Pi-Hole/docker-pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/docker-pi-hole.git synced 2025-12-20 02:18:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1626 from pi-hole/development-v6

Browse Source 
Development v6 -> dev
This commit is contained in:
Adam Warner
2024-09-02 21:59:46 +01:00
committed by GitHub
parent 6239412098 d00f17f169
commit c38a6ea487
75 changed files with 862 additions and 2550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,4 +1,4 @@
`{Please select 'base: dev' as target branch above! (you can delete this line)}`
`{Please select 'base: development' as target branch above! (you can delete this line)}`
<!--- Provide a general summary of your changes in the Title above -->

35
.github/actions/login-repo/action.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
name: Login to container registries
description: Login to container registries Docker Hub and GitHub Container Registry
inputs:
# Actions cannot access secrets so pass them in as inputs
docker_username:
required: true
description: The username to use to login to Docker Hub
docker_password:
required: true
description: The password to use to login to Docker Hub
ghcr_username:
required: true
description: The username to use to login to GitHub Container Registry
ghcr_password:
required: true
description: The password to use to login to GitHub Container Registry
runs:
using: "composite"
steps:
-
name: Login to Docker Hub
uses: docker/login-action@v2
with:
registry: docker.io
username: ${{ inputs.docker_username }}
password: ${{ inputs.docker_password }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ inputs.ghcr_username }}
password: ${{ inputs.ghcr_password }}

37
.github/dependabot.yml vendored
View File

@@ -7,7 +7,7 @@ updates:
interval: "weekly"
day: saturday
time: "10:00"
target-branch: dev
target-branch: development
reviewers:
- "pi-hole/docker-maintainers"
- package-ecosystem: "docker"
@@ -16,7 +16,7 @@ updates:
interval: "weekly"
day: saturday
time: "10:00"
target-branch: dev
target-branch: development
reviewers:
- "pi-hole/docker-maintainers"
- package-ecosystem: pip
@@ -26,35 +26,6 @@ updates:
day: saturday
time: "10:00"
open-pull-requests-limit: 10
target-branch: dev
target-branch: development
reviewers:
- "pi-hole/docker-maintainers"
# Maintain dependencies for GitHub Actions development-v6
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: saturday
time: "10:00"
target-branch: development-v6
reviewers:
- "pi-hole/docker-maintainers"
- package-ecosystem: "docker"
directory: "/src/"
schedule:
interval: "weekly"
day: saturday
time: "10:00"
target-branch: development-v6
reviewers:
- "pi-hole/docker-maintainers"
- package-ecosystem: pip
directory: "/test"
schedule:
interval: weekly
day: saturday
time: "10:00"
open-pull-requests-limit: 10
target-branch: development-v6
reviewers:
- "pi-hole/docker-maintainers"
- "pi-hole/docker-maintainers"

40
.github/workflows/test-and-build-v6.yml → .github/workflows/build-and-publish.yml vendored
View File

@@ -1,14 +1,18 @@
name: Build and Publish (development-v6)
name: Build Image and Publish
on:
schedule:
- cron: "0 5 * * *"
push:
branches:
- development-v6
- development
release:
types: [published]
env:
dockerhub: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole
ghcr: ghcr.io/${{ github.repository_owner }}/pihole
components_branch: ${{ startsWith(github.ref, 'refs/tags/') && 'master' || 'development' }}
jobs:
build:
@@ -29,9 +33,14 @@ jobs:
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Checkout Repo
if: github.event_name != 'schedule'
uses: actions/checkout@v4
- name: Checkout dev branch if scheduled
if: github.event_name == 'schedule'
uses: actions/checkout@v4
with:
ref: development-v6
ref: development
- name: Docker meta
id: meta
@@ -42,9 +51,11 @@ jobs:
${{ env.dockerhub }}
${{ env.ghcr }}
flavor: |
latest=false
latest=${{ startsWith(github.ref, 'refs/tags/') }}
tags: |
development-v6
type=schedule,pattern=nightly
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
type=ref,event=tag
- name: Login to DockerHub and GitHub Container Registry
uses: ./.github/actions/login-repo
@@ -70,7 +81,11 @@ jobs:
platforms: ${{ matrix.platform }}
build-args: |
PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }}
alpine_version=${{ matrix.alpine_version }}
alpine_version=${{ matrix.alpine_version }}
FTL_BRANCH=${{ env.components_branch }}
CORE_BRANCH=${{ env.components_branch }}
WEB_BRANCH=${{ env.components_branch }}
PADD_BRANCH=${{ env.components_branch }}
labels: ${{ steps.meta.outputs.labels }}
outputs: |
type=image,name=${{ env.dockerhub }},push-by-digest=true,name-canonical=true,push=true
@@ -98,9 +113,14 @@ jobs:
- build
steps:
- name: Checkout Repo
if: github.event_name != 'schedule'
uses: actions/checkout@v4
- name: Checkout dev branch if scheduled
if: github.event_name == 'schedule'
uses: actions/checkout@v4
with:
ref: development-v6
ref: development
- name: Download digests
uses: actions/download-artifact@v4
@@ -121,9 +141,11 @@ jobs:
${{ env.dockerhub }}
${{ env.ghcr }}
flavor: |
latest=false
latest=${{ startsWith(github.ref, 'refs/tags/') }}
tags: |
development-v6
type=schedule,pattern=nightly
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
type=ref,event=tag
- name: Login to DockerHub and GitHub Container Registry
uses: ./.github/actions/login-repo

32
.github/workflows/build-and-test.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
name: Build Image and Test
on:
pull_request:
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# Official docker images for docker are only available for amd64 and arm64
# TODO: Look at: https://github.com/docker-library/official-images#architectures-other-than-amd64
# Is testing on all platforms really necessary?
# Disabled arm64 tests for the time being, something is wrong with the test config and the volumes are getting shared between the test containers on different architectures
#platform: [linux/amd64, linux/arm64]
platform: [linux/amd64]
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ matrix.platform }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Run Tests
run: |
echo "Building image to test"
PLATFORM=${{ matrix.platform }} ./build-and-test.sh

2
.github/workflows/sync-back-to-dev.yml vendored
View File

@@ -13,6 +13,6 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Opening pull request
run: gh pr create -B dev -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

84
.github/workflows/test-and-build.yaml vendored
View File

@@ -1,84 +0,0 @@
name: Test & Build
on:
schedule:
- cron: '0 2 * * *'
push:
branches:
- dev
pull_request:
release:
types: [published]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Run Tests
run: |
echo "Building image to test"
./build-and-test.sh
build-and-publish:
if: github.event_name != 'pull_request'
# If only readme has been touched, for example, then the `test` job will have been skipped. This job will therefore be skipped, too.
needs: test
runs-on: ubuntu-latest
steps:
-
name: Checkout
if: github.event_name != 'schedule'
uses: actions/checkout@v4
-
name: Checkout dev branch if we are building nightly
if: github.event_name == 'schedule'
uses: actions/checkout@v4
with:
ref: dev
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: |
${{ secrets.DOCKERHUB_NAMESPACE }}/pihole
ghcr.io/${{ github.repository_owner }}/pihole
flavor: |
latest=${{ startsWith(github.ref, 'refs/tags/') }}
tags: |
type=schedule
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
type=ref,event=tag
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action@v6
with:
context: ./src/
platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6
build-args: |
PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }}
push: true
provenance: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

3
.gitignore vendored
View File

@@ -16,3 +16,6 @@ var-log/
# WIP/test stuff
doco.yml
# Ignore FTL Binary if it exists
src/pihole-FTL

5
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,5 @@
{
"github-actions.workflows.pinned.workflows": [
".github/workflows/v6-alpine-play.yml"
]
}

4
CONTRIBUTING.md
View File

@@ -2,8 +2,8 @@
Please review the following before opening a pull request (PR) to help your PR go smoothly:
* Code changes go to the `dev` branch first
* To ensure proper testing and quality control, target any code change pull requests against `dev` branch.
* Code changes go to the `development` branch first
* To ensure proper testing and quality control, target any code change pull requests against `development` branch.
* Make sure the tests pass
* Take a look at [TESTING.md](test/TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have GitHub Actions run it.

