freedombone/src/freedombone-app-pihole

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# pi-hole ad blocker
#
# Adapted from instructions at:
#  http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#manualsetup
#
# License
# =======
#
# Copyright (C) 2016-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim adblocker'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0

PIHOLE_IFACE=eth0
PIHOLE_DNS1='91.239.100.100'
PIHOLE_DNS2='89.233.43.71'

piholeBasename=pihole
piholeDir=/etc/$piholeBasename
PIHOLE_CUSTOM_ADLIST=$piholeDir/adlists.list
PIHOLE_BLACKLIST=$piholeDir/blacklist.txt
PIHOLE_WHITELIST=$piholeDir/whitelist.txt

PIHOLE_REPO="https://github.com/pi-hole/pi-hole"
PIHOLE_COMMIT='fbee18e24d56b418e3329a56ae4156dbe8fe5e1f'

pihole_variables=(ONION_ONLY
                  PIHOLE_IFACE
                  PIHOLE_DNS1
                  PIHOLE_DNS2)

function logging_on_pihole {
    echo -n ''
}

function logging_off_pihole {
    echo -n ''
}

function pihole_copy_files {
    if [ ! -d /etc/.pihole ]; then
        mkdir /etc/.pihole
    fi
    cp "$INSTALL_DIR/pihole/adlists.default" /etc/.pihole/adlists.default
    cp "$INSTALL_DIR/pihole/adlists.default" $piholeDir/adlists.default
    if [ ! -f $PIHOLE_CUSTOM_ADLIST ]; then
        cp "$INSTALL_DIR/pihole/adlists.default" $PIHOLE_CUSTOM_ADLIST
    fi
    cp "$INSTALL_DIR/pihole/advanced/Scripts/"* /opt/$piholeBasename
    if [ -f /etc/dnsmasq.d/01-pihole.conf ]; then
        rm /etc/dnsmasq.d/01-pihole.conf
    fi
    cp "$INSTALL_DIR/pihole/advanced/pihole.cron" /etc/cron.d/pihole
    cp "$INSTALL_DIR/pihole/gravity.sh" /opt/$piholeBasename
    chmod +x /opt/pihole/*.sh
}

function pihole_change_ipv4 {
    new_ipv4="$1"
    if [ -f /usr/local/bin/pihole ]; then
        setupVars=$piholeDir/setupVars.conf
        if [ -f $setupVars ]; then
            sed -i "s|IPv4_address=.*|IPv4_address=${new_ipv4}|g" $setupVars
        fi
    fi
}

function pihole_update {
    if [ ! -f /usr/local/bin/gravity.sh ]; then
        return
    fi

    if [ ! -f "$HOME/${PROJECT_NAME}-wifi.cfg" ]; then
        PIHOLE_IFACE=eth0
    else
        read_config_param WIFI_INTERFACE
        PIHOLE_IFACE=$WIFI_INTERFACE
    fi

    IPv4_address="$(get_ipv4_address)"
    IPv6_address="$(get_ipv6_address)"

    setupVars=$piholeDir/setupVars.conf
    echo "piholeInterface=${PIHOLE_IFACE}" > ${setupVars}
    echo "IPV4_ADDRESS=${IPv4_address}" >> ${setupVars}
    if [ ${#IPv6_address} -gt 0 ]; then
        echo "IPV6_ADDRESS=${IPv6_address}" >> ${setupVars}
    fi
    echo "piholeDNS1=${PIHOLE_DNS1}" >> ${setupVars}
    echo "piholeDNS2=${PIHOLE_DNS1}" >> ${setupVars}

    { echo 'domain-needed';
      echo 'bogus-priv';
      echo 'no-resolv';
      echo "server=${PIHOLE_DNS1}";
      echo "server=${PIHOLE_DNS2}";
      echo "interface=${PIHOLE_IFACE}";
      echo 'listen-address=127.0.0.1'; } > /etc/dnsmasq.conf

    pihole -g
    systemctl restart dnsmasq

    # avoid having the tripwire report pihole updates
    if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then
        sed -i '\|/etc\t\t->.*|a\    !/etc/pihole ;' /etc/tripwire/twpol.txt
    fi
}

