Untitled

#!/usr/bin/env bash
# Pi-hole and open road warrior mash-up for set-up only


set -e
######## VARIABLES #########
tmpLog=/tmp/pihole-install.log
instalLogLoc=/etc/pihole/install.log
setupVars=/etc/pihole/setupVars.conf
lighttpdConfig=/etc/lighttpd/lighttpd.conf

webInterfaceGitUrl="https://github.com/pi-hole/AdminLTE.git"
webInterfaceDir="/var/www/html/admin"
piholeGitUrl="https://github.com/pi-hole/pi-hole.git"
PI_HOLE_LOCAL_REPO="/etc/.pihole"
PI_HOLE_FILES=(chronometer list piholeDebug piholeLogFlush setupLCD update version gravity uninstall webpage)
PI_HOLE_INSTALL_DIR="/opt/pihole"
useUpdateVars=false

IPV4_ADDRESS=""
IPV6_ADDRESS=""
QUERY_LOGGING=true
INSTALL_WEB=true


# Find the rows and columns will default to 80x24 is it can not be detected
screen_size=$(stty size 2>/dev/null || echo 24 80)
rows=$(echo "${screen_size}" | awk '{print $1}')
columns=$(echo "${screen_size}" | awk '{print $2}')

# Divide by two so the dialogs take up half of the screen, which looks nice.
r=$(( rows / 2 ))
c=$(( columns / 2 ))
# Unless the screen is tiny
r=$(( r < 20 ? 20 : r ))
c=$(( c < 70 ? 70 : c ))

######## Undocumented Flags. Shhh ########
skipSpaceCheck=false
reconfigure=false
runUnattended=false

newclient () {
	# Generates the custom client.ovpn
	cp /etc/openvpn/client-common.txt ~/$1.ovpn
	echo "<ca>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/ca.crt >> ~/$1.ovpn
	echo "</ca>" >> ~/$1.ovpn
	echo "<cert>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> ~/$1.ovpn
	echo "</cert>" >> ~/$1.ovpn
	echo "<key>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
	echo "</key>" >> ~/$1.ovpn
	echo "<tls-auth>" >> ~/$1.ovpn
	cat /etc/openvpn/ta.key >> ~/$1.ovpn
	echo "</tls-auth>" >> ~/$1.ovpn
}
install_OpenVPN() {
if readlink /proc/$$/exe | grep -qs "dash"; then
	echo "This script needs to be run with bash, not sh"
	exit 1
fi

if [[ "$EUID" -ne 0 ]]; then
	echo "Sorry, you need to run this as root"
	exit 2
fi

if [[ ! -e /dev/net/tun ]]; then
	echo "The TUN device is not available
You need to enable TUN before running this script"
	exit 3
fi

if grep -qs "CentOS release 5" "/etc/redhat-release"; then
	echo "CentOS 5 is too old and not supported"
	exit 4
fi
if [[ -e /etc/debian_version ]]; then
	OS=debian
	GROUPNAME=nogroup
	RCLOCAL='/etc/rc.local'
elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
	OS=centos
	GROUPNAME=nobody
	RCLOCAL='/etc/rc.d/rc.local'
else
	echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"
	exit 5
fi


# Try to get our IP from the system and fallback to the Internet.
# I do this to make the script compatible with NATed servers (lowendspirit.com)
# and to avoid getting an IPv6.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
		IP=$(wget -4qO- "http://whatismyip.akamai.com/")
fi

	clear

	IP=$IP
	PROTOCOL=udp
	PORT=1194
	CLIENT="mastercert"
	#read -n1 -r -p "Press any key to continue..."
	if [[ "$OS" = 'debian' ]]; then
		apt-get update
		apt-get install openvpn iptables openssl ca-certificates -y
	else
		# Else, the distro is CentOS
		yum install epel-release -y
		yum install openvpn iptables openssl wget ca-certificates -y
	fi
	# An old version of easy-rsa was available by default in some openvpn packages
	if [[ -d /etc/openvpn/easy-rsa/ ]]; then
		rm -rf /etc/openvpn/easy-rsa/
	fi
	# Get easy-rsa
	wget -O ~/EasyRSA-3.0.1.tgz "https://github.com/OpenVPN/easy-rsa/releases/download/3.0.1/EasyRSA-3.0.1.tgz"
	tar xzf ~/EasyRSA-3.0.1.tgz -C ~/
	mv ~/EasyRSA-3.0.1/ /etc/openvpn/
	mv /etc/openvpn/EasyRSA-3.0.1/ /etc/openvpn/easy-rsa/
	chown -R root:root /etc/openvpn/easy-rsa/
	rm -rf ~/EasyRSA-3.0.1.tgz
	cd /etc/openvpn/easy-rsa/
	# Create the PKI, set up the CA, the DH params and the server + client certificates
	./easyrsa init-pki
	./easyrsa --batch build-ca nopass
	./easyrsa gen-dh
	./easyrsa build-server-full server nopass
	./easyrsa build-client-full $CLIENT nopass
	./easyrsa gen-crl
	# Move the stuff we need
	cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
	# CRL is read with each client connection, when OpenVPN is dropped to nobody
	chown nobody:$GROUPNAME /etc/openvpn/crl.pem
	# Generate key for tls-auth
	openvpn --genkey --secret /etc/openvpn/ta.key
	# Generate server.conf
	echo "port $PORT
proto $PROTOCOL
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
	echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
	echo 'push "dhcp-option DNS 10.8.0.1"' >> /etc/openvpn/server.conf
	echo "keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group $GROUPNAME
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem" >> /etc/openvpn/server.conf
	# Enable net.ipv4.ip_forward for the system
	sed -i '/\<net.ipv4.ip_forward\>/c\net.ipv4.ip_forward=1' /etc/sysctl.conf
	if ! grep -q "\<net.ipv4.ip_forward\>" /etc/sysctl.conf; then
		echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
	fi
	# Avoid an unneeded reboot
	echo 1 > /proc/sys/net/ipv4/ip_forward
	if pgrep firewalld; then
		# Using both permanent and not permanent rules to avoid a firewalld
		# reload.
		# We don't use --add-service=openvpn because that would only work with
		# the default port and protocol.
		firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
		firewall-cmd --zone=trusted --add-source=10.8.0.0/24
		firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
		firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
		# Set NAT for the VPN subnet
		firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
		firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
	else
		# Needed to use rc.local with some systemd distros
		if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then
			echo '#!/bin/sh -e
exit 0' > $RCLOCAL
		fi
		chmod +x $RCLOCAL
		# Set NAT for the VPN subnet
		iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
		sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL
		if iptables -L -n | grep -qE '^(REJECT|DROP)'; then
			# If iptables has at least one REJECT rule, we asume this is needed.
			# Not the best approach but I can't think of other and this shouldn't
			# cause problems.
			iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT
			iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
			iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
			sed -i "1 a\iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT" $RCLOCAL
			sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
			sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
		fi
	fi
	# If SELinux is enabled and a custom port or TCP was selected, we need this
	if hash sestatus 2>/dev/null; then
		if sestatus | grep "Current mode" | grep -qs "enforcing"; then
			if [[ "$PORT" != '1194' || "$PROTOCOL" = 'tcp' ]]; then
				# semanage isn't available in CentOS 6 by default
				if ! hash semanage 2>/dev/null; then
					yum install policycoreutils-python -y
				fi
				semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT
			fi
		fi
	fi
	# And finally, restart OpenVPN
	if [[ "$OS" = 'debian' ]]; then
		# Little hack to check for systemd
		if pgrep systemd-journal; then
			systemctl restart openvpn@server.service
		else
			/etc/init.d/openvpn restart
		fi
	else
		if pgrep systemd-journal; then
			systemctl restart openvpn@server.service
			systemctl enable openvpn@server.service
		else
			service openvpn restart
			chkconfig openvpn on
		fi
	fi
	# Try to detect a NATed connection and ask about it to potential LowEndSpirit users
	EXTERNALIP=$(wget -4qO- "http://whatismyip.akamai.com/")
	if [[ "$IP" != "$EXTERNALIP" ]]; then
		echo ""
		echo "Looks like your server is behind a NAT!"
		echo ""
		echo "If your server is NATed (e.g. LowEndSpirit), I need to know the external IP"
		echo "If that's not the case, just ignore this and leave the next field blank"
		read -p "External IP: " -e USEREXTERNALIP
		if [[ "$USEREXTERNALIP" != "" ]]; then
			IP=$USEREXTERNALIP
		fi
	fi
	# client-common.txt is created so we have a template to add further users later
	echo "client
dev tun
proto $PROTOCOL
sndbuf 0
rcvbuf 0
remote $IP $PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3" > /etc/openvpn/client-common.txt
	# Generates the custom client.ovpn
	newclient "$CLIENT"
	echo ""
	echo "Finished!"


