From 8fb3ccc147b1c86a0accf62dcc40f017a505dec7 Mon Sep 17 00:00:00 2001
From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Mon, 3 Feb 2025 11:18:50 -0500
Subject: [PATCH] installer: use a drop-in to disable systemd-resolved stub
 listener

systemd-resolved supports drop-in config snippets, e.g. by placing .conf
files in /etc/systemd/resolved.conf.d. During install, use a drop-in
config to set DNSStubListener=no, instead of modifying the main config.

This is generally better practice, and also prevents conflicts when
distribution packages are upgraded, which may include new versions of
/etc/systemd/resolved.conf.

Signed-off-by: Nick Rosbrook <enr0n@ubuntu.com>
---
 automated install/basic-install.sh | 23 +++++++++--------------
 automated install/uninstall.sh     |  5 +++--
 2 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index 719a57fc..b40d4e60 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -1436,20 +1436,15 @@ disable_resolved_stublistener() {
     printf "  %b Testing if systemd-resolved is enabled\\n" "${INFO}"
     # Check if Systemd-resolved's DNSStubListener is enabled and active on port 53
     if check_service_active "systemd-resolved"; then
-        # Check if DNSStubListener is enabled
-        printf "  %b %b Testing if systemd-resolved DNSStub-Listener is active" "${OVER}" "${INFO}"
-        if (grep -E '#?DNSStubListener=yes' /etc/systemd/resolved.conf &>/dev/null); then
-            # Disable the DNSStubListener to unbind it from port 53
-            # Note that this breaks dns functionality on host until ftl are up and running
-            printf "%b  %b Disabling systemd-resolved DNSStubListener" "${OVER}" "${TICK}"
-            # Make a backup of the original /etc/systemd/resolved.conf
-            # (This will need to be restored on uninstallation)
-            sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
-            printf " and restarting systemd-resolved\\n"
-            systemctl reload-or-restart systemd-resolved
-        else
-            printf "%b  %b Systemd-resolved does not need to be restarted\\n" "${OVER}" "${INFO}"
-        fi
+        # Disable the DNSStubListener to unbind it from port 53
+        # Note that this breaks dns functionality on host until FTL is up and running
+        printf "%b  %b Disabling systemd-resolved DNSStubListener\\n" "${OVER}" "${TICK}"
+        mkdir -p /etc/systemd/resolved.conf.d
+        cat > /etc/systemd/resolved.conf.d/90-pi-hole-disable-stub-listener.conf << EOF
+[Resolve]
+DNSStubListener=no
+EOF
+        systemctl reload-or-restart systemd-resolved
     else
         printf "%b  %b Systemd-resolved is not enabled\\n" "${OVER}" "${INFO}"
     fi
diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh
index a073c319..39c13037 100755
--- a/automated install/uninstall.sh	
+++ b/automated install/uninstall.sh	
@@ -94,8 +94,9 @@ removePiholeFiles() {
     echo -e "  ${TICK} Removed config files"
 
     # Restore Resolved
-    if [[ -e /etc/systemd/resolved.conf.orig ]]; then
-        ${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
+    if [[ -e /etc/systemd/resolved.conf.orig ]] || [[ -e /etc/systemd/resolved.conf.d/90-pi-hole-disable-stub-listener.conf ]]; then
+        ${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf &> /dev/null || true
+        ${SUDO} rm -f /etc/systemd/resolved.conf.d/90-pi-hole-disable-stub-listener.conf
         systemctl reload-or-restart systemd-resolved
     fi