Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env bash
- # Pi-hole and open road warrior mash-up for set-up only
- set -e
- ######## VARIABLES #########
- tmpLog=/tmp/pihole-install.log
- instalLogLoc=/etc/pihole/install.log
- setupVars=/etc/pihole/setupVars.conf
- lighttpdConfig=/etc/lighttpd/lighttpd.conf
- webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git"
- webInterfaceDir="/var/www/html/admin"
- piholeGitUrl="https://github.com/pi-hole/pi-hole.git"
- PI_HOLE_LOCAL_REPO="/etc/.pihole"
- PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage)
- PI_HOLE_INSTALL_DIR="/opt/pihole"
- useUpdateVars=false
- IPV4_ADDRESS=""
- IPV6_ADDRESS=""
- QUERY_LOGGING=true
- INSTALL_WEB=true
- # Find the rows and columns will default to 80x24 is it can not be detected
- screen_size=$(stty size 2>/dev/null || echo 24 80)
- rows=$(echo "${screen_size}" | awk '{print $1}')
- columns=$(echo "${screen_size}" | awk '{print $2}')
- # Divide by two so the dialogs take up half of the screen, which looks nice.
- r=$(( rows / 2 ))
- c=$(( columns / 2 ))
- # Unless the screen is tiny
- r=$(( r < 20 ? 20 : r ))
- c=$(( c < 70 ? 70 : c ))
- ######## Undocumented Flags. Shhh ########
- skipSpaceCheck=false
- reconfigure=false
- runUnattended=false
- newclient () {
- # Generates the custom client.ovpn
- cp /etc/openvpn/client-common.txt ~/$1.ovpn
- echo "<ca>" >> ~/$1.ovpn
- cat /etc/openvpn/easy-rsa/pki/ca.crt >> ~/$1.ovpn
- echo "</ca>" >> ~/$1.ovpn
- echo "<cert>" >> ~/$1.ovpn
- cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> ~/$1.ovpn
- echo "</cert>" >> ~/$1.ovpn
- echo "<key>" >> ~/$1.ovpn
- cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
- echo "</key>" >> ~/$1.ovpn
- echo "<tls-auth>" >> ~/$1.ovpn
- cat /etc/openvpn/ta.key >> ~/$1.ovpn
- echo "</tls-auth>" >> ~/$1.ovpn
- }
- install_OpenVPN() {
- if readlink /proc/$$/exe | grep -qs "dash"; then
- echo "This script needs to be run with bash, not sh"
- exit 1
- fi
- if [[ "$EUID" -ne 0 ]]; then
- echo "Sorry, you need to run this as root"
- exit 2
- fi
- if [[ ! -e /dev/net/tun ]]; then
- echo "The TUN device is not available
- You need to enable TUN before running this script"
- exit 3
- fi
- if grep -qs "CentOS release 5" "/etc/redhat-release"; then
- echo "CentOS 5 is too old and not supported"
- exit 4
- fi
- if [[ -e /etc/debian_version ]]; then
- OS=debian
- GROUPNAME=nogroup
- RCLOCAL='/etc/rc.local'
- elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
- OS=centos
- GROUPNAME=nobody
- RCLOCAL='/etc/rc.d/rc.local'
- else
- echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"
- exit 5
- fi
- # Try to get our IP from the system and fallback to the Internet.
- # I do this to make the script compatible with NATed servers (lowendspirit.com)
- # and to avoid getting an IPv6.
- IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
- if [[ "$IP" = "" ]]; then
- IP=$(wget -4qO- "http://whatismyip.akamai.com/")
- fi
- clear
- IP=$IP
- PROTOCOL=udp
- PORT=1194
- CLIENT="mastercert"
- #read -n1 -r -p "Press any key to continue..."
- if [[ "$OS" = 'debian' ]]; then
- apt-get update
- apt-get install openvpn iptables openssl ca-certificates -y
- else
- # Else, the distro is CentOS
- yum install epel-release -y
- yum install openvpn iptables openssl wget ca-certificates -y
- fi
- # An old version of easy-rsa was available by default in some openvpn packages
- if [[ -d /etc/openvpn/easy-rsa/ ]]; then
- rm -rf /etc/openvpn/easy-rsa/
- fi
- # Get easy-rsa
- wget -O ~/EasyRSA-3.0.1.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz"
- tar xzf ~/EasyRSA-3.0.1.tgz -C ~/
- mv ~/EasyRSA-3.0.1/ /etc/openvpn/
- mv /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/
- chown -R root:root /etc/openvpn/easy-rsa/
- rm -rf ~/EasyRSA-3.0.1.tgz
- cd /etc/openvpn/easy-rsa/
- # Create the PKI, set up the CA, the DH params and the server + client certificates
- ./easyrsa init-pki
- ./easyrsa --batch build-ca nopass
- ./easyrsa gen-dh
- ./easyrsa build-server-full server nopass
- ./easyrsa build-client-full $CLIENT nopass
- ./easyrsa gen-crl
- # Move the stuff we need
- cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
- # CRL is read with each client connection, when OpenVPN is dropped to nobody
- chown nobody:$GROUPNAME /etc/openvpn/crl.pem
- # Generate key for tls-auth
- openvpn --genkey --secret /etc/openvpn/ta.key
- # Generate server.conf
- echo "port $PORT
- proto $PROTOCOL
- dev tun
- sndbuf 0
- rcvbuf 0
- ca ca.crt
- cert server.crt
- key server.key
- dh dh.pem
- auth SHA512
- tls-auth ta.key 0
- topology subnet
- server 10.8.0.0 255.255.255.0
- ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
- echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
- echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
- echo "keepalive 10 120
- cipher AES-256-CBC
- comp-lzo
- user nobody
- group $GROUPNAME
- persist-key
- persist-tun
- status openvpn-status.log
- verb 3
- crl-verify crl.pem" >> /etc/openvpn/server.conf
- # Enable net.ipv4.ip_forward for the system
- sed -i '/\<net.ipv4.ip_forward\>/c\net.ipv4.ip_forward=1' /etc/sysctl.conf
- if ! grep -q "\<net.ipv4.ip_forward\>" /etc/sysctl.conf; then
- echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
- fi
- # Avoid an unneeded reboot
- echo 1 > /proc/sys/net/ipv4/ip_forward
- if pgrep firewalld; then
- # Using both permanent and not permanent rules to avoid a firewalld
- # reload.