function pihole_change_upstream_dns {
    data=$(mktemp 2>/dev/null)
    dialog --backtitle $"Ad Blocker Upstream DNS" \
           --radiolist $"Pick a domain name service (DNS):" 29 50 20 \
           1 $"UncensoredDNS" on \
           2 $"Digital Courage" off \
           3 $"German Privacy Foundation 1" off \
           4 $"German Privacy Foundation 2" off \
           5 $"Chaos Computer Club" off \
           6 $"ClaraNet" off \
           7 $"OpenNIC 1" off \
           8 $"OpenNIC 2" off \
           9 $"OpenNIC 3" off \
           10 $"OpenNIC 4" off \
           11 $"OpenNIC 5" off \
           12 $"OpenNIC 6" off \
           13 $"OpenNIC 7" off \
           14 $"PowerNS" off \
           15 $"ValiDOM" off \
           16 $"Freie Unzensierte" off \
           17 $"DNS.Watch" off \
           18 $"uncensoreddns.org" off \
           19 $"Lorraine Data Network" off \
           20 $"Google" off 2> "$data"
    sel=$?
    case $sel in
        1) rm -f "$data"
           exit 1;;
        255) rm -f "$data"
             exit 1;;
    esac
    case $(cat "$data") in
        1) PIHOLE_DNS1='91.239.100.100'
           PIHOLE_DNS2='89.233.43.71'
           ;;
        2) PIHOLE_DNS1='85.214.73.63'
           PIHOLE_DNS2='213.73.91.35'
           ;;
        3) PIHOLE_DNS1='87.118.100.175'
           PIHOLE_DNS2='94.75.228.29'
           ;;
        4) PIHOLE_DNS1='85.25.251.254'
           PIHOLE_DNS2='2.141.58.13'
           ;;
        5) PIHOLE_DNS1='213.73.91.35'
           PIHOLE_DNS2='85.214.73.63'
           ;;
        6) PIHOLE_DNS1='212.82.225.7'
           PIHOLE_DNS2='212.82.226.212'
           ;;
        7) PIHOLE_DNS1='58.6.115.42'
           PIHOLE_DNS2='58.6.115.43'
           ;;
        8) PIHOLE_DNS1='119.31.230.42'
           PIHOLE_DNS2='200.252.98.162'
           ;;
        9) PIHOLE_DNS1='217.79.186.148'
           PIHOLE_DNS2='81.89.98.6'
           ;;
        10) PIHOLE_DNS1='78.159.101.37'
            PIHOLE_DNS2='203.167.220.153'
            ;;
        11) PIHOLE_DNS1='82.229.244.191'
            PIHOLE_DNS2='82.229.244.191'
            ;;
        12) PIHOLE_DNS1='216.87.84.211'
            PIHOLE_DNS2='66.244.95.20'
            ;;
        13) PIHOLE_DNS1='207.192.69.155'
            PIHOLE_DNS2='72.14.189.120'
            ;;
        14) PIHOLE_DNS1='194.145.226.26'
            PIHOLE_DNS2='77.220.232.44'
            ;;
        15) PIHOLE_DNS1='78.46.89.147'
            PIHOLE_DNS2='88.198.75.145'
            ;;
        16) PIHOLE_DNS1='85.25.149.144'
            PIHOLE_DNS2='87.106.37.196'
            ;;
        17) PIHOLE_DNS1='84.200.69.80'
            PIHOLE_DNS2='84.200.70.40'
            ;;
        18) PIHOLE_DNS1='91.239.100.100'
            PIHOLE_DNS2='89.233.43.71'
            ;;
        19) PIHOLE_DNS1='80.67.188.188'
            PIHOLE_DNS2='89.234.141.66'
            ;;
        20) PIHOLE_DNS1='8.8.8.8'
            PIHOLE_DNS2='4.4.4.4'
            dialog --title $"WARNING" \
                   --msgbox $"\\nGoogle's main purpose for providing DNS resolvers is to spy upon people and know which sites they are visiting.\\n\\nThis is something to consider, and you should only really be using Google DNS as a last resort if other resolvers are unavailable." 12 60
            ;;
        255) rm -f "$data"
             exit 1;;
    esac
    rm -f "$data"
    write_config_param "PIHOLE_DNS1" "$PIHOLE_DNS1"
    write_config_param "PIHOLE_DNS2" "$PIHOLE_DNS2"
}

function update_pihole_interactive {
    clear
    echo $'Updating Ad Blocker Lists'
    echo ''
    pihole_update
}

function configure_firewall_for_pihole {
    firewall_add DNS 53
}

function pihole_pause {
    pihole disable
    dialog --title $"Pause Ad Blocker" \
           --msgbox $"Ad blocking is paused" 6 60
}

function pihole_resume {
    pihole enable
    dialog --title $"Resume Ad Blocker" \
           --msgbox $"Ad blocking has resumed" 6 60
}

function configure_interactive_pihole {
    W=(1 $"Edit ads list"
       2 $"Edit blacklisted domain names"
       3 $"Edit whitelisted domain names"
       4 $"Change upstream DNS servers"
       5 $"Pause blocker"
       6 $"Resume blocker")

    while true
    do
        # shellcheck disable=SC2068
        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Ad blocker" --menu $"Choose an operation, or ESC for main menu:" 13 60 9 "${W[@]}" 3>&2 2>&1 1>&3)

        if [ ! "$selection" ]; then
           break
        fi

        case $selection in
            1) editor $PIHOLE_CUSTOM_ADLIST
               update_pihole_interactive
               ;;
            2) editor $PIHOLE_BLACKLIST
               update_pihole_interactive
               ;;
            3) editor $PIHOLE_WHITELIST
               update_pihole_interactive
               ;;
            4) pihole_change_upstream_dns
               update_pihole_interactive
               ;;
            5) pihole_pause
               ;;
            6) pihole_resume
               ;;
        esac
    done
}

