#!/usr/bin/env bash
# Pi-hole: A black hole for Internet advertisements
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# Web interface settings
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

args=("$@")

helpFunc() {
	cat << EOM
::: Set admin options for the web interface of pihole
:::
::: Usage: pihole -a [options]
:::
::: Options:
:::  -p, password		Set web interface password, an empty input will remove any previously set password
:::  -c, celsius		Set Celcius temperature unit
:::  -f, fahrenheit		Set Fahrenheit temperature unit
:::  -h, --help			Show this help dialog
EOM
	exit 0
}

SetTemperatureUnit(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/TEMPERATUREUNIT/d' /etc/pihole/setupVars.conf
	# Save setting to file
	if [[ $unit == "F" ]] ; then
		echo "TEMPERATUREUNIT=F" >> /etc/pihole/setupVars.conf
	else
		echo "TEMPERATUREUNIT=C" >> /etc/pihole/setupVars.conf
	fi

}

SetWebPassword(){

	if [ "${SUDO_USER}" == "www-data" ]; then
		echo "Security measure: user www-data is not allowed to change webUI password!"
		echo "Exiting"
		exit 1
	fi

	if [ "${SUDO_USER}" == "lighttpd" ]; then
		echo "Security measure: user lighttpd is not allowed to change webUI password!"
		echo "Exiting"
		exit 1
	fi

	# Remove password from file (create backup setupVars.conf.bak)
	sed -i.bak '/WEBPASSWORD/d' /etc/pihole/setupVars.conf
	# Set password only if there is one to be set
	if (( ${#args[2]} > 0 )) ; then
		# Compute password hash twice to avoid rainbow table vulnerability
		hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//')
		hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
		# Save hash to file
		echo "WEBPASSWORD=${hash}" >> /etc/pihole/setupVars.conf
		echo "New password set"
	else
		echo "Password removed"
	fi

}

SetDNSServers(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/DNS_FQDN_REQUIRED/d;' /etc/pihole/setupVars.conf
	# Save setting to file
	echo "PIHOLE_DNS_1=${args[2]}" >> /etc/pihole/setupVars.conf
	if [[ "${args[3]}" != "none" ]]; then
		echo "PIHOLE_DNS_2=${args[3]}" >> /etc/pihole/setupVars.conf
	else
		echo "PIHOLE_DNS_2=" >> /etc/pihole/setupVars.conf
	fi

	# Replace within actual dnsmasq config file
	sed -i '/server=/d;' /etc/dnsmasq.d/01-pihole.conf
	echo "server=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf
	if [[ "${args[3]}" != "none" ]]; then
		echo "server=${args[3]}" >> /etc/dnsmasq.d/01-pihole.conf
	fi

	# Remove domain-needed entry
	sed -i '/domain-needed/d;' /etc/dnsmasq.d/01-pihole.conf

	# Readd it if required
	if [[ "${args[4]}" == "domain-needed" ]]; then
		echo "domain-needed" >> /etc/dnsmasq.d/01-pihole.conf
		echo "DNS_FQDN_REQUIRED=true" >> /etc/pihole/setupVars.conf
	else
		# Leave it deleted if not wanted
		echo "DNS_FQDN_REQUIRED=false" >> /etc/pihole/setupVars.conf
	fi

	# Remove bogus-priv entry
	sed -i '/bogus-priv/d;' /etc/dnsmasq.d/01-pihole.conf

	# Readd it if required
	if [[ "${args[5]}" == "bogus-priv" ]]; then
		echo "bogus-priv" >> /etc/dnsmasq.d/01-pihole.conf
		echo "DNS_BOGUS_PRIV=true" >> /etc/pihole/setupVars.conf
	else
		# Leave it deleted if not wanted
		echo "DNS_BOGUS_PRIV=false" >> /etc/pihole/setupVars.conf
	fi

	# Restart dnsmasq to load new configuration
	RestartDNS

}

SetExcludeDomains(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/API_EXCLUDE_DOMAINS/d;' /etc/pihole/setupVars.conf
	# Save setting to file
	echo "API_EXCLUDE_DOMAINS=${args[2]}" >> /etc/pihole/setupVars.conf
}

SetExcludeClients(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/API_EXCLUDE_CLIENTS/d;' /etc/pihole/setupVars.conf
	# Save setting to file
	echo "API_EXCLUDE_CLIENTS=${args[2]}" >> /etc/pihole/setupVars.conf
}

