| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458 | #!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# pi-hole ad blocker
#
# Adapted from instructions at:
#  http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup
#
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim adblocker'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
PIHOLE_IFACE=eth0
PIHOLE_DNS1='85.214.73.63'
PIHOLE_DNS2='213.73.91.35'
piholeBasename=pihole
piholeDir=/etc/$piholeBasename
PIHOLE_CUSTOM_ADLIST=$piholeDir/adlists.list
PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
PIHOLE_WHITELIST=$piholeDir/whitelist.txt
PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
PIHOLE_COMMIT='e602008459128c233899b1e9d70cca0f38f41670'
pihole_variables=(ONION_ONLY
                  PIHOLE_IFACE
                  PIHOLE_DNS1
                  PIHOLE_DNS2)
function logging_on_pihole {
    echo -n ''
}
function logging_off_pihole {
    echo -n ''
}
function pihole_copy_files {
    if [ ! -d /etc/.pihole ]; then
        mkdir /etc/.pihole
    fi
    cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
    cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
    if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
        cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
    fi
    cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
    if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
        rm /etc/dnsmasq.d/01-pihole.conf
    fi
    cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
    cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
    chmod +x /opt/pihole/*.sh
}
function pihole_change_ipv4 {
    new_ipv4="$1"
    if [ -f /usr/local/bin/pihole ]; then
        setupVars=$piholeDir/setupVars.conf
        if [ -f $setupVars ]; then
            sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars
        fi
    fi
}
function pihole_update {
    if [ ! -f /usr/local/bin/gravity.sh ]; then
        return
    fi
    if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
        PIHOLE_IFACE=eth0
    else
        read_config_param WIFI_INTERFACE
        PIHOLE_IFACE=$WIFI_INTERFACE
    fi
    IPv4_address="$(get_ipv4_address)"
    IPv6_address="$(get_ipv6_address)"
    setupVars=$piholeDir/setupVars.conf
    echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars}
    echo "IPV4_ADDRESS=${IPv4_address}" >> ${setupVars}
    if [ ${#IPv6_address} -gt 0 ]; then
        echo "IPV6_ADDRESS=${IPv6_address}" >> ${setupVars}
    fi
    echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
    echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
    echo 'domain-needed' > /etc/dnsmasq.conf
    echo 'bogus-priv' >> /etc/dnsmasq.conf
    echo 'no-resolv' >> /etc/dnsmasq.conf
    echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
    echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
    echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
    echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
    pihole -g
    systemctl restart dnsmasq
    # avoid having the tripwire report pihole updates
    if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/pihole ;' /etc/tripwire/twpol.txt
    fi
}
function pihole_change_upstream_dns {
    data=$(tempfile 2>/dev/null)
    trap "rm -f $data" 0 1 2 5 15
    dialog --backtitle $"Ad Blocker Upstream DNS" \
           --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
           1 $"Digital Courage" on \
           2 $"German Privacy Foundation 1" off \
           3 $"German Privacy Foundation 2" off \
           4 $"Chaos Computer Club" off \
           5 $"ClaraNet" off \
           6 $"OpenNIC 1" off \
           7 $"OpenNIC 2" off \
           8 $"OpenNIC 3" off \
           9 $"OpenNIC 4" off \
           10 $"OpenNIC 5" off \
           11 $"OpenNIC 6" off \
           12 $"OpenNIC 7" off \
           13 $"PowerNS" off \
           14 $"ValiDOM" off \
           15 $"Freie Unzensierte" off \
           16 $"DNS.Watch" off \
           17 $"uncensoreddns.org" off \
           18 $"Lorraine Data Network" off \
           19 $"Google" off 2> $data
    sel=$?
