forked from pi-hole/docker-pi-hole
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bash_functions.sh
335 lines (291 loc) · 11.4 KB
/
bash_functions.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
#!/bin/bash
# Some of the bash_functions use variables these core pi-hole/web scripts
. /opt/pihole/webpage.sh
fix_capabilities() {
setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+ei $(which pihole-FTL) || ret=$?
if [[ $ret -ne 0 && "${DNSMASQ_USER:-root}" != "root" ]]; then
echo "ERROR: Failed to set capabilities for pihole-FTL. Cannot run as non-root."
exit 1
fi
}
prepare_configs() {
# Done in /start.sh, don't do twice
PH_TEST=true . $PIHOLE_INSTALL
# Set Debian webserver variables for installConfigs
LIGHTTPD_USER="www-data"
LIGHTTPD_GROUP="www-data"
LIGHTTPD_CFG="lighttpd.conf.debian"
installConfigs
touch "$setupVars"
set +e
mkdir -p /var/run/pihole /var/log/pihole
# Re-apply perms from basic-install over any volume mounts that may be present (or not)
# Also similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
chown pihole:root /etc/lighttpd
chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole"
chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
chown pihole:pihole /var/run/pihole /var/log/pihole
test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /var/log/pihole.log
if [[ -e /etc/pihole/dhcp.leases ]]; then
chown pihole:pihole /etc/pihole/dhcp.leases
fi
chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
set -e
# Update version numbers
pihole updatechecker
# Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
# If the setup variable file exists,
if [[ -e "${setupVars}" ]]; then
cp -f "${setupVars}" "${setupVars}.update.bak"
fi
}
validate_env() {
# Optional ServerIP is a valid IP
# nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
# if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
if [[ "$(nc -4 -w1 -z "$ServerIP" 53 2>&1)" != "" ]] && ! ip route get "$ServerIP" > /dev/null ; then
echo "ERROR: ServerIP Environment variable ($ServerIP) doesn't appear to be a valid IPv4 address"
exit 1
fi
# Optional IPv6 is a valid address
if [[ -n "$ServerIPv6" ]] ; then
if [[ "$ServerIPv6" == 'kernel' ]] ; then
echo "ERROR: You passed in IPv6 with a value of 'kernel', this maybe beacuse you do not have IPv6 enabled on your network"
unset ServerIPv6
exit 1
fi
if [[ "$(nc -6 -w1 -z "$ServerIPv6" 53 2>&1)" != "" ]] && ! ip route get "$ServerIPv6" > /dev/null ; then
echo "ERROR: ServerIPv6 Environment variable ($ServerIPv6) doesn't appear to be a valid IPv6 address"
echo " TIP: If your server is not IPv6 enabled just remove '-e ServerIPv6' from your docker container"
exit 1
fi
fi;
}
setup_dnsmasq_interface() {
local interface="${1:-eth0}"
local interfaceType='default'
if [ "$interface" != 'eth0' ] ; then
interfaceType='custom'
fi;
echo "DNSMasq binding to $interfaceType interface: $interface"
[ -n "$interface" ] && change_setting "PIHOLE_INTERFACE" "${interface}"
}
setup_dnsmasq_listening_behaviour() {
local dnsmasq_listening_behaviour="${1}"
if [ -n "$dnsmasq_listening_behaviour" ]; then
change_setting "DNSMASQ_LISTENING" "${dnsmasq_listening_behaviour}"
fi;
}
setup_dnsmasq_config_if_missing() {
# When fresh empty directory volumes are used we miss this file
if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
fi;
}
setup_dnsmasq() {
local interface="$1"
local dnsmasq_listening_behaviour="$2"
# Coordinates
setup_dnsmasq_config_if_missing
setup_dnsmasq_interface "$interface"
setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
setup_dnsmasq_user "${DNSMASQ_USER}"
ProcessDNSSettings
}
setup_dnsmasq_user() {
local DNSMASQ_USER="${1}"
# Run DNSMASQ as root user to avoid SHM permission issues
if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
# Change user that had been set previously to root
for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
done
else
echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
fi
}
setup_dnsmasq_hostnames() {
# largely borrowed from automated install/basic-install.sh
local IPV4_ADDRESS="${1}"
local IPV6_ADDRESS="${2}"
local hostname="${3}"
local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
if [ -z "$hostname" ]; then
if [[ -f /etc/hostname ]]; then
hostname=$(</etc/hostname)
elif [ -x "$(command -v hostname)" ]; then
hostname=$(hostname -f)
fi
fi;
if [[ "${IPV4_ADDRESS}" != "" ]]; then
tmp=${IPV4_ADDRESS%/*}
sed -i "s/@IPV4@/$tmp/" ${dnsmasq_pihole_01_location}
else
sed -i '/^address=\/pi.hole\/@IPV4@/d' ${dnsmasq_pihole_01_location}
sed -i '/^address=\/@HOSTNAME@\/@IPV4@/d' ${dnsmasq_pihole_01_location}
fi
if [[ "${IPV6_ADDRESS}" != "" ]]; then
sed -i "s/@IPv6@/$IPV6_ADDRESS/" ${dnsmasq_pihole_01_location}
else
sed -i '/^address=\/pi.hole\/@IPv6@/d' ${dnsmasq_pihole_01_location}