Reboot(){

	nohup bash -c "sleep 5; reboot" &> /dev/null </dev/null &

}

RestartDNS(){

	if [ -x "$(command -v systemctl)" ]; then
		systemctl restart dnsmasq &> /dev/null
	else
		service dnsmasq restart &> /dev/null
	fi

}

SetQueryLogOptions(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/API_QUERY_LOG_SHOW/d;' /etc/pihole/setupVars.conf
	# Save setting to file
	echo "API_QUERY_LOG_SHOW=${args[2]}" >> /etc/pihole/setupVars.conf
}

EnableDHCP(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/DHCP_/d;' /etc/pihole/setupVars.conf
	echo "DHCP_ACTIVE=true" >> /etc/pihole/setupVars.conf
	echo "DHCP_START=${args[2]}" >> /etc/pihole/setupVars.conf
	echo "DHCP_END=${args[3]}" >> /etc/pihole/setupVars.conf
	echo "DHCP_ROUTER=${args[4]}" >> /etc/pihole/setupVars.conf

	# Remove setting from file
	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf
	# Save setting to file
	echo "dhcp-range=${args[2]},${args[3]},infinite" >> /etc/dnsmasq.d/01-pihole.conf
	echo "dhcp-option=option:router,${args[4]}" >> /etc/dnsmasq.d/01-pihole.conf
	# Changes the behaviour from strict RFC compliance so that DHCP requests on unknown leases from unknown hosts are not ignored. This allows new hosts to get a lease without a tedious timeout under all circumstances. It also allows dnsmasq to rebuild its lease database without each client needing to reacquire a lease, if the database is lost.
	echo "dhcp-authoritative" >> /etc/dnsmasq.d/01-pihole.conf
	# Use the specified file to store DHCP lease information
	echo "dhcp-leasefile=/etc/pihole/dhcp.leases" >> /etc/dnsmasq.d/01-pihole.conf
	# Suppress logging of the routine operation of these protocols. Errors and problems will still be logged, though.
	echo "quiet-dhcp" >> /etc/dnsmasq.d/01-pihole.conf
	echo "quiet-dhcp6" >> /etc/dnsmasq.d/01-pihole.conf

	RestartDNS
}

DisableDHCP(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/DHCP_ACTIVE/d;' /etc/pihole/setupVars.conf
	echo "DHCP_ACTIVE=false" >> /etc/pihole/setupVars.conf

	# Remove setting from file
	sed -i '/dhcp-/d;/quiet-dhcp/d;' /etc/dnsmasq.d/01-pihole.conf

	RestartDNS
}

SetWebUILayout(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/WEBUIBOXEDLAYOUT/d;' /etc/pihole/setupVars.conf
	echo "WEBUIBOXEDLAYOUT=${args[2]}" >> /etc/pihole/setupVars.conf

}

SetDNSDomainName(){

	# Remove setting from file (create backup setupVars.conf.bak)
	sed -i.bak '/PIHOLE_DOMAIN/d;' /etc/pihole/setupVars.conf
	# Save setting to file
	echo "PIHOLE_DOMAIN=${args[2]}" >> /etc/pihole/setupVars.conf

	# Replace within actual dnsmasq config file
	sed -i '/domain=/d;' /etc/dnsmasq.d/01-pihole.conf
	echo "domain=${args[2]}" >> /etc/dnsmasq.d/01-pihole.conf

	# Restart dnsmasq to load new configuration
	RestartDNS

}

case "${args[1]}" in
	"-p" | "password"   ) SetWebPassword;;
	"-c" | "celsius"    ) unit="C"; SetTemperatureUnit;;
	"-f" | "fahrenheit" ) unit="F"; SetTemperatureUnit;;
	"setdns"            ) SetDNSServers;;
	"setexcludedomains" ) SetExcludeDomains;;
	"setexcludeclients" ) SetExcludeClients;;
	"reboot"            ) Reboot;;
	"restartdns"        ) RestartDNS;;
	"setquerylog"       ) SetQueryLogOptions;;
	"enabledhcp"        ) EnableDHCP;;
	"disabledhcp"       ) DisableDHCP;;
	"layout"            ) SetWebUILayout;;
	"-h" | "--help"     ) helpFunc;;
	"domainname"        ) SetDNSDomainName;;
	*                   ) helpFunc;;
esac

shift

if [[ $# = 0 ]]; then
	helpFunc
fi