free
/
freedombone


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
							#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# pi-hole ad blocker
#
# Adapted from instructions at:
#  http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup
#
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim adblocker'

IN_DEFAULT_INSTALL=1

PIHOLE_IFACE=eth0
PIHOLE_DNS1='85.214.73.63'
PIHOLE_DNS2='213.73.91.35'

piholeBasename=pihole
piholeDir=/etc/$piholeBasename
PIHOLE_ADLIST=$piholeDir/gravity.list
PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
PIHOLE_WHITELIST=$piholeDir/whitelist.txt

PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
PIHOLE_COMMIT='dce24df37922171cef1dd3c3a025c09cb4a6a818'

pihole_variables=(ONION_ONLY
                  PIHOLE_IFACE
                  PIHOLE_DNS1
                  PIHOLE_DNS2)

function pihole_copy_files {
    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
    if [ ! -f $PIHOLE_ADLIST ]; then
        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_ADLIST
    fi
    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
    cp $INSTALL_DIR/pihole/advanced/01-pihole.conf /etc/dnsmasq.d/01-pihole.conf
    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
}

function pihole_change_ipv4 {
    new_ipv4="$1"
    if [ -f /usr/local/bin/pihole ]; then
        setupVars=$piholeDir/setupVars.conf
        if [ -f $setupVars ]; then
            sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars
        fi
    fi
}

function pihole_update {
    if [ ! -f /usr/local/bin/gravity.sh ]; then
        return
    fi

    IPv4_address=$(get_ipv4_address)
    IPv6_address=$(get_ipv6_address)

    setupVars=$piholeDir/setupVars.conf
    echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars}
    echo "IPv4_address=${IPv4_address}" >> ${setupVars}
    echo "IPv6_address=${IPv6_address}" >> ${setupVars}
    echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
    echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}

    echo 'domain-needed' > /etc/dnsmasq.conf
    echo 'bogus-priv' >> /etc/dnsmasq.conf
    echo 'no-resolv' >> /etc/dnsmasq.conf
    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
    echo 'log-queries' >> /etc/dnsmasq.conf

    sed -i "0,/RE/s/server=.*/server=${PIHOLE_DNS1}/" /etc/dnsmasq.d/01-pihole.conf
    sed -i "1,/RE/s/server=.*/server=${PIHOLE_DNS2}/" /etc/dnsmasq.d/01-pihole.conf
    sed -i "s|interface=.*|interface=${PIHOLE_IFACE}|g" /etc/dnsmasq.d/01-pihole.conf

    systemctl restart dnsmasq

    pihole -g
}

function pihole_change_upstream_dns {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --backtitle $"Ad Blocker Upstream DNS" \
           --radiolist $"Pick a domain name service (DNS):" 25 50 16 \
           1 $"Digital Courage" on \
           2 $"German Privacy Foundation 1" off \
           3 $"German Privacy Foundation 2" off \
           4 $"Chaos Computer Club" off \
           5 $"ClaraNet" off \
           6 $"OpenNIC 1" off \
           7 $"OpenNIC 2" off \
           8 $"OpenNIC 3" off \
           9 $"OpenNIC 4" off \
           10 $"OpenNIC 5" off \
           11 $"OpenNIC 6" off \
           12 $"OpenNIC 7" off \
           13 $"PowerNS" off \
           14 $"ValiDOM" off \
           15 $"Freie Unzensierte" off \
           16 $"Google" off 2> $data
    sel=$?
    case $sel in
        1) exit 1;;
        255) exit 1;;
    esac
    case $(cat $data) in
        1) PIHOLE_DNS1='85.214.73.63'
           PIHOLE_DNS2='213.73.91.35'
           ;;
        2) PIHOLE_DNS1='87.118.100.175'
           PIHOLE_DNS2='94.75.228.29'
           ;;
        3) PIHOLE_DNS1='85.25.251.254'
           PIHOLE_DNS2='2.141.58.13'
           ;;
        4) PIHOLE_DNS1='213.73.91.35'
           PIHOLE_DNS2='85.214.73.63'
           ;;
        5) PIHOLE_DNS1='212.82.225.7'
           PIHOLE_DNS2='212.82.226.212'
           ;;
        6) PIHOLE_DNS1='58.6.115.42'
           PIHOLE_DNS2='58.6.115.43'
           ;;
        7) PIHOLE_DNS1='119.31.230.42'
           PIHOLE_DNS2='200.252.98.162'
           ;;
        8) PIHOLE_DNS1='217.79.186.148'
           PIHOLE_DNS2='81.89.98.6'
           ;;
        9) PIHOLE_DNS1='78.159.101.37'
           PIHOLE_DNS2='203.167.220.153'
           ;;
        10) PIHOLE_DNS1='82.229.244.191'
            PIHOLE_DNS2='82.229.244.191'
            ;;
        11) PIHOLE_DNS1='216.87.84.211'
            PIHOLE_DNS2='66.244.95.20'
            ;;
        12) PIHOLE_DNS1='207.192.69.155'
            PIHOLE_DNS2='72.14.189.120'
            ;;
        13) PIHOLE_DNS1='194.145.226.26'
            PIHOLE_DNS2='77.220.232.44'
            ;;
        14) PIHOLE_DNS1='78.46.89.147'
            PIHOLE_DNS2='88.198.75.145'
            ;;
        15) PIHOLE_DNS1='85.25.149.144'
            PIHOLE_DNS2='87.106.37.196'
            ;;
        16) PIHOLE_DNS1='8.8.8.8'
            PIHOLE_DNS2='4.4.4.4'
            ;;
        255) exit 1;;
    esac
    write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
    write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
}

