feat(install): Add possibility to use Pi-hole in unattended install (#…

…1825) In unattended install, there is no possibility to specify if user wants to use Pi-hole DNS as DNS. Introducing a --use-pihole argument, user can decide if PiVPN configuration should be aligned to the Pi-hole installation.
pivpn · Apr 5, 2024 · d072977 · d072977
1 parent 850e665
commit d072977
Showing 1 changed file with 51 additions and 37 deletions.
diff --git a/auto_install/install.sh b/auto_install/install.sh
@@ -57,6 +57,7 @@ easyrsaRel="https://github.com/OpenVPN/easy-rsa/releases/download/v${easyrsaVer}
 
 ######## Undocumented Flags. Shhh ########
 runUnattended=false
+usePiholeDNS=false
 skipSpaceCheck=false
 reconfigure=false
 showUnsupportedNICs=false
@@ -226,6 +227,9 @@ flagsCheck() {
         runUnattended=true
         unattendedConfig="${!j}"
         ;;
+      "--use-pihole")
+        usePiholeDNS=true
+        ;;
       "--reconfigure")
         reconfigure=true
         ;;
@@ -2341,9 +2345,49 @@ the default" "${r}" "${c}" "${DEFAULT_PORT}" \
   echo "pivpnPORT=${pivpnPORT}" >> "${tempsetupVarsFile}"
 }
 
+setupPiholeDNS() {
+  # Add a custom hosts file for VPN clients so they appear
+  # as 'name.pivpn' in the Pi-hole dashboard as well as resolve
+  # by their names.
+  echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
+    | ${SUDO} tee "${dnsmasqConfig}" > /dev/null
+
+  # Then create an empty hosts file or clear if it exists.
+  ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
+
+  # Setting Pi-hole to "Listen on all interfaces" allows
+  # dnsmasq to listen on the VPN interface while permitting
+  # queries only from hosts whose address is on the LAN and
+  # VPN subnets.
+  ${SUDO} pihole -a -i local
+
+  # Use the Raspberry Pi VPN IP as DNS server.
+  pivpnDNS1="${vpnGw}"
+
+  {
+    echo "pivpnDNS1=${pivpnDNS1}"
+    echo "pivpnDNS2=${pivpnDNS2}"
+  } >> "${tempsetupVarsFile}"
+
+  # Allow incoming DNS requests through UFW.
+  if [[ "${USING_UFW}" -eq 1 ]]; then
+    ${SUDO} ufw insert 1 allow in \
+      on "${pivpnDEV}" to any port 53 \
+      from "${pivpnNET}/${subnetClass}" > /dev/null
+  else
+    ${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
+      -p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
+  fi
+}
+
 askClientDNS() {
   if [[ "${runUnattended}" == 'true' ]]; then
-    if [[ -z "${pivpnDNS1}" ]] \
+    if [[ "${usePiholeDNS}" == 'true' ]] \
+      && command -v pihole > /dev/null \
+      && [[ -r "${piholeSetupVars}" ]]; then
+      setupPiholeDNS
+      return
+    elif [[ -z "${pivpnDNS1}" ]] \
       && [[ -n "${pivpnDNS2}" ]]; then
       pivpnDNS1="${pivpnDNS2}"
       unset pivpnDNS2
@@ -2383,49 +2427,19 @@ askClientDNS() {
 
   # Detect and offer to use Pi-hole
   if command -v pihole > /dev/null; then
-    if whiptail \
-      --backtitle "Setup PiVPN" \
-      --title "Pi-hole" \
-      --yesno "We have detected a Pi-hole installation, \
+    if [[ "${usePiholeDNS}" == 'true' ]] \
+      || whiptail \
+        --backtitle "Setup PiVPN" \
+        --title "Pi-hole" \
+        --yesno "We have detected a Pi-hole installation, \
 do you want to use it as the DNS server for the VPN, so you \
 get ad blocking on the go?" "${r}" "${c}"; then
       if [[ ! -r "${piholeSetupVars}" ]]; then
         err "::: Unable to read ${piholeSetupVars}"
         exit 1
       fi
 
-      # Add a custom hosts file for VPN clients so they appear
-      # as 'name.pivpn' in the Pi-hole dashboard as well as resolve
-      # by their names.
-      echo "addn-hosts=/etc/pivpn/hosts.${VPN}" \
-        | ${SUDO} tee "${dnsmasqConfig}" > /dev/null
-
-      # Then create an empty hosts file or clear if it exists.
-      ${SUDO} bash -c "> /etc/pivpn/hosts.${VPN}"
-
-      # Setting Pi-hole to "Listen on all interfaces" allows
-      # dnsmasq to listen on the VPN interface while permitting
-      # queries only from hosts whose address is on the LAN and
-      # VPN subnets.
-      ${SUDO} pihole -a -i local
-
-      # Use the Raspberry Pi VPN IP as DNS server.
-      pivpnDNS1="${vpnGw}"
-
-      {
-        echo "pivpnDNS1=${pivpnDNS1}"
-        echo "pivpnDNS2=${pivpnDNS2}"
-      } >> "${tempsetupVarsFile}"
-
-      # Allow incoming DNS requests through UFW.
-      if [[ "${USING_UFW}" -eq 1 ]]; then
-        ${SUDO} ufw insert 1 allow in \
-          on "${pivpnDEV}" to any port 53 \
-          from "${pivpnNET}/${subnetClass}" > /dev/null
-      else
-        ${SUDO} iptables -I INPUT -i "${pivpnDEV}" \
-          -p udp --dport 53 -j ACCEPT -m comment --comment "pihole-DNS-rule"
-      fi
+      setupPiholeDNS
       return
     fi
   fi