266
README.md
View File

@@ -1,5 +1,7 @@
# Docker Pi-hole
[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)
<p align="center">
<a href="https://pi-hole.net"><img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png" width="150" height="255" alt="Pi-hole"></a><br/>
</p>
@@ -7,163 +9,107 @@
## Upgrade Notes
## !!! THIS VERSION CONTAINS BREAKING CHANGES
### v[ChangeMeBeforeTagging] has been entirely redesigned from the ground up and contains many breaking changes. Environment variable names have changed, script locations may have changed. Please read the the Readme carefully before proceeding
---
- **Using Watchtower? See the [Note on Watchtower](#note-on-watchtower) at the bottom of this readme**
- As of `2023.01`, if you have any modifications for lighttpd via an `external.conf` file, this file now needs to be mapped into `/etc/lighttpd/conf-enabled/whateverfile.conf` instead
- Due to [a known issue with Docker and libseccomp <2.5](https://github.com/moby/moby/issues/40734), you may run into issues running `2022.04` and later on host systems with an older version of `libseccomp2` ([Such as Debian/Raspbian buster or Ubuntu 20.04](https://pkgs.org/download/libseccomp2), and maybe [CentOS 7](https://pkgs.org/download/libseccomp)).
The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of `libseccomp`.
_If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_ (Note, you may also find that you need the latest `docker.io` (more details [here](https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/))
- Some users [have reported issues](https://github.com/pi-hole/docker-pi-hole/issues/963#issuecomment-1095602502) with using the `--privileged` flag on `2022.04` and above. TL;DR, don't use that mode, and be [explicit with the permitted caps](https://github.com/pi-hole/docker-pi-hole#note-on-capabilities) (if needed) instead
## Quick Start
1. Copy docker-compose.yml.example to docker-compose.yml and update as needed. See example below:
[Docker-compose](https://docs.docker.com/compose/install/) example:
Using [Docker-compose](https://docs.docker.com/compose/install/):
```yaml
1. Copy the below docker compose example and update as needed
```yml
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
image: pihole/pihole:latest
ports:
# DNS Ports
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
# Default HTTP Port
- "80:80/tcp"
# Default HTTPs Port. FTL will generate a self-signed certificate
- "443:443/tcp"
# Uncomment the below if using Pi-hole as your DHCP Server
#- "67:67/udp"
environment:
TZ: 'America/Chicago'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
TZ: 'Europe/London'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'correct horse battery staple'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most.
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
restart: unless-stopped
```
2. Run `docker compose up -d` to build and start pi-hole (Syntax may be `docker-compose` on older systems)
3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting. (This can also be achieved by setting the environment variable `DNSMASQ_LISTENING` to `all`)
3. If using Docker's default `bridge` network setting, set the environment variable `FTLCONF_dns_listeningMode` to `all`
[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh).
nb. Volumes are recommended for persisting data across container re-creations for updating images.
## Overview
### Automatic Ad List Updates
A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality.
1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended.
2) Use the above quick start example, customize if desired.
3) Enjoy!
[![Build Status](https://github.com/pi-hole/docker-pi-hole/workflows/Test%20&%20Build/badge.svg)](https://github.com/pi-hole/docker-pi-hole/actions?query=workflow%3A%22Test+%26+Build%22) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)
## Running Pi-hole Docker
This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**. If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh)
If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so:
```
-v "$(pwd)/etc-pihole:/etc/pihole:z" \
-v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d:z" \
```
Volumes are recommended for persisting data across container re-creations for updating images. The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary.
You can customize where to store persistent data by setting the `PIHOLE_BASE` environment variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`). If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script.
**Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs. **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.
`cron` is baked into the container and will grab the newest versions of your lists and flush your logs. This happens once per week in the small hours of Sunday morning.
## Running DHCP from Docker Pi-Hole
There are multiple different ways to run DHCP from within your Docker Pi-hole container but it is slightly more advanced and one size does not fit all. DHCP and Docker's multiple network modes are covered in detail on our docs site: [Docker DHCP and Network Modes](https://docs.pi-hole.net/docker/DHCP/)
## Environment Variables
## Configuration
There are other environment variables if you want to customize various things inside the docker container:
It is recommended that you use environment variables to configure the Pi-hole docker container (more details below), however if you are persisting your `/etc/pihole` directory, you may choose instead to set them via the web interface or by directly editing `pihole.toml`.
### Recommended Variables
**Please Note**: Settings that are set via environment variables effectively become read-only, meaning that you will not be able to change them in the web interface or CLI. This is to ensure a "single source of truth" on the config. If you later unset an environment variable, then FTL will revert to the default value for that setting.
### Web interface password
To set a specific password for the web interface, use the environment variable `FTLCONF_webserver_api_password`. If this variable is not detected, and you have not already set one via `pihole setpassword` / `pihole-FTL --config webserver.api.password` inside the container, then a random password will be assigned on startup, this will be printed to the log. Run `docker logs pihole | grep random password` to find it.
To explicitly set no password, set `FTLCONF_webserver_api_password: ''`
### Recommended Environment Variables
| Variable | Default | Value | Description |
| -------- | ------- | ----- | ---------- |
| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes.
| `FTLCONF_webserver_api_password` | random | `<Admin password>` | <http://pi.hole/admin> password. Run `docker logs pihole \| grep random` to find your random pass.
| `FTLCONF_dns_upstreams` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` <br/> (supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0,upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services <br/> Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation |
### Optional Variables
| Variable | Default | Value | Description |
| -------- | ------- | ----- | ---------- |
| `PIHOLE_DNS_` | `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` <br/> (supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services <br/> Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation |
| `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support |
| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges |
| `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs |
| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) |
| `DHCP_ACTIVE` | `false` | `<"true"\|"false">` | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf`
| `DHCP_START` | unset | `<Start IP>` | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
| `DHCP_END` | unset | `<End IP>` | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
| `DHCP_ROUTER` | unset | `<Router's IP>` | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled).
| `DHCP_LEASETIME` | 24 | `<hours>` | DHCP lease time in hours.
| `PIHOLE_DOMAIN` | `lan` | `<domain>` | Domain name sent by the DHCP server.
| `DHCP_IPv6` | `false` | `<"true"\|"false">` | Enable DHCP server IPv6 support (SLAAC + RA).
| `DHCP_rapid_commit` | `false` | `<"true"\|"false">` | Enable DHCPv4 rapid commit (fast address assignment).
| `VIRTUAL_HOST` | `${HOSTNAME}` | `<Custom Hostname>` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
| `IPv6` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
| `TEMPERATUREUNIT` | `c` | `<c\|k\|f>` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
| `WEBUIBOXEDLAYOUT` | `boxed` | `<boxed\|traditional>` | Use boxed layout (helpful when working on large screens)
| `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not.
| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"high-contrast"\|"high-contrast-dark"\|"lcars">`| User interface theme to use.
| `WEBPASSWORD_FILE`| unset | `<Docker secret path>` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`.
| `TAIL_FTL_LOG` | unset | `<unset\|1>` | Whether or not to output the FTL log when running the. Useful for debugging/watching what FTL is doing.
| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole.toml with settings described in the <!!!Add Link To New API docs here before release!!!>. Replace `.` with `_`, e.g for `dns.dnssec=true` use `FTLCONF_dns_dnssec: 'true'`<br/> Array type configs should be delimited with `;`|
| `PIHOLE_UID` | `100` | Number | Overrides image's default pihole user id to match a host user id<br/>**IMPORTANT**: id must not already be in use inside the container! |
| `PIHOLE_GID` | `101` | Number | Overrides image's default pihole group id to match a host group id<br/>**IMPORTANT**: id must not already be in use inside the container!|
### Advanced Variables
| Variable | Default | Value | Description |
| -------- | ------- | ----- | ---------- |
| `INTERFACE` | unset | `<NIC>` | The default works fine with our basic example docker run commands. If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
| `DNSMASQ_LISTENING` | unset | `<local\|all\|single\|bind>` | `local` binds any interface and listens on all local subnets, `all` binds any interface and permits listening on internet origin subnets in addition to local, `single` binds any interface and listens only on the interface specified, `bind` binds only on the interface specified.
| `WEB_PORT` | unset | `<PORT>` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
| `WEB_BIND_ADDR` | unset | `<IP>` | Lighttpd's bind address. If left unset lighttpd will bind to every interface, except when running in host networking mode where it will use `FTLCONF_LOCAL_IPV4` instead.
| `SKIPGRAVITYONBOOT` | unset | `<unset\|1>` | Use this option to skip updating the Gravity Database when booting up the container. By default this environment variable is not set so the Gravity Database will be updated when the container starts up. Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up.
| `CORS_HOSTS` | unset | `<FQDNs delimited by ,>` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`.
| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
| `FTL_CMD` | `no-daemon` | `no-daemon -- <dnsmasq option>` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. |
| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the [FTLDNS Configuration page](https://docs.pi-hole.net/ftldns/configfile/). For example, to customize LOCAL_IPV4, ensure you have the `FTLCONF_LOCAL_IPV4` environment variable set.
### Experimental Variables
| Variable | Default | Value | Description |
| -------- | ------- | ----- | ---------- |
| `DNSMASQ_USER` | unset | `<pihole\|root>` | Allows changing the user that FTLDNS runs as. Default: `pihole`, some systems such as Synology NAS may require you to change this to `root` (See [#963](https://github.com/pi-hole/docker-pi-hole/issues/963)) |
| `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id<br/>**IMPORTANT**: id must not already be in use inside the container! |
| `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id<br/>**IMPORTANT**: id must not already be in use inside the container!|
| `WEB_UID` | `33` | Number | Overrides image's default www-data user id to match a host user id<br/>**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_UID` if you are using that, also)|
| `WEB_GID` | `33` | Number | Overrides image's default www-data group id to match a host group id<br/>**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_GID` if you are using that, also)|
| `WEBLOGS_STDOUT` | 0 | 0&vert;1 | 0 logs to defined files, 1 redirect access and error logs to stdout |
## Deprecated environment variables:
While these may still work, they are likely to be removed in a future version. Where applicable, alternative variable names are indicated. Please review the table above for usage of the alternative variables
| Docker Environment Var. | Description | Replaced By |
| ----------------------- | ----------- | ----------- |
| `CONDITIONAL_FORWARDING` | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`|
| `CONDITIONAL_FORWARDING_IP` | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` |
| `CONDITIONAL_FORWARDING_DOMAIN` | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` |
| `CONDITIONAL_FORWARDING_REVERSE` | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` |
| `DNS1` | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` |
| `DNS2` | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` |
| `ServerIP` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_LOCAL_IPV4` |
| `ServerIPv6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_LOCAL_IPV6` |
| `FTLCONF_REPLY_ADDR4` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_LOCAL_IPV4` |
| `FTLCONF_REPLY_ADDR6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_LOCAL_IPV6` |
To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1`
| `ADDITIONAL_PACKAGES`| unset | Space separated list of APKs | HERE BE DRAGONS. Mostly for development purposes, this just makes it easier for those of us that always like to have whatever additional tools we need inside the container for debugging |
Here is a rundown of other arguments for your docker-compose / docker run.
@@ -172,26 +118,22 @@ Here is a rundown of other arguments for your docker-compose / docker run.
| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67), the bare minimum ports required for Pi-holes HTTP and DNS services
| `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash
| `-v $(pwd)/etc-pihole:/etc/pihole`<br/> **Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates
| `-v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d`<br/> **Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates
| `--net=host`<br/> *Optional* | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings.
| `--cap-add=NET_ADMIN`<br/> *Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities.
| `--dns=127.0.0.1`<br/> *Optional* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart.
| `--dns=1.1.1.1`<br/> *Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting
| `--env-file .env` <br/> *Optional* | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience
| `--net=host`<br/> _Optional_ | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings.
| `--cap-add=NET_ADMIN`<br/> _Recommended_ | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities.
| `--dns=n.n.n.n`<br/> _Optional_ | Explicitly set container's DNS server. It is **_not recommended_** to set this to `localhost`/`127.0.0.1`.
| `--env-file .env` <br/> _Optional_ | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience
## Tips and Tricks
* A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/)
* [How do I set or reset the Web interface Password?](https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328)
* `docker exec -it pihole_container_name pihole -a -p` - then enter your password into the prompt
* Port conflicts? Stop your server's existing DNS / Web services.
* Don't forget to stop your services from auto-starting again after you reboot
* Ubuntu users see below for more detailed information
* You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
* [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port. Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container. Please read nginxproxy/nginx-proxy readme for more info if you have trouble.
* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".
- A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/)
- Port conflicts? Stop your server's existing DNS / Web services.
- Don't forget to stop your services from auto-starting again after you reboot
- Ubuntu users see below for more detailed information
- Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for _Interface listening behavior_ to "Listen on all interfaces, permit all origins".
- If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes
### Installing on Ubuntu or Fedora
Modern releases of Ubuntu (17.10+) and Fedora (33+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf`
@@ -201,6 +143,7 @@ After making these changes, you should restart systemd-resolved using `systemctl
Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`.
Example netplan:
```yaml
network:
ethernets:
@@ -218,7 +161,8 @@ Note that it is also possible to disable `systemd-resolved` entirely. However, t
Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.
## Installing on Dokku
@Rikj000 has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation)
[@Rikj000](https://github.com/Rikj000/) has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation)
## Docker tags and versioning
@@ -231,9 +175,9 @@ The Date-based (including incremented "Patch" versions) do not relate to any kin
| `latest` | Always latest release |
| `2022.04.0` | Date-based release |
| `2022.04.1` | Second release in a given month |
| `dev` | Similar to `latest`, but for the development branch (pushed occasionally) |
| `development` | Similar to `latest`, but for the development branch (pushed occasionally) |
| `*beta` | Early beta releases of upcoming versions - here be dragons |
| `nightly` | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, web, FTL) |
| `nightly` | Like `development` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, web, FTL) |
## Upgrading, Persistence, and Customizations
@@ -244,65 +188,85 @@ The standard Pi-hole customization abilities apply to this docker, but with dock
Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`). New images will be released for upgrades, upgrading by replacing your old container with a fresh upgraded image is the 'docker way'. Long-living docker containers are not the docker way since they aim to be portable and reproducible, why not re-create them often! Just to prove you can.
0. Read the release notes for both this Docker release and the Pi-hole release
* This will help you avoid common problems due to any known issues with upgrading or newly required arguments or variables
* We will try to put common break/fixes at the top of this readme too
- This will help you avoid common problems due to any known issues with upgrading or newly required arguments or variables
- We will try to put common break/fixes at the top of this readme too
1. Download the latest version of the image: `docker pull pihole/pihole`
2. Throw away your container: `docker rm -f pihole`
* **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
* If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
- **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption.
- If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
3. Start your container with the newer base image: `docker run <args> pihole/pihole` (`<args>` being your preferred run volumes and env vars)
Why is this style of upgrading good? A couple reasons: Everyone is starting from the same base image which has been tested to known it works. No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reduces complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes. Basically I'm encouraging [phoenix server](https://martinfowler.com/bliki/PhoenixServer.html) principles for your containers.
To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands.
### Building the image locally
Occasionally you may need to try an alternative branch of one of the components (`core`,`web`,`ftl`). On bare metal you would run, for example, `pihole checkout core custombranchname`, however in Docker world we have disabled this command as it can cause unpredictable results.
The preferred method is to clone this repository and build the image locally with `./build.sh`
#### Usage:
```
./build.sh [-l] [-f <ftl_branch>] [-c <core_branch>] [-w <web_branch>] [-t <tag>] [use_cache]
```
#### Options:
- `-f <branch>` / `--ftlbranch <branch>`: Specify FTL branch (cannot be used in conjunction with `-l`)
- `-c <branch>` / `--corebranch <branch>`: Specify Core branch
- `-w <branch>` / `--webbranch <branch>`: Specify Web branch
- `-t <tag>` / `--tag <tag>`: Specify Docker image tag (default: `pihole:local`)
- `-l` / `--local`: Use locally built FTL binary (requires `src/pihole-FTL` file)
- `use_cache`: Enable caching (by default `--no-cache` is used)
If no options are specified, the following command will be executed:
```
docker buildx build src/. --tag pihole:local --no-cache
```
### Pi-hole features
Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web). The web interface or command line tools can be used to implement changes to pihole.
Here are some relevant wiki pages from [Pi-hole's documentation](https://docs.pi-hole.net).
We install all pihole utilities so the the built in [pihole commands](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) will work via `docker exec <container> <command>` like so:
* `docker exec pihole_container_name pihole updateGravity`
* `docker exec pihole_container_name pihole -w spclient.wg.spotify.com`
* `docker exec pihole_container_name pihole -wild example.com`
- `docker exec pihole_container_name pihole updateGravity`
- `docker exec pihole_container_name pihole -w spclient.wg.spotify.com`
- `docker exec pihole_container_name pihole -wild example.com`
### Customizations
The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the Pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`. The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log.
Similarly for the webserver you can customize configs in /etc/lighttpd
### Systemd init script
As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes. If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/examples/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run. Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`). You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
NOTE: After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container.
The webserver and DNS service inside the container can be customized if necessary. Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by pihole-FTL when the container starts or restarts.
## Note on Capabilities
DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available:
[FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available:
- `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
- `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
- `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low
- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole`
- `CAP_SYS_TIME`: FTL needs to be able to set the system time to update it using the Network Time Protocol (NTP) in the background
This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the `NET_RAW` capability to prevent FTLDNS from automatically gaining it.
## Note on Watchtower
We have noticed that a lot of people use Watchtower to keep their Pi-hole containers up to date. For the same reason we don't provide an auto-update feature on a bare metal install, you _should not_ have a system automatically update your Pi-hole container. Especially unattended. As much as we try to ensure nothing will go wrong, sometimes things do go wrong - and you need to set aside time to _manually_ pull and update to the version of the container you wish to run. The upgrade process should be along the lines of:
- **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image
- Pull the new image
- Stop and _remove_ the running Pi-hole container
- If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
- Recreate the container using the new image
- **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image
- Pull the new image
- Stop and _remove_ the running Pi-hole container
- If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
- Recreate the container using the new image
Pi-hole is an integral part of your network, don't let it fall over because of an unattended update in the middle of the night.
# User Feedback
Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related. Pi-hole or general docker questions are best answered on our [user forums](https://discourse.pi-hole.net/c/bugs-problems-issues/docker/30).