function update_pihole_interactive {
    clear
    echo $'Updating Ad Blocker Lists'
    echo ''
    pihole_update
}

function configure_firewall_for_pihole {
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
    #iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
    function_check save_firewall_settings
    save_firewall_settings

    OPEN_PORTS+=('DNS      53')
    mark_completed $FUNCNAME
}

function configure_interactive_pihole {
    while true
    do
        data=$(tempfile 2>/dev/null)
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Ad Blocker" \
               --radiolist $"Choose an operation:" 14 70 5 \
               1 $"Edit ads list" off \
               2 $"Edit blacklisted domain names" off \
               3 $"Edit whitelisted domain names" off \
               4 $"Change upstream DNS servers" off \
               5 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) exit 1;;
            255) exit 1;;
        esac
        case $(cat $data) in
            1) editor $PIHOLE_ADLIST
               update_pihole_interactive
               ;;
            2) editor $PIHOLE_BLACKLIST
               update_pihole_interactive
               ;;
            3) editor $PIHOLE_WHITELIST
               update_pihole_interactive
               ;;
            4) pihole_change_upstream_dns
               update_pihole_interactive
               ;;
            5) break;;
        esac
    done
}

function install_interactive_pihole {
    APP_INSTALLED=1
}

function change_password_pihole {
    echo -n ''
}

function reconfigure_pihole {
    echo -n ''
}

function upgrade_pihole {
    function_check set_repo_commit
    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO

    pihole_copy_files
    pihole_update
}

function backup_local_pihole {
    function_check backup_directory_to_usb
    backup_directory_to_usb $piholeDir pihole
}

function restore_local_pihole {
    function_check restore_directory_from_usb
    restore_directory_from_usb / pihole
}

function backup_remote_pihole {
    function_check backup_directory_to_friend
    backup_directory_to_friend $piholeDir pihole
}

function restore_remote_pihole {
    function_check restore_directory_from_friend
    restore_directory_from_friend / pihole
}

function remove_pihole {
    apt-get -y remove --purge dnsmasq

    if [ ! -d /var/www/pihole ]; then
        rm -rf /var/www/pihole
    fi

    if [ -f /usr/local/bin/gravity.sh ]; then
        rm /usr/local/bin/gravity.sh
    fi

    if [ -f /usr/local/bin/pihole ]; then
        rm /usr/local/bin/pihole
    fi

    if [ -d /opt/pihole ]; then
        rm -rf /opt/pihole
    fi

    if [ -d $piholeDir ]; then
        rm -rf $piholeDir
    fi

    if [ -f /var/log/pihole.log ]; then
        rm /var/log/pihole.log
    fi

    if [ -f /etc/cron.d/pihole ]; then
        rm /etc/cron.d/pihole
    fi

    userdel -r pihole
}

function install_pihole {
    apt-get -y install dnsmasq curl
    adduser --disabled-login --gecos 'pi-hole' pihole
    usermod -a -G www-data pihole

    systemctl enable dnsmasq

    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi

    if [ ! -d $INSTALL_DIR/pihole ]; then
        cd $INSTALL_DIR
        git_clone $PIHOLE_REPO pihole
        if [ ! -d $INSTALL_DIR/pihole ]; then
            exit 523925
        fi
        cd $INSTALL_DIR/pihole
        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
        set_completion_param "pihole commit" "$PIHOLE_COMMIT"
    fi

    if [ ! -d /var/www/pihole/htdocs ]; then
        mkdir -p /var/www/pihole/htdocs
    fi

    # blank file which takes the place of ads
    echo '<html>' > /var/www/pihole/htdocs/index.html
    echo '<body>' >> /var/www/pihole/htdocs/index.html
    echo '</body>' >> /var/www/pihole/htdocs/index.html
    echo '</html>' >> /var/www/pihole/htdocs/index.html

    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
        exit 26738
    fi
    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
    chmod 755 /usr/local/bin/gravity.sh

    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
        exit 52935
    fi
    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
    chmod 755 /usr/local/bin/pihole

    if [ ! -d $piholeDir ]; then
        mkdir $piholeDir
    fi
    if [ ! -d /opt/pihole ]; then
        mkdir -p /opt/pihole
    fi

    pihole_copy_files

    chown -R www-data:www-data /var/www/pihole/htdocs

    configure_firewall_for_pihole

    pihole_update

    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0