker Lists' echo '' pihole_update } function configure_firewall_for_pihole { firewall_add DNS 53 } function pihole_pause { pihole disable dialog --title $"Pause Ad Blocker" \ --msgbox $"Ad blocking is paused" 6 60 } function pihole_resume { pihole enable dialog --title $"Resume Ad Blocker" \ --msgbox $"Ad blocking has resumed" 6 60 } function configure_interactive_pihole { W=(1 $"Edit ads list" 2 $"Edit blacklisted domain names" 3 $"Edit whitelisted domain names" 4 $"Change upstream DNS servers" 5 $"Pause blocker" 6 $"Resume blocker") while true do # shellcheck disable=SC2068 selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Ad blocker" --menu $"Choose an operation, or ESC for main menu:" 13 60 9 "${W[@]}" 3>&2 2>&1 1>&3) if [ ! "$selection" ]; then break fi case $selection in 1) editor $PIHOLE_CUSTOM_ADLIST update_pihole_interactive ;; 2) editor $PIHOLE_BLACKLIST update_pihole_interactive ;; 3) editor $PIHOLE_WHITELIST update_pihole_interactive ;; 4) pihole_change_upstream_dns update_pihole_interactive ;; 5) pihole_pause ;; 6) pihole_resume ;; esac done } function install_interactive_pihole { APP_INSTALLED=1 } function reconfigure_pihole { echo -n '' } function upgrade_pihole { CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit") if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then return fi function_check set_repo_commit set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO pihole_copy_files pihole_update } function backup_local_pihole { function_check backup_directory_to_usb backup_directory_to_usb $piholeDir pihole } function restore_local_pihole { function_check restore_directory_from_usb restore_directory_from_usb / pihole } function backup_remote_pihole { function_check backup_directory_to_friend backup_directory_to_friend $piholeDir pihole } function restore_remote_pihole { function_check restore_directory_from_friend restore_directory_from_friend / pihole } function remove_pihole { apt-get -yq remove --purge dnsmasq if [ ! -d /var/www/pihole ]; then rm -rf /var/www/pihole fi if [ -f /usr/local/bin/gravity.sh ]; then rm /usr/local/bin/gravity.sh fi if [ -f /usr/local/bin/pihole ]; then rm /usr/local/bin/pihole fi if [ -d /opt/pihole ]; then rm -rf /opt/pihole fi if [ -d $piholeDir ]; then rm -rf $piholeDir fi if [ -d /etc/.pihole ]; then rm -rf /etc/.pihole fi if [ -f /var/log/pihole.log ]; then rm /var/log/pihole.log fi if [ -f /etc/cron.d/pihole ]; then rm /etc/cron.d/pihole fi if [ -d "$INSTALL_DIR/pihole" ]; then rm -rf "$INSTALL_DIR/pihole" fi firewall_remove 53 userdel -r pihole } function install_pihole { apt-get -yq install dnsmasq curl adduser --disabled-login --gecos 'pi-hole' pihole if [ ! -d /home/pihole ]; then echo $"/home/pihole directory not created" exit 538929 fi chmod 600 /etc/shadow chmod 600 /etc/gshadow usermod -a -G www-data pihole chmod 0000 /etc/shadow chmod 0000 /etc/gshadow systemctl enable dnsmasq if [ ! -d "$INSTALL_DIR" ]; then mkdir -p "$INSTALL_DIR" fi if [ ! -d "$INSTALL_DIR/pihole" ]; then cd "$INSTALL_DIR" || exit 78245624527 if [ -d /repos/pihole ]; then mkdir pihole cp -r -p /repos/pihole/. pihole cd pihole || exit 24572424684 git pull else git_clone $PIHOLE_REPO pihole fi if [ ! -d "$INSTALL_DIR/pihole" ]; then exit 523925 fi cd "$INSTALL_DIR/pihole" || exit 2682468242 git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT" set_completion_param "pihole commit" "$PIHOLE_COMMIT" fi if [ ! -d /var/www/pihole/htdocs ]; then mkdir -p /var/www/pihole/htdocs fi # blank file which takes the place of ads { echo ''; echo ''; echo ''; echo ''; } > /var/www/pihole/htdocs/index.html if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then exit 26738 fi cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh chmod 755 /usr/local/bin/gravity.sh if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then exit 52935 fi cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole chmod 755 /usr/local/bin/pihole if [ ! -d $piholeDir ]; then mkdir $piholeDir fi if [ ! -d /opt/pihole ]; then mkdir -p /opt/pihole fi pihole_copy_files chown -R www-data:www-data /var/www/pihole/htdocs configure_firewall_for_pihole pihole_update APP_INSTALLED=1 } # NOTE: deliberately no exit 0