}


# Compatibility
distro_check() {
if command -v apt-get &> /dev/null; then
  #Debian Family
  #############################################
  PKG_MANAGER="apt-get"
  UPDATE_PKG_CACHE="test_dpkg_lock; ${PKG_MANAGER} update"
  PKG_INSTALL=(${PKG_MANAGER} --yes --no-install-recommends install)
  # grep -c will return 1 retVal on 0 matches, block this throwing the set -e with an OR TRUE
  PKG_COUNT="${PKG_MANAGER} -s -o Debug::NoLocking=true upgrade | grep -c ^Inst || true"
  # #########################################
  # fixes for dependency differences
  # Debian 7 doesn't have iproute2 use iproute
  if ${PKG_MANAGER} install --dry-run iproute2 > /dev/null 2>&1; then
    iproute_pkg="iproute2"
  else
    iproute_pkg="iproute"
  fi
  # Prefer the php metapackage if it's there, fall back on the php5 packages
  if ${PKG_MANAGER} install --dry-run php > /dev/null 2>&1; then
    phpVer="php"
  else
    phpVer="php5"
  fi
  # #########################################
  INSTALLER_DEPS=(apt-utils dialog debconf dhcpcd5 git ${iproute_pkg} whiptail)
  PIHOLE_DEPS=(bc cron curl dnsmasq dnsutils iputils-ping lsof netcat sudo unzip wget)
  PIHOLE_WEB_DEPS=(lighttpd ${phpVer}-common ${phpVer}-cgi)
  LIGHTTPD_USER="www-data"
  LIGHTTPD_GROUP="www-data"
  LIGHTTPD_CFG="lighttpd.conf.debian"
  DNSMASQ_USER="dnsmasq"

  test_dpkg_lock() {
    i=0
    while fuser /var/lib/dpkg/lock >/dev/null 2>&1 ; do
      sleep 0.5
      ((i=i+1))
    done
    # Always return success, since we only return if there is no
    # lock (anymore)
    return 0
  }

elif command -v rpm &> /dev/null; then
  # Fedora Family
  if command -v dnf &> /dev/null; then
    PKG_MANAGER="dnf"
  else
    PKG_MANAGER="yum"
  fi

# Fedora and family update cache on every PKG_INSTALL call, no need for a separate update.
  UPDATE_PKG_CACHE=":"
  PKG_INSTALL=(${PKG_MANAGER} install -y)
  PKG_COUNT="${PKG_MANAGER} check-update | egrep '(.i686|.x86|.noarch|.arm|.src)' | wc -l"
  INSTALLER_DEPS=(dialog git iproute net-tools newt procps-ng)
  PIHOLE_DEPS=(bc bind-utils cronie curl dnsmasq findutils nmap-ncat sudo unzip wget)
  PIHOLE_WEB_DEPS=(lighttpd lighttpd-fastcgi php php-common php-cli)
  if ! grep -q 'Fedora' /etc/redhat-release; then
    INSTALLER_DEPS=("${INSTALLER_DEPS[@]}" "epel-release");
  fi
    LIGHTTPD_USER="lighttpd"
    LIGHTTPD_GROUP="lighttpd"
    LIGHTTPD_CFG="lighttpd.conf.fedora"
    DNSMASQ_USER="nobody"

else
  echo "OS distribution not supported"
  exit
fi
}

is_repo() {
  # Use git to check if directory is currently under VCS, return the value 128
  # if directory is not a repo. Return 1 if directory does not exist.
  local directory="${1}"
  local curdir
  local rc