- # We don't use --add-service=openvpn because that would only work with
- # the default port and protocol.
- firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
- firewall-cmd --zone=trusted --add-source=10.8.0.0/24
- firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
- firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
- # Set NAT for the VPN subnet
- firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
- firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
- else
- # Needed to use rc.local with some systemd distros
- if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then
- echo '#!/bin/sh -e
- exit 0' > $RCLOCAL
- fi
- chmod +x $RCLOCAL
- # Set NAT for the VPN subnet
- iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
- sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL
- if iptables -L -n | grep -qE '^(REJECT|DROP)'; then
- # If iptables has at least one REJECT rule, we asume this is needed.
- # Not the best approach but I can't think of other and this shouldn't
- # cause problems.
- iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT
- iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
- iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- sed -i "1 a\iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT" $RCLOCAL
- sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
- sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
- fi
- fi
- # If SELinux is enabled and a custom port or TCP was selected, we need this
- if hash sestatus 2>/dev/null; then
- if sestatus | grep "Current mode" | grep -qs "enforcing"; then
- if [[ "$PORT" != '1194' || "$PROTOCOL" = 'tcp' ]]; then
- # semanage isn't available in CentOS 6 by default
- if ! hash semanage 2>/dev/null; then
- yum install policycoreutils-python -y
- fi
- semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT
- fi
- fi
- fi
- # And finally, restart OpenVPN
- if [[ "$OS" = 'debian' ]]; then
- # Little hack to check for systemd
- if pgrep systemd-journal; then
- systemctl restart openvpn@server.service
- else
- /etc/init.d/openvpn restart
- fi
- else
- if pgrep systemd-journal; then
- systemctl restart openvpn@server.service
- systemctl enable openvpn@server.service
- else
- service openvpn restart
- chkconfig openvpn on
- fi
- fi
- # Try to detect a NATed connection and ask about it to potential LowEndSpirit users
- EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/")
- if [[ "$IP" != "$EXTERNALIP" ]]; then
- echo ""
- echo "Looks like your server is behind a NAT!"
- echo ""
- echo "If your server is NATed (e.g. LowEndSpirit), I need to know the external IP"
- echo "If that's not the case, just ignore this and leave the next field blank"
- read -p "External IP: " -e USEREXTERNALIP
- if [[ "$USEREXTERNALIP" != "" ]]; then
- IP=$USEREXTERNALIP
- fi
- fi
- # client-common.txt is created so we have a template to add further users later
- echo "client
- dev tun
- proto $PROTOCOL
- sndbuf 0
- rcvbuf 0
- remote $IP $PORT
- resolv-retry infinite
- nobind
- persist-key
- persist-tun
- remote-cert-tls server
- auth SHA512
- cipher AES-256-CBC
- comp-lzo
- setenv opt block-outside-dns
- key-direction 1
- verb 3" > /etc/openvpn/client-common.txt
- # Generates the custom client.ovpn
- newclient "$CLIENT"
- echo ""
- echo "Finished!"
- }
- # Compatibility
- distro_check() {
- if command -v apt-get &> /dev/null; then
- #Debian Family
- #############################################
- PKG_MANAGER="apt-get"
- UPDATE_PKG_CACHE="test_dpkg_lock; ${PKG_MANAGER} update"
- PKG_INSTALL=(${PKG_MANAGER} --yes --no-install-recommends install)
- # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
- PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
- # #########################################
- # fixes for dependency differences
- # Debian 7 doesn't have iproute2 use iproute
- if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then
- iproute_pkg="iproute2"
- else
- iproute_pkg="iproute"
- fi
- # Prefer the php metapackage if it's there, fall back on the php5 packages
- if ${PKG_MANAGER} install --dry-run php > /dev/null 2>&1; then
- phpVer="php"
- else
- phpVer="php5"
- fi
- # #########################################
- INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
- PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget)
- PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi)
- LIGHTTPD_USER="www-data"
- LIGHTTPD_GROUP="www-data"
- LIGHTTPD_CFG="lighttpd.conf.debian"
- DNSMASQ_USER="dnsmasq"
- test_dpkg_lock() {
- i=0
- while fuser /var/lib/dpkg/lock >/dev/null 2>&1 ; do
- sleep 0.5
- ((i=i+1))
- done
- # Always return success, since we only return if there is no
- # lock (anymore)
- return 0
- }
- elif command -v rpm &> /dev/null; then
- # Fedora Family
- if command -v dnf &> /dev/null; then
- PKG_MANAGER="dnf"
- else
- PKG_MANAGER="yum"
- fi
- # Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
- UPDATE_PKG_CACHE=":"
- PKG_INSTALL=(${PKG_MANAGER} install -y)
- PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
- INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
- PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget)
- PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli)
- if ! grep -q 'Fedora' /etc/redhat-release; then
- INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release");
- fi
- LIGHTTPD_USER="lighttpd"
- LIGHTTPD_GROUP="lighttpd"
- LIGHTTPD_CFG="lighttpd.conf.fedora"
- DNSMASQ_USER="nobody"
- else
- echo "OS distribution not supported"
- exit
- fi
- }
- is_repo() {
- # Use git to check if directory is currently under VCS, return the value 128
- # if directory is not a repo. Return 1 if directory does not exist.