11
build-and-test.sh
View File

@@ -2,15 +2,17 @@
set -ex
if [[ "$1" == "enter" ]]; then
enter="-it --entrypoint=bash"
enter="-it"
cmd="sh"
fi
GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g")
GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true)
GIT_TAG=$(git describe --tags --exact-match 2>/dev/null || true)
GIT_TAG="${GIT_TAG:-$GIT_BRANCH}"
PLATFORM="${PLATFORM:-linux/amd64}"
# generate and build dockerfile
docker build --tag image_pipenv --file test/Dockerfile test/
docker buildx build --load --platform=${PLATFORM} --tag image_pipenv --file test/Dockerfile test/
docker run --rm \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume "$(pwd):/$(pwd)" \
@@ -18,4 +20,5 @@ docker run --rm \
--env PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
--env GIT_TAG="${GIT_TAG}" \
--env PY_COLORS=1 \
${enter} image_pipenv
--env TARGETPLATFORM="${PLATFORM}" \
${enter} image_pipenv ${cmd}

90
build.sh Executable file
View File

@@ -0,0 +1,90 @@
#!/bin/bash
# Usage function
usage() {
echo "Usage: $0 [-l] [-f <ftl_branch>] [-c <core_branch>] [-w <web_branch>] [-t <tag>] [use_cache]"
echo "Options:"
echo " -f, --ftlbranch <branch> Specify FTL branch (cannot be used in conjunction with -l)"
echo " -c, --corebranch <branch> Specify Core branch"
echo " -w, --webbranch <branch> Specify Web branch"
echo " -p, --paddbranch <branch> Specify PADD branch"
echo " -t, --tag <tag> Specify Docker image tag (default: pihole:local)"
echo " -l, --local Use locally built FTL binary (requires src/pihole-FTL file)"
echo " use_cache Enable caching (by default --no-cache is used)"
echo ""
echo "If no options are specified, the following command will be executed:"
echo " docker buildx build src/. --tag pihole:local --load --no-cache"
exit 1
}
# Set default values
DOCKER_BUILD_CMD="docker buildx build src/. --tag pihole:local --load --no-cache"
FTL_FLAG=false
# Parse command line arguments
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
-l | --local)
if [ ! -f "src/pihole-FTL" ]; then
echo "File 'src/pihole-FTL' not found. Exiting."
exit 1
fi
if [ "$FTL_FLAG" = true ]; then
echo "Error: Both -l and -f cannot be used together."
usage
fi
FTL_FLAG=true
DOCKER_BUILD_CMD+=" --build-arg FTL_SOURCE=local"
shift
;;
-f | --ftlbranch)
if [ "$FTL_FLAG" = true ]; then
echo "Error: Both -l and -f cannot be used together."
usage
fi
FTL_FLAG=true
FTL_BRANCH="$2"
DOCKER_BUILD_CMD+=" --build-arg FTL_BRANCH=$FTL_BRANCH"
shift
shift
;;
-c | --corebranch)
CORE_BRANCH="$2"
DOCKER_BUILD_CMD+=" --build-arg CORE_BRANCH=$CORE_BRANCH"
shift
shift
;;
-w | --webbranch)
WEB_BRANCH="$2"
DOCKER_BUILD_CMD+=" --build-arg WEB_BRANCH=$WEB_BRANCH"
shift
shift
;;
-p | --paddbranch)
PADD_BRANCH="$2"
DOCKER_BUILD_CMD+=" --build-arg PADD_BRANCH=$PADD_BRANCH"
shift
shift
;;
-t | --tag)
TAG="$2"
DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/pihole:local/$TAG}
shift
shift
;;
use_cache)
DOCKER_BUILD_CMD=${DOCKER_BUILD_CMD/--no-cache/}
shift
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
# Execute the docker build command
echo "Executing command: $DOCKER_BUILD_CMD"
eval $DOCKER_BUILD_CMD

43
examples/docker-compose-caddy-proxy.yml
View File

@@ -5,50 +5,47 @@ services:
container_name: caddy
image: caddy:latest
networks:
- caddy-net # Network exclusively for Caddy-proxied containers
- caddy-net # Network exclusively for Caddy-proxied containers
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp" # QUIC protocol support: https://www.chromium.org/quic/
- "443:443/udp" # QUIC protocol support: https://www.chromium.org/quic/
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile # config file on host in same directory as docker-compose.yml for easy editing.
- ./Caddyfile:/etc/caddy/Caddyfile # config file on host in same directory as docker-compose.yml for easy editing.
#- $PWD/site:/srv # Only use if you are serving a website behind caddy
- caddy_data:/data # Use docker volumes here bc no need to access these files from host
- caddy_config:/config # Use docker volumes here bc no need to access these files from host
- caddy_data:/data # Use docker volumes here bc no need to access these files from host
- caddy_config:/config # Use docker volumes here bc no need to access these files from host
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
pihole:
depends_on:
depends_on:
- caddy
container_name: pihole
#dns: # Optional. Specify desired upstream DNS servers here.
# - 127.0.0.1
# - 9.9.9.9
# - 149.112.112.112
image: pihole/pihole:latest
networks:
- caddy-net # Need to plug into caddy net to access proxy
ports:
- "8081:80/tcp" # Pi-hole web admin interface, proxied through Caddy (configure port in Caddyfile)
# Following are NOT proxied through Caddy, bound to host net instead:
- "53:53/udp"
- "53:53/tcp"
- "853:853/tcp" # DNS-over-TLS
- "853:853/tcp" # DNS-over-TLS
#- "67:67/udp" # DHCP, if desired. If not bound to host net you need an mDNS proxy service configured somewhere on host net.
# ref: https://docs.pi-hole.net/docker/DHCP/
environment:
TZ: 'America/New_York' # Supported TZ database names: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations
WEBPASSWORD: 'password' # Only used on first boot, change with pihole cli then comment out here.
# Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
TZ: 'Europe/London'
# Set a password to access the web interface. Not setting one will result in a random password being assigned
FTLCONF_webserver_api_password: 'correct horse battery staple'
# Volumes store your data between container upgrades
volumes:
# For persisting Pi-hole's databases and common configuration file
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
- './etc-lighttpd/external.conf:/etc/lighttpd/external.conf' # Recommend leave as bind mount for easier editing.
# ref for why you may need to change this file: https://docs.pi-hole.net/guides/webserver/caddy/#modifying-lighttpd-configuration
#cap_add: # Uncomment if using Pi-hole as DHCP server
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
#- NET_ADMIN # ONLY required if you are using Pi-hole as your DHCP server, else remove for better security
# Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most.
#- './etc-dnsmasq.d:/etc/dnsmasq.d'
cap_add:
# See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# Required if you are using Pi-hole as your DHCP server, else not needed
- NET_ADMIN
restart: unless-stopped
# ref: https://hub.docker.com/_/caddy
@@ -60,5 +57,5 @@ networks:
# ref: https://hub.docker.com/_/caddy
volumes:
caddy_data:
external: true # May need to create volume with 'docker volume create caddy_data'
external: true # May need to create volume with 'docker volume create caddy_data'
caddy_config:

57
examples/docker-compose-nginx-proxy.yml
View File

@@ -1,57 +0,0 @@
# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
ports:
- '80:80'
environment:
DEFAULT_HOST: pihole.yourDomain.lan
volumes:
- '/var/run/docker.sock:/tmp/docker.sock'
restart: always
pihole:
image: pihole/pihole:latest
ports:
- '53:53/tcp'
- '53:53/udp'
- "67:67/udp"
- '8053:80/tcp'
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# run `touch ./var-log/pihole.log` first unless you like errors
# - './var-log/pihole.log:/var/log/pihole/pihole.log'
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
environment:
FTLCONF_LOCAL_IPV4: 192.168.41.55
PROXY_LOCATION: pihole
VIRTUAL_HOST: pihole.yourDomain.lan
VIRTUAL_PORT: 80
extra_hosts:
# Resolve to nothing domains (terminate connection)
- 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
# LAN hostnames for other docker containers using nginx-proxy
- 'yourDomain.lan:192.168.41.55'
- 'pihole pihole.yourDomain.lan:192.168.41.55'
- 'ghost ghost.yourDomain.lan:192.168.41.55'
- 'wordpress wordpress.yourDomain.lan:192.168.41.55'
restart: always
# Another container you might want to have running through the proxy
# Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
# ghost:
# image: fractalf/ghost
# ports:
# - '2368:2368/tcp'
# volumes:
# - '/etc/ghost:/ghost-override'
# environment:
# PROXY_LOCATION: ghost
# VIRTUAL_HOST: ghost.yourDomain.lan
# VIRTUAL_PORT: 2368
# restart: always

23
examples/docker-compose.yml.example
View File

@@ -1,23 +0,0 @@
# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
environment:
TZ: 'America/Chicago'
# WEBPASSWORD: 'set a secure password here or it will be random'
# Volumes store your data between container upgrades
volumes:
- './etc-pihole:/etc/pihole'
- './etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)

31
examples/docker-pi-hole.cron
View File

@@ -1,31 +0,0 @@
# Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net
# Updates ad sources every week
#
# Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This file is under source-control of the Pi-hole installation and update
# scripts, any changes made to this file will be overwritten when the software
# is updated or re-installed. Please make any changes to the appropriate crontab
# or other cron file snippets.
# Your container name goes here:
DOCKER_NAME=pihole
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Pi-hole: Update the ad sources once a week on Sunday at 01:59
# Download any updates from the adlists
59 1 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updateGravity > /dev/null
# Update docker-pi-hole by pulling the latest docker image and re-creating your container.
# pihole software update commands are unsupported in docker!
#30 2 * * 7 root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updatePihole > /dev/null
# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
# Stats will be viewable in the Web interface thanks to the cron job above
00 00 * * * root PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole flush > /dev/null

39
examples/docker_run.sh
View File

@@ -1,39 +0,0 @@
#!/bin/bash
# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}"
[[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
# Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip.
docker run -d \
--name pihole \
-p 53:53/tcp -p 53:53/udp \
-p 80:80 \
-e TZ="America/Chicago" \
-v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \
-v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \
--dns=127.0.0.1 --dns=1.1.1.1 \
--restart=unless-stopped \
--hostname pi.hole \
-e VIRTUAL_HOST="pi.hole" \
-e PROXY_LOCATION="pi.hole" \
-e FTLCONF_LOCAL_IPV4="127.0.0.1" \
pihole/pihole:latest
printf 'Starting up pihole container '
for i in $(seq 1 20); do
if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
printf ' OK'
echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: http://${IP}/admin/"
exit 0
else
sleep 3
printf '.'
fi
if [ $i -eq 20 ] ; then
echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)"
exit 1
fi
done;

13
examples/pihole.service
View File

@@ -1,13 +0,0 @@
[Unit]
Description=pihole
Requires=docker.service multi-user.target
After=docker.service network-online.target dhcpd.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a pihole
ExecStop=/usr/bin/docker stop -t 2 pihole
[Install]
WantedBy=multi-user.target

110
src/Dockerfile
View File

@@ -1,41 +1,97 @@
ARG PIHOLE_BASE
FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
# syntax=docker/dockerfile:1
ARG FTL_SOURCE=remote
ARG alpine_version="3.20"
FROM alpine:${alpine_version} AS base
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
ARG PIHOLE_DOCKER_TAG
RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag
ARG TARGETPLATFORM
ARG WEB_BRANCH="development"
ARG CORE_BRANCH="development"
ARG FTL_BRANCH="development"
ARG PIHOLE_DOCKER_TAG="dev-localbuild"
ARG PADD_BRANCH="development"
ENTRYPOINT [ "/s6-init" ]
ENV DNSMASQ_USER=pihole
ENV FTL_CMD=no-daemon
COPY s6/debian-root /
COPY s6/service /usr/local/bin/service
RUN apk add --no-cache \
bash \
bind-tools \
binutils \
coreutils \
curl \
git \
# Install grep to avoid issues in pihole -w/b with the default busybox grep
grep \
iproute2-ss \
jq \
libcap \
logrotate \
ncurses \
nmap-ncat \
procps-ng \
psmisc \
shadow \
sudo \
tini \
tzdata \
unzip \
wget
RUN bash -ex install.sh 2>&1 && \
rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
ARG PHP_ERROR_LOG
ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log
ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db
COPY crontab.txt /crontab.txt
# Add PADD to the container, too.
ADD https://install.padd.sh /usr/local/bin/padd
RUN chmod +x /usr/local/bin/padd
ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/${PADD_BRANCH}/padd.sh /usr/local/bin/padd
# IPv6 disable flag for networks/devices that do not support it
ENV IPv6 True
# download a the main repos from github
RUN git clone --depth 1 --single-branch --branch ${WEB_BRANCH} https://github.com/pi-hole/web.git /var/www/html/admin && \
git clone --depth 1 --single-branch --branch ${CORE_BRANCH} https://github.com/pi-hole/pi-hole.git /etc/.pihole
EXPOSE 53 53/udp
EXPOSE 67/udp
EXPOSE 80
RUN cd /etc/.pihole && \
install -Dm755 -d /opt/pihole && \
install -Dm755 -t /opt/pihole gravity.sh && \
install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh && \
install -Dm755 -t /opt/pihole ./advanced/Scripts/COL_TABLE && \
install -Dm755 -d /etc/pihole && \
install -Dm644 -t /etc/pihole ./advanced/Templates/logrotate && \
install -Dm755 -d /var/log/pihole && \
install -Dm755 -d /var/lib/logrotate && \
install -Dm755 -t /usr/local/bin pihole && \
install -Dm644 ./advanced/bash-completion/pihole /etc/bash_completion.d/pihole && \
install -T -m 0755 ./advanced/Templates/pihole-FTL-prestart.sh /opt/pihole/pihole-FTL-prestart.sh && \
install -T -m 0755 ./advanced/Templates/pihole-FTL-poststop.sh /opt/pihole/pihole-FTL-poststop.sh && \
addgroup -S pihole && adduser -S pihole -G pihole && \
echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag
ENV S6_KEEP_ENV 1
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0
COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh
COPY --chmod=0755 start.sh /usr/bin/start.sh
ENV FTLCONF_LOCAL_IPV4 0.0.0.0
ENV FTL_CMD no-daemon
ENV DNSMASQ_USER pihole
## Buildkit can do some fancy stuff and we can use it to either download FTL from ftl.pi-hole.net or use a local copy
ENV PATH /opt/pihole:${PATH}
FROM base AS remote-ftl-install
# Default stage if FTL_SOURCE is not explicitly set to "local"
# Download the latest version of pihole-FTL for the correct architecture
RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then FTLARCH=amd64; \
elif [ "$TARGETPLATFORM" = "linux/386" ]; then FTLARCH=386; \
elif [ "$TARGETPLATFORM" = "linux/arm/v6" ]; then FTLARCH=armv6; \
elif [ "$TARGETPLATFORM" = "linux/arm/v7" ]; then FTLARCH=armv7; \
# Note for the future, "linux/arm6/v8" is not a valid value for TARGETPLATFORM, despite the CI platform name being that.
elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then FTLARCH=arm64; \
elif [ "$TARGETPLATFORM" = "linux/riscv64" ]; then FTLARCH=riscv64; \
else FTLARCH=amd64; fi \
&& echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \
&& curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \
&& chmod +x /usr/bin/pihole-FTL \
&& readelf -h /usr/bin/pihole-FTL || cat /usr/bin/pihole-FTL
FROM base AS local-ftl-install
# pihole-FTL must be built from source and copied to the src directory first!
COPY --chmod=0755 pihole-FTL /usr/bin/pihole-FTL
# Use the appropriate FTL Install stage based on the FTL_SOURCE build-arg
FROM ${FTL_SOURCE}-ftl-install AS final
HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
SHELL ["/bin/bash", "-c"]
ENTRYPOINT ["/sbin/tini", "--", "start.sh"]

