From 4f255da5ca0e91b7a861502c7d4c8f391fe416ab Mon Sep 17 00:00:00 2001 From: Bram Suurd Date: Sun, 4 Feb 2024 21:26:00 +0100 Subject: [PATCH] Update Pi-hole installation script and build function --- ct/pihole.sh | 2 +- install/pihole-install.sh | 94 ++++++++++++++++++++++++--------------- misc/build.func | 10 ++--- 3 files changed, 64 insertions(+), 42 deletions(-) diff --git a/ct/pihole.sh b/ct/pihole.sh index 57c5e9c0..9540288a 100644 --- a/ct/pihole.sh +++ b/ct/pihole.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -source <(curl -s https://raw.githubusercontent.com/tteck/Proxmox/main/misc/build.func) +source <(curl -s https://raw.githubusercontent.com/BramSuurdje/Proxmox/main/misc/build.func) # Copyright (c) 2021-2024 tteck # Author: tteck (tteckster) # License: MIT diff --git a/install/pihole-install.sh b/install/pihole-install.sh index d9643b31..b9100d49 100644 --- a/install/pihole-install.sh +++ b/install/pihole-install.sh @@ -21,6 +21,64 @@ $STD apt-get install -y ufw $STD apt-get install -y ntp msg_ok "Installed Dependencies" +read -r -p "Would you like to add Unbound? " prompt +if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then + msg_info "Installing Unbound" + $STD apt-get install -y unbound + cat </etc/unbound/unbound.conf.d/pi-hole.conf +server: + verbosity: 0 + interface: 0.0.0.0 + port: 5335 + do-ip6: no + do-ip4: yes + do-udp: yes + do-tcp: yes + num-threads: 1 + hide-identity: yes + hide-version: yes + harden-glue: yes + harden-dnssec-stripped: yes + harden-referral-path: yes + use-caps-for-id: no + harden-algo-downgrade: no + qname-minimisation: yes + aggressive-nsec: yes + rrset-roundrobin: yes + cache-min-ttl: 300 + cache-max-ttl: 14400 + msg-cache-slabs: 8 + rrset-cache-slabs: 8 + infra-cache-slabs: 8 + key-cache-slabs: 8 + serve-expired: yes + serve-expired-ttl: 3600 + edns-buffer-size: 1232 + prefetch: yes + prefetch-key: yes + target-fetch-policy: "3 2 1 1 1" + unwanted-reply-threshold: 10000000 + rrset-cache-size: 256m + msg-cache-size: 128m + so-rcvbuf: 1m + private-address: 192.168.0.0/16 + private-address: 169.254.0.0/16 + private-address: 172.16.0.0/12 + private-address: 10.0.0.0/8 + private-address: fd00::/8 + private-address: fe80::/10 +EOF + mkdir -p /etc/dnsmasq.d/ + cat </etc/dnsmasq.d/99-edns.conf +edns-packet-max=1232 +EOF + wget -q https://www.internic.net/domain/named.root >/var/lib/unbound/root.hints + sed -i -e 's/PIHOLE_DNS_1=8.8.8.8/PIHOLE_DNS_1=127.0.0.1#5335/' -e 's/PIHOLE_DNS_2=8.8.4.4/#PIHOLE_DNS_2=8.8.4.4/' /etc/pihole/setupVars.conf + systemctl enable -q --now unbound + systemctl restart pihole-FTL.service + msg_ok "Installed Unbound" +fi + msg_info "Installing Pi-hole" mkdir -p /etc/pihole/ cat </etc/pihole/setupVars.conf @@ -42,42 +100,6 @@ EOF $STD bash <(curl -fsSL https://install.pi-hole.net) --unattended msg_ok "Installed Pi-hole" -read -r -p "Would you like to add Unbound? " prompt -if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then - msg_info "Installing Unbound" - $STD apt-get install -y unbound - cat </etc/unbound/unbound.conf.d/pi-hole.conf -server: - verbosity: 0 - interface: 0.0.0.0 - port: 5335 - do-ip4: yes - do-udp: yes - do-tcp: yes - do-ip6: no - prefer-ip6: no - harden-glue: yes - harden-dnssec-stripped: yes - use-caps-for-id: no - edns-buffer-size: 1232 - prefetch: yes - num-threads: 1 - private-address: 192.168.0.0/16 - private-address: 169.254.0.0/16 - private-address: 172.16.0.0/12 - private-address: 10.0.0.0/8 - private-address: fd00::/8 - private-address: fe80::/10 -EOF - mkdir -p /etc/dnsmasq.d/ && sudo touch /etc/dnsmasq.d/99-edns.conf - cat </etc/dnsmasq.d/99-edns.conf -edns-packet-max=1232 -EOF - wget -q https://www.internic.net/domain/named.root >/var/lib/unbound/root.hints - systemctl enable -q --now unbound - msg_ok "Installed Unbound" -fi - motd_ssh customize diff --git a/misc/build.func b/misc/build.func index e526ca57..43976b7e 100644 --- a/misc/build.func +++ b/misc/build.func @@ -503,9 +503,9 @@ build_container() { TEMP_DIR=$(mktemp -d) pushd $TEMP_DIR >/dev/null if [ "$var_os" == "alpine" ]; then - export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/tteck/Proxmox/main/misc/alpine-install.func)" + export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/BramSuurdje/Proxmox/main/misc/alpine-install.func)" else - export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/tteck/Proxmox/main/misc/install.func)" + export FUNCTIONS_FILE_PATH="$(curl -s https://raw.githubusercontent.com/BramSuurdje/Proxmox/main/misc/install.func)" fi export CACHER="$APT_CACHER" export CACHER_IP="$APT_CACHER_IP" @@ -535,7 +535,7 @@ build_container() { $PW " # This executes create_lxc.sh and creates the container and .conf file - bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/ct/create_lxc.sh)" || exit + bash -c "$(wget -qLO - https://raw.githubusercontent.com/BramSuurdje/Proxmox/main/ct/create_lxc.sh)" || exit LXC_CONFIG=/etc/pve/lxc/${CTID}.conf if [ "$CT_TYPE" == "0" ]; then @@ -579,14 +579,14 @@ http://dl-cdn.alpinelinux.org/alpine/latest-stable/community EOF' pct exec "$CTID" -- ash -c "apk add bash >/dev/null" fi - lxc-attach -n "$CTID" -- bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/install/$var_install.sh)" || exit + lxc-attach -n "$CTID" -- bash -c "$(wget -qLO - https://raw.githubusercontent.com/BramSuurdje/Proxmox/main/install/$var_install.sh)" || exit } # This function sets the description of the container. description() { IP=$(pct exec "$CTID" ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1) - pct set "$CTID" -description "
+ pct set "$CTID" -description "
# ${APP} LXC