- local directory="${1}"
- local curdir
- local rc
- curdir="${PWD}"
- if [[ -d "${directory}" ]]; then
- # git -C is not used here to support git versions older than 1.8.4
- cd "${directory}"
- git status --short &> /dev/null || rc=$?
- else
- # non-zero return code if directory does not exist
- rc=1
- fi
- cd "${curdir}"
- return "${rc:-0}"
- }
- make_repo() {
- local directory="${1}"
- local remoteRepo="${2}"
- echo -n "::: Cloning ${remoteRepo} into ${directory}..."
- # Clean out the directory if it exists for git to clone into
- if [[ -d "${directory}" ]]; then
- rm -rf "${directory}"
- fi
- git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $?
- echo " done!"
- return 0
- }
- update_repo() {
- local directory="${1}"
- local curdir
- curdir="${PWD}"
- cd "${directory}" &> /dev/null || return 1
- # Pull the latest commits
- echo -n "::: Updating repo in ${1}..."
- git stash --all --quiet &> /dev/null || true # Okay for stash failure
- git clean --force -d || true # Okay for already clean directory
- git pull --quiet &> /dev/null || return $?
- echo " done!"
- cd "${curdir}" &> /dev/null || return 1
- return 0
- }
- getGitFiles() {
- # Setup git repos for directory and repository passed
- # as arguments 1 and 2
- local directory="${1}"
- local remoteRepo="${2}"
- echo ":::"
- echo "::: Checking for existing repository..."
- if is_repo "${directory}"; then
- update_repo "${directory}" || { echo "*** Error: Could not update local repository. Contact support."; exit 1; }
- echo " done!"
- else
- make_repo "${directory}" "${remoteRepo}" || { echo "Unable to clone repository, please contact support"; exit 1; }
- echo " done!"
- fi
- return 0
- }
- find_IPv4_information() {
- local route
- # Find IP used to route to outside world
- route=$(ip route get 8.8.8.8)
- IPv4dev=$(awk '{for (i=1; i<=NF; i++) if ($i~/dev/) print $(i+1)}' <<< "${route}")
- IPv4bare=$(awk '{print $7}' <<< "${route}")
- #-add
- #IPV4_ADDRESS=$(ip -o -f inet addr show | grep "${IPv4bare}" | awk '{print $4}' | awk 'END {print}')
- IPV4_ADDRESS=10.8.0.1/24
- IPv4gw=$(awk '{print $3}' <<< "${route}")
- }
- verifyFreeDiskSpace() {
- }
- useIPv6dialog() {
- # Show the IPv6 address used for blocking
- IPV6_ADDRESS=$(ip -6 route get 2001:4860:4860::8888 | grep -v "unreachable" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
- #if [[ ! -z "${IPV6_ADDRESS}" ]]; then
- #whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." ${r} ${c}
- #fi
- }
- use4andor6() {
- local useIPv4
- local useIPv6
- # Let use select IPv4 and/or IPv6
- #cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)" ${r} ${c} 2)
- #options=(IPv4 "Block ads over IPv4" on
- #IPv6 "Block ads over IPv6" on)
- #choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { echo "::: Cancel selected. Exiting"; exit 1; }
- #for choice in ${choices}
- #do
- #case ${choice} in
- #IPv4 ) useIPv4=true;;
- #IPv6 ) useIPv6=true;;
- #esac
- #done
- # -
- useIPv4=true
- useIPv6=true
- if [[ ${useIPv4} ]]; then
- find_IPv4_information
- #getStaticIPv4Settings
- setStaticIPv4
- fi
- if [[ ${useIPv6} ]]; then
- useIPv6dialog
- fi
- echo "::: IPv4 address: ${IPV4_ADDRESS}"
- echo "::: IPv6 address: ${IPV6_ADDRESS}"
- if [ ! ${useIPv4} ] && [ ! ${useIPv6} ]; then
- echo "::: Cannot continue, neither IPv4 or IPv6 selected"
- echo "::: Exiting"
- exit 1
- fi
- }
- setDHCPCD() {
- # Append these lines to dhcpcd.conf to enable a static IP
- echo "interface ${PIHOLE_INTERFACE}
- static ip_address=${IPV4_ADDRESS}
- static routers=${IPv4gw}
- static domain_name_servers=${IPv4gw}" | tee -a /etc/dhcpcd.conf >/dev/null
- }
- setStaticIPv4() {
- local IFCFG_FILE
- local IPADDR
- local CIDR
- if [[ -f /etc/dhcpcd.conf ]]; then
- # Debian Family
- if grep -q "${IPV4_ADDRESS}" /etc/dhcpcd.conf; then
- echo "::: Static IP already configured"
- else
- setDHCPCD
- ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
- echo ":::"
- echo "::: Setting IP to ${IPV4_ADDRESS}. You may need to restart after the install is complete."
- echo ":::"
- fi
- elif [[ -f /etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE} ]];then
- # Fedora Family
- IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}
- if grep -q "${IPV4_ADDRESS}" "${IFCFG_FILE}"; then
- echo "::: Static IP already configured"
- else
- IPADDR=$(echo "${IPV4_ADDRESS}" | cut -f1 -d/)
- CIDR=$(echo "${IPV4_ADDRESS}" | cut -f2 -d/)
- # Backup existing interface configuration:
- cp "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
- # Build Interface configuration file:
- {
- echo "# Configured via Pi-hole installer"
- echo "DEVICE=$PIHOLE_INTERFACE"
- echo "BOOTPROTO=none"
- echo "ONBOOT=yes"
- echo "IPADDR=$IPADDR"
- echo "PREFIX=$CIDR"
- echo "GATEWAY=$IPv4gw"
- echo "DNS1=$PIHOLE_DNS_1"
- echo "DNS2=$PIHOLE_DNS_2"
- echo "USERCTL=no"
- }> "${IFCFG_FILE}"
- ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
- if command -v nmcli &> /dev/null;then
- # Tell NetworkManager to read our new sysconfig file
- nmcli con load "${IFCFG_FILE}" > /dev/null
- fi
- echo ":::"
- echo "::: Setting IP to ${IPV4_ADDRESS}. You may need to restart after the install is complete."