248
src/bash_functions.sh Normal file
View File

@@ -0,0 +1,248 @@
#!/bin/bash
# Some of the bash_functions use utilities from Pi-hole's utils.sh
# shellcheck disable=SC2154
# shellcheck source=/dev/null
# . /opt/pihole/utils.sh
#######################
# returns value from FTLs config file using pihole-FTL --config
#
# Takes one argument: key
# Example getFTLConfigValue dns.piholePTR
#######################
getFTLConfigValue() {
pihole-FTL --config -q "${1}"
}
#######################
# sets value in FTLs config file using pihole-FTL --config
#
# Takes two arguments: key and value
# Example setFTLConfigValue dns.piholePTR PI.HOLE
#
# Note, for complex values such as dns.upstreams, you should wrap the value in single quotes:
# setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]'
#######################
setFTLConfigValue() {
pihole-FTL --config "${1}" "${2}" >/dev/null
}
set_uid_gid() {
echo " [i] Setting up user & group for the pihole user"
currentUid=$(id -u pihole)
# If PIHOLE_UID is set, modify the pihole group's id to match
if [ -n "${PIHOLE_UID}" ]; then
if [[ ${currentUid} -ne ${PIHOLE_UID} ]]; then
echo " [i] Changing ID for user: pihole (${currentUid} => ${PIHOLE_UID})"
usermod -o -u ${PIHOLE_UID} pihole
else
echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change"
fi
else
echo " [i] PIHOLE_UID not set in environment, using default (${currentUid})"
fi
currentGid=$(id -g pihole)
# If PIHOLE_GID is set, modify the pihole group's id to match
if [ -n "${PIHOLE_GID}" ]; then
if [[ ${currentGid} -ne ${PIHOLE_GID} ]]; then
echo " [i] Changing ID for group: pihole (${currentGid} => ${PIHOLE_GID})"
groupmod -o -g ${PIHOLE_GID} pihole
else
echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change"
fi
else
echo " [i] PIHOLE_GID not set in environment, using default (${currentGid})"
fi
echo ""
}
install_additional_packages() {
if [ -n "${ADDITIONAL_PACKAGES}" ]; then
echo " [i] Additional packages requested: ${ADDITIONAL_PACKAGES}"
echo " [i] Fetching APK repository metadata."
if ! apk update; then
echo " [i] Failed to fetch APK repository metadata."
else
echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}."
# shellcheck disable=SC2086
if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then
echo " [i] Failed to install additional packages."
fi
fi
echo ""
fi
}
start_cron() {
echo " [i] Starting crond for scheduled scripts. Randomizing times for gravity and update checker"
# Randomize gravity update time
sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt
# Randomize update checker time
sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt
/usr/bin/crontab /crontab.txt
/usr/sbin/crond
echo ""
}
install_logrotate() {
# Install the logrotate config file - this is done already in Dockerfile
# but if a user has mounted a volume over /etc/pihole, it will have been lost
# pihole-FTL-prestart.sh will set the ownership of the file to root:root
echo " [i] Ensuring logrotate script exists in /etc/pihole"
install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate
echo ""
}
migrate_gravity() {
echo " [i] Gravity migration checks"
gravityDBfile=$(getFTLConfigValue files.gravity)
if [[ -z "${PYTEST}" ]]; then
if [[ ! -f /etc/pihole/adlists.list ]]; then
echo " [i] No adlist file found, creating one with a default blocklist"
echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list
fi
fi
if [ ! -f "${gravityDBfile}" ]; then
echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
echo " [i] Gravity will now be run to create the database"
pihole -g
else
echo " [i] Existing gravity database found"
# source the migration script and run the upgrade function
source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh
upgrade_gravityDB "${gravityDBfile}" "/etc/pihole"
fi
echo ""
}
# shellcheck disable=SC2034
ftl_config() {
# Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file
# suppress the output as we don't need to see the default values.
getFTLConfigValue >/dev/null
# If FTLCONF_files_macvendor is not set
if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then
# User is not passing in a custom location - so force FTL to use the file we moved to / during the build
setFTLConfigValue "files.macvendor" "/macvendor.db"
chown pihole:pihole /macvendor.db
fi
# If getFTLConfigValue "dns.upstreams" returns [], default to Google's DNS server
if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then
echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS"
setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]"
fi
setup_web_password
}
setup_web_password() {
# If FTLCONF_webserver_api_password is not set
if [ -z "${FTLCONF_webserver_api_password+x}" ]; then
# Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount)
if [[ $(pihole-FTL --config webserver.api.pwhash) ]]; then
echo " [i] Password already set in config file"
return
else
# If we are here, the password is set in neither the environment nor the config file
# We will generate a random password.
RANDOMPASSWORD=$(tr -dc _A-Z-a-z-0-9 </dev/urandom | head -c 8)
echo " [i] No password set in environment or config file, assigning random password: $RANDOMPASSWORD"
# Explicitly turn off bash printing when working with secrets
{ set +x; } 2>/dev/null
pihole-FTL --config webserver.api.password "$RANDOMPASSWORD" >/dev/null
# To avoid printing this if conditional in bash debug, turn off debug above..
# then re-enable debug if necessary (more code but cleaner printed output)
if [ "${PH_VERBOSE:-0}" -gt 0 ]; then
set -x
fi
fi
else
echo " [i] Assigning password defined by Environment Variable"
fi
}
start_ftl() {
echo " [i] pihole-FTL pre-start checks"
echo ""
# Remove possible leftovers from previous pihole-FTL processes
rm -f /dev/shm/FTL-* 2>/dev/null
rm -f /run/pihole/FTL.sock
# Is /var/run/pihole used anymore? Or is this just a hangover from old container version
# /var/log sorted by running pihole-FTL-prestart.sh
# mkdir -p /var/run/pihole /var/log/pihole
# touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
# chown -R pihole:pihole /var/run/pihole /var/log/pihole /etc/pihole
fix_capabilities
sh /opt/pihole/pihole-FTL-prestart.sh
echo " [i] Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" &
echo ""
# Notes on above:
# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
# prevent duplicating it in docker logs by sending to dev null
}
fix_capabilities() {
# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
# FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
echo " [i] Setting capabilities on pihole-FTL where possible"
capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
capsh --has-p=cap_sys_time 2>/dev/null && CAP_STR+=',CAP_SYS_TIME'
if [[ ${CAP_STR} ]]; then
# We have the (some of) the above caps available to us - apply them to pihole-FTL
echo " [i] Applying the following caps to pihole-FTL:"
IFS=',' read -ra CAPS <<<"${CAP_STR:1}"
for i in "${CAPS[@]}"; do
echo " * ${i}"
done
setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
if [[ $DHCP_READY == false ]] && [[ $FTLCONF_dhcp_active == true ]]; then
# DHCP is requested but NET_ADMIN is not available.
echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
echo " Please add cap_net_admin to the container's capabilities or disable DHCP."
DHCP_ACTIVE='false'
setFTLConfigValue dhcp.active false
fi
if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
echo " [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
echo " If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
exit 1
fi
else
echo " [!] WARNING: Unable to set capabilities for pihole-FTL."
echo " Please ensure that the container has the required capabilities."
exit 1
fi
echo ""
}

3
src/crontab.txt Normal file
View File

@@ -0,0 +1,3 @@
59 1 * * 6 PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole/pihole_updateGravity.log || cat /var/log/pihole/pihole_updateGravity.log
00 00 * * * PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
59 17 * * * PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/lighttpd
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/dependencies.d/pihole-FTL
View File

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type
View File

@@ -1 +0,0 @@
oneshot

2
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up
View File

@@ -1,2 +0,0 @@
#!/command/execlineb
background { bash -e /usr/local/bin/_postFTL.sh }

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/dependencies.d/_uid-gid-changer
View File

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type
View File

@@ -1 +0,0 @@
oneshot

2
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up
View File

@@ -1,2 +0,0 @@
#!/command/execlineb
foreground { bash -e /usr/local/bin/_startup.sh }

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/base
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/dependencies.d/cron
View File

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type
View File

@@ -1 +0,0 @@
oneshot

2
src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up
View File

@@ -1,2 +0,0 @@
#!/command/execlineb
foreground { bash -e /usr/local/bin/_uid-gid-changer.sh }

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/base
View File

4
src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish
View File

@@ -1,4 +0,0 @@
#!/command/with-contenv bash
s6-echo "Stopping cron"
killall --signal 9 cron

3
src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run
View File

@@ -1,3 +0,0 @@
#!/command/with-contenv bash
exec -c
fdmove -c 2 1 /usr/sbin/cron -f

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type
View File

@@ -1 +0,0 @@
longrun

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/down
View File

8
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish
View File

@@ -1,8 +0,0 @@
#!/command/with-contenv bash
s6-echo "Stopping lighttpd-access-log"
pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+access\.log" |cut -f1 -d" ")
if [[ -n ${pid} ]]; then
kill -9 ${pid}
fi
s6-echo "Stopped lighttpd-access-log"

5
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run
View File

@@ -1,5 +0,0 @@
#!/command/with-contenv bash
s6-echo "Starting lighttpd-access-log"
s6-setuidgid www-data cat /var/log/lighttpd/access-pihole.log 2>&1

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type
View File

@@ -1 +0,0 @@
longrun

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/down
View File

8
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish
View File

@@ -1,8 +0,0 @@
#!/command/with-contenv bash
s6-echo "Stopping lighttpd-error-log"
pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+error\.log" |cut -f1 -d" ")
if [[ -n ${pid} ]]; then
kill -9 ${pid}
fi
s6-echo "Stopped lighttpd-error-log"

5
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run
View File

@@ -1,5 +0,0 @@
#!/command/with-contenv bash
s6-echo "Starting lighttpd-error-log"
s6-setuidgid www-data cat /var/log/lighttpd/error-pihole.log 2>&1

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type
View File

@@ -1 +0,0 @@
longrun

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/dependencies.d/pihole-FTL
View File

6
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish
View File

@@ -1,6 +0,0 @@
#!/command/with-contenv bash
s6-echo "Stopping lighttpd"
service lighttpd-access-log stop
service lighttpd-error-log stop
killall --signal 9 lighttpd

34
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run
View File

@@ -1,34 +0,0 @@
#!/command/with-contenv bash
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x ;
fi
if [[ 1 -eq ${WEBLOGS_STDOUT:-0} ]]; then
#lighthttpd cannot use /dev/stdout https://redmine.lighttpd.net/issues/2731
for fi in /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
do
if [[ ! -p ${fi} ]]; then
rm -f ${fi}
mkfifo -m 600 ${fi}
fi
done
chown -R www-data:www-data /var/log/lighttpd
service lighttpd-access-log start
service lighttpd-error-log start
sleep 2
else
#remove fifo if exists
[[ -p /var/log/lighttpd/access-pihole.log ]] && rm -Rf /var/log/lighttpd/access-pihole.log
[[ -p /var/log/lighttpd/error-pihole.log ]] && rm -Rf /var/log/lighttpd/error-pihole.log
# install /dev/null log files to ensure they exist (create if non-existing, preserve if existing)
[[ ! -f /var/log/lighttpd/access-pihole.log ]] && install /dev/null /var/log/lighttpd/access-pihole.log
[[ ! -f /var/log/lighttpd/error-pihole.log ]] && install /dev/null /var/log/lighttpd/error-pihole.log
# Ensure that permissions are set so that lighttpd can write to the logs
chown -R www-data:www-data /var/log/lighttpd
chmod 0644 /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
fi
lighttpd -D -f /etc/lighttpd/lighttpd.conf

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type
View File

@@ -1 +0,0 @@
longrun

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/dependencies.d/_startup
View File

4
src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish
View File

@@ -1,4 +0,0 @@
#!/command/with-contenv bash
s6-echo "Stopping pihole-FTL"
killall --signal 15 pihole-FTL

46
src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run
View File

@@ -1,46 +0,0 @@
#!/command/with-contenv bash
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x ;
fi
# Remove possible leftovers from previous pihole-FTL processes
rm -f /dev/shm/FTL-* 2> /dev/null
rm /run/pihole/FTL.sock 2> /dev/null
# install /dev/null files to ensure they exist (create if non-existing, preserve if existing)
mkdir -pm 0755 /run/pihole /var/log/pihole
[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid
[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log
[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log
[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
chmod -f 0644 /etc/pihole/macvendor.db
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
chmod -f 0664 /etc/pihole/pihole-FTL.db
# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
# Should be removed with Pi-hole v6.0
if [ ! -f /var/log/pihole.log ]; then
ln -s /var/log/pihole/pihole.log /var/log/pihole.log
chown -h pihole:pihole /var/log/pihole.log
fi
if [ ! -f /var/log/pihole-FTL.log ]; then
ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
chown -h pihole:pihole /var/log/pihole-FTL.log
fi
capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1"
# Notes on above:
# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
# prevent duplicating it in docker logs by sending to dev null

1
src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type
View File

@@ -1 +0,0 @@
longrun

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_postFTL
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_startup
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/_uid-gid-changer
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/cron
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/lighttpd
View File

0
src/s6/debian-root/etc/s6-overlay/s6-rc.d/user/contents.d/pihole-FTL
View File

33
src/s6/debian-root/usr/local/bin/_postFTL.sh
View File

@@ -1,33 +0,0 @@
#!/bin/bash
# This script contains function calls and lines that may rely on pihole-FTL to be running, it is run as part of a oneshot service on container startup
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x ;
fi
gravityDBfile="/etc/pihole/gravity.db"
config_file="/etc/pihole/pihole-FTL.conf"
# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML
echo " Checking if custom gravity.db is set in ${config_file}"
if [[ -f "${config_file}" ]]; then
gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")"
fi
if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then
if [ -n "$SKIPGRAVITYONBOOT" ];then
echo " SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
echo " Ignoring SKIPGRAVITYONBOOT on this occasion."
fi
pihole -g
else
echo " Skipping Gravity Database Update."
fi
# Run update checker to check for newer container, and display version output
echo ""
pihole updatechecker
pihole -v
DOCKER_TAG=$(cat /pihole.docker.tag)
echo " Container tag is: ${DOCKER_TAG}"
echo ""