  curdir="${PWD}"
  if [[ -d "${directory}" ]]; then
    # git -C is not used here to support git versions older than 1.8.4
    cd "${directory}"
    git status --short &> /dev/null || rc=$?
  else
    # non-zero return code if directory does not exist
    rc=1
  fi
  cd "${curdir}"
  return "${rc:-0}"
}

make_repo() {
  local directory="${1}"
  local remoteRepo="${2}"

  echo -n ":::    Cloning ${remoteRepo} into ${directory}..."
  # Clean out the directory if it exists for git to clone into
  if [[ -d "${directory}" ]]; then
    rm -rf "${directory}"
  fi
  git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $?
  echo " done!"
  return 0
}

update_repo() {
  local directory="${1}"
  local curdir

  curdir="${PWD}"
  cd "${directory}" &> /dev/null || return 1
  # Pull the latest commits
  echo -n ":::    Updating repo in ${1}..."
  git stash --all --quiet &> /dev/null || true # Okay for stash failure
  git clean --force -d || true # Okay for already clean directory
  git pull --quiet &> /dev/null || return $?
  echo " done!"
  cd "${curdir}" &> /dev/null || return 1
  return 0
}

getGitFiles() {
  # Setup git repos for directory and repository passed
  # as arguments 1 and 2
  local directory="${1}"
  local remoteRepo="${2}"
  echo ":::"
  echo "::: Checking for existing repository..."
  if is_repo "${directory}"; then
    update_repo "${directory}" || { echo "*** Error: Could not update local repository. Contact support."; exit 1; }
    echo " done!"
  else
    make_repo "${directory}" "${remoteRepo}" || { echo "Unable to clone repository, please contact support"; exit 1; }
    echo " done!"
  fi
  return 0
}

find_IPv4_information() {
  local route
  # Find IP used to route to outside world
  route=$(ip route get 8.8.8.8)
  IPv4dev=$(awk '{for (i=1; i<=NF; i++) if ($i~/dev/) print $(i+1)}' <<< "${route}")
  IPv4bare=$(awk '{print $7}' <<< "${route}")
  #-add
  #IPV4_ADDRESS=$(ip -o -f inet addr show | grep "${IPv4bare}" |  awk '{print $4}' | awk 'END {print}')
  IPV4_ADDRESS=10.8.0.1/24
  IPv4gw=$(awk '{print $3}' <<< "${route}")

}


verifyFreeDiskSpace() {


}


useIPv6dialog() {
  # Show the IPv6 address used for blocking
  IPV6_ADDRESS=$(ip -6 route get 2001:4860:4860::8888 | grep -v "unreachable" | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')

  #if [[ ! -z "${IPV6_ADDRESS}" ]]; then
    #whiptail --msgbox --backtitle "IPv6..." --title "IPv6 Supported" "$IPV6_ADDRESS will be used to block ads." ${r} ${c}
  #fi
}


use4andor6() {
  local useIPv4
  local useIPv6
  # Let use select IPv4 and/or IPv6
  #cmd=(whiptail --separate-output --checklist "Select Protocols (press space to select)" ${r} ${c} 2)
  #options=(IPv4 "Block ads over IPv4" on
  #IPv6 "Block ads over IPv6" on)
  #choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) || { echo "::: Cancel selected. Exiting"; exit 1; }
  #for choice in ${choices}
  #do
    #case ${choice} in
    #IPv4  )   useIPv4=true;;
    #IPv6  )   useIPv6=true;;
    #esac
  #done
  # -
  useIPv4=true
  useIPv6=true
  if [[ ${useIPv4} ]]; then
    find_IPv4_information
    #getStaticIPv4Settings
    setStaticIPv4
  fi
  if [[ ${useIPv6} ]]; then
    useIPv6dialog
  fi
    echo "::: IPv4 address: ${IPV4_ADDRESS}"
    echo "::: IPv6 address: ${IPV6_ADDRESS}"
  if [ ! ${useIPv4} ] && [ ! ${useIPv6} ]; then
    echo "::: Cannot continue, neither IPv4 or IPv6 selected"
    echo "::: Exiting"
    exit 1
  fi
}


setDHCPCD() {
  # Append these lines to dhcpcd.conf to enable a static IP
  echo "interface ${PIHOLE_INTERFACE}
  static ip_address=${IPV4_ADDRESS}
  static routers=${IPv4gw}
  static domain_name_servers=${IPv4gw}" | tee -a /etc/dhcpcd.conf >/dev/null
}

setStaticIPv4() {
  local IFCFG_FILE
  local IPADDR
  local CIDR
  if [[ -f /etc/dhcpcd.conf ]]; then
    # Debian Family
    if grep -q "${IPV4_ADDRESS}" /etc/dhcpcd.conf; then
      echo "::: Static IP already configured"
    else
      setDHCPCD
      ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
      echo ":::"
      echo "::: Setting IP to ${IPV4_ADDRESS}.  You may need to restart after the install is complete."
      echo ":::"
    fi
  elif [[ -f /etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE} ]];then
    # Fedora Family
    IFCFG_FILE=/etc/sysconfig/network-scripts/ifcfg-${PIHOLE_INTERFACE}
    if grep -q "${IPV4_ADDRESS}" "${IFCFG_FILE}"; then
      echo "::: Static IP already configured"
    else
      IPADDR=$(echo "${IPV4_ADDRESS}" | cut -f1 -d/)
      CIDR=$(echo "${IPV4_ADDRESS}" | cut -f2 -d/)
      # Backup existing interface configuration:
      cp "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
      # Build Interface configuration file:
      {
        echo "# Configured via Pi-hole installer"
        echo "DEVICE=$PIHOLE_INTERFACE"
        echo "BOOTPROTO=none"
        echo "ONBOOT=yes"
        echo "IPADDR=$IPADDR"
        echo "PREFIX=$CIDR"
        echo "GATEWAY=$IPv4gw"
        echo "DNS1=$PIHOLE_DNS_1"
        echo "DNS2=$PIHOLE_DNS_2"
        echo "USERCTL=no"
      }> "${IFCFG_FILE}"
      ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
      if command -v nmcli &> /dev/null;then
        # Tell NetworkManager to read our new sysconfig file
        nmcli con load "${IFCFG_FILE}" > /dev/null
      fi
      echo ":::"
      echo "::: Setting IP to ${IPV4_ADDRESS}.  You may need to restart after the install is complete."
      echo ":::"
    fi
  else
    echo "::: Warning: Unable to locate configuration file to set static IPv4 address!"
    exit 1
  fi
}

