- Bring back the logic from v5 containers for web password

- Update readme to take into accounts changes to FTLs environment variable handling - shell/md linting, tidy away some code that is no longer needed Signed-off-by: Adam Warner <me@adamwarner.co.uk>
2025-12-20 02:18:51 +00:00 · 2023-10-20 13:14:08 +01:00
parent 0784964f60
commit 74657d01a9
3 changed files with 106 additions and 172 deletions
--- a/src/bash_functions.sh
+++ b/src/bash_functions.sh
@@ -15,8 +15,8 @@
 # Takes one argument: key
 # Example getFTLConfigValue dns.piholePTR
 #######################
-getFTLConfigValue(){
-   pihole-FTL --config -q "${1}"
+getFTLConfigValue() {
+    pihole-FTL --config -q "${1}"
 }

 #######################
@@ -28,29 +28,21 @@ getFTLConfigValue(){
 # Note, for complex values such as dns.upstreams, you should wrap the value in single quotes:
 # setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]'
 #######################
-setFTLConfigValue(){
-  pihole-FTL --config "${1}" "${2}" >/dev/null
+setFTLConfigValue() {
+    pihole-FTL --config "${1}" "${2}" >/dev/null
 }

-# export adlistFile="/etc/pihole/adlists.list"
-
 # shellcheck disable=SC2034
 ensure_basic_configuration() {
    echo "  [i] Ensuring basic configuration by re-running select functions from basic-install.sh"

-
-    # installScripts > /dev/null
+    # TODO:
    # installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case

-    # set +e
    mkdir -p /var/run/pihole /var/log/pihole
    touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
    chown -R pihole:pihole /var/run/pihole /var/log/pihole

-    # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
-    # chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
-    # chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
-
    mkdir -p /etc/pihole
    if [[ -z "${PYTEST}" ]]; then
        if [[ ! -f /etc/pihole/adlists.list ]]; then
@@ -60,9 +52,6 @@ ensure_basic_configuration() {

    chown -R pihole:pihole /etc/pihole

-
-    # set -e
-
    # If FTLCONF_files_macvendor is not set
    if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then
        # User is not passing in a custom location - so force FTL to use the file we moved to / during the build
@@ -71,6 +60,41 @@ ensure_basic_configuration() {
    fi
 }

+setup_web_password() {
+    echo "  [i] Checking web password"
+    # If the web password variable is not set...
+    if [ -z "${FTLCONF_webserver_api_password+x}" ]; then
+        # is the variable FTLCONF_ENV_ONLY set to true?
+        if [ "${FTLCONF_ENV_ONLY}" == "true" ]; then
+            echo "  [i] No password supplied via FTLCONF_webserver_api_password, but FTLCONF_ENV_ONLY is set to true, using default (none)"
+            # If so, return - the password will be set to FTL's default (no password)
+            return
+        fi
+
+        # Exit if password is already set in config file
+        if [[ -n $(pihole-FTL --config webserver.api.pwhash) ]]; then
+            echo "  [i] Password already set in config file"
+            return
+        fi
+
+        # If we have got here, we will now generate a random passwor
+        RANDOMPASSWORD=$(tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c 8)
+        echo "  [i] No password set in environment or config file, assigning random password: $RANDOMPASSWORD"
+
+        # Explicitly turn off bash printing when working with secrets
+        { set +x; } 2>/dev/null
+
+        pihole setpassword "$RANDOMPASSWORD"
+
+        # To avoid printing this if conditional in bash debug, turn off  debug above..
+        # then re-enable debug if necessary (more code but cleaner printed output)
+        if [ "${PH_VERBOSE:-0}" -gt 0 ]; then
+            set -x
+        fi
+    else
+        echo "  [i] Assigning password defined by Environment Variable"
+    fi
+}

 fix_capabilities() {
    # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
@@ -86,7 +110,7 @@ fix_capabilities() {
    if [[ ${CAP_STR} ]]; then
        # We have the (some of) the above caps available to us - apply them to pihole-FTL
        echo "  [i] Applying the following caps to pihole-FTL:"
-        IFS=',' read -ra CAPS <<< "${CAP_STR:1}"
+        IFS=',' read -ra CAPS <<<"${CAP_STR:1}"
        for i in "${CAPS[@]}"; do
            echo "        * ${i}"
        done
@@ -111,80 +135,5 @@ fix_capabilities() {
        echo "              Please ensure that the container has the required capabilities."
        exit 1
    fi
+    echo ""
 }
-
-setup_FTL_query_logging(){
-    if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then
-        echo "  [i] Disabling Query Logging"
-        setFTLConfigValue dns.queryLogging "${QUERY_LOGGING_OVERRIDE}"
-    else
-        # If it is anything other than false, set it to true
-        echo "  [i] Enabling Query Logging"
-        setFTLConfigValue dns.queryLogging true
-    fi
-}
-
-load_web_password_secret() {
-   # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
-   # allowing secrets to be passed via docker secrets
-   if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
-     WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
-   fi;
-}
-
-setup_web_password() {
-    if [ -z "${WEBPASSWORD+x}" ] ; then
-        # ENV WEBPASSWORD_OVERRIDE is not set
-
-        # Exit if password is already set (TODO: Revisit this. Maybe make setting password in environment variable mandatory?)
-        if [[ $(pihole-FTL --config webserver.api.pwhash) != '""' ]]; then
-            return
-        fi
-        # Generate new random password
-        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
-        echo "  [i] Assigning random password: $WEBPASSWORD"
-    else
-        # ENV WEBPASSWORD_OVERRIDE is set and will be used
-        echo "  [i] Assigning password defined by Environment Variable"
-        # WEBPASSWORD="$WEBPASSWORD"
-    fi
-
-    # Explicitly turn off bash printing when working with secrets
-    { set +x; } 2>/dev/null
-
-    if [[ "$WEBPASSWORD" == "" ]] ; then
-        echo "" | pihole -a -p
-    else
-        pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
-    fi
-
-    # To avoid printing this if conditional in bash debug, turn off  debug above..
-    # then re-enable debug if necessary (more code but cleaner printed output)
-    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
-        set -x
-    fi
-}
-
-# setup_blocklists() {
-#     # Exit/return early without setting up adlists with defaults for any of the following conditions:
-#     # 1. skip_setup_blocklists env is set
-#     exit_string="(exiting ${FUNCNAME[0]} early)"
-
-#     if [ -n "${skip_setup_blocklists}" ]; then
-#         echo "  [i] skip_setup_blocklists requested $exit_string"
-#         return
-#     fi
-
-#     # 2. The adlist file exists already (restarted container or volume mounted list)
-#     if [ -f "${adlistFile}" ]; then
-#         echo "  [i] Preexisting ad list ${adlistFile} detected $exit_string"
-#         return
-#     fi
-
-#     echo "  [i] ${FUNCNAME[0]} now setting default blocklists up: "
-#     echo "  [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
-#     # installDefaultBlocklists
-
-#     echo "  [i] Blocklists (${adlistFile}) now set to:"
-#     cat "${adlistFile}"
-# }