#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # pi-hole ad blocker # # Adapted from instructions at: # http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup # # License # ======= # # Copyright (C) 2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS='full full-vim adblocker' IN_DEFAULT_INSTALL=1 PIHOLE_IFACE=eth0 PIHOLE_DNS1='85.214.73.63' PIHOLE_DNS2='213.73.91.35' piholeBasename=pihole piholeDir=/etc/$piholeBasename PIHOLE_ADLIST=$piholeDir/gravity.list PIHOLE_BLACKLIST=$piholeDir/blacklist.txt PIHOLE_WHITELIST=$piholeDir/whitelist.txt PIHOLE_REPO="https://github.com/pi-hole/pi-hole" PIHOLE_COMMIT='dce24df37922171cef1dd3c3a025c09cb4a6a818' pihole_variables=(ONION_ONLY PIHOLE_IFACE PIHOLE_DNS1 PIHOLE_DNS2) function pihole_copy_files { cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default if [ ! -f $PIHOLE_ADLIST ]; then cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_ADLIST fi cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename cp $INSTALL_DIR/pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename } function pihole_change_ipv4 { new_ipv4="$1" if [ -f /usr/local/bin/pihole ]; then setupVars=$piholeDir/setupVars.conf if [ -f $setupVars ]; then sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars fi fi } function pihole_update { if [ ! -f /usr/local/bin/gravity.sh ]; then return fi IPv4_address=$(get_ipv4_address) IPv6_address=$(get_ipv6_address) setupVars=$piholeDir/setupVars.conf echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars} echo "IPv4_address=${IPv4_address}" >> ${setupVars} echo "IPv6_address=${IPv6_address}" >> ${setupVars} echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars} echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars} echo 'domain-needed' > /etc/dnsmasq.conf echo 'bogus-priv' >> /etc/dnsmasq.conf echo 'no-resolv' >> /etc/dnsmasq.conf echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf echo 'log-queries' >> /etc/dnsmasq.conf sed -i "0,/RE/s/server=.*/server=${PIHOLE_DNS1}/" /etc/dnsmasq.d/01-pihole.conf sed -i "1,/RE/s/server=.*/server=${PIHOLE_DNS2}/" /etc/dnsmasq.d/01-pihole.conf sed -i "s|interface=.*|interface=${PIHOLE_IFACE}|g" /etc/dnsmasq.d/01-pihole.conf systemctl restart dnsmasq pihole -g } function pihole_change_upstream_dns { data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Ad Blocker Upstream DNS" \ --radiolist $"Pick a domain name service (DNS):" 25 50 16 \ 1 $"Digital Courage" on \ 2 $"German Privacy Foundation 1" off \ 3 $"German Privacy Foundation 2" off \ 4 $"Chaos Computer Club" off \ 5 $"ClaraNet" off \ 6 $"OpenNIC 1" off \ 7 $"OpenNIC 2" off \ 8 $"OpenNIC 3" off \ 9 $"OpenNIC 4" off \ 10 $"OpenNIC 5" off \ 11 $"OpenNIC 6" off \ 12 $"OpenNIC 7" off \ 13 $"PowerNS" off \ 14 $"ValiDOM" off \ 15 $"Freie Unzensierte" off \ 16 $"Google" off 2> $data sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac case $(cat $data) in 1) PIHOLE_DNS1='85.214.73.63' PIHOLE_DNS2='213.73.91.35' ;; 2) PIHOLE_DNS1='87.118.100.175' PIHOLE_DNS2='94.75.228.29' ;; 3) PIHOLE_DNS1='85.25.251.254' PIHOLE_DNS2='2.141.58.13' ;; 4) PIHOLE_DNS1='213.73.91.35' PIHOLE_DNS2='85.214.73.63' ;; 5) PIHOLE_DNS1='212.82.225.7' PIHOLE_DNS2='212.82.226.212' ;; 6) PIHOLE_DNS1='58.6.115.42' PIHOLE_DNS2='58.6.115.43' ;; 7) PIHOLE_DNS1='119.31.230.42' PIHOLE_DNS2='200.252.98.162' ;; 8) PIHOLE_DNS1='217.79.186.148' PIHOLE_DNS2='81.89.98.6' ;; 9) PIHOLE_DNS1='78.159.101.37' PIHOLE_DNS2='203.167.220.153' ;; 10) PIHOLE_DNS1='82.229.244.191' PIHOLE_DNS2='82.229.244.191' ;; 11) PIHOLE_DNS1='216.87.84.211' PIHOLE_DNS2='66.244.95.20' ;; 12) PIHOLE_DNS1='207.192.69.155' PIHOLE_DNS2='72.14.189.120' ;; 13) PIHOLE_DNS1='194.145.226.26' PIHOLE_DNS2='77.220.232.44' ;; 14) PIHOLE_DNS1='78.46.89.147' PIHOLE_DNS2='88.198.75.145' ;; 15) PIHOLE_DNS1='85.25.149.144' PIHOLE_DNS2='87.106.37.196' ;; 16) PIHOLE_DNS1='8.8.8.8' PIHOLE_DNS2='4.4.4.4' ;; 