diff --git a/.gitattributes b/.gitattributes index 57faaa8b..1ed54473 100644 --- a/.gitattributes +++ b/.gitattributes @@ -35,4 +35,4 @@ GitHub.Tests.Integration/Resources/* binary # Catch all for anything we forgot. Add rules if you get CRLF -> LF warnings. -* text=auto +* text eol=lf diff --git a/.idea/codeStyleSettings.xml b/.idea/codeStyleSettings.xml index 1028340e..6ad75d68 100644 --- a/.idea/codeStyleSettings.xml +++ b/.idea/codeStyleSettings.xml @@ -1,25 +1,25 @@ - - - + \ No newline at end of file diff --git a/README.md b/README.md index 429fc275..0a5f7f4c 100644 --- a/README.md +++ b/README.md @@ -139,6 +139,7 @@ You can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my- ## Pi-hole Projects +- [An ad blocking Magic Mirror](https://zonksec.com/blog/magic-mirror-dns-filtering/#dnssoftware) - [Pi-hole stats in your Mac's menu bar](https://getbitbar.com/plugins/Network/pi-hole.1m.py) - [Get LED alerts for each blocked ad](http://thetimmy.silvernight.org/pages/endisbutton/) - [Pi-hole on Ubuntu 14.04 on VirtualBox](http://hbalagtas.blogspot.com/2016/02/adblocking-with-pi-hole-and-ubuntu-1404.html) @@ -154,6 +155,7 @@ You can view [real-time stats](https://discourse.pi-hole.net/t/how-do-i-view-my- - [Windows Tray Stat Application](https://github.com/goldbattle/copernicus) - [Let your blink1 device blink when Pi-hole filters ads](https://gist.github.com/elpatron68/ec0b4c582e5abf604885ac1e068d233f) - [Pi-Hole Prometheus exporter](https://github.com/nlamirault/pihole_exporter) : a [Prometheus](https://prometheus.io/) exporter for Pi-Hole +- [Pi-hole Droid - open source Android client](https://github.com/friimaind/pi-hole-droid) ## Coverage diff --git a/adlists.default b/adlists.default index 3c4ea8ed..4a5bca3c 100644 --- a/adlists.default +++ b/adlists.default @@ -14,7 +14,7 @@ https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts # Other lists we consider safe: -http://mirror1.malwaredomains.com/files/justdomains +https://mirror1.malwaredomains.com/files/justdomains http://sysctl.org/cameleon/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt @@ -23,9 +23,9 @@ https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt # hosts-file.net list. Updated frequently, but has been known to block legitimate sites. https://hosts-file.net/ad_servers.txt -# Mahakala list. Has been known to block legitimage domains including the entire .com range. +# Mahakala list. Has been known to block legitimate domains including the entire .com range. # Warning: Due to the sheer size of this list, the web admin console will be unresponsive. -#http://adblock.mahakala.is/ +#https://adblock.mahakala.is/ # ADZHOSTS list. Has been known to block legitimate domains #http://pilotfiber.dl.sourceforge.net/project/adzhosts/HOSTS.txt @@ -49,5 +49,5 @@ https://hosts-file.net/ad_servers.txt # Following two lists should be used simultaneously: (readme https://github.com/notracking/hosts-blocklists/) #https://raw.github.com/notracking/hosts-blocklists/master/hostnames.txt #https://raw.github.com/notracking/hosts-blocklists/master/domains.txt -# Combination of serveral host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information. +# Combination of several host files on the internet (warning some facebook domains are also blocked but you can go to facebook.com). See https://github.com/mat1th/Dns-add-block for more information. #https://raw.githubusercontent.com/mat1th/Dns-add-block/master/hosts diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f763d2b8..1415d975 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -16,7 +16,7 @@ set -o pipefail VARSFILE="/etc/pihole/setupVars.conf" DEBUG_LOG="/var/log/pihole_debug.log" DNSMASQFILE="/etc/dnsmasq.conf" -DNSMASQCONFFILE="/etc/dnsmasq.d/01-pihole.conf" +DNSMASQCONFDIR="/etc/dnsmasq.d/*" LIGHTTPDFILE="/etc/lighttpd/lighttpd.conf" LIGHTTPDERRFILE="/var/log/lighttpd/error.log" GRAVITYFILE="/etc/pihole/gravity.list" @@ -26,7 +26,6 @@ ADLISTFILE="/etc/pihole/adlists.list" PIHOLELOG="/var/log/pihole.log" WHITELISTMATCHES="/tmp/whitelistmatches.list" -IPV6_READY=false TIMEOUT=60 # Header info and introduction cat << EOM @@ -35,7 +34,7 @@ cat << EOM ::: This process collects information from your Pi-hole, and optionally uploads ::: it to a unique and random directory on tricorder.pi-hole.net. ::: -::: NOTE: All log files auto-delete after 24 hours and ONLY the Pi-hole developers +::: NOTE: All log files auto-delete after 48 hours and ONLY the Pi-hole developers ::: can access your data via the given token. We have taken these extra steps to ::: secure your data and will work to further reduce any personal information gathered. ::: @@ -132,15 +131,27 @@ version_check() { return "${error_found}" } +dir_check() { + header_write "Detecting contents of ${1}:" + for file in $1*; do + header_write "File ${file} found" + echo -n "::: Parsing..." + file_parse "${file}" + echo "done" + done + echo ":::" +} + files_check() { #Check non-zero length existence of ${1} header_write "Detecting existence of ${1}:" local search_file="${1}" if [[ -s ${search_file} ]]; then - echo "::: File exists" + echo -n "::: File exists, parsing..." file_parse "${search_file}" + echo "done" return 0 - else + else log_echo "${1} not found!" return 1 fi @@ -168,72 +179,69 @@ processor_check() { ipv6_check() { # Check if system is IPv6 enabled, for use in other functions - if [[ $IPv6_address ]]; then - ls /proc/net/if_inet6 &>/dev/null && IPV6_READY=true + if [[ $IPV6_ADDRESS ]]; then + ls /proc/net/if_inet6 &>/dev/null return 0 else return 1 fi } - ip_check() { - header_write "IP Address Information" - # Get the current interface for Internet traffic - - # Check if IPv6 enabled - local IPv6_interface - local IPv4_interface - ipv6_check && IPv6_interface=${piholeInterface:-$(ip -6 r | grep default | cut -d ' ' -f 5)} - # If declared in setupVars.conf use it, otherwise defer to default - # http://stackoverflow.com/questions/2013547/assigning-default-values-to-shell-variables-with-a-single-command-in-bash - IPv4_interface=${piholeInterface:-$(ip r | grep default | cut -d ' ' -f 5)} - - - if [[ IPV6_READY ]]; then - local IPv6_addr_list="$(ip a | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "inet6") print $(i+1) }')" \ - && (log_write "${IPv6_addr_list}" && echo "::: IPv6 addresses located") \ - || log_echo "No IPv6 addresses found." - - local IPv6_def_gateway=$(ip -6 r | grep default | cut -d ' ' -f 3) - if [[ $? = 0 ]] && [[ -n ${IPv6_def_gateway} ]]; then - echo -n "::: Pinging default IPv6 gateway: " - local IPv6_def_gateway_check="$(ping6 -q -W 3 -c 3 -n "${IPv6_def_gateway}" -I "${IPv6_interface}"| tail -n3)" \ - && echo "Gateway Responded." \ - || echo "Gateway did not respond." - block_parse "${IPv6_def_gateway_check}" - - echo -n "::: Pinging Internet via IPv6: " - local IPv6_inet_check=$(ping6 -q -W 3 -c 3 -n 2001:4860:4860::8888 -I "${IPv6_interface}"| tail -n3) \ - && echo "Query responded." \ - || echo "Query did not respond." - block_parse "${IPv6_inet_check}" - else - log_echo="No IPv6 Gateway Detected" - fi - -local IPv4_addr_list="$(ip a | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "inet") print $(i+1) }')" \ - && (block_parse "${IPv4_addr_list}" && echo "::: IPv4 addresses located")\ - || log_echo "No IPv4 addresses found." - - local IPv4_def_gateway=$(ip r | grep default | cut -d ' ' -f 3) - if [[ $? = 0 ]]; then - echo -n "::: Pinging default IPv4 gateway: " - local IPv4_def_gateway_check="$(ping -q -w 3 -c 3 -n "${IPv4_def_gateway}" -I "${IPv4_interface}" | tail -n3)" \ - && echo "Gateway responded." \ - || echo "Gateway did not respond." - block_parse "${IPv4_def_gateway_check}" - - echo -n "::: Pinging Internet via IPv4: " - local IPv4_inet_check="$(ping -q -w 5 -c 3 -n 8.8.8.8 -I "${IPv4_interface}" | tail -n3)" \ - && echo "Query responded." \ - || echo "Query did not respond." - block_parse "${IPv4_inet_check}" - fi + local protocol=${1} + local gravity=${2} + local ip_addr_list="$(ip -${protocol} addr show dev ${PIHOLE_INTERFACE} | awk -F ' ' '{ for(i=1;i<=NF;i++) if ($i ~ '/^inet/') print $(i+1) }')" + if [[ -n ${ip_addr_list} ]]; then + log_write "IPv${protocol} on ${PIHOLE_INTERFACE}" + log_write "Gravity configured for: ${2:-NOT CONFIGURED}" + log_write "----" + log_write "${ip_addr_list}" + echo "::: IPv${protocol} addresses located on ${PIHOLE_INTERFACE}" + ip_ping_check ${protocol} + return $(( 0 + $? )) + else + log_echo "No IPv${protocol} found on ${PIHOLE_INTERFACE}" + return 1 fi } +ip_ping_check() { + local protocol=${1} + local cmd + + if [[ ${protocol} == "6" ]]; then + cmd="ping6" + g_addr="2001:4860:4860::8888" + else + cmd="ping" + g_addr="8.8.8.8" + fi + + local ip_def_gateway=$(ip -${protocol} route | grep default | cut -d ' ' -f 3) + if [[ -n ${ip_def_gateway} ]]; then + echo -n "::: Pinging default IPv${protocol} gateway: " + if ! ping_gateway="$(${cmd} -q -W 3 -c 3 -n ${ip_def_gateway} -I ${PIHOLE_INTERFACE} | tail -n 3)"; then + echo "Gateway did not respond." + return 1 + else + echo "Gateway responded." + log_write "${ping_gateway}" + fi + echo -n "::: Pinging Internet via IPv${protocol}: " + if ! ping_inet="$(${cmd} -q -W 3 -c 3 -n ${g_addr} -I ${PIHOLE_INTERFACE} | tail -n 3)"; then + echo "Query did not respond." + return 1 + else + echo "Query responded." + log_write "${ping_inet}" + fi + else + log_echo " No gateway detected." + fi + return 0 +} + port_check() { local lsof_value @@ -344,7 +352,8 @@ distro_check || echo "Distro Check soft fail" # Gather processor type processor_check || echo "Processor Check soft fail" -ip_check +ip_check 6 ${IPV6_ADDRESS} +ip_check 4 ${IPV4_ADDRESS} daemon_check lighttpd http daemon_check dnsmasq domain @@ -353,7 +362,7 @@ testResolver debugLighttpd files_check "${DNSMASQFILE}" -files_check "${DNSMASQCONFFILE}" +dir_check "${DNSMASQCONFDIR}" files_check "${WHITELISTFILE}" files_check "${BLACKLISTFILE}" files_check "${ADLISTFILE}" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 655dcb33..10847ead 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -60,7 +60,7 @@ GitCheckUpdateAvail() { git status exit fi - + # Change back to original directory cd "${curdir}" @@ -80,8 +80,8 @@ main() { local web_version_current #This is unlikely - if ! is_repo "${PI_HOLE_FILES_DIR}" || ! is_repo "${ADMIN_INTERFACE_DIR}" ; then - echo "::: Critical Error: One or more Pi-Hole repos are missing from system!" + if ! is_repo "${PI_HOLE_FILES_DIR}" ; then + echo "::: Critical Error: Core Pi-Hole repo is missing from system!" echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole" exit 1; fi @@ -96,48 +96,67 @@ main() { echo "::: Pi-hole Core: up to date" fi - if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then - web_update=true - echo "::: Web Interface: update available" - else - web_update=false - echo "::: Web Interface: up to date" - fi + if [[ ${INSTALL_WEB} == true ]]; then + if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then + echo "::: Critical Error: Web Admin repo is missing from system!" + echo "::: Please re-run install script from https://github.com/pi-hole/pi-hole" + exit 1; + fi - # Logic - # If Core up to date AND web up to date: - # Do nothing - # If Core up to date AND web NOT up to date: - # Pull web repo - # If Core NOT up to date AND web up to date: - # pull pihole repo, run install --unattended -- reconfigure - # if Core NOT up to date AND web NOT up to date: - # pull pihole repo run install --unattended + if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then + web_update=true + echo "::: Web Interface: update available" + else + web_update=false + echo "::: Web Interface: up to date" + fi - if ! ${core_update} && ! ${web_update} ; then - echo ":::" - echo "::: Everything is up to date!" - exit 0 + # Logic + # If Core up to date AND web up to date: + # Do nothing + # If Core up to date AND web NOT up to date: + # Pull web repo + # If Core NOT up to date AND web up to date: + # pull pihole repo, run install --unattended -- reconfigure + # if Core NOT up to date AND web NOT up to date: + # pull pihole repo run install --unattended - elif ! ${core_update} && ${web_update} ; then - echo ":::" - echo "::: Pi-hole Web Admin files out of date" - getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" + if ! ${core_update} && ! ${web_update} ; then + echo ":::" + echo "::: Everything is up to date!" + exit 0 - elif ${core_update} && ! ${web_update} ; then - echo ":::" - echo "::: Pi-hole core files out of date" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 + elif ! ${core_update} && ${web_update} ; then + echo ":::" + echo "::: Pi-hole Web Admin files out of date" + getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}" - elif ${core_update} && ${web_update} ; then - echo ":::" - echo "::: Updating Everything" - getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" - ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 - else - echo "*** Update script has malfunctioned, fallthrough reached. Please contact support" - exit 1 + elif ${core_update} && ! ${web_update} ; then + echo ":::" + echo "::: Pi-hole core files out of date" + getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 + + elif ${core_update} && ${web_update} ; then + echo ":::" + echo "::: Updating Everything" + getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 + else + echo "*** Update script has malfunctioned, fallthrough reached. Please contact support" + exit 1 + fi + else # Web Admin not installed, so only verify if core is up to date + if ! ${core_update}; then + echo ":::" + echo "::: Everything is up to date!" + exit 0 + else + echo ":::" + echo "::: Pi-hole core files out of date" + getGitFiles "${PI_HOLE_FILES_DIR}" "${PI_HOLE_GIT_URL}" + ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || echo "Unable to complete update, contact Pi-hole" && exit 1 + fi fi if [[ "${web_update}" == true ]]; then diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 01f52a85..53db2167 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -9,6 +9,14 @@ # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. +############################################################################### +# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE: # +# /etc/lighttpd/external.conf # +############################################################################### + server.modules = ( "mod_access", "mod_accesslog", @@ -21,15 +29,15 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "pihole/index.php" +server.error-handler-404 = "pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 -accesslog.filename = "/var/log/lighttpd/access.log" -accesslog.format = "%{%s}t|%V|%r|%s|%b" +accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%{%s}t|%V|%r|%s|%b" index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index d2af5bd4..6c5b035b 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -9,6 +9,14 @@ # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. +############################################################################### +# FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE. # +# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # +# # +# CHANGES SHOULD BE MADE IN A SEPERATE CONFIG FILE: # +# /etc/lighttpd/external.conf # +############################################################################### + server.modules = ( "mod_access", "mod_auth", @@ -22,15 +30,15 @@ server.modules = ( ) server.document-root = "/var/www/html" -server.error-handler-404 = "pihole/index.php" +server.error-handler-404 = "pihole/index.php" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "lighttpd" server.groupname = "lighttpd" server.port = 80 -accesslog.filename = "/var/log/lighttpd/access.log" -accesslog.format = "%{%s}t|%V|%r|%s|%b" +accesslog.filename = "/var/log/lighttpd/access.log" +accesslog.format = "%{%s}t|%V|%r|%s|%b" index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 469cd393..0b6abc03 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -34,6 +34,8 @@ useUpdateVars=false IPV4_ADDRESS="" IPV6_ADDRESS="" QUERY_LOGGING=true +INSTALL_WEB=true + # Find the rows and columns will default to 80x24 is it can not be detected screen_size=$(stty size 2>/dev/null || echo 24 80) @@ -63,14 +65,14 @@ if command -v apt-get &> /dev/null; then # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true" # ######################################### - # fixes for dependancy differences + # fixes for dependency differences # Debian 7 doesn't have iproute2 use iproute if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then