    case $sel in
        1) exit 1;;
        255) exit 1;;
    esac
    case $(cat $data) in
        1) PIHOLE_DNS1='85.214.73.63'
           PIHOLE_DNS2='213.73.91.35'
           ;;
        2) PIHOLE_DNS1='87.118.100.175'
           PIHOLE_DNS2='94.75.228.29'
           ;;
        3) PIHOLE_DNS1='85.25.251.254'
           PIHOLE_DNS2='2.141.58.13'
           ;;
        4) PIHOLE_DNS1='213.73.91.35'
           PIHOLE_DNS2='85.214.73.63'
           ;;
        5) PIHOLE_DNS1='212.82.225.7'
           PIHOLE_DNS2='212.82.226.212'
           ;;
        6) PIHOLE_DNS1='58.6.115.42'
           PIHOLE_DNS2='58.6.115.43'
           ;;
        7) PIHOLE_DNS1='119.31.230.42'
           PIHOLE_DNS2='200.252.98.162'
           ;;
        8) PIHOLE_DNS1='217.79.186.148'
           PIHOLE_DNS2='81.89.98.6'
           ;;
        9) PIHOLE_DNS1='78.159.101.37'
           PIHOLE_DNS2='203.167.220.153'
           ;;
        10) PIHOLE_DNS1='82.229.244.191'
            PIHOLE_DNS2='82.229.244.191'
            ;;
        11) PIHOLE_DNS1='216.87.84.211'
            PIHOLE_DNS2='66.244.95.20'
            ;;
        12) PIHOLE_DNS1='207.192.69.155'
            PIHOLE_DNS2='72.14.189.120'
            ;;
        13) PIHOLE_DNS1='194.145.226.26'
            PIHOLE_DNS2='77.220.232.44'
            ;;
        14) PIHOLE_DNS1='78.46.89.147'
            PIHOLE_DNS2='88.198.75.145'
            ;;
        15) PIHOLE_DNS1='85.25.149.144'
            PIHOLE_DNS2='87.106.37.196'
            ;;
        16) PIHOLE_DNS1='84.200.69.80'
            PIHOLE_DNS2='84.200.70.40'
            ;;
        17) PIHOLE_DNS1='91.239.100.100'
            PIHOLE_DNS2='89.233.43.71'
            ;;
        18) PIHOLE_DNS1='80.67.188.188'
            PIHOLE_DNS2='89.234.141.66'
            ;;
        19) PIHOLE_DNS1='8.8.8.8'
            PIHOLE_DNS2='4.4.4.4'
            dialog --title $"WARNING" \
                   --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
            ;;
        255) exit 1;;
    esac
    write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
    write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
}
function update_pihole_interactive {
    clear
    echo $'Updating Ad Blocker Lists'
    echo ''
    pihole_update
}
function configure_firewall_for_pihole {
    firewall_add DNS 53
}
function pihole_pause {
    pihole disable
    dialog --title $"Pause Ad Blocker" \
           --msgbox $"Ad blocking is paused" 6 60
}
function pihole_resume {
    pihole enable
    dialog --title $"Resume Ad Blocker" \
           --msgbox $"Ad blocking has resumed" 6 60
}
function configure_interactive_pihole {
    while true
    do
        data=$(tempfile 2>/dev/null)
        trap "rm -f $data" 0 1 2 5 15
        dialog --backtitle $"Freedombone Control Panel" \
               --title $"Ad Blocker" \
               --radiolist $"Choose an operation:" 16 70 7 \
               1 $"Edit ads list" off \
               2 $"Edit blacklisted domain names" off \
               3 $"Edit whitelisted domain names" off \
               4 $"Change upstream DNS servers" off \
               5 $"Pause blocker" off \
               6 $"Resume blocker" off \
               7 $"Exit" on 2> $data
        sel=$?
