freedombone-app-pihole 13KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # pi-hole ad blocker
  12. #
  13. # Adapted from instructions at:
  14. # http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup
  15. #
  16. # License
  17. # =======
  18. #
  19. # Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
  20. #
  21. # This program is free software: you can redistribute it and/or modify
  22. # it under the terms of the GNU Affero General Public License as published by
  23. # the Free Software Foundation, either version 3 of the License, or
  24. # (at your option) any later version.
  25. #
  26. # This program is distributed in the hope that it will be useful,
  27. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  28. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  29. # GNU Affero General Public License for more details.
  30. #
  31. # You should have received a copy of the GNU Affero General Public License
  32. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  33. VARIANTS='full full-vim adblocker'
  34. IN_DEFAULT_INSTALL=0
  35. SHOW_ON_ABOUT=0
  36. PIHOLE_IFACE=eth0
  37. PIHOLE_DNS1='85.214.73.63'
  38. PIHOLE_DNS2='213.73.91.35'
  39. piholeBasename=pihole
  40. piholeDir=/etc/$piholeBasename
  41. PIHOLE_CUSTOM_ADLIST=$piholeDir/adlists.list
  42. PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
  43. PIHOLE_WHITELIST=$piholeDir/whitelist.txt
  44. PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
  45. PIHOLE_COMMIT='e602008459128c233899b1e9d70cca0f38f41670'
  46. pihole_variables=(ONION_ONLY
  47. PIHOLE_IFACE
  48. PIHOLE_DNS1
  49. PIHOLE_DNS2)
  50. function logging_on_pihole {
  51. echo -n ''
  52. }
  53. function logging_off_pihole {
  54. echo -n ''
  55. }
  56. function pihole_copy_files {
  57. if [ ! -d /etc/.pihole ]; then
  58. mkdir /etc/.pihole
  59. fi
  60. cp $INSTALL_DIR/pihole/adlists.default /etc/.pihole/adlists.default
  61. cp $INSTALL_DIR/pihole/adlists.default $piholeDir/adlists.default
  62. if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
  63. cp $INSTALL_DIR/pihole/adlists.default $PIHOLE_CUSTOM_ADLIST
  64. fi
  65. cp $INSTALL_DIR/pihole/advanced/Scripts/* /opt/$piholeBasename
  66. if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
  67. rm /etc/dnsmasq.d/01-pihole.conf
  68. fi
  69. cp $INSTALL_DIR/pihole/advanced/pihole.cron /etc/cron.d/pihole
  70. cp $INSTALL_DIR/pihole/gravity.sh /opt/$piholeBasename
  71. chmod +x /opt/pihole/*.sh
  72. }
  73. function pihole_change_ipv4 {
  74. new_ipv4="$1"
  75. if [ -f /usr/local/bin/pihole ]; then
  76. setupVars=$piholeDir/setupVars.conf
  77. if [ -f $setupVars ]; then
  78. sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars
  79. fi
  80. fi
  81. }
  82. function pihole_update {
  83. if [ ! -f /usr/local/bin/gravity.sh ]; then
  84. return
  85. fi
  86. if [ ! -f $HOME/${PROJECT_NAME}-wifi.cfg ]; then
  87. PIHOLE_IFACE=eth0
  88. else
  89. read_config_param WIFI_INTERFACE
  90. PIHOLE_IFACE=$WIFI_INTERFACE
  91. fi
  92. IPv4_address="$(get_ipv4_address)"
  93. IPv6_address="$(get_ipv6_address)"
  94. setupVars=$piholeDir/setupVars.conf
