From 88b1a1c26d599ee9617c943920a56ab10f7e21ac Mon Sep 17 00:00:00 2001 From: "b.waal" Date: Tue, 5 Sep 2023 03:23:41 +0200 Subject: [PATCH] Update 'Installer.sh' --- Installer.sh | 198 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 185 insertions(+), 13 deletions(-) diff --git a/Installer.sh b/Installer.sh index 078744f..5dde7cc 100644 --- a/Installer.sh +++ b/Installer.sh @@ -4,21 +4,21 @@ # Static Vars # ##---------------## -#APTMODE="debconf-apt-progress -- apt" -#PKGM="$APTMODE" -#PKGUD="$PKGM update" -#PKGUP="$PKGM upgrade -y" -#PKGI="${PKGM} install -y" -#PKRM="$PKGM remove --purge -y" -#PKARM="$PKGM autoremove -y" +###DEBIAN### +APTMODE="debconf-apt-progress -- apt" +PKGM="$APTMODE" +PKGUD="$PKGM update" +PKGUP="$PKGM upgrade -y" +PKGI="${PKGM} install -y" +###DEBIAN### + +alias pihole="/usr/local/bin/pihole" REPO=Pi-Hole BRANCH=main GIT=https://git.ictcorpnet.com/b.waal/$REPO/raw -https://git.ictcorpnet.com/b.waal/Pi-Hole/raw/branch/main - ##-----------## # Check OS # ##-----------## @@ -26,12 +26,184 @@ https://git.ictcorpnet.com/b.waal/Pi-Hole/raw/branch/main wget $GIT/$BRANCH/Config/OScheck.sh -O /tmp/OScheck.sh source /tmp/OScheck.sh -echo $dist + +##----------## +# Menu # +##----------## + +if [[ $dist == "Alpine" ]]; then + if (whiptail --title "Setup" --yesno "Use an APT-Cacher?" 8 78); then + CACHE=$(whiptail --inputbox "What is the IP address for APT-Cacher?" 8 78 192.168.1.102 --title "Setup" 3>&1 1>&2 2>&3) + echo "http://XXX.XXX.XXX.XXX/alpine/v3.18/main" > /etc/apk/repositories + echo "http://XXX.XXX.XXX.XXX/alpine/v3.18/community" >> /etc/apk/repositories + echo "http://XXX.XXX.XXX.XXX/alpine/edge/testing/" >> /etc/apk/repositories + sed -i "s/XXX.XXX.XXX.XXX/$CACHE/g" /etc/apk/repositories + else + echo "" + fi +fi +if [[ $dist == "Debian" ]]; then + if (whiptail --title "Setup" --yesno "Use an APT-Cacher?" 8 78); then + CACHE=$(whiptail --inputbox "What is the IP address for APT-Cacher?" 8 78 192.168.1.102 --title "Setup" 3>&1 1>&2 2>&3) + echo 'Acquire::http::Proxy "http://XXX.XXX.XXX.XXX:80";'> /etc/apt/apt.conf.d/01prox + sed -i "s/XXX.XXX.XXX.XXX/$CACHE/g" /etc/apt/apt.conf.d/01prox + echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/01Recommends + echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf.d/01Suggests + else + echo "" + fi +fi + +if (whiptail --title "Setup" --yesno "Install Unbound?" 8 78); then + UNBOUND=true +else + UNBOUND=false +fi +if (whiptail --title "Setup" --yesno "Install UFW?" 8 78); then + UFW=true +else + UFW=false +fi +if [[ $dist == "Debian" ]]; then + if (whiptail --title "Setup" --yesno "Unattended-Upgrades" 8 78); then + UNATTENDED=true + else + UNATTENDED=false + fi +fi +if (whiptail --title "Setup" --yesno "Disable IPv6?" 8 78); then + IPv6=false +else + IPv6=true +fi + + +##-----------## +# Updater # +##-----------## + +if [[ $dist == "Alpine" ]]; then +apk update +apk upgrade +fi + +if [[ $dist == "Debian" ]]; then +apt update +apt list --upgradeable 2>/dev/null | cut -d/ -f1 | grep -v Listing >> /tmp/install.list +fi + + +##--------------## +# Pre-Config # +##--------------## + +mkdir -p /etc/pihole +wget $GIT/$BRANCH/Config/Pihole/pihole-FTL.conf -O /etc/pihole/pihole-FTL.conf +wget $GIT/$BRANCH/Config/Pihole/setupVars.conf -O /etc/pihole/setupVars.conf + +if [[ $UNBOUND == "false" ]]; then + sed -i 's/INSTALL_UNBOUND=0/INSTALL_UNBOUND=1/g' /etc/pihole/setupVars.conf + sed -i 's/PIHOLE_DNS_1=127.0.0.1#5335/PIHOLE_DNS_1=1.1.1.1/g' /etc/pihole/setupVars.conf +fi +if [[ $IPv6 == "true" ]]; then + sed -i 's/RESOLVE_IPV6=no/RESOLVE_IPV6=yes/g' /etc/pihole/pihole-FTL.conf + else + if [[ $dist == "Alpine" ]]; then + wget $GIT/$BRANCH/Config/Alpine/Alpine-local.conf -O /etc/sysctl.d/local.conf + sysctl -p + fi + if [[ $dist == "Debian" ]]; then + echo "" >> /etc/sysctl.conf + echo "#Disable IPv6" >> /etc/sysctl.conf + echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf + echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf + echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf + sysctl -p + fi +fi + + +##-------------## +# Installer # +##-------------## + +if [[ $dist == "Alpine" ]]; then +apk add dialog git newt procps dhcpcd openrc ncurses newt curl bind-tools nmap-ncat psmisc sudo unzip libidn nettle libcap openresolv iproute2-ss jq +apk add --no-cache --upgrade grep + if [[ $UFW == "true" ]]; then + apk add ufw + fi +git clone https://gitlab.com/yvelon/pi-hole /tmp/pi-hole +bash /tmp/pi-hole/automated\ install/basic-install.sh --unattended +fi + +if [[ $dist == "Debian" ]]; then + echo "git iproute2 dialog ca-certificates cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps jq" /tmp/install.list + if [[ $UFW == "true" ]]; then + echo "ufw" >> /tmp/install.list + fi + if [[ $UNATTENDED == "true" ]]; then + echo "unattended-upgrades apt-listchanges" >> /tmp/install.list + fi + xargs < /tmp/install.list xargs apt install -y + git clone --depth 1 https://github.com/pi-hole/pi-hole.git /tmp/pi-hole + bash /tmp/pi-hole/automated\ install/basic-install.sh --unattended +fi ##---------------## -# Dependencies # +# Configuring # ##---------------## -#$PKGI curl wget whiptail -apk update && apk add curl wget newt \ No newline at end of file +if [[ $UNBOUND == "true" ]]; then + if [[ $dist == "Alpine" ]]; then + service unbound stop && service pihole-FTL stop + mkdir -p /etc/unbound/unbound.conf.d + rm /etc/unbound/unbound.conf + wget $GIT/$BRANCH/Config/Unbound/unbound.conf -O /etc/unbound/unbound.conf + wget $GIT/$BRANCH/Config/Unbound/pi-hole.conf -O /etc/unbound/unbound.conf.d/pi-hole.conf + wget $GIT/$BRANCH/Config/Unbound/privacy.conf -O /etc/unbound/unbound.conf.d/privacy.conf + wget $GIT/$BRANCH/Config/Unbound/qname-minimisation.conf -O /etc/unbound/unbound.conf.d/qname-minimisation.conf + service unbound start && service pihole-FTL start + pihole restartdns + fi + if [[ $dist == "Debian" ]]; then + systemctl stop unbound && systemctl stop pihole-FTL + wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints + wget $GIT/$BRANCH/Config/Unbound/pi-hole.conf -O /etc/unbound/unbound.conf.d/pi-hole.conf + wget $GIT/$BRANCH/Config/Unbound/privacy.conf -O /etc/unbound/unbound.conf.d/privacy.conf + wget $GIT/$BRANCH/Config/Unbound/qname-minimisation.conf -O /etc/unbound/unbound.conf.d/qname-minimisation.conf + systemctl start unbound && systemctl start pihole-FTL + pihole restartdns + fi +fi + +if [[ $UFW == "true" ]]; then + if [[ $IPv6 == "false" ]]; then + sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw + ufw allow 80/tcp + ufw allow 53/tcp + ufw limit 22/tcp + echo "y" | ufw enable + fi + if [[ $IPv6 == "true" ]]; then + ufw allow 80/tcp + ufw allow 53/tcp + ufw limit 22/tcp + echo "y" | ufw enable + fi +fi + +if [[ $UNATTENDED == "true" ]]; then + wget https://git.ictcorpnet.com/b.waal/PiAutomation/raw/branch/main/Unattended-Security-Updates/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades + wget https://git.ictcorpnet.com/b.waal/PiAutomation/raw/branch/main/Unattended-Security-Updates/50debian-unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades +fi + + +##-------------## +# Finishing # +##-------------## + +ln -s /usr/local/bin/pihole /usr/bin/pihole +whiptail --title "Done!" --msgbox "Pihole is now available on http://LXC.IP.ADDRESS.HERE/admin\n\nPress OK to continue." 10 78 +exit \ No newline at end of file