- echo ":::"
- fi
- else
- echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
- exit 1
- fi
- }
- valid_ip() {
- local ip=${1}
- local stat=1
- if [[ ${ip} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
- OIFS=$IFS
- IFS='.'
- ip=(${ip})
- IFS=${OIFS}
- [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
- && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
- stat=$?
- fi
- return ${stat}
- }
- version_check_dnsmasq() {
- # Check if /etc/dnsmasq.conf is from pihole. If so replace with an original and install new in .d directory
- local dnsmasq_conf="/etc/dnsmasq.conf"
- local dnsmasq_conf_orig="/etc/dnsmasq.conf.orig"
- local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list"
- local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original"
- local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf"
- local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
- if [ -f ${dnsmasq_conf} ]; then
- echo -n "::: Existing dnsmasq.conf found..."
- if grep -q ${dnsmasq_pihole_id_string} ${dnsmasq_conf}; then
- echo " it is from a previous Pi-hole install."
- echo -n "::: Backing up dnsmasq.conf to dnsmasq.conf.orig..."
- mv -f ${dnsmasq_conf} ${dnsmasq_conf_orig}
- echo " done."
- echo -n "::: Restoring default dnsmasq.conf..."
- cp ${dnsmasq_original_config} ${dnsmasq_conf}
- echo " done."
- else
- echo " it is not a Pi-hole file, leaving alone!"
- fi
- else
- echo -n "::: No dnsmasq.conf found.. restoring default dnsmasq.conf..."
- cp ${dnsmasq_original_config} ${dnsmasq_conf}
- echo " done."
- fi
- echo -n "::: Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
- cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
- echo " done."
- sed -i "s/@INT@/$PIHOLE_INTERFACE/" ${dnsmasq_pihole_01_location}
- if [[ "${PIHOLE_DNS_1}" != "" ]]; then
- sed -i "s/@DNS1@/$PIHOLE_DNS_1/" ${dnsmasq_pihole_01_location}
- else
- sed -i '/^server=@DNS1@/d' ${dnsmasq_pihole_01_location}
- fi
- if [[ "${PIHOLE_DNS_2}" != "" ]]; then
- sed -i "s/@DNS2@/$PIHOLE_DNS_2/" ${dnsmasq_pihole_01_location}
- else
- sed -i '/^server=@DNS2@/d' ${dnsmasq_pihole_01_location}
- fi
- sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' ${dnsmasq_conf}
- if [[ "${QUERY_LOGGING}" == false ]] ; then
- #Disable Logging
- sed -i 's/^log-queries/#log-queries/' ${dnsmasq_pihole_01_location}
- else
- #Enable Logging
- sed -i 's/^#log-queries/log-queries/' ${dnsmasq_pihole_01_location}
- fi
- }
- clean_existing() {
- # Clean an exiting installation to prepare for upgrade/reinstall
- # ${1} Directory to clean; ${2} Array of files to remove
- local clean_directory="${1}"
- shift
- local old_files=( "$@" )
- for script in "${old_files[@]}"; do
- rm -f "${clean_directory}/${script}.sh"
- done
- }
- installScripts() {
- # Install the scripts from repository to their various locations
- echo ":::"
- echo -n "::: Installing scripts from ${PI_HOLE_LOCAL_REPO}..."
- # Clear out script files from Pi-hole scripts directory.
- clean_existing "${PI_HOLE_INSTALL_DIR}" "${PI_HOLE_FILES[@]}"
- # Install files from local core repository
- if is_repo "${PI_HOLE_LOCAL_REPO}"; then
- cd "${PI_HOLE_LOCAL_REPO}"
- install -o "${USER}" -Dm755 -d "${PI_HOLE_INSTALL_DIR}"
- install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" gravity.sh
- install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./advanced/Scripts/*.sh
- install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./automated\ install/uninstall.sh
- install -o "${USER}" -Dm755 -t /usr/local/bin/ pihole
- install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole
- echo " done."
- else
- echo " *** ERROR: Local repo ${PI_HOLE_LOCAL_REPO} not found, exiting."
- exit 1
- fi
- }
- installConfigs() {
- # Install the configs from PI_HOLE_LOCAL_REPO to their various locations
- echo ":::"
- echo "::: Installing configs from ${PI_HOLE_LOCAL_REPO}..."
- version_check_dnsmasq
- #Only mess with lighttpd configs if user has chosen to install web interface
- if [[ ${INSTALL_WEB} == true ]]; then
- if [ ! -d "/etc/lighttpd" ]; then
- mkdir /etc/lighttpd
- chown "${USER}":root /etc/lighttpd
- elif [ -f "/etc/lighttpd/lighttpd.conf" ]; then
- mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
- fi
- cp ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf
- mkdir -p /var/run/lighttpd
- chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/run/lighttpd
- mkdir -p /var/cache/lighttpd/compress
- chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
- mkdir -p /var/cache/lighttpd/uploads
- chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
- fi
- }
- stop_service() {
- # Stop service passed in as argument.
- # Can softfail, as process may not be installed when this is called
- echo ":::"
- echo -n "::: Stopping ${1} service..."
