feat(install): Add possibility to use Pi-hole in unattended install (#1825)

In unattended install, there is no possibility to specify if user wants to use Pi-hole DNS as DNS. Introducing a --use-pihole argument, user can decide if PiVPN configuration should be aligned to the Pi-hole installation.
2024-12-19 03:10:16 +00:00 · 2024-04-05 22:09:24 +02:00 · 2024-04-05 22:09:24 +02:00 · d0729779a1
commit d0729779a1
parent 850e665642
1 changed files with 51 additions and 37 deletions
--- a/auto_install/install.sh
+++ b/auto_install/install.sh
@ -57,6 +57,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}

 ######## Undocumented Flags. Shhh ########
 runUnattended=false
+usePiholeDNS=false
 skipSpaceCheck=false
 reconfigure=false
 showUnsupportedNICs=false
@ -226,6 +227,9 @@ flagsCheck() {
        runUnattended=true
        unattendedConfig="${!j}"
        ;;
+      "--use-pihole")
+        usePiholeDNS=true
+        ;;
      "--reconfigure")
        reconfigure=true
        ;;
@ -2341,9 +2345,49 @@ the default" "${r}" "${c}" "${DEFAULT_PORT}" \
  echo "pivpnPORT=${pivpnPORT}" >> "${tempsetupVarsFile}"
 }

+setupPiholeDNS() {
+  # Add a custom hosts file for VPN clients so they appear
+  # as 'name.pivpn' in the Pi-hole dashboard as well as resolve
+  # by their names.
+  echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
+    | ${SUDO} tee "${dnsmasqConfig}" > /dev/null
+
+  # Then create an empty hosts file or clear if it exists.
+  ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
+
+  # Setting Pi-hole to "Listen on all interfaces" allows
+  # dnsmasq to listen on the VPN interface while permitting
+  # queries only from hosts whose address is on the LAN and
+  # VPN subnets.
+  ${SUDO} pihole -a -i local
+
+  # Use the Raspberry Pi VPN IP as DNS server.
+  pivpnDNS1="${vpnGw}"
+
+  {
+    echo "pivpnDNS1=${pivpnDNS1}"
+    echo "pivpnDNS2=${pivpnDNS2}"
+  } >> "${tempsetupVarsFile}"
+
+  # Allow incoming DNS requests through UFW.
+  if [[ "${USING_UFW}" -eq 1 ]]; then
+    ${SUDO} ufw insert 1 allow in \
+      on "${pivpnDEV}" to any port 53 \
+      from "${pivpnNET}/${subnetClass}" > /dev/null
+  else
+    ${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
+      -p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
+  fi
+}
+
 askClientDNS() {
  if [[ "${runUnattended}" == 'true' ]]; then
-    if [[ -z "${pivpnDNS1}" ]] \
+    if [[ "${usePiholeDNS}" == 'true' ]] \
+      && command -v pihole > /dev/null \
+      && [[ -r "${piholeSetupVars}" ]]; then
+      setupPiholeDNS
+      return
+    elif [[ -z "${pivpnDNS1}" ]] \
      && [[ -n "${pivpnDNS2}" ]]; then
      pivpnDNS1="${pivpnDNS2}"
      unset pivpnDNS2
@ -2383,7 +2427,8 @@ askClientDNS() {

  # Detect and offer to use Pi-hole
  if command -v pihole > /dev/null; then
-    if whiptail \
+    if [[ "${usePiholeDNS}" == 'true' ]] \
+      || whiptail \
        --backtitle "Setup PiVPN" \
        --title "Pi-hole" \
        --yesno "We have detected a Pi-hole installation, \
@ -2394,38 +2439,7 @@ get ad blocking on the go?" "${r}" "${c}"; then
        exit 1
      fi

-      # Add a custom hosts file for VPN clients so they appear
-      # as 'name.pivpn' in the Pi-hole dashboard as well as resolve
-      # by their names.
-      echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
-        | ${SUDO} tee "${dnsmasqConfig}" > /dev/null
-
-      # Then create an empty hosts file or clear if it exists.
-      ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
-
-      # Setting Pi-hole to "Listen on all interfaces" allows
-      # dnsmasq to listen on the VPN interface while permitting
-      # queries only from hosts whose address is on the LAN and
-      # VPN subnets.
-      ${SUDO} pihole -a -i local
-
-      # Use the Raspberry Pi VPN IP as DNS server.
-      pivpnDNS1="${vpnGw}"
-
-      {
-        echo "pivpnDNS1=${pivpnDNS1}"
-        echo "pivpnDNS2=${pivpnDNS2}"
-      } >> "${tempsetupVarsFile}"
-
-      # Allow incoming DNS requests through UFW.
-      if [[ "${USING_UFW}" -eq 1 ]]; then
-        ${SUDO} ufw insert 1 allow in \
-          on "${pivpnDEV}" to any port 53 \
-          from "${pivpnNET}/${subnetClass}" > /dev/null
-      else
-        ${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
-          -p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
-      fi
+      setupPiholeDNS
      return
    fi
  fi