  95. echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars}
  96. echo "IPV4_ADDRESS=${IPv4_address}" >> ${setupVars}
  97. if [ ${#IPv6_address} -gt 0 ]; then
  98. echo "IPV6_ADDRESS=${IPv6_address}" >> ${setupVars}
  99. fi
  100. echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
  101. echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}
  102. echo 'domain-needed' > /etc/dnsmasq.conf
  103. echo 'bogus-priv' >> /etc/dnsmasq.conf
  104. echo 'no-resolv' >> /etc/dnsmasq.conf
  105. echo "server=${PIHOLE_DNS1}" >> /etc/dnsmasq.conf
  106. echo "server=${PIHOLE_DNS2}" >> /etc/dnsmasq.conf
  107. echo "interface=${PIHOLE_IFACE}" >> /etc/dnsmasq.conf
  108. echo 'listen-address=127.0.0.1' >> /etc/dnsmasq.conf
  109. pihole -g
  110. systemctl restart dnsmasq
  111. # avoid having the tripwire report pihole updates
  112. if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
  113. sed -i '\|/etc\t\t->.*|a\ !/etc/pihole ;' /etc/tripwire/twpol.txt
  114. fi
  115. }
  116. function pihole_change_upstream_dns {
  117. data=$(tempfile 2>/dev/null)
  118. trap "rm -f $data" 0 1 2 5 15
  119. dialog --backtitle $"Ad Blocker Upstream DNS" \
  120. --radiolist $"Pick a domain name service (DNS):" 28 50 19 \
  121. 1 $"Digital Courage" on \
  122. 2 $"German Privacy Foundation 1" off \
  123. 3 $"German Privacy Foundation 2" off \
  124. 4 $"Chaos Computer Club" off \
  125. 5 $"ClaraNet" off \
  126. 6 $"OpenNIC 1" off \
  127. 7 $"OpenNIC 2" off \
  128. 8 $"OpenNIC 3" off \
  129. 9 $"OpenNIC 4" off \
  130. 10 $"OpenNIC 5" off \
  131. 11 $"OpenNIC 6" off \
  132. 12 $"OpenNIC 7" off \
  133. 13 $"PowerNS" off \
  134. 14 $"ValiDOM" off \
  135. 15 $"Freie Unzensierte" off \
  136. 16 $"DNS.Watch" off \
  137. 17 $"uncensoreddns.org" off \
  138. 18 $"Lorraine Data Network" off \
  139. 19 $"Google" off 2> $data
  140. sel=$?
  141. case $sel in
  142. 1) exit 1;;
  143. 255) exit 1;;
  144. esac
  145. case $(cat $data) in
  146. 1) PIHOLE_DNS1='85.214.73.63'
  147. PIHOLE_DNS2='213.73.91.35'
  148. ;;
  149. 2) PIHOLE_DNS1='87.118.100.175'
  150. PIHOLE_DNS2='94.75.228.29'
  151. ;;
  152. 3) PIHOLE_DNS1='85.25.251.254'
  153. PIHOLE_DNS2='2.141.58.13'
  154. ;;
  155. 4) PIHOLE_DNS1='213.73.91.35'
  156. PIHOLE_DNS2='85.214.73.63'
  157. ;;
  158. 5) PIHOLE_DNS1='212.82.225.7'
  159. PIHOLE_DNS2='212.82.226.212'
  160. ;;
  161. 6) PIHOLE_DNS1='58.6.115.42'
  162. PIHOLE_DNS2='58.6.115.43'
  163. ;;
  164. 7) PIHOLE_DNS1='119.31.230.42'
  165. PIHOLE_DNS2='200.252.98.162'
  166. ;;
  167. 8) PIHOLE_DNS1='217.79.186.148'
  168. PIHOLE_DNS2='81.89.98.6'
  169. ;;
  170. 9) PIHOLE_DNS1='78.159.101.37'
  171. PIHOLE_DNS2='203.167.220.153'
  172. ;;
  173. 10) PIHOLE_DNS1='82.229.244.191'
  174. PIHOLE_DNS2='82.229.244.191'
  175. ;;
  176. 11) PIHOLE_DNS1='216.87.84.211'
  177. PIHOLE_DNS2='66.244.95.20'
  178. ;;
  179. 12) PIHOLE_DNS1='207.192.69.155'
  180. PIHOLE_DNS2='72.14.189.120'
  181. ;;
  182. 13) PIHOLE_DNS1='194.145.226.26'
  183. PIHOLE_DNS2='77.220.232.44'
  184. ;;
  185. 14) PIHOLE_DNS1='78.46.89.147'
  186. PIHOLE_DNS2='88.198.75.145'
  187. ;;
  188. 15) PIHOLE_DNS1='85.25.149.144'
  189. PIHOLE_DNS2='87.106.37.196'