75
src/s6/debian-root/usr/local/bin/_startup.sh
View File

@@ -1,75 +0,0 @@
#!/bin/bash -e
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x ;
fi
# The below functions are all contained in bash_functions.sh
# shellcheck source=/dev/null
. /usr/local/bin/bash_functions.sh
# shellcheck source=/dev/null
SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh
echo " [i] Starting docker specific checks & setup for docker pihole/pihole"
# TODO:
#if [ ! -f /.piholeFirstBoot ] ; then
# echo " [i] Not first container startup so not running docker's setup, re-create container to run setup again"
#else
# regular_setup_functions
#fi
# Initial checks
# ===========================
fix_capabilities
validate_env || exit 1
ensure_basic_configuration
# Web interface setup
# ===========================
setup_web_port
load_web_password_secret
setup_web_password
setup_web_theme
setup_web_temp_unit
setup_web_layout
setup_web_php_env
# lighttpd setup
# ===========================
setup_ipv4_ipv6
setup_lighttpd_bind
# Misc Setup
# ===========================
installCron
setup_blocklists
# FTL setup
# ===========================
setup_FTL_upstream_DNS
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
apply_FTL_Configs_From_Env
setup_FTL_User
setup_FTL_Interface
setup_FTL_ListeningBehaviour
setup_FTL_CacheSize
setup_FTL_query_logging
setup_FTL_server || true
[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
setup_FTL_ProcessDNSSettings
test_configs
[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
echo " [i] Docker start setup complete"
echo ""
echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}"
echo ""

35
src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh
View File

@@ -1,35 +0,0 @@
#!/bin/bash
set -e
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x ;
fi
modifyUser()
{
declare username=${1:-} newId=${2:-}
[[ -z ${username} || -z ${newId} ]] && return
local currentId=$(id -u ${username})
[[ ${currentId} -eq ${newId} ]] && return
echo " [i] Changing ID for user: ${username} (${currentId} => ${newId})"
usermod -o -u ${newId} ${username}
}
modifyGroup()
{
declare groupname=${1:-} newId=${2:-}
[[ -z ${groupname} || -z ${newId} ]] && return
local currentId=$(id -g ${groupname})
[[ ${currentId} -eq ${newId} ]] && return
echo " [i] Changing ID for group: ${groupname} (${currentId} => ${newId})"
groupmod -o -g ${newId} ${groupname}
}
modifyUser www-data ${WEB_UID}
modifyGroup www-data ${WEB_GID}
modifyUser pihole ${PIHOLE_UID}
modifyGroup pihole ${PIHOLE_GID}

545
src/s6/debian-root/usr/local/bin/bash_functions.sh
View File

@@ -1,545 +0,0 @@
#!/bin/bash
# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
# else it will get overridden itself when we source basic-install.sh
[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$ServerIP"
[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$ServerIPv6"
# Previously used FTLCONF_ equivalent has since been deprecated, also convert this one
[ -n "${FTLCONF_REPLY_ADDR4}" ] && echo "FTLCONF_REPLY_ADDR4 is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$FTLCONF_REPLY_ADDR4"
[ -n "${FTLCONF_REPLY_ADDR6}" ] && echo "FTLCONF_REPLY_ADDR6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$FTLCONF_REPLY_ADDR6"
# Some of the bash_functions use utilities from Pi-hole's utils.sh
# shellcheck disable=SC2154
# shellcheck source=/dev/null
. /opt/pihole/utils.sh
export setupVars="/etc/pihole/setupVars.conf"
export FTLconf="/etc/pihole/pihole-FTL.conf"
export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
export adlistFile="/etc/pihole/adlists.list"
change_setting() {
addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
}
changeFTLsetting() {
addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
}
fix_capabilities() {
# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
# FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
echo " [i] Setting capabilities on pihole-FTL where possible"
/sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
/sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
/sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
/sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
/sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
if [[ ${CAP_STR} ]]; then
# We have the (some of) the above caps available to us - apply them to pihole-FTL
echo " [i] Applying the following caps to pihole-FTL:"
IFS=',' read -ra CAPS <<< "${CAP_STR:1}"
for i in "${CAPS[@]}"; do
echo " * ${i}"
done
setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then
# DHCP is requested but NET_ADMIN is not available.
echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
echo " Please add cap_net_admin to the container's capabilities or disable DHCP."
DHCP_ACTIVE='false'
change_setting "DHCP_ACTIVE" "false"
fi
if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
echo " [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
echo " If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
exit 1
fi
else
echo " [!] WARNING: Unable to set capabilities for pihole-FTL."
echo " Please ensure that the container has the required capabilities."
exit 1
fi
}
# shellcheck disable=SC2034
ensure_basic_configuration() {
echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh"
# Set Debian webserver variables for installConfigs
LIGHTTPD_USER="www-data"
LIGHTTPD_GROUP="www-data"
LIGHTTPD_CFG="lighttpd.conf.debian"
installConfigs
installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case
if [ ! -f "${setupVars}" ]; then
install -m 644 /dev/null "${setupVars}"
echo " [i] Creating empty ${setupVars} file."
# The following setting needs to exist else the web interface version won't show in pihole -v
change_setting "INSTALL_WEB_INTERFACE" "true"
fi
set +e
mkdir -p /var/run/pihole /var/log/pihole
touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
chown pihole:root /etc/lighttpd
# In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
set -e
# Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
# If the setup variable file exists,
if [[ -e "${setupVars}" ]]; then
cp -f "${setupVars}" "${setupVars}.update.bak"
fi
# If FTLCONF_MACVENDORDB is not set
if [[ -z "${FTLCONF_MACVENDORDB:-}" ]]; then
# User is not passing in a custom location - so force FTL to use the file we moved to / during the build
changeFTLsetting "MACVENDORDB" "/macvendor.db"
fi
# When fresh empty directory volumes are used then we need to create this file
if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
fi;
}
validate_env() {
# Optional FTLCONF_LOCAL_IPV4 is a valid IP
# nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
# if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
if [[ "$(nc -4 -w1 -z "$FTLCONF_LOCAL_IPV4" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV4" > /dev/null ; then
echo "ERROR: FTLCONF_LOCAL_IPV4 Environment variable ($FTLCONF_LOCAL_IPV4) doesn't appear to be a valid IPv4 address"
exit 1
fi
# Optional IPv6 is a valid address
if [[ -n "$FTLCONF_LOCAL_IPV6" ]] ; then
if [[ "$FTLCONF_LOCAL_IPV6" == 'kernel' ]] ; then
echo " [!] ERROR: You passed in IPv6 with a value of 'kernel', this maybe because you do not have IPv6 enabled on your network"
unset FTLCONF_LOCAL_IPV6
exit 1
fi
if [[ "$(nc -6 -w1 -z "$FTLCONF_LOCAL_IPV6" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV6" > /dev/null ; then
echo " [!] ERROR: FTLCONF_LOCAL_IPV6 Environment variable ($FTLCONF_LOCAL_IPV6) doesn't appear to be a valid IPv6 address"
echo " TIP: If your server is not IPv6 enabled just remove '-e FTLCONF_LOCAL_IPV6' from your docker container"
exit 1
fi
fi;
}
setup_FTL_User(){
# Run DNSMASQ as root user to avoid SHM permission issues
if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
# Change user that had been set previously to root
for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
done
else
echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
fi
}
setup_FTL_Interface(){
local interface="${INTERFACE:-eth0}"
# Set the interface for FTL to listen on
local interfaceType='default'
if [ "$interface" != 'eth0' ] ; then
interfaceType='custom'
fi;
echo " [i] FTL binding to $interfaceType interface: $interface"
change_setting "PIHOLE_INTERFACE" "${interface}"
}
setup_FTL_ListeningBehaviour(){
if [ -n "$DNSMASQ_LISTENING" ]; then
change_setting "DNSMASQ_LISTENING" "${DNSMASQ_LISTENING}"
fi;
}
setup_FTL_CacheSize() {
local warning=" [i] WARNING: CUSTOM_CACHE_SIZE not used"
local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
# Quietly exit early for empty or default
if [[ -z "${CUSTOM_CACHE_SIZE}" || "${CUSTOM_CACHE_SIZE}" == '10000' ]] ; then return ; fi
if [[ "${DNSSEC}" == "true" ]] ; then
echo "$warning - Cannot change cache size if DNSSEC is enabled"
return
fi
if ! echo "$CUSTOM_CACHE_SIZE" | grep -q '^[0-9]*$' ; then
echo "$warning - $CUSTOM_CACHE_SIZE is not an integer"
return
fi
local -i custom_cache_size="$CUSTOM_CACHE_SIZE"
if (( custom_cache_size < 0 )); then
echo "$warning - $custom_cache_size is not a positive integer or zero"
return
fi
echo " [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
change_setting "CACHE_SIZE" "$custom_cache_size"
sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
}
apply_FTL_Configs_From_Env(){
# Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeFTLsetting
# function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf
# setting defined here: https://docs.pi-hole.net/ftldns/configfile/
declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(|.+)\"/\1 \2/' | while read -r name value
do
echo " [i] Applying pihole-FTL.conf setting $name=$value"
changeFTLsetting "$name" "$value"
done
}
setup_FTL_dhcp() {
if [ -z "${DHCP_START}" ] || [ -z "${DHCP_END}" ] || [ -z "${DHCP_ROUTER}" ]; then
echo " [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER"
change_setting "DHCP_ACTIVE" "false"
else
change_setting "DHCP_ACTIVE" "${DHCP_ACTIVE}"
change_setting "DHCP_START" "${DHCP_START}"
change_setting "DHCP_END" "${DHCP_END}"
change_setting "DHCP_ROUTER" "${DHCP_ROUTER}"
change_setting "DHCP_LEASETIME" "${DHCP_LEASETIME}"
change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
change_setting "DHCP_IPv6" "${DHCP_IPv6}"
change_setting "DHCP_rapid_commit" "${DHCP_rapid_commit}"
fi
}
setup_FTL_query_logging(){
if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then
echo " [i] Disabling Query Logging"
change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE"
removeKey "${dnsmasqconfig}" log-queries
else
# If it is anything other than false, set it to true
change_setting "QUERY_LOGGING" "true"
# Set pihole logging on for good measure
echo " [i] Enabling Query Logging"
addKey "${dnsmasqconfig}" log-queries
fi
}
setup_FTL_server(){
[ -n "${REV_SERVER}" ] && change_setting "REV_SERVER" "$REV_SERVER"
[ -n "${REV_SERVER_DOMAIN}" ] && change_setting "REV_SERVER_DOMAIN" "$REV_SERVER_DOMAIN"
[ -n "${REV_SERVER_TARGET}" ] && change_setting "REV_SERVER_TARGET" "$REV_SERVER_TARGET"
[ -n "${REV_SERVER_CIDR}" ] && change_setting "REV_SERVER_CIDR" "$REV_SERVER_CIDR"
if [ -z "$REV_SERVER" ];then
# If the REV_SERVER* variables are set, then there is no need to add these.
# If it is not set, then adding these variables is fine, and they will be converted by the Pi-hole install script
[ -n "${CONDITIONAL_FORWARDING}" ] && change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
[ -n "${CONDITIONAL_FORWARDING_IP}" ] && change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
[ -n "${CONDITIONAL_FORWARDING_DOMAIN}" ] && change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
[ -n "${CONDITIONAL_FORWARDING_REVERSE}" ] && change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
fi
}
setup_FTL_upstream_DNS(){
if [ -z "${PIHOLE_DNS_}" ]; then
# For backward compatibility, if DNS1 and/or DNS2 are set, but PIHOLE_DNS_ is not, convert them to
# a semi-colon delimited string and store in PIHOLE_DNS_
# They are not used anywhere if PIHOLE_DNS_ is set already
[ -n "${DNS1}" ] && echo " [i] Converting DNS1 to PIHOLE_DNS_" && PIHOLE_DNS_="$DNS1"
[[ -n "${DNS2}" && "${DNS2}" != "no" ]] && echo " [i] Converting DNS2 to PIHOLE_DNS_" && PIHOLE_DNS_="$PIHOLE_DNS_;$DNS2"
fi
# Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config
if [ -n "${PIHOLE_DNS_}" ]; then
echo " [i] Setting DNS servers based on PIHOLE_DNS_ variable"
# Remove any PIHOLE_DNS_ entries from setupVars.conf, if they exist
sed -i '/PIHOLE_DNS_/d' /etc/pihole/setupVars.conf
# Split into an array (delimited by ;)
# Loop through and add them one by one to setupVars.conf
IFS=";" read -r -a PIHOLE_DNS_ARR <<< "${PIHOLE_DNS_}"
count=1
valid_entries=0
for i in "${PIHOLE_DNS_ARR[@]}"; do
# Ensure we don't have an empty value first (see https://github.com/pi-hole/docker-pi-hole/issues/1174#issuecomment-1228763422 )
if [ -n "$i" ]; then
if valid_ip "$i" || valid_ip6 "$i" ; then
change_setting "PIHOLE_DNS_$count" "$i"
((count=count+1))
((valid_entries=valid_entries+1))
continue
fi
# shellcheck disable=SC2086
if [ -n "$(dig +short ${i//#*/})" ]; then
# If the "address" is a domain (for example a docker link) then try to resolve it and add
# the result as a DNS server in setupVars.conf.
resolved_ip="$(dig +short ${i//#*/} | head -n 1)"
if [ -n "${i//*#/}" ] && [ "${i//*#/}" != "${i//#*/}" ]; then
resolved_ip="${resolved_ip}#${i//*#/}"
fi
echo "Resolved ${i} from PIHOLE_DNS_ as: ${resolved_ip}"
if valid_ip "$resolved_ip" || valid_ip6 "$resolved_ip" ; then
change_setting "PIHOLE_DNS_$count" "$resolved_ip"
((count=count+1))
((valid_entries=valid_entries+1))
continue
fi
fi
# If the above tests fail then this is an invalid DNS server
echo " [!] Invalid entry detected in PIHOLE_DNS_: ${i}"
fi
done
if [ $valid_entries -eq 0 ]; then
echo " [!] No Valid entries detected in PIHOLE_DNS_. Aborting"
exit 1
fi
else
# Environment variable has not been set, but there may be existing values in an existing setupVars.conf
# if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4
# Pi-hole can run with only one upstream configured, so we will just check for one.
setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)"
if [ -z "${setupVarsDNS}" ]; then
echo " [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4"
change_setting "PIHOLE_DNS_1" "8.8.8.8"
change_setting "PIHOLE_DNS_2" "8.8.4.4"
else
echo " [i] Existing DNS servers detected in setupVars.conf. Leaving them alone"
fi
fi
}
setup_FTL_ProcessDNSSettings(){
# Commit settings to 01-pihole.conf
# shellcheck source=/dev/null
. /opt/pihole/webpage.sh
ProcessDNSSettings
}
setup_lighttpd_bind() {
local bind_addr="${WEB_BIND_ADDR}"
if [[ -z "$bind_addr" ]]; then
# if using '--net=host' bind lighttpd on $FTLCONF_LOCAL_IPV4 (for backward compatibility with #154).
if grep -q "docker" /proc/net/dev && [[ $FTLCONF_LOCAL_IPV4 != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
echo " [i] WARNING: running in host network mode forces lighttpd's bind address to \$FTLCONF_LOCAL_IPV4 ($FTLCONF_LOCAL_IPV4)."
echo " [i] This behaviour is deprecated and will be removed in a future version. If your installation depends on a custom bind address (not 0.0.0.0) you should set the \$WEB_BIND_ADDR environment variable to the desired value."
bind_addr="${FTLCONF_LOCAL_IPV4}"
# bind on 0.0.0.0 by default
else
bind_addr="0.0.0.0"
fi
fi
# Overwrite lighttpd's bind address, always listen on localhost
if [[ $bind_addr != 0.0.0.0 ]]; then
if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${bind_addr}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
fi
fi
}
setup_web_php_env() {
local config_file
config_file="/etc/lighttpd/conf-available/15-pihole-admin.conf"
# if the environment variable VIRTUAL_HOST is not set, or is empty, then set it to the hostname of the container
VIRTUAL_HOST="${VIRTUAL_HOST:-$HOSTNAME}"
for config_var in "VIRTUAL_HOST" "CORS_HOSTS" "PHP_ERROR_LOG" "PIHOLE_DOCKER_TAG" "TZ"; do
local beginning_of_line=" \"${config_var}\" => "
if grep -qP "^$beginning_of_line" "$config_file" ; then
# replace line if already present
sed -i "/${beginning_of_line}/c\\${beginning_of_line}\"${!config_var}\"," "$config_file"
else
# add line otherwise
sed -i "/bin-environment/ a\\${beginning_of_line}\"${!config_var}\"," "$config_file"
fi
done
echo " [i] Added ENV to php:"
grep -E '(VIRTUAL_HOST|CORS_HOSTS|PHP_ERROR_LOG|PIHOLE_DOCKER_TAG|TZ)' "$config_file"
# Create an additional file in the lighttpd config directory to redirect the root to the admin page
# if the host matches either VIRTUAL_HOST (Or HOSTNAME if it is not set) or FTLCONF_LOCAL_IPV4
cat <<END > /etc/lighttpd/conf-enabled/15-pihole-admin-redirect-docker.conf
\$HTTP["url"] == "/" {
\$HTTP["host"] == "${VIRTUAL_HOST}" {
url.redirect = ("" => "/admin/")
}
\$HTTP["host"] == "${FTLCONF_LOCAL_IPV4}" {
url.redirect = ("" => "/admin/")
}
}
END
}
setup_web_port() {
local warning=" [!] WARNING: Custom WEB_PORT not used"
# Quietly exit early for empty or default
if [[ -z "${WEB_PORT}" || "${WEB_PORT}" == '80' ]] ; then return ; fi
if ! echo "$WEB_PORT" | grep -q '^[0-9][0-9]*$' ; then
echo "$warning - $WEB_PORT is not an integer"
return
fi
local -i web_port="$WEB_PORT"
if (( web_port < 1 || web_port > 65535 )); then
echo "$warning - $web_port is not within valid port range of 1-65535"
return
fi
echo " [i] Custom WEB_PORT set to $web_port"
echo " [i] Without proper router DNAT forwarding to ${WEB_BIND_ADDR:-$FTLCONF_LOCAL_IPV4}:$web_port, you may not get any blocked websites on ads"
# Update lighttpd's port
sed -i '/server.port\s*=\s*80\s*$/ s/80/'"${WEB_PORT}"'/g' /etc/lighttpd/lighttpd.conf
}
setup_web_theme(){
# Parse the WEBTHEME variable, if it exists, and set the selected theme if it is one of the supported values (i.e. it is one of the existing theme
# file names and passes a regexp sanity check). If an invalid theme name was supplied, setup WEBTHEME to use the default-light theme.
if [ -n "${WEBTHEME}" ]; then
if grep -qf <(find /var/www/html/admin/style/themes/ -type f -printf '%f\n' | sed -ne 's/^\([a-zA-Z0-9_-]\+\)\.css$/\1/gp') -xF - <<< "${WEBTHEME}"; then
echo " [i] Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}"
change_setting "WEBTHEME" "${WEBTHEME}"
else
echo " [!] Invalid theme name supplied: ${WEBTHEME}, falling back to default-light."
change_setting "WEBTHEME" "default-light"
fi
fi
}
load_web_password_secret() {
# If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
# allowing secrets to be passed via docker secrets
if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
fi;
}
setup_web_password() {
if [ -z "${WEBPASSWORD+x}" ] ; then
# ENV WEBPASSWORD_OVERRIDE is not set
# Exit if setupvars already has a password
setup_var_exists "WEBPASSWORD" && return
# Generate new random password
WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
echo " [i] Assigning random password: $WEBPASSWORD"
else
# ENV WEBPASSWORD_OVERRIDE is set and will be used
echo " [i] Assigning password defined by Environment Variable"
# WEBPASSWORD="$WEBPASSWORD"
fi
# Explicitly turn off bash printing when working with secrets
{ set +x; } 2>/dev/null
if [[ "$WEBPASSWORD" == "" ]] ; then
echo "" | pihole -a -p
else
pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
fi
# To avoid printing this if conditional in bash debug, turn off debug above..
# then re-enable debug if necessary (more code but cleaner printed output)
if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
set -x
fi
}
setup_ipv4_ipv6() {
local ip_versions="IPv4 and IPv6"
if [ "${IPv6,,}" != "true" ] ; then
ip_versions="IPv4"
sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
fi;
echo " [i] Using $ip_versions"
}
test_configs() {
set -e
echo -n ' [i] Testing lighttpd config: '
lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
set +e
echo " [i] All config checks passed, cleared for startup ..."
}
setup_blocklists() {
# Exit/return early without setting up adlists with defaults for any of the following conditions:
# 1. skip_setup_blocklists env is set
exit_string="(exiting ${FUNCNAME[0]} early)"
if [ -n "${skip_setup_blocklists}" ]; then
echo " [i] skip_setup_blocklists requested $exit_string"
return
fi
# 2. The adlist file exists already (restarted container or volume mounted list)
if [ -f "${adlistFile}" ]; then
echo " [i] Preexisting ad list ${adlistFile} detected $exit_string"
return
fi
echo " [i] ${FUNCNAME[0]} now setting default blocklists up: "
echo " [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
installDefaultBlocklists
echo " [i] Blocklists (${adlistFile}) now set to:"
cat "${adlistFile}"
}
setup_var_exists() {
local KEY="$1"
if [ -n "$2" ]; then
local REQUIRED_VALUE="[^\n]+"
fi
if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
echo " [i] Pre existing ${KEY} found"
true
else
false
fi
}
setup_web_temp_unit() {
local UNIT="${TEMPERATUREUNIT}"
# check if var is empty
if [[ "$UNIT" != "" ]] ; then
# check if we have valid units
if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then
pihole -a -"${UNIT}"
fi
fi
}
setup_web_layout() {
local LO="${WEBUIBOXEDLAYOUT}"
# check if var is empty
if [[ "$LO" != "" ]] ; then
# check if we have valid types boxed | traditional
if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then
change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT"
fi
fi
}