- if command -v systemctl &> /dev/null; then
- systemctl stop "${1}" &> /dev/null || true
- else
- service "${1}" stop &> /dev/null || true
- fi
- echo " done."
- }
- start_service() {
- # Start/Restart service passed in as argument
- # This should not fail, it's an error if it does
- echo ":::"
- echo -n "::: Starting ${1} service..."
- if command -v systemctl &> /dev/null; then
- systemctl restart "${1}" &> /dev/null
- else
- service "${1}" restart &> /dev/null
- fi
- echo " done."
- }
- enable_service() {
- # Enable service so that it will start with next reboot
- echo ":::"
- echo -n "::: Enabling ${1} service to start on reboot..."
- if command -v systemctl &> /dev/null; then
- systemctl enable "${1}" &> /dev/null
- else
- update-rc.d "${1}" defaults &> /dev/null
- fi
- echo " done."
- }
- update_package_cache() {
- #Running apt-get update/upgrade with minimal output can cause some issues with
- #requiring user input (e.g password for phpmyadmin see #218)
- #Update package cache on apt based OSes. Do this every time since
- #it's quick and packages can be updated at any time.
- echo ":::"
- echo -n "::: Updating local cache of available packages..."
- if eval "${UPDATE_PKG_CACHE}" &> /dev/null; then
- echo " done!"
- else
- echo -en "\n!!! ERROR - Unable to update package cache. Please try \"${UPDATE_PKG_CACHE}\""
- return 1
- fi
- }
- notify_package_updates_available() {
- # Let user know if they have outdated packages on their system and
- # advise them to run a package update at soonest possible.
- echo ":::"
- echo -n "::: Checking ${PKG_MANAGER} for upgraded packages...."
- updatesToInstall=$(eval "${PKG_COUNT}")
- echo " done!"
- echo ":::"
- if [[ -d "/lib/modules/$(uname -r)" ]]; then
- if [[ ${updatesToInstall} -eq "0" ]]; then
- echo "::: Your system is up to date! Continuing with Pi-hole installation..."
- else
- echo "::: There are ${updatesToInstall} updates available for your system!"
- echo "::: We recommend you update your OS after installing Pi-hole! "
- echo ":::"
- fi
- else
- echo "::: Kernel update detected, please reboot your system and try again if your installation fails."
- fi
- }
- install_dependent_packages() {
- # Install packages passed in via argument array
- # No spinner - conflicts with set -e
- declare -a argArray1=("${!1}")
- declare -a installArray
- # Debian based package install - debconf will download the entire package list
- # so we just create an array of packages not currently installed to cut down on the
- # amount of download traffic.
- # NOTE: We may be able to use this installArray in the future to create a list of package that were
- # installed by us, and remove only the installed packages, and not the entire list.
- if command -v debconf-apt-progress &> /dev/null; then
- for i in "${argArray1[@]}"; do
- echo -n "::: Checking for $i..."
- if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep "ok installed" &> /dev/null; then
- echo " installed!"
- else
- echo " added to install list!"
- installArray+=("${i}")
- fi
- done
- if [[ ${#installArray[@]} -gt 0 ]]; then
- test_dpkg_lock
- debconf-apt-progress -- "${PKG_INSTALL[@]}" "${installArray[@]}"
- return
- fi
- return 0
- fi
- #Fedora/CentOS
- for i in "${argArray1[@]}"; do
- echo -n "::: Checking for $i..."
- if ${PKG_MANAGER} -q list installed "${i}" &> /dev/null; then
- echo " installed!"
- else
- echo " added to install list!"
- installArray+=("${i}")
- fi
- done
- if [[ ${#installArray[@]} -gt 0 ]]; then
- "${PKG_INSTALL[@]}" "${installArray[@]}" &> /dev/null
- return
- fi
- return 0
- }
- CreateLogFile() {
- # Create logfiles if necessary
- echo ":::"
- echo -n "::: Creating log file and changing owner to dnsmasq..."
- if [ ! -f /var/log/pihole.log ]; then
- touch /var/log/pihole.log
- chmod 644 /var/log/pihole.log
- chown "${DNSMASQ_USER}":root /var/log/pihole.log
- echo " done!"
- else
- echo " already exists!"
- fi
- }
- installPiholeWeb() {
- # Install the web interface
- echo ":::"
- echo "::: Installing pihole custom index page..."
- if [ -d "/var/www/html/pihole" ]; then
- if [ -f "/var/www/html/pihole/index.php" ]; then
- echo "::: Existing index.php detected, not overwriting"
- else
- echo -n "::: index.php missing, replacing... "
- cp ${PI_HOLE_LOCAL_REPO}/advanced/index.php /var/www/html/pihole/
- echo " done!"
- fi
- if [ -f "/var/www/html/pihole/index.js" ]; then
- echo "::: Existing index.js detected, not overwriting"
- else
- echo -n "::: index.js missing, replacing... "
- cp ${PI_HOLE_LOCAL_REPO}/advanced/index.js /var/www/html/pihole/
- echo " done!"
- fi
- if [ -f "/var/www/html/pihole/blockingpage.css" ]; then
- echo "::: Existing blockingpage.css detected, not overwriting"
- else
- echo -n "::: blockingpage.css missing, replacing... "
- cp ${PI_HOLE_LOCAL_REPO}/advanced/blockingpage.css /var/www/html/pihole
- echo " done!"
- fi
- else
- echo "::: Creating directory for blocking page"
- install -d /var/www/html/pihole
- install -D ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* /var/www/html/pihole/
- if [ -f /var/www/html/index.lighttpd.html ]; then
- mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig
- else
- printf "\n:::\tNo default index.lighttpd.html file found... not backing up"
- fi
- echo " done!"
- fi
- # Install Sudoer file
- echo ":::"
- echo -n "::: Installing sudoer file..."