        case $sel in
            1) exit 1;;
            255) exit 1;;
        esac
        case $(cat $data) in
            1) editor $PIHOLE_CUSTOM_ADLIST
               update_pihole_interactive
               ;;
            2) editor $PIHOLE_BLACKLIST
               update_pihole_interactive
               ;;
            3) editor $PIHOLE_WHITELIST
               update_pihole_interactive
               ;;
            4) pihole_change_upstream_dns
               update_pihole_interactive
               ;;
            5) pihole_pause
               ;;
            6) pihole_resume
               ;;
            7) break;;
        esac
    done
}
function install_interactive_pihole {
    APP_INSTALLED=1
}
function reconfigure_pihole {
    echo -n ''
}
function upgrade_pihole {
    CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
    if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
        return
    fi
    function_check set_repo_commit
    set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
    pihole_copy_files
    pihole_update
}
function backup_local_pihole {
    function_check backup_directory_to_usb
    backup_directory_to_usb $piholeDir pihole
}
function restore_local_pihole {
    function_check restore_directory_from_usb
    restore_directory_from_usb / pihole
}
function backup_remote_pihole {
    function_check backup_directory_to_friend
    backup_directory_to_friend $piholeDir pihole
}
function restore_remote_pihole {
    function_check restore_directory_from_friend
    restore_directory_from_friend / pihole
}
function remove_pihole {
    apt-get -yq remove --purge dnsmasq
    if [ ! -d /var/www/pihole ]; then
        rm -rf /var/www/pihole
    fi
    if [ -f /usr/local/bin/gravity.sh ]; then
        rm /usr/local/bin/gravity.sh
    fi
    if [ -f /usr/local/bin/pihole ]; then
        rm /usr/local/bin/pihole
    fi
    if [ -d /opt/pihole ]; then
        rm -rf /opt/pihole
    fi
    if [ -d $piholeDir ]; then
        rm -rf $piholeDir
    fi
    if [ -d /etc/.pihole ]; then
        rm -rf /etc/.pihole
    fi
    if [ -f /var/log/pihole.log ]; then
        rm /var/log/pihole.log
    fi
    if [ -f /etc/cron.d/pihole ]; then
        rm /etc/cron.d/pihole
    fi
    if [ -d $INSTALL_DIR/pihole ]; then
        rm -rf $INSTALL_DIR/pihole
    fi
    firewall_remove 53
    userdel -r pihole
}
function install_pihole {
    apt-get -yq install dnsmasq curl
    adduser --disabled-login --gecos 'pi-hole' pihole
    if [ ! -d /home/pihole ]; then
        echo $"/home/pihole directory not created"
        exit 538929
    fi
    chmod 600 /etc/shadow
    chmod 600 /etc/gshadow
    usermod -a -G www-data pihole
    chmod 0000 /etc/shadow
    chmod 0000 /etc/gshadow
    systemctl enable dnsmasq
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi
    if [ ! -d $INSTALL_DIR/pihole ]; then
        cd $INSTALL_DIR
        if [ -d /repos/pihole ]; then
            mkdir pihole
            cp -r -p /repos/pihole/. pihole
            cd pihole
            git pull
        else
            git_clone $PIHOLE_REPO pihole
        fi
        if [ ! -d $INSTALL_DIR/pihole ]; then
            exit 523925
        fi
        cd $INSTALL_DIR/pihole
        git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
        set_completion_param "pihole commit" "$PIHOLE_COMMIT"
    fi
    if [ ! -d /var/www/pihole/htdocs ]; then
        mkdir -p /var/www/pihole/htdocs
    fi
    # blank file which takes the place of ads
    echo '<html>' > /var/www/pihole/htdocs/index.html
    echo '<body>' >> /var/www/pihole/htdocs/index.html
    echo '</body>' >> /var/www/pihole/htdocs/index.html
    echo '</html>' >> /var/www/pihole/htdocs/index.html
    if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
        exit 26738
    fi
    cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
    chmod 755 /usr/local/bin/gravity.sh
    if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
        exit 52935
    fi
    cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
    chmod 755 /usr/local/bin/pihole
    if [ ! -d $piholeDir ]; then
        mkdir $piholeDir
    fi
    if [ ! -d /opt/pihole ]; then
        mkdir -p /opt/pihole
    fi
    pihole_copy_files
    chown -R www-data:www-data /var/www/pihole/htdocs
    configure_firewall_for_pihole
    pihole_update
    APP_INSTALLED=1
}
# NOTE: deliberately no exit 0
 |