valid_ip() {
  local ip=${1}
  local stat=1

  if [[ ${ip} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    OIFS=$IFS
    IFS='.'
    ip=(${ip})
    IFS=${OIFS}
    [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
    && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
    stat=$?
  fi
  return ${stat}
}


version_check_dnsmasq() {
  # Check if /etc/dnsmasq.conf is from pihole.  If so replace with an original and install new in .d directory
  local dnsmasq_conf="/etc/dnsmasq.conf"
  local dnsmasq_conf_orig="/etc/dnsmasq.conf.orig"
  local dnsmasq_pihole_id_string="addn-hosts=/etc/pihole/gravity.list"
  local dnsmasq_original_config="${PI_HOLE_LOCAL_REPO}/advanced/dnsmasq.conf.original"
  local dnsmasq_pihole_01_snippet="${PI_HOLE_LOCAL_REPO}/advanced/01-pihole.conf"
  local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"

  if [ -f ${dnsmasq_conf} ]; then
    echo -n ":::    Existing dnsmasq.conf found..."
    if grep -q ${dnsmasq_pihole_id_string} ${dnsmasq_conf}; then
      echo " it is from a previous Pi-hole install."
      echo -n ":::    Backing up dnsmasq.conf to dnsmasq.conf.orig..."
      mv -f ${dnsmasq_conf} ${dnsmasq_conf_orig}
      echo " done."
      echo -n ":::    Restoring default dnsmasq.conf..."
      cp ${dnsmasq_original_config} ${dnsmasq_conf}
      echo " done."
    else
      echo " it is not a Pi-hole file, leaving alone!"
    fi
  else
    echo -n ":::    No dnsmasq.conf found.. restoring default dnsmasq.conf..."
    cp ${dnsmasq_original_config} ${dnsmasq_conf}
    echo " done."
  fi

  echo -n ":::    Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..."
  cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
  echo " done."
  sed -i "s/@INT@/$PIHOLE_INTERFACE/" ${dnsmasq_pihole_01_location}
  if [[ "${PIHOLE_DNS_1}" != "" ]]; then
    sed -i "s/@DNS1@/$PIHOLE_DNS_1/" ${dnsmasq_pihole_01_location}
  else
    sed -i '/^server=@DNS1@/d' ${dnsmasq_pihole_01_location}
  fi
  if [[ "${PIHOLE_DNS_2}" != "" ]]; then
    sed -i "s/@DNS2@/$PIHOLE_DNS_2/" ${dnsmasq_pihole_01_location}
  else
    sed -i '/^server=@DNS2@/d' ${dnsmasq_pihole_01_location}
  fi

  sed -i 's/^#conf-dir=\/etc\/dnsmasq.d$/conf-dir=\/etc\/dnsmasq.d/' ${dnsmasq_conf}

  if [[ "${QUERY_LOGGING}" == false ]] ; then
        #Disable Logging
        sed -i 's/^log-queries/#log-queries/' ${dnsmasq_pihole_01_location}
    else
        #Enable Logging
        sed -i 's/^#log-queries/log-queries/' ${dnsmasq_pihole_01_location}
    fi
}

clean_existing() {
  # Clean an exiting installation to prepare for upgrade/reinstall
  # ${1} Directory to clean; ${2} Array of files to remove
  local clean_directory="${1}"
  shift
  local old_files=( "$@" )

  for script in "${old_files[@]}"; do
    rm -f "${clean_directory}/${script}.sh"
  done
}

installScripts() {
  # Install the scripts from repository to their various locations

  echo ":::"
  echo -n "::: Installing scripts from ${PI_HOLE_LOCAL_REPO}..."

  # Clear out script files from Pi-hole scripts directory.
  clean_existing "${PI_HOLE_INSTALL_DIR}" "${PI_HOLE_FILES[@]}"

  # Install files from local core repository
  if is_repo "${PI_HOLE_LOCAL_REPO}"; then
    cd "${PI_HOLE_LOCAL_REPO}"
    install -o "${USER}" -Dm755 -d "${PI_HOLE_INSTALL_DIR}"
    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" gravity.sh
    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./advanced/Scripts/*.sh
    install -o "${USER}" -Dm755 -t "${PI_HOLE_INSTALL_DIR}" ./automated\ install/uninstall.sh
    install -o "${USER}" -Dm755 -t /usr/local/bin/ pihole
    install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole
    echo " done."
  else
    echo " *** ERROR: Local repo ${PI_HOLE_LOCAL_REPO} not found, exiting."
    exit 1
  fi
}

installConfigs() {
  # Install the configs from PI_HOLE_LOCAL_REPO to their various locations
  echo ":::"
  echo "::: Installing configs from ${PI_HOLE_LOCAL_REPO}..."
  version_check_dnsmasq

  #Only mess with lighttpd configs if user has chosen to install web interface
  if [[ ${INSTALL_WEB} == true ]]; then
    if [ ! -d "/etc/lighttpd" ]; then
      mkdir /etc/lighttpd
      chown "${USER}":root /etc/lighttpd
    elif [ -f "/etc/lighttpd/lighttpd.conf" ]; then
      mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
    fi
    cp ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf
    mkdir -p /var/run/lighttpd
    chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/run/lighttpd
    mkdir -p /var/cache/lighttpd/compress
    chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/compress
    mkdir -p /var/cache/lighttpd/uploads
    chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/cache/lighttpd/uploads
  fi
}

stop_service() {
  # Stop service passed in as argument.
  # Can softfail, as process may not be installed when this is called
  echo ":::"
  echo -n "::: Stopping ${1} service..."
  if command -v systemctl &> /dev/null; then
    systemctl stop "${1}" &> /dev/null || true
  else
    service "${1}" stop &> /dev/null || true
  fi
  echo " done."
}

start_service() {
  # Start/Restart service passed in as argument
  # This should not fail, it's an error if it does
  echo ":::"
  echo -n "::: Starting ${1} service..."
  if command -v systemctl &> /dev/null; then
    systemctl restart "${1}" &> /dev/null
  else
    service "${1}" restart &> /dev/null
  fi
  echo " done."
}

enable_service() {
  # Enable service so that it will start with next reboot
  echo ":::"
  echo -n "::: Enabling ${1} service to start on reboot..."
  if command -v systemctl &> /dev/null; then
    systemctl enable "${1}" &> /dev/null
  else
    update-rc.d "${1}" defaults &> /dev/null
  fi
  echo " done."
}

update_package_cache() {
  #Running apt-get update/upgrade with minimal output can cause some issues with
  #requiring user input (e.g password for phpmyadmin see #218)