- mkdir -p /etc/sudoers.d/
- cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.sudo /etc/sudoers.d/pihole
- # Add lighttpd user (OS dependent) to sudoers file
- echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole
- if [[ "$LIGHTTPD_USER" == "lighttpd" ]]; then
- # Allow executing pihole via sudo with Fedora
- # Usually /usr/local/bin is not permitted as directory for sudoable programms
- echo "Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" >> /etc/sudoers.d/pihole
- fi
- chmod 0440 /etc/sudoers.d/pihole
- echo " done!"
- }
- installCron() {
- # Install the cron job
- echo ":::"
- echo -n "::: Installing latest Cron script..."
- cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole
- echo " done!"
- }
- runGravity() {
- # Run gravity.sh to build blacklists
- echo ":::"
- echo "::: Preparing to run gravity.sh to refresh hosts..."
- if ls /etc/pihole/list* 1> /dev/null 2>&1; then
- echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
- rm /etc/pihole/list.*
- fi
- # Test if /etc/pihole/adlists.default exists
- if [[ ! -e /etc/pihole/adlists.default ]]; then
- cp ${PI_HOLE_LOCAL_REPO}/adlists.default /etc/pihole/adlists.default
- fi
- echo "::: Running gravity.sh"
- { /opt/pihole/gravity.sh; }
- }
- create_pihole_user() {
- # Check if user pihole exists and create if not
- echo "::: Checking if user 'pihole' exists..."
- if id -u pihole &> /dev/null; then
- echo "::: User 'pihole' already exists"
- else
- echo "::: User 'pihole' doesn't exist. Creating..."
- useradd -r -s /usr/sbin/nologin pihole
- fi
- }
- configureFirewall() {
- # Allow HTTP and DNS traffic
- if firewall-cmd --state &> /dev/null; then
- whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
- { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
- echo -e ":::\n:::\n Configuring FirewallD for httpd and dnsmasq."
- firewall-cmd --permanent --add-service=http --add-service=dns
- firewall-cmd --reload
- return 0
- # Check for proper kernel modules to prevent failure
- elif modinfo ip_tables &> /dev/null && command -v iptables &> /dev/null; then
- # If chain Policy is not ACCEPT or last Rule is not ACCEPT
- # then check and insert our Rules above the DROP/REJECT Rule.
- if iptables -S INPUT | head -n1 | grep -qv '^-P.*ACCEPT$' || iptables -S INPUT | tail -n1 | grep -qv '^-\(A\|P\).*ACCEPT$'; then
- whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
- { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
- echo -e ":::\n::: Installing new IPTables firewall rulesets."
- # Check chain first, otherwise a new rule will duplicate old ones
- iptables -C INPUT -p tcp -m tcp --dport 80 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
- iptables -C INPUT -p tcp -m tcp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT
- iptables -C INPUT -p udp -m udp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
- return 0
- fi
- else
- echo -e ":::\n::: No active firewall detected.. skipping firewall configuration."
- return 0
- fi
- echo -e ":::\n::: Skipping firewall configuration."
- }
- finalExports() {
- if [[ ${INSTALL_WEB} == false ]]; then
- #No web interface installed, and therefore no block page set IPV4/6 to 0.0.0.0 and ::/0
- if [ ${IPV4_ADDRESS} ]; then
- IPV4_ADDRESS="0.0.0.0"
- fi
- if [ ${IPV6_ADDRESS} ]; then
- IPV6_ADDRESS="::/0"
- fi
- fi
- # Update variables in setupVars.conf file
- if [ -e "${setupVars}" ]; then
- sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/QUERY_LOGGING/d;/INSTALL_WEB/d;' "${setupVars}"
- fi
- {
- echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
- echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
- echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
- echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
- #-add
- echo "DNSSEC=true"
- echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
- echo "QUERY_LOGGING=${QUERY_LOGGING}"
- echo "INSTALL_WEB=${INSTALL_WEB}"
- }>> "${setupVars}"
- # Look for DNS server settings which would have to be reapplied
- source "${setupVars}"
- source "${PI_HOLE_LOCAL_REPO}/advanced/Scripts/webpage.sh"
- if [[ "${DNS_FQDN_REQUIRED}" != "" ]] ; then
- ProcessDNSSettings
- fi
- if [[ "${DHCP_ACTIVE}" != "" ]] ; then
- ProcessDHCPSettings
- fi
- }
- installLogrotate() {
- # Install the logrotate script
- echo ":::"
- echo -n "::: Installing latest logrotate script..."
- cp ${PI_HOLE_LOCAL_REPO}/advanced/logrotate /etc/pihole/logrotate
- # Different operating systems have different user / group
- # settings for logrotate that makes it impossible to create
- # a static logrotate file that will work with e.g.
- # Rasbian and Ubuntu at the same time. Hence, we have to
- # customize the logrotate script here in order to reflect
- # the local properties of the /var/log directory
- logusergroup="$(stat -c '%U %G' /var/log)"
- if [[ ! -z $logusergroup ]]; then
- sed -i "s/# su #/su ${logusergroup}/" /etc/pihole/logrotate
- fi
- echo " done!"
- }
- installPihole() {
- # Install base files and web interface
- create_pihole_user
- if [[ ${INSTALL_WEB} == true ]]; then
- if [ ! -d "/var/www/html" ]; then
- mkdir -p /var/www/html
- fi
- chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/www/html
- chmod 775 /var/www/html
- usermod -a -G ${LIGHTTPD_GROUP} pihole
- if [ -x "$(command -v lighty-enable-mod)" ]; then
- lighty-enable-mod fastcgi fastcgi-php > /dev/null || true
- else
- printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
- fi
- fi
- installScripts
- installConfigs
- CreateLogFile
- if [[ ${INSTALL_WEB} == true ]]; then
- installPiholeWeb
- fi
- installCron
- installLogrotate
- FTLdetect || echo "::: FTL Engine not installed."