112
src/s6/debian-root/usr/local/bin/install.sh
View File

@@ -1,112 +0,0 @@
#!/bin/bash -ex
# shellcheck disable=SC2034
mkdir -p /etc/pihole/
mkdir -p /var/run/pihole
CORE_LOCAL_REPO=/etc/.pihole
WEB_LOCAL_REPO=/var/www/html/admin
setupVars=/etc/pihole/setupVars.conf
detect_arch() {
DETECTED_ARCH=$(arch)
S6_ARCH=$DETECTED_ARCH
case $DETECTED_ARCH in
armel)
S6_ARCH="armhf";;
armv7l)
S6_ARCH="armhf";;
x86_64)
# arch returns x86_64 on linux/i386, causing the wrong s6-overlay to be downloaded
# fallback to dpkg to check the architecture and download the i686 s6-overlay if necessary
# see https://github.com/pi-hole/docker-pi-hole/issues/1524 for more information
ARCH_CHECK=$(dpkg --print-architecture)
if [ "$ARCH_CHECK" == "i386" ]; then
S6_ARCH="i686"
fi
esac
}
DOCKER_TAG=$(cat /pihole.docker.tag)
# Helps to have some additional tools in the dev image when debugging
if [[ "${DOCKER_TAG}" = 'nightly' || "${DOCKER_TAG}" = 'dev' ]]; then
apt-get update
apt-get install --no-install-recommends -y nano less vim-tiny
rm -rf /var/lib/apt/lists/*
fi
detect_arch
S6_OVERLAY_VERSION=v3.1.1.2
curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" | tar Jxpf - -C /
curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" | tar Jxpf - -C /
# IMPORTANT: #########################################################################
# Move /init somewhere else to prevent issues with podman/RHEL #
# See: https://github.com/pi-hole/docker-pi-hole/issues/1176#issuecomment-1227587045 #
mv /init /s6-init #
######################################################################################
# Preseed variables to assist with using --unattended install
{
echo "PIHOLE_INTERFACE=eth0"
echo "IPV4_ADDRESS=0.0.0.0"
echo "IPV6_ADDRESS=0:0:0:0:0:0"
echo "PIHOLE_DNS_1=8.8.8.8"
echo "QUERY_LOGGING=true"
echo "INSTALL_WEB_SERVER=true"
echo "INSTALL_WEB_INTERFACE=true"
echo "LIGHTTPD_ENABLED=true"
}>> "${setupVars}"
source $setupVars
export USER=pihole
export PIHOLE_SKIP_OS_CHECK=true
# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated
curl -sSL https://install.pi-hole.net | bash -sex -- --unattended
# At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions
if [[ "${DOCKER_TAG}" = 'nightly' ]]; then
yes | pihole checkout dev
fi
sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
# sed a new function into the `pihole` script just above the `helpFunc()` function for later use.
sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n echo "Function not supported in Docker images"\\\n exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
# Replace a few of the `pihole` options with calls to `unsupportedFunc`:
# pihole -up / pihole updatePihole
sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
# pihole uninstall
sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole
# pihole -r / pihole reconfigure
sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
# Move macvendor.db to root dir See https://github.com/pi-hole/docker-pi-hole/issues/1137
# During startup we will change FTL's configuration to point to this file instead of /etc/pihole/macvendor.db
# If user goes on to bind monunt this directory to their host, then we can easily ensure macvendor.db is the latest
# (it is otherwise only updated when FTL is updated, which doesn't happen as part of the normal course of running this image)
mv /etc/pihole/macvendor.db /macvendor.db
## Remove the default lighttpd unconfigured config:
if [ -f /etc/lighttpd/conf-enabled/99-unconfigured.conf ]; then
rm /etc/lighttpd/conf-enabled/99-unconfigured.conf
fi
## Remove the default lighttpd placeholder page for good measure
if [ -f /var/www/html/index.lighttpd.html ]; then
rm /var/www/html/index.lighttpd.html
fi
## Remove redundant directories created by the installer to reduce docker image size
rm -rf /tmp/*
if [ ! -f /.piholeFirstBoot ]; then
touch /.piholeFirstBoot
fi
echo 'Docker install successful'

53
src/s6/service
View File

@@ -1,53 +0,0 @@
#!/bin/bash
# This script patches all service commands into the appropriate s6- commands
# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
start() {
restart
}
stop() {
/command/s6-svc -wD -d -T2500 /run/service/"$service"
}
restart() {
local pid
# Get the PID(s) of the service we are asking to restart
mapfile -t pids < <(pgrep "$service")
# Only attempt to stop the service if it is already running
if [ "${#pids[@]}" -gt 0 ]; then
stop
for pid in "${pids[@]}"; do
# Loop until we are certain that the process has been stopped
while test -d /proc/"$pid"; do
sleep 0.2
done
done
fi
# Check it hasn't been started by something else in the meantime
pid=$(pgrep "$service")
# Only attempt to start the service if it is not already running
if [ -z "$pid" ]; then
/command/s6-svc -wu -u -T2500 /run/service/"$service"
fi
}
status() {
/command/s6-svstat /run/service/"$service"
}
service="$1"
command="$2"
if [[ ! -d "/run/service/$service" ]] ; then
echo "s6 service not found for $service, exiting..."
exit
fi;
${command} "${service}"

104
src/start.sh Normal file
View File

@@ -0,0 +1,104 @@
#!/bin/bash -e
if [ "${PH_VERBOSE:-0}" -gt 0 ]; then
set -x
fi
trap stop TERM INT QUIT HUP ERR
start() {
local v5_volume=0
# If the file /etc/pihole/setupVars.conf exists, but /etc/pihole/pihole.toml does not, then we are migrating v5->v6
# FTL Will handle the migration of the config files
if [[ -f /etc/pihole/setupVars.conf && ! -f /etc/pihole/pihole.toml ]]; then
echo " [i] v5 files detected that have not yet been migrated to v6"
echo " [i] Deferring additional configuration until after FTL has started"
echo " [i] Note: It is normal to see \"Config file /etc/pihole/pihole.toml not available (r): No such file or directory\" in the logs at this point"
echo ""
v5_volume=1
fi
# The below functions are all contained in bash_functions.sh
# shellcheck source=/dev/null
. /usr/bin/bash_functions.sh
# ===========================
# Initial checks
# ===========================
# If PIHOLE_UID is set, modify the pihole user's id to match
set_uid_gid
# Only run the next step if we are not migrating from v5 to v6
if [[ ${v5_volume} -eq 0 ]]; then
# Configure FTL with any environment variables if needed
echo " [i] Starting FTL configuration"
ftl_config
fi
# Install additional packages inside the container if requested
install_additional_packages
# Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc)
start_cron
# Install the logrotate config file
install_logrotate
#migrate Gravity Database if needed:
migrate_gravity
# Start pihole-FTL
start_ftl
# Give FTL a couple of seconds to start up
sleep 2
# If we are migrating from v5 to v6, we now need to run the basic configuration step that we deferred earlier
# This is because pihole-FTL needs to migrate the config files before we can perform the basic configuration checks
if [[ ${v5_volume} -eq 1 ]]; then
echo " [i] Starting deferred FTL Configuration"
ftl_config
echo ""
fi
pihole updatechecker
pihole -v
echo ""
if [ "${TAIL_FTL_LOG:-1}" -eq 1 ]; then
# Start tailing the FTL log from the most recent "FTL Started" message
# Get the line number
startFrom=$(grep -n '########## FTL started' /var/log/pihole/FTL.log | tail -1 | cut -d: -f1)
# Start the tail from the line number
tail -f -n +${startFrom} /var/log/pihole/FTL.log &
else
echo " [i] FTL log output is disabled. Remove the Environment variable TAIL_FTL_LOG, or set it to 1 to enable FTL log output."
fi
# https://stackoverflow.com/a/49511035
wait $!
}
stop() {
# Ensure pihole-FTL shuts down cleanly on SIGTERM/SIGINT
ftl_pid=$(pgrep pihole-FTL)
killall --signal 15 pihole-FTL
# Wait for pihole-FTL to exit
while test -d /proc/"${ftl_pid}"; do
sleep 0.5
done
# If we are running pytest, keep the container alive for a little longer
# to allow the tests to complete
if [[ ${PYTEST} ]]; then
sleep 10
fi
exit
}
start

