285 lines
8.4 KiB
Bash
285 lines
8.4 KiB
Bash
#!/bin/bash
|
|
|
|
##---------------##
|
|
# Static Vars #
|
|
##---------------##
|
|
|
|
###DEBIAN###
|
|
APTMODE="debconf-apt-progress -- apt"
|
|
PKGM="$APTMODE"
|
|
PKGUD="$PKGM update"
|
|
PKGUP="$PKGM upgrade -y"
|
|
PKGI="${PKGM} install -y"
|
|
###DEBIAN###
|
|
###ALPINE###
|
|
VER=3.18
|
|
###ALPINE###
|
|
REPO=Pi-Hole
|
|
BRANCH=main
|
|
GIT=https://git.ictcorpnet.com/b.waal/$REPO/raw
|
|
|
|
|
|
##------------##
|
|
# Pre-Check #
|
|
##------------##
|
|
|
|
if [ "$EUID" -ne 0 ]
|
|
then echo "Please run as root"
|
|
exit
|
|
fi
|
|
|
|
wget $GIT/$BRANCH/Config/OScheck.sh -O /tmp/OScheck.sh
|
|
source /tmp/OScheck.sh
|
|
|
|
if (whiptail --title "Pi Automation" --yesno "Is this device configured with a static IP?." 8 78); then
|
|
echo ""
|
|
else
|
|
whiptail --title "Pi Automation" --msgbox "Configure a static IP first!" 8 78
|
|
clear
|
|
exit
|
|
fi
|
|
|
|
|
|
##----------##
|
|
# Menu #
|
|
##----------##
|
|
|
|
NAME=$(whiptail --nocancel --inputbox "What is your name?" 8 39 John --title "Welcome" 3>&1 1>&2 2>&3)
|
|
HOSTNAME=$(whiptail --nocancel --inputbox "What is the name of this machine?\n(only az-AZ 0-9 characters are allowed)" 8 43 PiHole --title "Welcome $NAME!" 3>&1 1>&2 2>&3)
|
|
HOSTNAME=$(echo $HOST | tr -dc '[:alnum:]\n\r')
|
|
|
|
|
|
|
|
if [[ $dist == "Alpine" ]]; then
|
|
if (whiptail --title "Setup" --yesno "Use an APT-Cacher?" 8 78); then
|
|
CACHE=$(whiptail --inputbox "What is the IP address for APT-Cacher?" 8 78 192.168.1.102 --title "Setup" 3>&1 1>&2 2>&3)
|
|
echo "http://XXX.XXX.XXX.XXX/alpine/v$VER/main" > /etc/apk/repositories
|
|
echo "http://XXX.XXX.XXX.XXX/alpine/v$VER/community" >> /etc/apk/repositories
|
|
echo "http://XXX.XXX.XXX.XXX/alpine/edge/testing/" >> /etc/apk/repositories
|
|
sed -i "s/XXX.XXX.XXX.XXX/$CACHE/g" /etc/apk/repositories
|
|
else
|
|
echo ""
|
|
fi
|
|
fi
|
|
if [[ $dist == "Debian" ]]; then
|
|
if (whiptail --title "Setup" --yesno "Use an APT-Cacher?" 8 78); then
|
|
CACHE=$(whiptail --inputbox "What is the IP address for APT-Cacher?" 8 78 192.168.1.102 --title "Setup" 3>&1 1>&2 2>&3)
|
|
echo 'Acquire::http::Proxy "http://XXX.XXX.XXX.XXX:80";'> /etc/apt/apt.conf.d/01prox
|
|
sed -i "s/XXX.XXX.XXX.XXX/$CACHE/g" /etc/apt/apt.conf.d/01prox
|
|
echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/01Recommends
|
|
echo 'APT::Install-Suggests "false";' > /etc/apt/apt.conf.d/01Suggests
|
|
else
|
|
echo ""
|
|
fi
|
|
fi
|
|
|
|
if (whiptail --title "Setup" --yesno "Install Unbound?" 8 78); then
|
|
UNBOUND=true
|
|
else
|
|
UNBOUND=false
|
|
fi
|
|
if (whiptail --title "Setup" --yesno "Install UFW?" 8 78); then
|
|
UFW=true
|
|
else
|
|
UFW=false
|
|
fi
|
|
if (whiptail --title "Setup" --yesno "Disable IPv6?" 8 78); then
|
|
IPv6=false
|
|
else
|
|
IPv6=true
|
|
fi
|
|
if [[ $dist == "Debian" ]]; then
|
|
if (whiptail --title "Setup" --yesno "Install Log2Ram" 8 78); then
|
|
L2R=true
|
|
else
|
|
L2R=false
|
|
fi
|
|
fi
|
|
if [[ $dist == "Debian" ]]; then
|
|
if (whiptail --title "Setup" --yesno "Install Unattended-Upgrades?" 8 78); then
|
|
UNATTENDED=true
|