  190. ;;
  191. 16) PIHOLE_DNS1='84.200.69.80'
  192. PIHOLE_DNS2='84.200.70.40'
  193. ;;
  194. 17) PIHOLE_DNS1='91.239.100.100'
  195. PIHOLE_DNS2='89.233.43.71'
  196. ;;
  197. 18) PIHOLE_DNS1='80.67.188.188'
  198. PIHOLE_DNS2='89.234.141.66'
  199. ;;
  200. 19) PIHOLE_DNS1='8.8.8.8'
  201. PIHOLE_DNS2='4.4.4.4'
  202. dialog --title $"WARNING" \
  203. --msgbox $"\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\n\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
  204. ;;
  205. 255) exit 1;;
  206. esac
  207. write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
  208. write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
  209. }
  210. function update_pihole_interactive {
  211. clear
  212. echo $'Updating Ad Blocker Lists'
  213. echo ''
  214. pihole_update
  215. }
  216. function configure_firewall_for_pihole {
  217. firewall_add DNS 53
  218. }
  219. function pihole_pause {
  220. pihole disable
  221. dialog --title $"Pause Ad Blocker" \
  222. --msgbox $"Ad blocking is paused" 6 60
  223. }
  224. function pihole_resume {
  225. pihole enable
  226. dialog --title $"Resume Ad Blocker" \
  227. --msgbox $"Ad blocking has resumed" 6 60
  228. }
  229. function configure_interactive_pihole {
  230. while true
  231. do
  232. data=$(tempfile 2>/dev/null)
  233. trap "rm -f $data" 0 1 2 5 15
  234. dialog --backtitle $"Freedombone Control Panel" \
  235. --title $"Ad Blocker" \
  236. --radiolist $"Choose an operation:" 16 70 7 \
  237. 1 $"Edit ads list" off \
  238. 2 $"Edit blacklisted domain names" off \
  239. 3 $"Edit whitelisted domain names" off \
  240. 4 $"Change upstream DNS servers" off \
  241. 5 $"Pause blocker" off \
  242. 6 $"Resume blocker" off \
  243. 7 $"Exit" on 2> $data
  244. sel=$?
  245. case $sel in
  246. 1) exit 1;;
  247. 255) exit 1;;
  248. esac
  249. case $(cat $data) in
  250. 1) editor $PIHOLE_CUSTOM_ADLIST
  251. update_pihole_interactive
  252. ;;
  253. 2) editor $PIHOLE_BLACKLIST
  254. update_pihole_interactive
  255. ;;
  256. 3) editor $PIHOLE_WHITELIST
  257. update_pihole_interactive
  258. ;;
  259. 4) pihole_change_upstream_dns
  260. update_pihole_interactive
  261. ;;
  262. 5) pihole_pause
  263. ;;
  264. 6) pihole_resume
  265. ;;
  266. 7) break;;
  267. esac
  268. done
  269. }
  270. function install_interactive_pihole {
  271. APP_INSTALLED=1
  272. }
  273. function reconfigure_pihole {
  274. echo -n ''
  275. }
  276. function upgrade_pihole {
  277. CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
  278. if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
  279. return
  280. fi
  281. function_check set_repo_commit
  282. set_repo_commit $INSTALL_DIR/pihole "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO
  283. pihole_copy_files
  284. pihole_update
  285. }
  286. function backup_local_pihole {
  287. function_check backup_directory_to_usb
  288. backup_directory_to_usb $piholeDir pihole
  289. }
  290. function restore_local_pihole {
  291. function_check restore_directory_from_usb
  292. restore_directory_from_usb / pihole
  293. }
  294. function backup_remote_pihole {
  295. function_check backup_directory_to_friend