sed -i '/^address=\/@HOSTNAME@\/@IPv6@/d' ${dnsmasq_pihole_01_location}
fi
if [[ "${hostname}" != "" ]]; then
sed -i "s/@HOSTNAME@/$hostname/" ${dnsmasq_pihole_01_location}
else
sed -i '/^address=\/@HOSTNAME@*/d' ${dnsmasq_pihole_01_location}
fi
}
setup_lighttpd_bind() {
local serverip="$1"
# if using '--net=host' only bind lighttpd on $ServerIP and localhost
if grep -q "docker" /proc/net/dev && [[ $serverip != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
fi
fi
}
setup_php_env() {
if [ -z "$VIRTUAL_HOST" ] ; then
VIRTUAL_HOST="$ServerIP"
fi;
local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\","
local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\","
local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\","
# idempotent line additions
grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \
sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG"
grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \
sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG"
grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \
sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG"
echo "Added ENV to php:"
grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
}
setup_web_port() {
local warning="WARNING: Custom WEB_PORT not used"
# Quietly exit early for empty or default
if [[ -z "${1}" || "${1}" == '80' ]] ; then return ; fi
if ! echo $1 | grep -q '^[0-9][0-9]*$' ; then
echo "$warning - $1 is not an integer"
return
fi
local -i web_port="$1"
if (( $web_port < 1 || $web_port > 65535 )); then
echo "$warning - $web_port is not within valid port range of 1-65535"
return
fi
echo "Custom WEB_PORT set to $web_port"
echo "INFO: Without proper router DNAT forwarding to $ServerIP:$web_port, you may not get any blocked websites on ads"
# Update lighttpd's port
sed -i '/server.port\s*=\s*80\s*$/ s/80/'$WEB_PORT'/g' /etc/lighttpd/lighttpd.conf
}
load_web_password_secret() {
# If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
# allowing secrets to be passed via docker secrets
if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
fi;
}
generate_password() {
if [ -z "${WEBPASSWORD+x}" ] ; then
# Not set at all, give the user a random pass
WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
echo "Assigning random password: $WEBPASSWORD"
fi;
}
setup_web_password() {
setup_var_exists "WEBPASSWORD" && return
PASS="$1"
# Explicitly turn off bash printing when working with secrets
{ set +x; } 2>/dev/null
if [[ "$PASS" == "" ]] ; then
echo "" | pihole -a -p
else
pihole -a -p "$PASS" "$PASS"
fi
# To avoid printing this if conditional in bash debug, turn off debug above..
# then re-enable debug if necessary (more code but cleaner printed output)
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x
fi
}
setup_ipv4_ipv6() {
local ip_versions="IPv4 and IPv6"
if [ "$IPv6" != "True" ] ; then
ip_versions="IPv4"
sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
fi;
echo "Using $ip_versions"
}
test_configs() {
set -e
echo -n '::: Testing pihole-FTL DNS: '
sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
echo -n '::: Testing lighttpd config: '
lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
set +e
echo "::: All config checks passed, cleared for startup ..."
}
setup_blocklists() {
local blocklists="$1"
# Exit/return early without setting up adlists with defaults for any of the following conditions:
# 1. skip_setup_blocklists env is set
exit_string="(exiting ${FUNCNAME[0]} early)"
if [ -n "${skip_setup_blocklists}" ]; then
echo "::: skip_setup_blocklists requested ($exit_string)"
return
fi
# 2. The adlist file exists already (restarted container or volume mounted list)
if [ -f "${adlistFile}" ]; then
echo "::: Preexisting ad list ${adlistFile} detected ($exit_string)"
cat "${adlistFile}"
return
fi
echo "::: ${FUNCNAME[0]} now setting default blocklists up: "
echo "::: TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
installDefaultBlocklists
echo "::: Blocklists (${adlistFile}) now set to:"
cat "${adlistFile}"
}
setup_var_exists() {
local KEY="$1"
if [ -n "$2" ]; then
local REQUIRED_VALUE="[^\n]+"
fi
if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
echo "::: Pre existing ${KEY} found"
true
else
false
fi
}
setup_temp_unit() {
local UNIT="$1"
# check if var is empty
if [[ "$UNIT" != "" ]] ; then
# check if we have valid units
if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then
pihole -a -${UNIT}
fi
fi
}
setup_ui_layout() {
local LO=$1
# check if var is empty
if [[ "$LO" != "" ]] ; then
# check if we have valid types boxed | traditional
if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then
change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT"
fi
fi
}
setup_admin_email() {
local EMAIL=$1
# check if var is empty
if [[ "$EMAIL" != "" ]] ; then
pihole -a -e "$EMAIL"
fi
}