|
else
|
|
UNATTENDED=false
|
|
fi
|
|
fi
|
|
|
|
|
|
##-----------##
|
|
# Updater #
|
|
##-----------##
|
|
|
|
if [[ $dist == "Alpine" ]]; then
|
|
apk update
|
|
apk upgrade
|
|
fi
|
|
|
|
if [[ $dist == "Debian" ]]; then
|
|
apt update
|
|
apt list --upgradeable 2>/dev/null | cut -d/ -f1 | grep -v Listing >> /tmp/install.list
|
|
fi
|
|
|
|
|
|
##--------------##
|
|
# Pre-Config #
|
|
##--------------##
|
|
|
|
if [[ $dist == "Alpine" ]]; then
|
|
IP=`hostname -i` && IP=$(echo $IP | cut -d' ' -f2,3)
|
|
fi
|
|
|
|
if [[ $dist == "Debian" ]]; then
|
|
hostnamectl set-hostname $HOSTNAME
|
|
timedatectl set-timezone Europe/Amsterdam
|
|
IP=`hostname -I` && IP=$(echo $IP | cut -d' ' -f2,3)
|
|
rm /etc/motd
|
|
rm /etc/update-motd.d/10-uname
|
|
fi
|
|
|
|
mkdir -p /etc/pihole
|
|
wget $GIT/$BRANCH/Config/Pihole/pihole-FTL.conf -O /etc/pihole/pihole-FTL.conf
|
|
wget $GIT/$BRANCH/Config/Pihole/setupVars.conf -O /etc/pihole/setupVars.conf
|
|
|
|
if [[ $UNBOUND == "false" ]]; then
|
|
sed -i 's/INSTALL_UNBOUND=0/INSTALL_UNBOUND=1/g' /etc/pihole/setupVars.conf
|
|
sed -i 's/PIHOLE_DNS_1=127.0.0.1#5335/PIHOLE_DNS_1=1.1.1.1/g' /etc/pihole/setupVars.conf
|
|
fi
|
|
if [[ $IPv6 == "true" ]]; then
|
|
sed -i 's/RESOLVE_IPV6=no/RESOLVE_IPV6=yes/g' /etc/pihole/pihole-FTL.conf
|
|
else
|
|
if [[ $dist == "Alpine" ]]; then
|
|
wget $GIT/$BRANCH/Config/Alpine/Alpine-local.conf -O /etc/sysctl.d/local.conf
|
|
sysctl -p
|
|
fi
|
|
if [[ $dist == "Debian" ]]; then
|
|
echo "" >> /etc/sysctl.conf
|
|
echo "#Disable IPv6" >> /etc/sysctl.conf
|
|
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
|
|
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
|
|
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
|
|
sysctl -p
|
|
fi
|
|
fi
|
|
|
|
|
|
##-------------##
|
|
# Installer #
|
|
##-------------##
|
|
|
|
if [[ $dist == "Alpine" ]]; then
|
|
apk add dialog git newt procps dhcpcd openrc ncurses newt curl bind-tools nmap-ncat psmisc sudo unzip libidn nettle libcap openresolv iproute2-ss jq
|
|
apk add --no-cache --upgrade grep
|
|
if [[ $UFW == "true" ]]; then
|
|
apk add ufw
|
|
fi
|
|
git clone https://gitlab.com/yvelon/pi-hole /tmp/pi-hole
|
|
bash /tmp/pi-hole/automated\ install/basic-install.sh --unattended
|
|
fi
|
|
|
|
if [[ $dist == "Debian" ]]; then
|
|
echo "git iproute2 dialog ca-certificates cron curl iputils-ping psmisc sudo unzip idn2 libcap2-bin dns-root-data libcap2 netcat-openbsd procps jq" >> /tmp/install.list
|
|
if [[ $UNBOUND == "true" ]]; then
|
|
echo "unbound" >> /tmp/install.list
|
|
fi
|
|
if [[ $UFW == "true" ]]; then
|
|
echo "ufw" >> /tmp/install.list
|
|
fi
|
|
if [[ $L2R == "true" ]]; then
|
|
echo "rsync tar" >> /tmp/install.list
|
|
fi
|
|
if [[ $UNATTENDED == "true" ]]; then
|
|
echo "unattended-upgrades apt-listchanges" >> /tmp/install.list
|
|
fi
|
|
xargs < /tmp/install.list xargs $PKGI
|
|
git clone --depth 1 https://github.com/pi-hole/pi-hole.git /tmp/pi-hole
|
|
bash /tmp/pi-hole/automated\ install/basic-install.sh --unattended
|
|
fi
|
|
|
|
|
|
##---------------##
|
|
# Configuring #
|
|
##---------------##
|
|
|
|
ln -s /usr/local/bin/pihole /usr/bin/pihole