  296. backup_directory_to_friend $piholeDir pihole
  297. }
  298. function restore_remote_pihole {
  299. function_check restore_directory_from_friend
  300. restore_directory_from_friend / pihole
  301. }
  302. function remove_pihole {
  303. apt-get -yq remove --purge dnsmasq
  304. if [ ! -d /var/www/pihole ]; then
  305. rm -rf /var/www/pihole
  306. fi
  307. if [ -f /usr/local/bin/gravity.sh ]; then
  308. rm /usr/local/bin/gravity.sh
  309. fi
  310. if [ -f /usr/local/bin/pihole ]; then
  311. rm /usr/local/bin/pihole
  312. fi
  313. if [ -d /opt/pihole ]; then
  314. rm -rf /opt/pihole
  315. fi
  316. if [ -d $piholeDir ]; then
  317. rm -rf $piholeDir
  318. fi
  319. if [ -d /etc/.pihole ]; then
  320. rm -rf /etc/.pihole
  321. fi
  322. if [ -f /var/log/pihole.log ]; then
  323. rm /var/log/pihole.log
  324. fi
  325. if [ -f /etc/cron.d/pihole ]; then
  326. rm /etc/cron.d/pihole
  327. fi
  328. if [ -d $INSTALL_DIR/pihole ]; then
  329. rm -rf $INSTALL_DIR/pihole
  330. fi
  331. firewall_remove 53
  332. userdel -r pihole
  333. }
  334. function install_pihole {
  335. apt-get -yq install dnsmasq curl
  336. adduser --disabled-login --gecos 'pi-hole' pihole
  337. if [ ! -d /home/pihole ]; then
  338. echo $"/home/pihole directory not created"
  339. exit 538929
  340. fi
  341. chmod 600 /etc/shadow
  342. chmod 600 /etc/gshadow
  343. usermod -a -G www-data pihole
  344. chmod 0000 /etc/shadow
  345. chmod 0000 /etc/gshadow
  346. systemctl enable dnsmasq
  347. if [ ! -d $INSTALL_DIR ]; then
  348. mkdir -p $INSTALL_DIR
  349. fi
  350. if [ ! -d $INSTALL_DIR/pihole ]; then
  351. cd $INSTALL_DIR
  352. if [ -d /repos/pihole ]; then
  353. mkdir pihole
  354. cp -r -p /repos/pihole/. pihole
  355. cd pihole
  356. git pull
  357. else
  358. git_clone $PIHOLE_REPO pihole
  359. fi
  360. if [ ! -d $INSTALL_DIR/pihole ]; then
  361. exit 523925
  362. fi
  363. cd $INSTALL_DIR/pihole
  364. git checkout $PIHOLE_COMMIT -b $PIHOLE_COMMIT
  365. set_completion_param "pihole commit" "$PIHOLE_COMMIT"
  366. fi
  367. if [ ! -d /var/www/pihole/htdocs ]; then
  368. mkdir -p /var/www/pihole/htdocs
  369. fi
  370. # blank file which takes the place of ads
  371. echo '<html>' > /var/www/pihole/htdocs/index.html
  372. echo '<body>' >> /var/www/pihole/htdocs/index.html
  373. echo '</body>' >> /var/www/pihole/htdocs/index.html
  374. echo '</html>' >> /var/www/pihole/htdocs/index.html
  375. if [ ! -f $INSTALL_DIR/pihole/gravity.sh ]; then
  376. exit 26738
  377. fi
  378. cp $INSTALL_DIR/pihole/gravity.sh /usr/local/bin/gravity.sh
  379. chmod 755 /usr/local/bin/gravity.sh
  380. if [ ! -f $INSTALL_DIR/pihole/pihole ]; then
  381. exit 52935
  382. fi
  383. cp $INSTALL_DIR/pihole/pihole /usr/local/bin/pihole
  384. chmod 755 /usr/local/bin/pihole
  385. if [ ! -d $piholeDir ]; then
  386. mkdir $piholeDir
  387. fi
  388. if [ ! -d /opt/pihole ]; then
  389. mkdir -p /opt/pihole
  390. fi
  391. pihole_copy_files
  392. chown -R www-data:www-data /var/www/pihole/htdocs
  393. configure_firewall_for_pihole
  394. pihole_update
  395. APP_INSTALLED=1
  396. }
  397. # NOTE: deliberately no exit 0