  #Update package cache on apt based OSes. Do this every time since
  #it's quick and packages can be updated at any time.

  echo ":::"
  echo -n "::: Updating local cache of available packages..."
  if eval "${UPDATE_PKG_CACHE}" &> /dev/null; then
    echo " done!"
  else
    echo -en "\n!!! ERROR - Unable to update package cache. Please try \"${UPDATE_PKG_CACHE}\""
    return 1
  fi
}

notify_package_updates_available() {
  # Let user know if they have outdated packages on their system and
  # advise them to run a package update at soonest possible.
  echo ":::"
  echo -n "::: Checking ${PKG_MANAGER} for upgraded packages...."
  updatesToInstall=$(eval "${PKG_COUNT}")
  echo " done!"
  echo ":::"
  if [[ -d "/lib/modules/$(uname -r)" ]]; then
    if [[ ${updatesToInstall} -eq "0" ]]; then
      echo "::: Your system is up to date! Continuing with Pi-hole installation..."
    else
      echo "::: There are ${updatesToInstall} updates available for your system!"
      echo "::: We recommend you update your OS after installing Pi-hole! "
      echo ":::"
    fi
  else
    echo "::: Kernel update detected, please reboot your system and try again if your installation fails."
  fi
}

install_dependent_packages() {
  # Install packages passed in via argument array
  # No spinner - conflicts with set -e
  declare -a argArray1=("${!1}")
  declare -a installArray

  # Debian based package install - debconf will download the entire package list
  # so we just create an array of packages not currently installed to cut down on the
  # amount of download traffic.
  # NOTE: We may be able to use this installArray in the future to create a list of package that were
  # installed by us, and remove only the installed packages, and not the entire list.
  if command -v debconf-apt-progress &> /dev/null; then
    for i in "${argArray1[@]}"; do
      echo -n ":::    Checking for $i..."
      if dpkg-query -W -f='${Status}' "${i}" 2>/dev/null | grep "ok installed" &> /dev/null; then
        echo " installed!"
      else
        echo " added to install list!"
        installArray+=("${i}")
      fi
    done
    if [[ ${#installArray[@]} -gt 0 ]]; then
      test_dpkg_lock
      debconf-apt-progress -- "${PKG_INSTALL[@]}" "${installArray[@]}"
      return
    fi
      return 0
  fi

  #Fedora/CentOS
  for i in "${argArray1[@]}"; do
    echo -n ":::    Checking for $i..."
    if ${PKG_MANAGER} -q list installed "${i}" &> /dev/null; then
      echo " installed!"
    else
      echo " added to install list!"
      installArray+=("${i}")
    fi
  done
    if [[ ${#installArray[@]} -gt 0 ]]; then
      "${PKG_INSTALL[@]}" "${installArray[@]}" &> /dev/null
      return
    fi
    return 0
}

CreateLogFile() {
  # Create logfiles if necessary
  echo ":::"
  echo -n "::: Creating log file and changing owner to dnsmasq..."
  if [ ! -f /var/log/pihole.log ]; then
    touch /var/log/pihole.log
    chmod 644 /var/log/pihole.log
    chown "${DNSMASQ_USER}":root /var/log/pihole.log
    echo " done!"
  else
    echo " already exists!"
  fi
}

installPiholeWeb() {
  # Install the web interface
  echo ":::"
  echo "::: Installing pihole custom index page..."
  if [ -d "/var/www/html/pihole" ]; then
    if [ -f "/var/www/html/pihole/index.php" ]; then
      echo ":::     Existing index.php detected, not overwriting"
    else
      echo -n ":::     index.php missing, replacing... "
      cp ${PI_HOLE_LOCAL_REPO}/advanced/index.php /var/www/html/pihole/
      echo " done!"
    fi

    if [ -f "/var/www/html/pihole/index.js" ]; then
      echo ":::     Existing index.js detected, not overwriting"
    else
      echo -n ":::     index.js missing, replacing... "
      cp ${PI_HOLE_LOCAL_REPO}/advanced/index.js /var/www/html/pihole/
      echo " done!"
    fi

    if [ -f "/var/www/html/pihole/blockingpage.css" ]; then
      echo ":::     Existing blockingpage.css detected, not overwriting"
    else
      echo -n ":::     blockingpage.css missing, replacing... "
      cp ${PI_HOLE_LOCAL_REPO}/advanced/blockingpage.css /var/www/html/pihole
      echo " done!"
    fi

  else
    echo ":::     Creating directory for blocking page"
    install -d /var/www/html/pihole
    install -D ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* /var/www/html/pihole/
    if [ -f /var/www/html/index.lighttpd.html ]; then
      mv /var/www/html/index.lighttpd.html /var/www/html/index.lighttpd.orig
    else
      printf "\n:::\tNo default index.lighttpd.html file found... not backing up"
    fi
    echo " done!"
  fi