|
|
|
|
if [[ $UNBOUND == "true" ]]; then
|
|
if [[ $dist == "Alpine" ]]; then
|
|
service unbound stop && service pihole-FTL stop
|
|
mkdir -p /etc/unbound/unbound.conf.d
|
|
rm /etc/unbound/unbound.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/unbound.conf -O /etc/unbound/unbound.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/pi-hole.conf -O /etc/unbound/unbound.conf.d/pi-hole.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/privacy.conf -O /etc/unbound/unbound.conf.d/privacy.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/qname-minimisation.conf -O /etc/unbound/unbound.conf.d/qname-minimisation.conf
|
|
service unbound start && service pihole-FTL start
|
|
pihole restartdns
|
|
fi
|
|
if [[ $dist == "Debian" ]]; then
|
|
systemctl stop unbound && systemctl stop pihole-FTL
|
|
wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints
|
|
wget $GIT/$BRANCH/Config/Unbound/pi-hole.conf -O /etc/unbound/unbound.conf.d/pi-hole.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/privacy.conf -O /etc/unbound/unbound.conf.d/privacy.conf
|
|
wget $GIT/$BRANCH/Config/Unbound/qname-minimisation.conf -O /etc/unbound/unbound.conf.d/qname-minimisation.conf
|
|
systemctl start unbound && systemctl start pihole-FTL
|
|
pihole restartdns
|
|
fi
|
|
fi
|
|
|
|
if [[ $UFW == "true" ]]; then
|
|
if [[ $IPv6 == "false" ]]; then
|
|
sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
|
|
ufw allow 80/tcp
|
|
ufw allow 53/tcp
|
|
ufw limit 22/tcp
|
|
echo "y" | ufw enable
|
|
fi
|
|
if [[ $IPv6 == "true" ]]; then
|
|
ufw allow 80/tcp
|
|
ufw allow 53/tcp
|
|
ufw limit 22/tcp
|
|
echo "y" | ufw enable
|
|
fi
|
|
fi
|
|
|
|
if [[ $UNATTENDED == "true" ]]; then
|
|
wget https://git.ictcorpnet.com/b.waal/Unattended-Upgrades/raw/branch/main/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
|
|
wget https://git.ictcorpnet.com/b.waal/Unattended-Upgrades/raw/branch/main/50debian-unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
|
|
fi
|
|
|
|
if [[ $L2R == "true" ]]; then
|
|
curl -L https://github.com/azlux/log2ram/archive/master.tar.gz -o /tmp/log2ram.tar.gz
|
|
tar zxfv /tmp/log2ram.tar.gz -C /tmp/
|
|
cd /tmp/log2ram-master/
|
|
chmod +x install.sh && sudo ./install.sh
|
|
systemctl daemon-reload
|
|
cd ~
|
|
|
|
sed -i -e 's/MAIL=true/MAIL=false/g' /etc/log2ram.conf
|
|
journalctl --vacuum-size=32M
|
|
systemctl restart systemd-journald
|
|
rm -rf /var/log/journal
|
|
fi
|
|
|
|
|
|
##--------------##
|
|
# Store Vars #
|
|
##--------------##
|
|
|
|
echo $NAME > /etc/username
|
|
#echo $OPTIONS >> /etc/installedmodules
|
|
#sed -i 's/\s\+/\n/g' /etc/installedmodules
|
|
#sed -i 's/\"//g' /etc/installedmodules
|
|
|
|
|
|
##-------------##
|
|
# Finishing #
|
|
##-------------##
|
|
|
|
wget $GIT/$BRANCH/Tools/AddHost.sh -O /opt/AddHost.sh
|
|
|
|
if [[ $dist == "Debian" ]]; then
|
|
wget $GIT/$BRANCH/MOTD/greetings.sh -O /etc/profile.d/greeting.sh
|
|
sed -i -e "s/%name%/$NAME/g" /etc/profile.d/greeting.sh
|
|
fi
|
|
|
|
whiptail --title "Done!" --msgbox "Pi-Hole is now available on http://$IP/admin\n\nPress OK to continue." 10 78
|
|
exit |