iproute_pkg="iproute2" else iproute_pkg="iproute" fi - # Prefer the php metapackage if it's there, fall back on the php5 pacakges + # Prefer the php metapackage if it's there, fall back on the php5 packages if ${PKG_MANAGER} install --dry-run php > /dev/null 2>&1; then phpVer="php" else @@ -78,7 +80,8 @@ if command -v apt-get &> /dev/null; then fi # ######################################### INSTALLER_DEPS=(apt-utils debconf dhcpcd5 git ${iproute_pkg} whiptail) - PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lighttpd lsof netcat ${phpVer}-common ${phpVer}-cgi sudo unzip wget) + PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget) + PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi) LIGHTTPD_USER="www-data" LIGHTTPD_GROUP="www-data" LIGHTTPD_CFG="lighttpd.conf.debian" @@ -97,8 +100,8 @@ elif command -v rpm &> /dev/null; then PKG_INSTALL=(${PKG_MANAGER} install -y) PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l" INSTALLER_DEPS=(git iproute net-tools newt procps-ng) - PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils lighttpd lighttpd-fastcgi nmap-ncat php php-common php-cli sudo unzip wget) - + PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget) + PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli) if ! grep -q 'Fedora' /etc/redhat-release; then INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release"); fi @@ -448,6 +451,7 @@ setDNS() { Level3 "" Norton "" Comodo "" + DNSWatch "" Custom "") DNSchoices=$(whiptail --separate-output --menu "Select Upstream DNS Provider. To use your own, select Custom." ${r} ${c} 6 \ "${DNSChooseOptions[@]}" 2>&1 >/dev/tty) || \ @@ -478,6 +482,11 @@ setDNS() { PIHOLE_DNS_1="8.26.56.26" PIHOLE_DNS_2="8.20.247.20" ;; + DNSWatch) + echo "::: Using DNS.WATCH servers." + PIHOLE_DNS_1="84.200.69.80" + PIHOLE_DNS_2="84.200.70.40" + ;; Custom) until [[ ${DNSSettingsCorrect} = True ]]; do strInvalid="Invalid" @@ -546,6 +555,27 @@ setLogging() { esac } +setAdminFlag() { + local WebToggleCommand + local WebChooseOptions + local WebChoices + + WebToggleCommand=(whiptail --separate-output --radiolist "Do you wish to install the web admin interface?" ${r} ${c} 6) + WebChooseOptions=("On (Recommended)" "" on + Off "" off) + WebChoices=$("${WebToggleCommand[@]}" "${WebChooseOptions[@]}" 2>&1 >/dev/tty) || (echo "::: Cancel selected. Exiting..." && exit 1) + case ${WebChoices} in + "On (Recommended)") + echo "::: Web Interface On." + INSTALL_WEB=true + ;; + Off) + echo "::: Web Interface off." + INSTALL_WEB=false + ;; + esac +} + version_check_dnsmasq() { # Check if /etc/dnsmasq.conf is from pihole. If so replace with an original and install new in .d directory @@ -643,19 +673,23 @@ installConfigs() { echo ":::" echo "::: Installing configs..." version_check_dnsmasq - if [ ! -d "/etc/lighttpd" ]; then - mkdir /etc/lighttpd - chown "${USER}":root /etc/lighttpd - elif [ -f "/etc/lighttpd/lighttpd.conf" ]; then - mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig + + #Only mess with lighttpd configs if user has chosen to install web interface + if [[ ${INSTALL_WEB} == true ]]; then + if [ ! -d "/etc/lighttpd" ]; then + mkdir /etc/lighttpd + chown "${USER}":root /etc/lighttpd + elif [ -f "/etc/lighttpd/lighttpd.conf" ]; then + mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig + fi + cp /etc/.pihole/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf + mkdir -p /var/run/lighttpd + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/run/lighttpd + mkdir -p /var/cache/lighttpd/compress + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress + mkdir -p /var/cache/lighttpd/uploads + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads fi - cp /etc/.pihole/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf - mkdir -p /var/run/lighttpd - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/run/lighttpd - mkdir -p /var/cache/lighttpd/compress - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress - mkdir -p /var/cache/lighttpd/uploads - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads } stop_service() { @@ -917,6 +951,17 @@ configureFirewall() { } finalExports() { + + if [[ ${INSTALL_WEB} == false ]]; then + #No web interface installed, and therefore no block page set IPV4/6 to 0.0.0.0 and ::/0 + if [ ${IPV4_ADDRESS} ]; then + IPV4_ADDRESS="0.0.0.0" + fi + if [ ${IPV6_ADDRESS} ]; then + IPV6_ADDRESS="::/0" + fi + fi + # Update variables in setupVars.conf file if [ -e "${setupVars}" ]; then sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/QUERY_LOGGING/d;' "${setupVars}" @@ -928,6 +973,7 @@ finalExports() { echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}" echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}" echo "QUERY_LOGGING=${QUERY_LOGGING}" + echo "INSTALL_WEB=${INSTALL_WEB}" }>> "${setupVars}" # Look for DNS server settings which would have to be reapplied @@ -964,26 +1010,31 @@ installLogrotate() { installPihole() { # Install base files and web interface create_pihole_user - if [ ! -d "/var/www/html" ]; then - mkdir -p /var/www/html - fi - chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/www/html - chmod 775 /var/www/html - usermod -a -G ${LIGHTTPD_GROUP} pihole - if [ -x "$(command -v lighty-enable-mod)" ]; then - lighty-enable-mod fastcgi fastcgi-php > /dev/null || true - else - printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n" + + if [[ ${INSTALL_WEB} == true ]]; then + if [ ! -d "/var/www/html" ]; then + mkdir -p /var/www/html + fi + chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/www/html + chmod 775 /var/www/html + usermod -a -G ${LIGHTTPD_GROUP} pihole + if [ -x "$(command -v lighty-enable-mod)" ]; then + lighty-enable-mod fastcgi fastcgi-php > /dev/null || true + else + printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n" + fi fi installScripts installConfigs CreateLogFile - installPiholeWeb + if [[ ${INSTALL_WEB} == true ]]; then + installPiholeWeb + fi installCron installLogrotate configureFirewall finalExports - runGravity + #runGravity } accountForRefactor() { @@ -1003,17 +1054,17 @@ accountForRefactor() { updatePihole() { accountForRefactor - # Source ${setupVars} for use in the rest of the functions. - source ${setupVars} # Install base files and web interface installScripts installConfigs CreateLogFile - installPiholeWeb + if [[ ${INSTALL_WEB} == true ]]; then + installPiholeWeb + fi installCron installLogrotate finalExports #re-export setupVars.conf to account for any new vars added in new versions - runGravity + #runGravity } @@ -1035,6 +1086,13 @@ checkSelinux() { } displayFinalMessage() { + + if [[ ${INSTALL_WEB} == true ]]; then + additional="View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin + +Your Admin Webpage login password is ${1:-"NOT SET"}" + fi + # Final completion message to user whiptail --msgbox --backtitle "Make it so." --title "Installation Complete!" "Configure your devices to use the Pi-hole as their DNS server using: @@ -1044,9 +1102,8 @@ IPv6: ${IPV6_ADDRESS:-"Not Configured"} If you set a new IP address, you should restart the Pi. The install log is in /etc/pihole. -View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin -Your Admin Webpage login password is ${1:-"NOT SET"}" ${r} ${c} +${additional}" ${r} ${c} } update_dialogs() { @@ -1080,6 +1137,25 @@ update_dialogs() { esac } +clone_or_update_repos() { +if [[ "${reconfigure}" == true ]]; then + echo "::: --reconfigure passed to install script. Not downloading/updating local repos" + else + # Get Git files for Core and Admin + getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || \ + { echo "!!! Unable to clone ${piholeGitUrl} into ${PI_HOLE_LOCAL_REPO}, unable to continue."; \ + exit 1; \ + } + + if [[ ${INSTALL_WEB} == true ]]; then + getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || \ + { echo "!!! Unable to clone ${webInterfaceGitUrl} into ${webInterfaceDir}, unable to continue."; \ + exit 1; \ + } + fi + fi +} + main() { ######## FIRST CHECK ######## @@ -1145,28 +1221,17 @@ main() { # Check if SELinux is Enforcing checkSelinux - if [[ "${reconfigure}" == true ]]; then - echo "::: --reconfigure passed to install script. Not downloading/updating local repos" - else - # Get Git files for Core and Admin - getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || \ - { echo "!!! Unable to clone ${piholeGitUrl} into ${PI_HOLE_LOCAL_REPO}, unable to continue."; \ - exit 1; \ - } - getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || \ - { echo "!!! Unable to clone ${webInterfaceGitUrl} into ${webInterfaceDir}, unable to continue."; \ - exit 1; \ - } - fi if [[ ${useUpdateVars} == false ]]; then # Display welcome dialogs welcomeDialogs # Create directory for Pi-hole storage mkdir -p /etc/pihole/ - # Stop resolver and webserver while installing proceses + stop_service dnsmasq - stop_service lighttpd + if [[ ${INSTALL_WEB} == true ]]; then + stop_service lighttpd + fi # Determine available interfaces get_available_interfaces # Find interfaces and let the user choose one @@ -1175,17 +1240,38 @@ main() { setDNS # Let the user decide if they want to block ads over IPv4 and/or IPv6 use4andor6 + # Let the user decide if they want the web interface to be installed automatically + setAdminFlag # Let the user decide if they want query logging enabled... setLogging + # Clone/Update the repos + clone_or_update_repos + + # Install packages used by the Pi-hole + if [[ ${INSTALL_WEB} == true ]]; then + DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}") + else + DEPS=("${PIHOLE_DEPS[@]}") + fi + install_dependent_packages DEPS[@] - # Install packages used by the Pi-hole - install_dependent_packages PIHOLE_DEPS[@] # Install and log everything to a file installPihole | tee ${tmpLog} else - # update packages used by the Pi-hole - install_dependent_packages PIHOLE_DEPS[@] + # Clone/Update the repos + clone_or_update_repos + + # Source ${setupVars} for use in the rest of the functions. + source ${setupVars} + + # Install packages used by the Pi-hole + if [[ ${INSTALL_WEB} == true ]]; then + DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}") + else + DEPS=("${PIHOLE_DEPS[@]}") + fi + install_dependent_packages DEPS[@] updatePihole | tee ${tmpLog} fi @@ -1193,25 +1279,33 @@ main() { # Move the log file into /etc/pihole for storage mv ${tmpLog} ${instalLogLoc} - # Add password to web UI if there is none - pw="" - if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then - pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) - /usr/local/bin/pihole -a -p "${pw}" - fi - - if [[ "${useUpdateVars}" == false ]]; then - displayFinalMessage "${pw}" + if [[ ${INSTALL_WEB} == true ]]; then + # Add password to web UI if there is none + pw="" + if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then + pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8) + /usr/local/bin/pihole -a -p "${pw}" + fi fi echo "::: Restarting services..." # Start services start_service dnsmasq enable_service dnsmasq - start_service lighttpd - enable_service lighttpd + + if [[ ${INSTALL_WEB} == true ]]; then + start_service lighttpd + enable_service lighttpd + fi + + runGravity + echo "::: done." + if [[ "${useUpdateVars}" == false ]]; then + displayFinalMessage "${pw}" + fi + echo ":::" if [[ "${useUpdateVars}" == false ]]; then echo "::: Installation Complete! Configure your devices to use the Pi-hole as their DNS server using:" @@ -1219,19 +1313,23 @@ main() { echo "::: ${IPV6_ADDRESS}" echo ":::" echo "::: If you set a new IP address, you should restart the Pi." - echo "::: View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin" + if [[ ${INSTALL_WEB} == true ]]; then + echo "::: View the web interface at http://pi.hole/admin or http://${IPV4_ADDRESS%/*}/admin" + fi else echo "::: Update complete!" fi - if (( ${#pw} > 0 )) ; then - echo ":::" - echo "::: Note: As security measure a password has been installed for your web interface" - echo "::: The currently set password is" - echo "::: ${pw}" - echo ":::" - echo "::: You can always change it using" - echo "::: pihole -a -p new_password" + if [[ ${INSTALL_WEB} == true ]]; then + if (( ${#pw} > 0 )) ; then + echo ":::" + echo "::: Note: As security measure a password has been installed for your web interface" + echo "::: The currently set password is" + echo "::: ${pw}" + echo ":::" + echo "::: You can always change it using" + echo "::: pihole -a -p new_password" + fi fi echo ":::"