  # Install Sudoer file
  echo ":::"
  echo -n "::: Installing sudoer file..."
  mkdir -p /etc/sudoers.d/
  cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.sudo /etc/sudoers.d/pihole
  # Add lighttpd user (OS dependent) to sudoers file
  echo "${LIGHTTPD_USER} ALL=NOPASSWD: /usr/local/bin/pihole" >> /etc/sudoers.d/pihole

  if [[ "$LIGHTTPD_USER" == "lighttpd" ]]; then
    # Allow executing pihole via sudo with Fedora
    # Usually /usr/local/bin is not permitted as directory for sudoable programms
    echo "Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin" >> /etc/sudoers.d/pihole
  fi

  chmod 0440 /etc/sudoers.d/pihole
  echo " done!"
}

installCron() {
  # Install the cron job
  echo ":::"
  echo -n "::: Installing latest Cron script..."
  cp ${PI_HOLE_LOCAL_REPO}/advanced/pihole.cron /etc/cron.d/pihole
  echo " done!"
}

runGravity() {
  # Run gravity.sh to build blacklists
  echo ":::"
  echo "::: Preparing to run gravity.sh to refresh hosts..."
  if ls /etc/pihole/list* 1> /dev/null 2>&1; then
    echo "::: Cleaning up previous install (preserving whitelist/blacklist)"
    rm /etc/pihole/list.*
  fi
  # Test if /etc/pihole/adlists.default exists
  if [[ ! -e /etc/pihole/adlists.default ]]; then
    cp ${PI_HOLE_LOCAL_REPO}/adlists.default /etc/pihole/adlists.default
  fi
  echo "::: Running gravity.sh"
  { /opt/pihole/gravity.sh; }
}

create_pihole_user() {
  # Check if user pihole exists and create if not
  echo "::: Checking if user 'pihole' exists..."
  if id -u pihole &> /dev/null; then
    echo "::: User 'pihole' already exists"
  else
    echo "::: User 'pihole' doesn't exist. Creating..."
    useradd -r -s /usr/sbin/nologin pihole
  fi
}

configureFirewall() {
  # Allow HTTP and DNS traffic
  if firewall-cmd --state &> /dev/null; then
    whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
    { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
    echo -e ":::\n:::\n Configuring FirewallD for httpd and dnsmasq."
    firewall-cmd --permanent --add-service=http --add-service=dns
    firewall-cmd --reload
    return 0
  # Check for proper kernel modules to prevent failure
  elif modinfo ip_tables &> /dev/null && command -v iptables &> /dev/null; then
    # If chain Policy is not ACCEPT or last Rule is not ACCEPT
    # then check and insert our Rules above the DROP/REJECT Rule.
    if iptables -S INPUT | head -n1 | grep -qv '^-P.*ACCEPT$' || iptables -S INPUT | tail -n1 | grep -qv '^-\(A\|P\).*ACCEPT$'; then
      whiptail --title "Firewall in use" --yesno "We have detected a running firewall\n\nPi-hole currently requires HTTP and DNS port access.\n\n\n\nInstall Pi-hole default firewall rules?" ${r} ${c} || \
      { echo -e ":::\n::: Not installing firewall rulesets."; return 0; }
      echo -e ":::\n::: Installing new IPTables firewall rulesets."
      # Check chain first, otherwise a new rule will duplicate old ones
      iptables -C INPUT -p tcp -m tcp --dport 80 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
      iptables -C INPUT -p tcp -m tcp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT
      iptables -C INPUT -p udp -m udp --dport 53 -j ACCEPT &> /dev/null || iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT
      return 0
    fi
  else
    echo -e ":::\n::: No active firewall detected.. skipping firewall configuration."
    return 0
  fi
  echo -e ":::\n::: Skipping firewall configuration."
}

finalExports() {

  if [[ ${INSTALL_WEB} == false ]]; then
    #No web interface installed, and therefore no block page set IPV4/6 to 0.0.0.0 and ::/0
    if [ ${IPV4_ADDRESS} ]; then
      IPV4_ADDRESS="0.0.0.0"
    fi
    if [ ${IPV6_ADDRESS} ]; then
      IPV6_ADDRESS="::/0"
    fi
  fi

  # Update variables in setupVars.conf file
  if [ -e "${setupVars}" ]; then
    sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/PIHOLE_DNS_1/d;/PIHOLE_DNS_2/d;/QUERY_LOGGING/d;/INSTALL_WEB/d;' "${setupVars}"
  fi
    {
  echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
  echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
  echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
  echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
  #-add
  echo "DNSSEC=true"
  echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
  echo "QUERY_LOGGING=${QUERY_LOGGING}"
  echo "INSTALL_WEB=${INSTALL_WEB}"
    }>> "${setupVars}"

  # Look for DNS server settings which would have to be reapplied
  source "${setupVars}"
  source "${PI_HOLE_LOCAL_REPO}/advanced/Scripts/webpage.sh"

  if [[ "${DNS_FQDN_REQUIRED}" != "" ]] ; then
    ProcessDNSSettings
  fi

  if [[ "${DHCP_ACTIVE}" != "" ]] ; then
    ProcessDHCPSettings
  fi
}

installLogrotate() {
  # Install the logrotate script
  echo ":::"
  echo -n "::: Installing latest logrotate script..."
  cp ${PI_HOLE_LOCAL_REPO}/advanced/logrotate /etc/pihole/logrotate
  # Different operating systems have different user / group
  # settings for logrotate that makes it impossible to create
  # a static logrotate file that will work with e.g.
  # Rasbian and Ubuntu at the same time. Hence, we have to
  # customize the logrotate script here in order to reflect
  # the local properties of the /var/log directory
  logusergroup="$(stat -c '%U %G' /var/log)"
  if [[ ! -z $logusergroup ]]; then
    sed -i "s/# su #/su ${logusergroup}/" /etc/pihole/logrotate
  fi
  echo " done!"
}

installPihole() {
  # Install base files and web interface
  create_pihole_user

  if [[ ${INSTALL_WEB} == true ]]; then
    if [ ! -d "/var/www/html" ]; then
      mkdir -p /var/www/html
    fi
    chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} /var/www/html
    chmod 775 /var/www/html
    usermod -a -G ${LIGHTTPD_GROUP} pihole
    if [ -x "$(command -v lighty-enable-mod)" ]; then
      lighty-enable-mod fastcgi fastcgi-php > /dev/null || true
    else
      printf "\n:::\tWarning: 'lighty-enable-mod' utility not found. Please ensure fastcgi is enabled if you experience issues.\n"
    fi
  fi
  installScripts
  installConfigs
  CreateLogFile
  if [[ ${INSTALL_WEB} == true ]]; then
    installPiholeWeb
  fi
  installCron
  installLogrotate
  FTLdetect || echo "::: FTL Engine not installed."
  configureFirewall
  finalExports
  #runGravity
}

accountForRefactor() {
  # At some point in the future this list can be pruned, for now we'll need it to ensure updates don't break.