- configureFirewall
- finalExports
- #runGravity
- }
- accountForRefactor() {
- # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break.
- # Refactoring of install script has changed the name of a couple of variables. Sort them out here.
- sed -i 's/piholeInterface/PIHOLE_INTERFACE/g' ${setupVars}
- sed -i 's/IPv4_address/IPV4_ADDRESS/g' ${setupVars}
- sed -i 's/IPv4addr/IPV4_ADDRESS/g' ${setupVars}
- sed -i 's/IPv6_address/IPV6_ADDRESS/g' ${setupVars}
- sed -i 's/piholeIPv6/IPV6_ADDRESS/g' ${setupVars}
- sed -i 's/piholeDNS1/PIHOLE_DNS_1/g' ${setupVars}
- sed -i 's/piholeDNS2/PIHOLE_DNS_2/g' ${setupVars}
- }
- updatePihole() {
- accountForRefactor
- # Install base files and web interface
- installScripts
- installConfigs
- CreateLogFile
- if [[ ${INSTALL_WEB} == true ]]; then
- installPiholeWeb
- fi
- installCron
- installLogrotate
- FTLdetect || echo "::: FTL Engine not installed."
- finalExports #re-export setupVars.conf to account for any new vars added in new versions
- #runGravity
- }
- checkSelinux() {
- if command -v getenforce &> /dev/null; then
- echo ":::"
- echo -n "::: SELinux Support Detected... Mode: "
- enforceMode=$(getenforce)
- echo "${enforceMode}"
- if [[ "${enforceMode}" == "Enforcing" ]]; then
- whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c} || \
- { echo ":::"; echo "::: Not continuing install after SELinux Enforcing detected."; exit 1; }
- echo ":::"
- echo "::: Continuing installation with SELinux Enforcing."
- echo "::: Please refer to official SELinux documentation to create a custom policy."
- fi
- fi
- }
- update_dialogs() {
- # reconfigure
- if [ "${reconfigure}" = true ]; then
- opt1a="Repair"
- opt1b="This will retain existing settings"
- strAdd="You will remain on the same version"
- else
- opt1a="Update"
- opt1b="This will retain existing settings."
- strAdd="You will be updated to the latest version."
- fi
- opt2a="Reconfigure"
- opt2b="This will allow you to enter new settings"
- UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\n\nWe have detected an existing install.\n\nPlease choose from the following options: \n($strAdd)" ${r} ${c} 2 \
- "${opt1a}" "${opt1b}" \
- "${opt2a}" "${opt2b}" 3>&2 2>&1 1>&3) || \
- { echo "::: Cancel selected. Exiting"; exit 1; }
- case ${UpdateCmd} in
- ${opt1a})
- echo "::: ${opt1a} option selected."
- useUpdateVars=true
- ;;
- ${opt2a})
- echo "::: ${opt2a} option selected"
- useUpdateVars=false
- ;;
- esac
- }
- clone_or_update_repos() {
- if [[ "${reconfigure}" == true ]]; then
- echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
- else
- # Get Git files for Core and Admin
- getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || \
- { echo "!!! Unable to clone ${piholeGitUrl} into ${PI_HOLE_LOCAL_REPO}, unable to continue."; \
- exit 1; \
- }
- if [[ ${INSTALL_WEB} == true ]]; then
- getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || \
- { echo "!!! Unable to clone ${webInterfaceGitUrl} into ${webInterfaceDir}, unable to continue."; \
- exit 1; \
- }
- fi
- fi
- }
- FTLinstall() {
- # Download and install FTL binary
- local binary="${1}"
- local latesttag
- local orig_dir
- echo -n "::: Installing FTL... "
- orig_dir="${PWD}"
- latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}')
- # Tags should always start with v, check for that.
- if [[ ! "${latesttag}" == v* ]]; then
- echo "failed (error in getting latest release location from GitHub)"
- return 1
- fi
- if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then
- # Get sha1 of the binary we just downloaded for verification.
- curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1"
- # Check if we just downloaded text, or a binary file.
- cd /tmp
- if sha1sum --status --quiet -c "${binary}".sha1; then
- echo -n "transferred... "
- stop_service pihole-FTL &> /dev/null
- install -T -m 0755 /tmp/${binary} /usr/bin/pihole-FTL
- cd "${orig_dir}"
- install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
- echo "done."
- return 0
- else
- echo "failed (download of binary from Github failed)"
- cd "${orig_dir}"
- return 1
- fi
- else
- cd "${orig_dir}"
- echo "failed (URL not found.)"
- fi
- }
- FTLdetect() {
- # Detect suitable FTL binary platform
- echo ":::"
- echo "::: Downloading latest version of FTL..."