255) exit 1;; esac write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1" write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2" } function update_pihole_interactive { clear echo $'Updating Ad Blocker Lists' echo '' pihole_update } function configure_firewall_for_pihole { if [[ $(is_completed $FUNCNAME) == "1" ]]; then return fi #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT function_check save_firewall_settings save_firewall_settings OPEN_PORTS+=('DNS 53') mark_completed $FUNCNAME } function configure_interactive_pihole { while true do data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 dialog --backtitle $"Freedombone Control Panel" \ --title $"Ad Blocker" \ --radiolist $"Choose an operation:" 14 70 5 \ 1 $"Edit ads list" off \ 2 $"Edit blacklisted domain names" off \ 3 $"Edit whitelisted domain names" off \ 4 $"Change upstream DNS servers" off \ 5 $"Exit" on 2> $data sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac case $(cat $data) in 1) editor $PIHOLE_ADLIST update_pihole_interactive ;; 2) editor $PIHOLE_BLACKLIST update_pihole_interactive ;; 3) editor $PIHOLE_WHITELIST update_pihole_interactive ;; 4) pihole_change_upstream_dns update_pihole_interactive ;; 5) break;; esac done } function install_interactive_pihole { APP_INSTALLED=1 } function change_password_pihole { echo -n '' } function reconfigure_pihole { echo -n '' } function upgrade_pihole { function_check set_repo_commit set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO pihole_copy_files pihole_update } function backup_local_pihole { function_check backup_directory_to_usb backup_directory_to_usb $piholeDir pihole } function restore_local_pihole { function_check restore_directory_from_usb restore_directory_from_usb / pihole } function backup_remote_pihole { function_check backup_directory_to_friend backup_directory_to_friend $piholeDir pihole } function restore_remote_pihole { function_check restore_directory_from_friend restore_directory_from_friend / pihole } function remove_pihole { apt-get -y remove --purge dnsmasq if [ ! -d /var/www/pihole ]; then rm -rf /var/www/pihole fi if [ -f /usr/local/bin/gravity.sh ]; then rm /usr/local/bin/gravity.sh fi if [ -f /usr/local/bin/pihole ]; then rm /usr/local/bin/pihole fi if [ -d /opt/pihole ]; then rm -rf /opt/pihole fi if [ -d $piholeDir ]; then rm -rf $piholeDir fi if [ -f /var/log/pihole.log ]; then rm /var/log/pihole.log fi if [ -f /etc/cron.d/pihole ]; then rm /etc/cron.d/pihole fi userdel -r pihole } function install_pihole { apt-get -y install dnsmasq curl adduser --disabled-login --gecos 'pi-hole' pihole usermod -a -G www-data pihole systemctl enable dnsmasq if [ ! -d $INSTALL_DIR ]; then mkdir -p $INSTALL_DIR fi if [ ! -d $INSTALL_DIR/pihole ]; then cd $INSTALL_DIR git_clone $PIHOLE_REPO pihole if [ ! -d $INSTALL_DIR/pihole ]; then exit 523925 fi cd $INSTALL_DIR/pihole git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT set_completion_param "pihole commit" "$PIHOLE_COMMIT" fi if [ ! -d /var/www/pihole/htdocs ]; then mkdir -p /var/www/pihole/htdocs fi # blank file which takes the place of ads echo '' > /var/www/pihole/htdocs/index.html echo '' >> /var/www/pihole/htdocs/index.html echo '' >> /var/www/pihole/htdocs/index.html echo '' >> /var/www/pihole/htdocs/index.html if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then exit 26738 fi cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh chmod 755 /usr/local/bin/gravity.sh if [ ! -f $INSTALL_DIR/pihole/pihole ]; then exit 52935 fi cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole chmod 755 /usr/local/bin/pihole if [ ! -d $piholeDir ]; then mkdir $piholeDir fi if [ ! -d /opt/pihole ]; then mkdir -p /opt/pihole fi pihole_copy_files chown -R www-data:www-data /var/www/pihole/htdocs configure_firewall_for_pihole pihole_update APP_INSTALLED=1 } # NOTE: deliberately no exit 0