  # Refactoring of install script has changed the name of a couple of variables. Sort them out here.

  sed -i 's/piholeInterface/PIHOLE_INTERFACE/g' ${setupVars}
  sed -i 's/IPv4_address/IPV4_ADDRESS/g' ${setupVars}
  sed -i 's/IPv4addr/IPV4_ADDRESS/g' ${setupVars}
  sed -i 's/IPv6_address/IPV6_ADDRESS/g' ${setupVars}
  sed -i 's/piholeIPv6/IPV6_ADDRESS/g' ${setupVars}
  sed -i 's/piholeDNS1/PIHOLE_DNS_1/g' ${setupVars}
  sed -i 's/piholeDNS2/PIHOLE_DNS_2/g' ${setupVars}

}

updatePihole() {
  accountForRefactor
  # Install base files and web interface
  installScripts
  installConfigs
  CreateLogFile
  if [[ ${INSTALL_WEB} == true ]]; then
    installPiholeWeb
  fi
  installCron
  installLogrotate
  FTLdetect || echo "::: FTL Engine not installed."
  finalExports #re-export setupVars.conf to account for any new vars added in new versions
  #runGravity
}


checkSelinux() {
  if command -v getenforce &> /dev/null; then
    echo ":::"
    echo -n "::: SELinux Support Detected... Mode: "
    enforceMode=$(getenforce)
    echo "${enforceMode}"
    if [[ "${enforceMode}" == "Enforcing" ]]; then
      whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c} || \
      { echo ":::"; echo "::: Not continuing install after SELinux Enforcing detected."; exit 1; }
      echo ":::"
      echo "::: Continuing installation with SELinux Enforcing."
      echo "::: Please refer to official SELinux documentation to create a custom policy."
    fi
  fi
}


update_dialogs() {
  # reconfigure
  if [ "${reconfigure}" = true ]; then
    opt1a="Repair"
    opt1b="This will retain existing settings"
    strAdd="You will remain on the same version"
  else
    opt1a="Update"
    opt1b="This will retain existing settings."
    strAdd="You will be updated to the latest version."
  fi
  opt2a="Reconfigure"
  opt2b="This will allow you to enter new settings"

  UpdateCmd=$(whiptail --title "Existing Install Detected!" --menu "\n\nWe have detected an existing install.\n\nPlease choose from the following options: \n($strAdd)" ${r} ${c} 2 \
  "${opt1a}"  "${opt1b}" \
  "${opt2a}"  "${opt2b}" 3>&2 2>&1 1>&3) || \
  { echo "::: Cancel selected. Exiting"; exit 1; }

  case ${UpdateCmd} in
    ${opt1a})
      echo "::: ${opt1a} option selected."
      useUpdateVars=true
      ;;
    ${opt2a})
      echo "::: ${opt2a} option selected"
      useUpdateVars=false
      ;;
    esac
}

clone_or_update_repos() {
if [[ "${reconfigure}" == true ]]; then
      echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
    else
      # Get Git files for Core and Admin
      getGitFiles ${PI_HOLE_LOCAL_REPO} ${piholeGitUrl} || \
        { echo "!!! Unable to clone ${piholeGitUrl} into ${PI_HOLE_LOCAL_REPO}, unable to continue."; \
          exit 1; \
        }

      if [[ ${INSTALL_WEB} == true ]]; then
        getGitFiles ${webInterfaceDir} ${webInterfaceGitUrl} || \
        { echo "!!! Unable to clone ${webInterfaceGitUrl} into ${webInterfaceDir}, unable to continue."; \
          exit 1; \
        }
      fi
    fi
}

FTLinstall() {
  # Download and install FTL binary
  local binary="${1}"
  local latesttag
  local orig_dir
  echo -n ":::  Installing FTL... "

  orig_dir="${PWD}"
  latesttag=$(curl -sI https://github.com/pi-hole/FTL/releases/latest | grep "Location" | awk -F '/' '{print $NF}')
  # Tags should always start with v, check for that.
  if [[ ! "${latesttag}" == v* ]]; then
    echo "failed (error in getting latest release location from GitHub)"
    return 1
  fi
  if curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}" -o "/tmp/${binary}"; then
    # Get sha1 of the binary we just downloaded for verification.
    curl -sSL --fail "https://github.com/pi-hole/FTL/releases/download/${latesttag%$'\r'}/${binary}.sha1" -o "/tmp/${binary}.sha1"
    # Check if we just downloaded text, or a binary file.
    cd /tmp
    if sha1sum --status --quiet -c "${binary}".sha1; then
      echo -n "transferred... "
      stop_service pihole-FTL &> /dev/null
      install -T -m 0755 /tmp/${binary} /usr/bin/pihole-FTL
      cd "${orig_dir}"
      install -T -m 0755 "${PI_HOLE_LOCAL_REPO}/advanced/pihole-FTL.service" "/etc/init.d/pihole-FTL"
      echo "done."
      return 0
    else
      echo "failed (download of binary from Github failed)"
      cd "${orig_dir}"
      return 1
    fi
  else
    cd "${orig_dir}"
    echo "failed (URL not found.)"
  fi
}

FTLdetect() {
  # Detect suitable FTL binary platform
  echo ":::"
  echo "::: Downloading latest version of FTL..."