- local machine
- local binary
- machine=$(uname -m)
- if [[ $machine == arm* || $machine == *aarch* ]]; then
- # ARM
- local rev=$(uname -m | sed "s/[^0-9]//g;")
- local lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }')
- if [[ "$lib" == "/lib/ld-linux-aarch64.so.1" ]]; then
- echo "::: Detected ARM-aarch64 architecture"
- binary="pihole-FTL-aarch64-linux-gnu"
- elif [[ "$lib" == "/lib/ld-linux-armhf.so.3" ]]; then
- if [ "$rev" -gt "6" ]; then
- echo "::: Detected ARM-hf architecture (armv7+)"
- binary="pihole-FTL-arm-linux-gnueabihf"
- else
- echo "::: Detected ARM-hf architecture (armv6 or lower)"
- echo "::: Using ARM binary"
- binary="pihole-FTL-arm-linux-gnueabi"
- fi
- else
- echo "::: Detected ARM architecture"
- binary="pihole-FTL-arm-linux-gnueabi"
- fi
- elif [[ $machine == x86_64 ]]; then
- # 64bit
- echo "::: Detected x86_64 architecture"
- binary="pihole-FTL-linux-x86_64"
- else
- # Something else - we try to use 32bit executable and warn the user
- if [[ ! $machine == i686 ]]; then
- echo "::: Not able to detect architecture (unknown: ${machine}), trying 32bit executable"
- echo "::: Contact Pi-hole support if you experience problems (like FTL not running)"
- else
- echo "::: Detected 32bit (i686) architecture"
- fi
- binary="pihole-FTL-linux-x86_32"
- fi
- FTLinstall "${binary}" || return 1
- }
- main() {
- ######## FIRST CHECK ########
- # Must be root to install
- #echo ":::"
- #if [[ ${EUID} -eq 0 ]]; then
- #echo "::: You are root."
- #else
- #echo "::: Script called with non-root privileges. The Pi-hole installs server packages and configures"
- #echo "::: system networking, it requires elevated rights. Please check the contents of the script for"
- #echo "::: any concerns with this requirement. Please be sure to download this script from a trusted source."
- #echo ":::"
- #echo "::: Detecting the presence of the sudo utility for continuation of this install..."
- #if command -v sudo &> /dev/null; then
- #echo "::: Utility sudo located."
- #exec curl -sSL https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh | sudo bash "$@"
- #exit $?
- #else
- #echo "::: sudo is needed for the Web interface to run pihole commands. Please run this script as root and it will be automatically installed."
- #exit 1
- #fi
- #fi
- install_OpenVPN
- # Check for supported distribution - LEAVE IN
- distro_check
- # Check arguments for the undocumented flags - CHECK UNATTENDED
- for var in "$@"; do
- case "$var" in
- "--reconfigure" ) reconfigure=true;;
- "--i_do_not_follow_recommendations" ) skipSpaceCheck=false;;
- "--unattended" ) runUnattended=true;;
- esac
- done
- if [[ -f ${setupVars} ]]; then
- if [[ "${runUnattended}" == true ]]; then
- echo "::: --unattended passed to install script, no whiptail dialogs will be displayed"
- useUpdateVars=true
- else
- update_dialogs
- fi
- fi
- # Start the installer
- # Verify there is enough disk space for the install
- if [[ "${skipSpaceCheck}" == true ]]; then
- echo "::: --i_do_not_follow_recommendations passed to script, skipping free disk space verification!"
- else
- verifyFreeDiskSpace
- fi
- # Update package cache - LEAVE IN
- update_package_cache || exit 1
- # Notify user of package availability - CHECK NEEDED
- notify_package_updates_available
- # Install packages used by this installation script - LEAVE IN
- install_dependent_packages INSTALLER_DEPS[@]
- # Check if SELinux is Enforcing - CHECK NEEDED
- checkSelinux
- if [[ ${useUpdateVars} == false ]]; then
- # Display welcome dialogs
- # Create directory for Pi-hole storage
- mkdir -p /etc/pihole/
- stop_service dnsmasq
- if [[ ${INSTALL_WEB} == true ]]; then
- stop_service lighttpd
- fi
- #chooseInterface - CHECK NEEDED
- PIHOLE_INTERFACE="tun0"
- # Decide what upstream DNS Servers to use
- PIHOLE_DNS_1="8.8.8.8"
- PIHOLE_DNS_2="8.8.4.4"
- # Let the user decide if they want to block ads over IPv4 and/or IPv6
- use4andor6
- #setAdminFlag
- INSTALL_WEB=false
- #setLogging
- QUERY_LOGGING=false
- # Clone/Update the repos
- clone_or_update_repos
- # Install packages used by the Pi-hole
- if [[ ${INSTALL_WEB} == true ]]; then
- DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}")
- else
- DEPS=("${PIHOLE_DEPS[@]}")
- fi
- install_dependent_packages DEPS[@]
- # Install and log everything to a file
- installPihole | tee ${tmpLog}
- else
- # Clone/Update the repos
- clone_or_update_repos
- # Source ${setupVars} for use in the rest of the functions.
- source ${setupVars}
- # Install packages used by the Pi-hole
- if [[ ${INSTALL_WEB} == true ]]; then
- DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}")
- else
- DEPS=("${PIHOLE_DEPS[@]}")
- fi
- install_dependent_packages DEPS[@]
- updatePihole | tee ${tmpLog}
- fi
- # Move the log file into /etc/pihole for storage
- mv ${tmpLog} ${instalLogLoc}
- if [[ ${INSTALL_WEB} == true ]]; then
- # Add password to web UI if there is none
- pw=""
- if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then
- pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
- . /opt/pihole/webpage.sh
- echo "WEBPASSWORD=$(HashPassword ${pw})" >> ${setupVars}
- fi
- fi
- echo "Updating system"
- sudo apt-get update && sudo apt-get -y upgrade
- echo "::: Restarting services..."
- #restart openvpn
- sudo systemctl restart openvpn@server
- # Start services
- start_service dnsmasq
- enable_service dnsmasq
- if [[ ${INSTALL_WEB} == true ]]; then
- start_service lighttpd
- enable_service lighttpd
- fi
- runGravity
- start_service pihole-FTL
- enable_service pihole-FTL
- #download full openroad warrior script for further use
- wget https://git.io/vpn -O openvpn-install.sh
- #and full orignal pihole script for good measure
- wget https://install.pi-hole.net
- echo "::: Update complete!"
- echo "::: The install log is located at: /etc/pihole/install.log"
- }
- if [[ "${PH_TEST}" != true ]] ; then
- main "$@"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement