Do not check whether the pihole user can read /etc/pihole/logrotate. It needs to be readable by root only, which is always true.
Signed-off-by: MichaIng <micha@dietpi.com>
FTL correctly creates the cert and especially private key with 0600 mode. But the prestart scripts changes it to 0660.
After removing the dedicated webserver from Pi-hole setups, the pihole group has no purpose anymore, and files should not be writable to any other user than pihole itself, and the private TLS key not reasable to anyone else either.
Additionally, this commit consolidates the chmod calls, applying 0755 to all directories and 0640 to all files, but the TLS key and cert.
Signed-off-by: MichaIng <micha@dietpi.com>
Fix Text+URL for allowlisting/denylisting. Keep former terms for when people search for them.
Signed-off-by: Jeroen Habets <jeroenhabets@users.noreply.github.com>
If service start/stop/restart/enable/disable fails, it help to debug the issue, if STDERR is not hidden, hence the error message can be seen. systemctl furthermore has the `-q` option to suppress non-error output. It works as well for "is-enabled", but until a certain systemd version still throws an error, if the checked service does not exist at all. Once Debian Bullseye support is dropped by Pi-hole, also STDERR form systemctl is-enabled does not need to be suppressed anymore.
Signed-off-by: MichaIng <micha@dietpi.com>
`/etc/lighttpd/conf-enabled` usually contains symlinks to the actual files in `/etc/lighttpd/conf-available`, at least `lighty-enable-mod` does exactly this. If `/etc/lighttpd/conf-available/15-pihole-admin.conf` is removed first, `/etc/lighttpd/conf-enabled/15-pihole-admin.conf` hence points to nowhere, which makes the `-f` check return false. The orphaned symlink is hence not removed, if `lighty-disable-mod` is not available.
This PR changes the order, to remove the symlink first, and to be failsafe also if it is orphaned already, and the actual config afterwards.
Signed-off-by: MichaIng <micha@dietpi.com>
The dnsmasq config files were removed in `remove_old_dnsmasq_ftl_configs()`, before they were tried to be migrated via `migrate_dnsmasq_configs()`, and hence most settings were lost during v5 to v6 update.
This commit renames and adjussts `remove_old_dnsmasq_ftl_configs()` to move dnsmasq config files into the migration directory instead, to be picked up by `migrate_dnsmasq_configs()` later.
Signed-off-by: MichaIng <micha@dietpi.com>
The CLI skips double quotes in config output, hence the output is completely empty, if no password was applied yet, e.g. on a fresh install. This leads to an unprotected web interface. The check is corrected, to have a random password applied as intended.
Additionally, the logic to show an unchanged or unset password on the completion dialog is inverted to correctly show "unchanged" resp. "NOT SET" if the password has not been changed resp. is empty.
Signed-off-by: MichaIng <micha@dietpi.com>
While the dialog is shown to choose or enter an upstream DNS for Pi-hole, it is never applied. Hence fresh Pi-hole installs have no upstream DNS and cannot resolve queries.
It is now checked for the two generated variables PIHOLE_DNS_1 and PIHOLE_DNS_2, a TOML array generated and applied via pihole-FTL CLI.
Signed-off-by: MichaIng <micha@dietpi.com>