  local machine
  local binary

  machine=$(uname -m)

  if [[ $machine == arm* || $machine == *aarch* ]]; then
    # ARM
    local rev=$(uname -m | sed "s/[^0-9]//g;")
    local lib=$(ldd /bin/ls | grep -E '^\s*/lib' | awk '{ print $1 }')
    if [[ "$lib" == "/lib/ld-linux-aarch64.so.1" ]]; then
      echo ":::  Detected ARM-aarch64 architecture"
      binary="pihole-FTL-aarch64-linux-gnu"
    elif [[ "$lib" == "/lib/ld-linux-armhf.so.3" ]]; then
      if [ "$rev" -gt "6" ]; then
        echo ":::  Detected ARM-hf architecture (armv7+)"
        binary="pihole-FTL-arm-linux-gnueabihf"
      else
        echo ":::  Detected ARM-hf architecture (armv6 or lower)"
        echo ":::  Using ARM binary"
        binary="pihole-FTL-arm-linux-gnueabi"
      fi
    else
      echo ":::  Detected ARM architecture"
      binary="pihole-FTL-arm-linux-gnueabi"
    fi
  elif [[ $machine == x86_64 ]]; then
    # 64bit
    echo ":::  Detected x86_64 architecture"
    binary="pihole-FTL-linux-x86_64"
  else
    # Something else - we try to use 32bit executable and warn the user
    if [[ ! $machine == i686 ]]; then
      echo ":::  Not able to detect architecture (unknown: ${machine}), trying 32bit executable"
      echo ":::  Contact Pi-hole support if you experience problems (like FTL not running)"
    else
      echo ":::  Detected 32bit (i686) architecture"
    fi
    binary="pihole-FTL-linux-x86_32"
  fi

  FTLinstall "${binary}" || return 1

}

main() {

  ######## FIRST CHECK ########
  # Must be root to install

  #echo ":::"
  #if [[ ${EUID} -eq 0 ]]; then
    #echo "::: You are root."
  #else
    #echo "::: Script called with non-root privileges. The Pi-hole installs server packages and configures"
    #echo "::: system networking, it requires elevated rights. Please check the contents of the script for"
    #echo "::: any concerns with this requirement. Please be sure to download this script from a trusted source."
    #echo ":::"
    #echo "::: Detecting the presence of the sudo utility for continuation of this install..."

    #if command -v sudo &> /dev/null; then
      #echo "::: Utility sudo located."
      #exec curl -sSL https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh | sudo bash "$@"
      #exit $?
    #else
      #echo "::: sudo is needed for the Web interface to run pihole commands.  Please run this script as root and it will be automatically installed."
      #exit 1
    #fi
  #fi
	install_OpenVPN
  # Check for supported distribution - LEAVE IN
  distro_check

  # Check arguments for the undocumented flags - CHECK UNATTENDED
  for var in "$@"; do
    case "$var" in
      "--reconfigure"  ) reconfigure=true;;
      "--i_do_not_follow_recommendations"   ) skipSpaceCheck=false;;
      "--unattended"     ) runUnattended=true;;
    esac
  done

  if [[ -f ${setupVars} ]]; then
    if [[ "${runUnattended}" == true ]]; then
      echo "::: --unattended passed to install script, no whiptail dialogs will be displayed"
      useUpdateVars=true
    else
      update_dialogs
    fi
  fi

  # Start the installer
  # Verify there is enough disk space for the install
  if [[ "${skipSpaceCheck}" == true ]]; then
    echo "::: --i_do_not_follow_recommendations passed to script, skipping free disk space verification!"
  else
    verifyFreeDiskSpace
  fi

  # Update package cache - LEAVE IN
  update_package_cache || exit 1

  # Notify user of package availability - CHECK NEEDED
  notify_package_updates_available

  # Install packages used by this installation script - LEAVE IN
  install_dependent_packages INSTALLER_DEPS[@]

   # Check if SELinux is Enforcing - CHECK NEEDED
  checkSelinux


  if [[ ${useUpdateVars} == false ]]; then
    # Display welcome dialogs

    # Create directory for Pi-hole storage
    mkdir -p /etc/pihole/

    stop_service dnsmasq
    if [[ ${INSTALL_WEB} == true ]]; then
      stop_service lighttpd
    fi

    #chooseInterface - CHECK NEEDED
	PIHOLE_INTERFACE="tun0"
    # Decide what upstream DNS Servers to use
	PIHOLE_DNS_1="8.8.8.8"
    PIHOLE_DNS_2="8.8.4.4"
    # Let the user decide if they want to block ads over IPv4 and/or IPv6
    use4andor6
    #setAdminFlag
	INSTALL_WEB=false
    #setLogging
	QUERY_LOGGING=false
    # Clone/Update the repos
    clone_or_update_repos

       # Install packages used by the Pi-hole
    if [[ ${INSTALL_WEB} == true ]]; then
      DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}")
    else
      DEPS=("${PIHOLE_DEPS[@]}")
    fi
    install_dependent_packages DEPS[@]


    # Install and log everything to a file
    installPihole | tee ${tmpLog}
  else
    # Clone/Update the repos
    clone_or_update_repos

    # Source ${setupVars} for use in the rest of the functions.
    source ${setupVars}

    # Install packages used by the Pi-hole
    if [[ ${INSTALL_WEB} == true ]]; then
      DEPS=("${PIHOLE_DEPS[@]}" "${PIHOLE_WEB_DEPS[@]}")
    else
      DEPS=("${PIHOLE_DEPS[@]}")
    fi
    install_dependent_packages DEPS[@]

    updatePihole | tee ${tmpLog}
  fi

  # Move the log file into /etc/pihole for storage
  mv ${tmpLog} ${instalLogLoc}

  if [[ ${INSTALL_WEB} == true ]]; then
    # Add password to web UI if there is none
    pw=""
    if [[ $(grep 'WEBPASSWORD' -c /etc/pihole/setupVars.conf) == 0 ]] ; then
        pw=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
        . /opt/pihole/webpage.sh
        echo "WEBPASSWORD=$(HashPassword ${pw})" >> ${setupVars}
    fi
  fi
  echo "Updating system"
    sudo apt-get update && sudo apt-get -y upgrade

  echo "::: Restarting services..."
  #restart openvpn
  sudo systemctl restart openvpn@server
  # Start services
  start_service dnsmasq
  enable_service dnsmasq

  if [[ ${INSTALL_WEB} == true ]]; then
    start_service lighttpd
    enable_service lighttpd
  fi

  runGravity

  start_service pihole-FTL
  enable_service pihole-FTL


  #download full openroad warrior script for further use
  wget https://git.io/vpn -O openvpn-install.sh
  #and full orignal pihole script for good measure
  wget https://install.pi-hole.net


  echo "::: Update complete!"

  echo "::: The install log is located at: /etc/pihole/install.log"
}

if [[ "${PH_TEST}" != true ]] ; then
  main "$@"
fi