feat(install): Add possibility to use Pi-hole in unattended install (#1825)

In unattended install, there is no possibility to
specify if user wants to use Pi-hole DNS as DNS.

Introducing a --use-pihole argument, user can decide
if PiVPN configuration should be aligned to the
Pi-hole installation.
This commit is contained in:
Jonathan 2024-04-05 22:09:24 +02:00 committed by 4s3ti
parent 850e665642
commit d0729779a1
No known key found for this signature in database
GPG key ID: AC2D3B898F96BC51

View file

@ -57,6 +57,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
######## Undocumented Flags. Shhh ######## ######## Undocumented Flags. Shhh ########
runUnattended=false runUnattended=false
usePiholeDNS=false
skipSpaceCheck=false skipSpaceCheck=false
reconfigure=false reconfigure=false
showUnsupportedNICs=false showUnsupportedNICs=false
@ -226,6 +227,9 @@ flagsCheck() {
runUnattended=true runUnattended=true
unattendedConfig="${!j}" unattendedConfig="${!j}"
;; ;;
"--use-pihole")
usePiholeDNS=true
;;
"--reconfigure") "--reconfigure")
reconfigure=true reconfigure=true
;; ;;
@ -2341,9 +2345,49 @@ the default" "${r}" "${c}" "${DEFAULT_PORT}" \
echo "pivpnPORT=${pivpnPORT}" >> "${tempsetupVarsFile}" echo "pivpnPORT=${pivpnPORT}" >> "${tempsetupVarsFile}"
} }
setupPiholeDNS() {
# Add a custom hosts file for VPN clients so they appear
# as 'name.pivpn' in the Pi-hole dashboard as well as resolve
# by their names.
echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
| ${SUDO} tee "${dnsmasqConfig}" > /dev/null
# Then create an empty hosts file or clear if it exists.
${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
# Setting Pi-hole to "Listen on all interfaces" allows
# dnsmasq to listen on the VPN interface while permitting
# queries only from hosts whose address is on the LAN and
# VPN subnets.
${SUDO} pihole -a -i local
# Use the Raspberry Pi VPN IP as DNS server.
pivpnDNS1="${vpnGw}"
{
echo "pivpnDNS1=${pivpnDNS1}"
echo "pivpnDNS2=${pivpnDNS2}"
} >> "${tempsetupVarsFile}"
# Allow incoming DNS requests through UFW.
if [[ "${USING_UFW}" -eq 1 ]]; then
${SUDO} ufw insert 1 allow in \
on "${pivpnDEV}" to any port 53 \
from "${pivpnNET}/${subnetClass}" > /dev/null
else
${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
-p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
fi
}
askClientDNS() { askClientDNS() {
if [[ "${runUnattended}" == 'true' ]]; then if [[ "${runUnattended}" == 'true' ]]; then
if [[ -z "${pivpnDNS1}" ]] \ if [[ "${usePiholeDNS}" == 'true' ]] \
&& command -v pihole > /dev/null \
&& [[ -r "${piholeSetupVars}" ]]; then
setupPiholeDNS
return
elif [[ -z "${pivpnDNS1}" ]] \
&& [[ -n "${pivpnDNS2}" ]]; then && [[ -n "${pivpnDNS2}" ]]; then
pivpnDNS1="${pivpnDNS2}" pivpnDNS1="${pivpnDNS2}"
unset pivpnDNS2 unset pivpnDNS2
@ -2383,10 +2427,11 @@ askClientDNS() {
# Detect and offer to use Pi-hole # Detect and offer to use Pi-hole
if command -v pihole > /dev/null; then if command -v pihole > /dev/null; then
if whiptail \ if [[ "${usePiholeDNS}" == 'true' ]] \
--backtitle "Setup PiVPN" \ || whiptail \
--title "Pi-hole" \ --backtitle "Setup PiVPN" \
--yesno "We have detected a Pi-hole installation, \ --title "Pi-hole" \
--yesno "We have detected a Pi-hole installation, \
do you want to use it as the DNS server for the VPN, so you \ do you want to use it as the DNS server for the VPN, so you \
get ad blocking on the go?" "${r}" "${c}"; then get ad blocking on the go?" "${r}" "${c}"; then
if [[ ! -r "${piholeSetupVars}" ]]; then if [[ ! -r "${piholeSetupVars}" ]]; then
@ -2394,38 +2439,7 @@ get ad blocking on the go?" "${r}" "${c}"; then
exit 1 exit 1
fi fi
# Add a custom hosts file for VPN clients so they appear setupPiholeDNS
# as 'name.pivpn' in the Pi-hole dashboard as well as resolve
# by their names.
echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
| ${SUDO} tee "${dnsmasqConfig}" > /dev/null
# Then create an empty hosts file or clear if it exists.
${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
# Setting Pi-hole to "Listen on all interfaces" allows
# dnsmasq to listen on the VPN interface while permitting
# queries only from hosts whose address is on the LAN and
# VPN subnets.
${SUDO} pihole -a -i local
# Use the Raspberry Pi VPN IP as DNS server.
pivpnDNS1="${vpnGw}"
{
echo "pivpnDNS1=${pivpnDNS1}"
echo "pivpnDNS2=${pivpnDNS2}"
} >> "${tempsetupVarsFile}"
# Allow incoming DNS requests through UFW.
if [[ "${USING_UFW}" -eq 1 ]]; then
${SUDO} ufw insert 1 allow in \
on "${pivpnDEV}" to any port 53 \
from "${pivpnNET}/${subnetClass}" > /dev/null
else
${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
-p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
fi
return return
fi fi
fi fi