function install_interactive_pihole {
    APP_INSTALLED=1
}

function reconfigure_pihole {
    echo -n ''
}

function upgrade_pihole {
    CURR_PIHOLE_COMMIT=$(get_completion_param "pihole commit")
    if [[ "$CURR_PIHOLE_COMMIT" == "$PIHOLE_COMMIT" ]]; then
        return
    fi

    function_check set_repo_commit
    set_repo_commit "$INSTALL_DIR/pihole" "pihole commit" "$PIHOLE_COMMIT" $PIHOLE_REPO

    pihole_copy_files
    pihole_update
}

function backup_local_pihole {
    function_check backup_directory_to_usb
    backup_directory_to_usb $piholeDir pihole
}

function restore_local_pihole {
    function_check restore_directory_from_usb
    restore_directory_from_usb / pihole
}

function backup_remote_pihole {
    function_check backup_directory_to_friend
    backup_directory_to_friend $piholeDir pihole
}

function restore_remote_pihole {
    function_check restore_directory_from_friend
    restore_directory_from_friend / pihole
}

function remove_pihole {
    apt-get -yq remove --purge dnsmasq

    if [ ! -d /var/www/pihole ]; then
        rm -rf /var/www/pihole
    fi

    if [ -f /usr/local/bin/gravity.sh ]; then
        rm /usr/local/bin/gravity.sh
    fi

    if [ -f /usr/local/bin/pihole ]; then
        rm /usr/local/bin/pihole
    fi

    if [ -d /opt/pihole ]; then
        rm -rf /opt/pihole
    fi

    if [ -d $piholeDir ]; then
        rm -rf $piholeDir
    fi

    if [ -d /etc/.pihole ]; then
        rm -rf /etc/.pihole
    fi

    if [ -f /var/log/pihole.log ]; then
        rm /var/log/pihole.log
    fi

    if [ -f /etc/cron.d/pihole ]; then
        rm /etc/cron.d/pihole
    fi

    if [ -d "$INSTALL_DIR/pihole" ]; then
        rm -rf "$INSTALL_DIR/pihole"
    fi

    firewall_remove 53
    userdel -r pihole
}

function install_pihole {
    apt-get -yq install dnsmasq curl
    adduser --disabled-login --gecos 'pi-hole' pihole
    if [ ! -d /home/pihole ]; then
        echo $"/home/pihole directory not created"
        exit 538929
    fi

    chmod 600 /etc/shadow
    chmod 600 /etc/gshadow
    usermod -a -G www-data pihole
    chmod 0000 /etc/shadow
    chmod 0000 /etc/gshadow

    systemctl enable dnsmasq

    if [ ! -d "$INSTALL_DIR" ]; then
        mkdir -p "$INSTALL_DIR"
    fi

    if [ ! -d "$INSTALL_DIR/pihole" ]; then
        cd "$INSTALL_DIR" || exit 78245624527

        if [ -d /repos/pihole ]; then
            mkdir pihole
            cp -r -p /repos/pihole/. pihole
            cd pihole || exit 24572424684
            git pull
        else
            git_clone $PIHOLE_REPO pihole
        fi

        if [ ! -d "$INSTALL_DIR/pihole" ]; then
            exit 523925
        fi
        cd "$INSTALL_DIR/pihole" || exit 2682468242
        git checkout "$PIHOLE_COMMIT" -b "$PIHOLE_COMMIT"
        set_completion_param "pihole commit" "$PIHOLE_COMMIT"
    fi

    if [ ! -d /var/www/pihole/htdocs ]; then
        mkdir -p /var/www/pihole/htdocs
    fi

    # blank file which takes the place of ads
    { echo '<html>';
      echo '<body>';
      echo '</body>';
      echo '</html>'; } > /var/www/pihole/htdocs/index.html

    if [ ! -f "$INSTALL_DIR/pihole/gravity.sh" ]; then
        exit 26738
    fi
    cp "$INSTALL_DIR/pihole/gravity.sh" /usr/local/bin/gravity.sh
    chmod 755 /usr/local/bin/gravity.sh

    if [ ! -f "$INSTALL_DIR/pihole/pihole" ]; then
        exit 52935
    fi
    cp "$INSTALL_DIR/pihole/pihole" /usr/local/bin/pihole
    chmod 755 /usr/local/bin/pihole

    if [ ! -d $piholeDir ]; then
        mkdir $piholeDir
    fi
    if [ ! -d /opt/pihole ]; then
        mkdir -p /opt/pihole
    fi

    pihole_copy_files

    chown -R www-data:www-data /var/www/pihole/htdocs

    configure_firewall_for_pihole

    pihole_update

    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0