36
test/Dockerfile
View File

@@ -1,24 +1,22 @@
FROM debian:bookworm-slim
# Only works for docker CLIENT (bind mounted socket)
COPY --from=docker:20.10.17 /usr/local/bin/docker /usr/local/bin/
ARG alpine_version="3.20"
ARG docker_version="27.1.1"
ARG packages
RUN apt-get update && \
apt-get --no-install-recommends install -y python3 python3-pip python3-dev pipenv curl gcc make \
libffi-dev libssl-dev ${packages} \
&& rm -rf /var/lib/apt/lists/*
FROM docker:${docker_version}-cli-alpine${alpine_version}
RUN curl --proto "=https" -L https://github.com/docker/compose/releases/download/2.10.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
chmod +x /usr/local/bin/docker-compose
COPY ./cmd.sh /usr/local/bin/
COPY Pipfile* /root/
COPY --chmod=0755 ./cmd.sh /usr/local/bin/cmd.sh
COPY requirements.txt /root/
WORKDIR /root
RUN pipenv -v install --system \
&& sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.11/dist-packages/testinfra/backend/docker.py
RUN apk add --no-cache \
python3-dev \
py3-pip \
curl \
&& pip3 install --break-system-packages --no-cache-dir -U pip \
&& pip3 install --break-system-packages --no-cache-dir -r requirements.txt \
# Replace hardcoded /bin/sh with /bin/bash in testinfra docker backend
# see https://github.com/pytest-dev/pytest-testinfra/issues/582 and similar issues
&& pythonversion=$(python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))') \
&& sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python${pythonversion}/site-packages/testinfra/backend/docker.py
RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT entrypoint.sh
CMD cmd.sh
SHELL ["/bin/sh", "-c"]
CMD ["cmd.sh"]

15
test/Pipfile
View File

@@ -1,15 +0,0 @@
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
pytest = "==8.3.2"
pytest-xdist = "==3.6.1"
pytest-testinfra = "==10.1.1"
black = "==24.8.0"
[requires]
python_version = "3"

539
test/Pipfile.lock generated
View File

@@ -1,539 +0,0 @@
{
"_meta": {
"hash": {
"sha256": "b24ba579a92e7c6b4ffc7e25434a73e9a24c98ba7244a65367b91201cc593cfd"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"aiohttp": {
"hashes": [
"sha256:0593822dcdb9483d41f12041ff7c90d4d1033ec0e880bcfaf102919b715f47f1",
"sha256:10afd99b8251022ddf81eaed1d90f5a988e349ee7d779eb429fb07b670751e8c",
"sha256:17e7c051f53a0d2ebf33013a9cbf020bb4e098c4bc5bce6f7b0c962108d97eab",
"sha256:221204dbda5ef350e8db6287937621cf75e85778b296c9c52260b522231940ed",
"sha256:2506d9f7a9b91033201be9ffe7d89c6a54150b0578803cce5cb84a943d075bc3",
"sha256:268ba22d917655d1259af2d5659072b7dc11b4e1dc2cb9662fdd867d75afc6a4",
"sha256:2bd9d334412961125e9f68d5b73c1d0ab9ea3f74a58a475e6b119f5293eee7ba",
"sha256:305edae1dea368ce09bcb858cf5a63a064f3bff4767dec6fa60a0cc0e805a1d3",
"sha256:32dc814ddbb254f6170bca198fe307920f6c1308a5492f049f7f63554b88ef36",
"sha256:35d78076736f4a668d57ade00c65d30a8ce28719d8a42471b2a06ccd1a2e3063",
"sha256:3b2feaf1b7031ede1bc0880cec4b0776fd347259a723d625357bb4b82f62687b",
"sha256:418bb0038dfafeac923823c2e63226179976c76f981a2aaad0ad5d51f2229bca",
"sha256:419f009fa4cfde4d16a7fc070d64f36d70a8d35a90d71aa27670bba2be4fd039",
"sha256:47f6eb74e1ecb5e19a78f4a4228aa24df7fbab3b62d4a625d3f41194a08bd54f",
"sha256:4d79aad0ad4b980663316f26d9a492e8fab2af77c69c0f33780a56843ad2f89e",
"sha256:4f7e69a7fd4b5ce419238388e55abd220336bd32212c673ceabc57ccf3d05b55",
"sha256:52b8b4e06fc15519019e128abedaeb56412b106ab88b3c452188ca47a25c4093",
"sha256:56181093c10dbc6ceb8a29dfeea1e815e1dfdc020169203d87fd8d37616f73f9",
"sha256:63f41a909d182d2b78fe3abef557fcc14da50c7852f70ae3be60e83ff64edba5",
"sha256:689eb4356649ec9535b3686200b231876fb4cab4aca54e3bece71d37f50c1d13",
"sha256:69046cd9a2a17245c4ce3c1f1a4ff8c70c7701ef222fce3d1d8435f09042bba1",
"sha256:69b97aa5792428f321f72aeb2f118e56893371f27e0b7d05750bcad06fc42ca1",
"sha256:69ff36d3f8f5652994e08bd22f093e11cfd0444cea310f92e01b45a4e46b624e",
"sha256:6f121900131d116e4a93b55ab0d12ad72573f967b100e49086e496a9b24523ea",
"sha256:6ff71ede6d9a5a58cfb7b6fffc83ab5d4a63138276c771ac91ceaaddf5459644",
"sha256:71a8f241456b6c2668374d5d28398f8e8cdae4cce568aaea54e0f39359cd928d",
"sha256:74e4e48c8752d14ecfb36d2ebb3d76d614320570e14de0a3aa7a726ff150a03c",
"sha256:7673a76772bda15d0d10d1aa881b7911d0580c980dbd16e59d7ba1422b2d83cd",
"sha256:76d32588ef7e4a3f3adff1956a0ba96faabbdee58f2407c122dd45aa6e34f372",
"sha256:7b39476ee69cfe64061fd77a73bf692c40021f8547cda617a3466530ef63f947",
"sha256:7be99f4abb008cb38e144f85f515598f4c2c8932bf11b65add0ff59c9c876d99",
"sha256:7bfdb41dc6e85d8535b00d73947548a748e9534e8e4fddd2638109ff3fb081df",
"sha256:7d2334e387b2adcc944680bebcf412743f2caf4eeebd550f67249c1c3696be04",
"sha256:7d29dd5319d20aa3b7749719ac9685fbd926f71ac8c77b2477272725f882072d",
"sha256:7d4845f8501ab28ebfdbeab980a50a273b415cf69e96e4e674d43d86a464df9d",
"sha256:824dff4f9f4d0f59d0fa3577932ee9a20e09edec8a2f813e1d6b9f89ced8293f",
"sha256:84e90494db7df3be5e056f91412f9fa9e611fbe8ce4aaef70647297f5943b276",
"sha256:8a78dfb198a328bfb38e4308ca8167028920fb747ddcf086ce706fbdd23b2926",
"sha256:8b73a06bafc8dcc508420db43b4dd5850e41e69de99009d0351c4f3007960019",
"sha256:916b0417aeddf2c8c61291238ce25286f391a6acb6f28005dd9ce282bd6311b6",
"sha256:935c369bf8acc2dc26f6eeb5222768aa7c62917c3554f7215f2ead7386b33748",
"sha256:939393e8c3f0a5bcd33ef7ace67680c318dc2ae406f15e381c0054dd658397de",
"sha256:9860d455847cd98eb67897f5957b7cd69fbcb436dd3f06099230f16a66e66f79",
"sha256:9b6787b6d0b3518b2ee4cbeadd24a507756ee703adbac1ab6dc7c4434b8c572a",
"sha256:9c0b09d76e5a4caac3d27752027fbd43dc987b95f3748fad2b924a03fe8632ad",
"sha256:a1885d2470955f70dfdd33a02e1749613c5a9c5ab855f6db38e0b9389453dce7",
"sha256:a3666cf4182efdb44d73602379a66f5fdfd5da0db5e4520f0ac0dcca644a3497",
"sha256:aba80e77c227f4234aa34a5ff2b6ff30c5d6a827a91d22ff6b999de9175d71bd",
"sha256:b33f34c9c7decdb2ab99c74be6443942b730b56d9c5ee48fb7df2c86492f293c",
"sha256:b65b0f8747b013570eea2f75726046fa54fa8e0c5db60f3b98dd5d161052004a",
"sha256:b71e614c1ae35c3d62a293b19eface83d5e4d194e3eb2fabb10059d33e6e8cbf",
"sha256:c111b3c69060d2bafc446917534150fd049e7aedd6cbf21ba526a5a97b4402a5",
"sha256:c3770365675f6be220032f6609a8fbad994d6dcf3ef7dbcf295c7ee70884c9af",
"sha256:c4870cb049f10d7680c239b55428916d84158798eb8f353e74fa2c98980dcc0b",
"sha256:c5ff8ff44825736a4065d8544b43b43ee4c6dd1530f3a08e6c0578a813b0aa35",
"sha256:c78700130ce2dcebb1a8103202ae795be2fa8c9351d0dd22338fe3dac74847d9",
"sha256:c7a5b676d3c65e88b3aca41816bf72831898fcd73f0cbb2680e9d88e819d1e4d",
"sha256:c8b04a3dbd54de6ccb7604242fe3ad67f2f3ca558f2d33fe19d4b08d90701a89",
"sha256:d12a244627eba4e9dc52cbf924edef905ddd6cafc6513849b4876076a6f38b0e",
"sha256:d1df528a85fb404899d4207a8d9934cfd6be626e30e5d3a5544a83dbae6d8a7e",
"sha256:d58a54d6ff08d2547656356eea8572b224e6f9bbc0cf55fa9966bcaac4ddfb10",
"sha256:d6577140cd7db19e430661e4b2653680194ea8c22c994bc65b7a19d8ec834403",
"sha256:d6a67e26daa686a6fbdb600a9af8619c80a332556245fa8e86c747d226ab1a1e",
"sha256:dcad56c8d8348e7e468899d2fb3b309b9bc59d94e6db08710555f7436156097f",
"sha256:e0198ea897680e480845ec0ffc5a14e8b694e25b3f104f63676d55bf76a82f1a",
"sha256:e27d3b5ed2c2013bce66ad67ee57cbf614288bda8cdf426c8d8fe548316f1b5f",
"sha256:e40d2cd22914d67c84824045861a5bb0fb46586b15dfe4f046c7495bf08306b2",
"sha256:e4370dda04dc8951012f30e1ce7956a0a226ac0714a7b6c389fb2f43f22a250e",
"sha256:e571fdd9efd65e86c6af2f332e0e95dad259bfe6beb5d15b3c3eca3a6eb5d87b",
"sha256:e78da6b55275987cbc89141a1d8e75f5070e577c482dd48bd9123a76a96f0bbb",
"sha256:eae569fb1e7559d4f3919965617bb39f9e753967fae55ce13454bec2d1c54f09",
"sha256:eb30c4510a691bb87081192a394fb661860e75ca3896c01c6d186febe7c88530",
"sha256:efbdd51872cf170093998c87ccdf3cb5993add3559341a8e5708bcb311934c94",
"sha256:f3460a92638dce7e47062cf088d6e7663adb135e936cb117be88d5e6c48c9d53",
"sha256:f595db1bceabd71c82e92df212dd9525a8a2c6947d39e3c994c4f27d2fe15b11",
"sha256:fb68dc73bc8ac322d2e392a59a9e396c4f35cb6fdbdd749e139d1d6c985f2527"
],
"index": "pypi",
"markers": "python_version >= '3.8'",
"version": "==3.9.4"
},
"aiosignal": {
"hashes": [
"sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc",
"sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"
],
"markers": "python_version >= '3.7'",
"version": "==1.3.1"
},
"attrs": {
"hashes": [
"sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30",
"sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1"
],
"markers": "python_version >= '3.7'",
"version": "==23.2.0"
},
"black": {
"hashes": [
"sha256:09cdeb74d494ec023ded657f7092ba518e8cf78fa8386155e4a03fdcc44679e6",
"sha256:1f13f7f386f86f8121d76599114bb8c17b69d962137fc70efe56137727c7047e",
"sha256:2500945420b6784c38b9ee885af039f5e7471ef284ab03fa35ecdde4688cd83f",
"sha256:2b59b250fdba5f9a9cd9d0ece6e6d993d91ce877d121d161e4698af3eb9c1018",
"sha256:3c4285573d4897a7610054af5a890bde7c65cb466040c5f0c8b732812d7f0e5e",
"sha256:505289f17ceda596658ae81b61ebbe2d9b25aa78067035184ed0a9d855d18afd",
"sha256:62e8730977f0b77998029da7971fa896ceefa2c4c4933fcd593fa599ecbf97a4",
"sha256:649f6d84ccbae73ab767e206772cc2d7a393a001070a4c814a546afd0d423aed",
"sha256:6e55d30d44bed36593c3163b9bc63bf58b3b30e4611e4d88a0c3c239930ed5b2",
"sha256:707a1ca89221bc8a1a64fb5e15ef39cd755633daa672a9db7498d1c19de66a42",
"sha256:72901b4913cbac8972ad911dc4098d5753704d1f3c56e44ae8dce99eecb0e3af",
"sha256:73bbf84ed136e45d451a260c6b73ed674652f90a2b3211d6a35e78054563a9bb",
"sha256:7c046c1d1eeb7aea9335da62472481d3bbf3fd986e093cffd35f4385c94ae368",
"sha256:81c6742da39f33b08e791da38410f32e27d632260e599df7245cccee2064afeb",
"sha256:837fd281f1908d0076844bc2b801ad2d369c78c45cf800cad7b61686051041af",
"sha256:972085c618ee94f402da1af548a4f218c754ea7e5dc70acb168bfaca4c2542ed",
"sha256:9e84e33b37be070ba135176c123ae52a51f82306def9f7d063ee302ecab2cf47",
"sha256:b19c9ad992c7883ad84c9b22aaa73562a16b819c1d8db7a1a1a49fb7ec13c7d2",
"sha256:d6417535d99c37cee4091a2f24eb2b6d5ec42b144d50f1f2e436d9fe1916fe1a",
"sha256:eab4dd44ce80dea27dc69db40dab62d4ca96112f87996bca68cd75639aeb2e4c",
"sha256:f490dbd59680d809ca31efdae20e634f3fae27fba3ce0ba3208333b713bc3920",
"sha256:fb6e2c0b86bbd43dee042e48059c9ad7830abd5c94b0bc518c0eeec57c3eddc1"
],
"index": "pypi",
"markers": "python_version >= '3.8'",
"version": "==24.8.0"
},
"click": {
"hashes": [
"sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28",
"sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"
],
"markers": "python_version >= '3.7'",
"version": "==8.1.7"
},
"execnet": {
"hashes": [
"sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc",
"sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3"
],
"markers": "python_version >= '3.8'",
"version": "==2.1.1"
},
"frozenlist": {
"hashes": [
"sha256:04ced3e6a46b4cfffe20f9ae482818e34eba9b5fb0ce4056e4cc9b6e212d09b7",
"sha256:0633c8d5337cb5c77acbccc6357ac49a1770b8c487e5b3505c57b949b4b82e98",
"sha256:068b63f23b17df8569b7fdca5517edef76171cf3897eb68beb01341131fbd2ad",
"sha256:0c250a29735d4f15321007fb02865f0e6b6a41a6b88f1f523ca1596ab5f50bd5",
"sha256:1979bc0aeb89b33b588c51c54ab0161791149f2461ea7c7c946d95d5f93b56ae",
"sha256:1a4471094e146b6790f61b98616ab8e44f72661879cc63fa1049d13ef711e71e",
"sha256:1b280e6507ea8a4fa0c0a7150b4e526a8d113989e28eaaef946cc77ffd7efc0a",
"sha256:1d0ce09d36d53bbbe566fe296965b23b961764c0bcf3ce2fa45f463745c04701",
"sha256:20b51fa3f588ff2fe658663db52a41a4f7aa6c04f6201449c6c7c476bd255c0d",
"sha256:23b2d7679b73fe0e5a4560b672a39f98dfc6f60df63823b0a9970525325b95f6",
"sha256:23b701e65c7b36e4bf15546a89279bd4d8675faabc287d06bbcfac7d3c33e1e6",
"sha256:2471c201b70d58a0f0c1f91261542a03d9a5e088ed3dc6c160d614c01649c106",
"sha256:27657df69e8801be6c3638054e202a135c7f299267f1a55ed3a598934f6c0d75",
"sha256:29acab3f66f0f24674b7dc4736477bcd4bc3ad4b896f5f45379a67bce8b96868",
"sha256:32453c1de775c889eb4e22f1197fe3bdfe457d16476ea407472b9442e6295f7a",
"sha256:3a670dc61eb0d0eb7080890c13de3066790f9049b47b0de04007090807c776b0",
"sha256:3e0153a805a98f5ada7e09826255ba99fb4f7524bb81bf6b47fb702666484ae1",
"sha256:410478a0c562d1a5bcc2f7ea448359fcb050ed48b3c6f6f4f18c313a9bdb1826",
"sha256:442acde1e068288a4ba7acfe05f5f343e19fac87bfc96d89eb886b0363e977ec",
"sha256:48f6a4533887e189dae092f1cf981f2e3885175f7a0f33c91fb5b7b682b6bab6",
"sha256:4f57dab5fe3407b6c0c1cc907ac98e8a189f9e418f3b6e54d65a718aaafe3950",
"sha256:4f9c515e7914626b2a2e1e311794b4c35720a0be87af52b79ff8e1429fc25f19",
"sha256:55fdc093b5a3cb41d420884cdaf37a1e74c3c37a31f46e66286d9145d2063bd0",
"sha256:5667ed53d68d91920defdf4035d1cdaa3c3121dc0b113255124bcfada1cfa1b8",
"sha256:590344787a90ae57d62511dd7c736ed56b428f04cd8c161fcc5e7232c130c69a",
"sha256:5a7d70357e7cee13f470c7883a063aae5fe209a493c57d86eb7f5a6f910fae09",
"sha256:5c3894db91f5a489fc8fa6a9991820f368f0b3cbdb9cd8849547ccfab3392d86",
"sha256:5c849d495bf5154cd8da18a9eb15db127d4dba2968d88831aff6f0331ea9bd4c",
"sha256:64536573d0a2cb6e625cf309984e2d873979709f2cf22839bf2d61790b448ad5",
"sha256:693945278a31f2086d9bf3df0fe8254bbeaef1fe71e1351c3bd730aa7d31c41b",
"sha256:6db4667b187a6742b33afbbaf05a7bc551ffcf1ced0000a571aedbb4aa42fc7b",
"sha256:6eb73fa5426ea69ee0e012fb59cdc76a15b1283d6e32e4f8dc4482ec67d1194d",
"sha256:722e1124aec435320ae01ee3ac7bec11a5d47f25d0ed6328f2273d287bc3abb0",
"sha256:7268252af60904bf52c26173cbadc3a071cece75f873705419c8681f24d3edea",
"sha256:74fb4bee6880b529a0c6560885fce4dc95936920f9f20f53d99a213f7bf66776",
"sha256:780d3a35680ced9ce682fbcf4cb9c2bad3136eeff760ab33707b71db84664e3a",
"sha256:82e8211d69a4f4bc360ea22cd6555f8e61a1bd211d1d5d39d3d228b48c83a897",
"sha256:89aa2c2eeb20957be2d950b85974b30a01a762f3308cd02bb15e1ad632e22dc7",
"sha256:8aefbba5f69d42246543407ed2461db31006b0f76c4e32dfd6f42215a2c41d09",
"sha256:96ec70beabbd3b10e8bfe52616a13561e58fe84c0101dd031dc78f250d5128b9",
"sha256:9750cc7fe1ae3b1611bb8cfc3f9ec11d532244235d75901fb6b8e42ce9229dfe",
"sha256:9acbb16f06fe7f52f441bb6f413ebae6c37baa6ef9edd49cdd567216da8600cd",
"sha256:9d3e0c25a2350080e9319724dede4f31f43a6c9779be48021a7f4ebde8b2d742",
"sha256:a06339f38e9ed3a64e4c4e43aec7f59084033647f908e4259d279a52d3757d09",
"sha256:a0cb6f11204443f27a1628b0e460f37fb30f624be6051d490fa7d7e26d4af3d0",
"sha256:a7496bfe1da7fb1a4e1cc23bb67c58fab69311cc7d32b5a99c2007b4b2a0e932",
"sha256:a828c57f00f729620a442881cc60e57cfcec6842ba38e1b19fd3e47ac0ff8dc1",
"sha256:a9b2de4cf0cdd5bd2dee4c4f63a653c61d2408055ab77b151c1957f221cabf2a",
"sha256:b46c8ae3a8f1f41a0d2ef350c0b6e65822d80772fe46b653ab6b6274f61d4a49",
"sha256:b7e3ed87d4138356775346e6845cccbe66cd9e207f3cd11d2f0b9fd13681359d",
"sha256:b7f2f9f912dca3934c1baec2e4585a674ef16fe00218d833856408c48d5beee7",
"sha256:ba60bb19387e13597fb059f32cd4d59445d7b18b69a745b8f8e5db0346f33480",
"sha256:beee944ae828747fd7cb216a70f120767fc9f4f00bacae8543c14a6831673f89",
"sha256:bfa4a17e17ce9abf47a74ae02f32d014c5e9404b6d9ac7f729e01562bbee601e",
"sha256:c037a86e8513059a2613aaba4d817bb90b9d9b6b69aace3ce9c877e8c8ed402b",
"sha256:c302220494f5c1ebeb0912ea782bcd5e2f8308037b3c7553fad0e48ebad6ad82",
"sha256:c6321c9efe29975232da3bd0af0ad216800a47e93d763ce64f291917a381b8eb",
"sha256:c757a9dd70d72b076d6f68efdbb9bc943665ae954dad2801b874c8c69e185068",
"sha256:c99169d4ff810155ca50b4da3b075cbde79752443117d89429595c2e8e37fed8",
"sha256:c9c92be9fd329ac801cc420e08452b70e7aeab94ea4233a4804f0915c14eba9b",
"sha256:cc7b01b3754ea68a62bd77ce6020afaffb44a590c2289089289363472d13aedb",
"sha256:db9e724bebd621d9beca794f2a4ff1d26eed5965b004a97f1f1685a173b869c2",
"sha256:dca69045298ce5c11fd539682cff879cc1e664c245d1c64da929813e54241d11",
"sha256:dd9b1baec094d91bf36ec729445f7769d0d0cf6b64d04d86e45baf89e2b9059b",
"sha256:e02a0e11cf6597299b9f3bbd3f93d79217cb90cfd1411aec33848b13f5c656cc",
"sha256:e6a20a581f9ce92d389a8c7d7c3dd47c81fd5d6e655c8dddf341e14aa48659d0",
"sha256:e7004be74cbb7d9f34553a5ce5fb08be14fb33bc86f332fb71cbe5216362a497",
"sha256:e774d53b1a477a67838a904131c4b0eef6b3d8a651f8b138b04f748fccfefe17",
"sha256:edb678da49d9f72c9f6c609fbe41a5dfb9a9282f9e6a2253d5a91e0fc382d7c0",
"sha256:f146e0911cb2f1da549fc58fc7bcd2b836a44b79ef871980d605ec392ff6b0d2",
"sha256:f56e2333dda1fe0f909e7cc59f021eba0d2307bc6f012a1ccf2beca6ba362439",
"sha256:f9a3ea26252bd92f570600098783d1371354d89d5f6b7dfd87359d669f2109b5",
"sha256:f9aa1878d1083b276b0196f2dfbe00c9b7e752475ed3b682025ff20c1c1f51ac",
"sha256:fb3c2db03683b5767dedb5769b8a40ebb47d6f7f45b1b3e3b4b51ec8ad9d9825",
"sha256:fbeb989b5cc29e8daf7f976b421c220f1b8c731cbf22b9130d8815418ea45887",
"sha256:fde5bd59ab5357e3853313127f4d3565fc7dad314a74d7b5d43c22c6a5ed2ced",
"sha256:fe1a06da377e3a1062ae5fe0926e12b84eceb8a50b350ddca72dc85015873f74"
],
"markers": "python_version >= '3.8'",
"version": "==1.4.1"
},
"idna": {
"hashes": [
"sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc",
"sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0"
],
"markers": "python_version >= '3.5'",
"version": "==3.7"
},
"iniconfig": {
"hashes": [
"sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3",
"sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"
],
"markers": "python_version >= '3.7'",
"version": "==2.0.0"
},
"multidict": {
"hashes": [
"sha256:01265f5e40f5a17f8241d52656ed27192be03bfa8764d88e8220141d1e4b3556",
"sha256:0275e35209c27a3f7951e1ce7aaf93ce0d163b28948444bec61dd7badc6d3f8c",
"sha256:04bde7a7b3de05732a4eb39c94574db1ec99abb56162d6c520ad26f83267de29",
"sha256:04da1bb8c8dbadf2a18a452639771951c662c5ad03aefe4884775454be322c9b",
"sha256:09a892e4a9fb47331da06948690ae38eaa2426de97b4ccbfafbdcbe5c8f37ff8",
"sha256:0d63c74e3d7ab26de115c49bffc92cc77ed23395303d496eae515d4204a625e7",
"sha256:107c0cdefe028703fb5dafe640a409cb146d44a6ae201e55b35a4af8e95457dd",
"sha256:141b43360bfd3bdd75f15ed811850763555a251e38b2405967f8e25fb43f7d40",
"sha256:14c2976aa9038c2629efa2c148022ed5eb4cb939e15ec7aace7ca932f48f9ba6",
"sha256:19fe01cea168585ba0f678cad6f58133db2aa14eccaf22f88e4a6dccadfad8b3",
"sha256:1d147090048129ce3c453f0292e7697d333db95e52616b3793922945804a433c",
"sha256:1d9ea7a7e779d7a3561aade7d596649fbecfa5c08a7674b11b423783217933f9",
"sha256:215ed703caf15f578dca76ee6f6b21b7603791ae090fbf1ef9d865571039ade5",
"sha256:21fd81c4ebdb4f214161be351eb5bcf385426bf023041da2fd9e60681f3cebae",
"sha256:220dd781e3f7af2c2c1053da9fa96d9cf3072ca58f057f4c5adaaa1cab8fc442",
"sha256:228b644ae063c10e7f324ab1ab6b548bdf6f8b47f3ec234fef1093bc2735e5f9",
"sha256:29bfeb0dff5cb5fdab2023a7a9947b3b4af63e9c47cae2a10ad58394b517fddc",
"sha256:2f4848aa3baa109e6ab81fe2006c77ed4d3cd1e0ac2c1fbddb7b1277c168788c",
"sha256:2faa5ae9376faba05f630d7e5e6be05be22913782b927b19d12b8145968a85ea",
"sha256:2ffc42c922dbfddb4a4c3b438eb056828719f07608af27d163191cb3e3aa6cc5",
"sha256:37b15024f864916b4951adb95d3a80c9431299080341ab9544ed148091b53f50",
"sha256:3cc2ad10255f903656017363cd59436f2111443a76f996584d1077e43ee51182",
"sha256:3d25f19500588cbc47dc19081d78131c32637c25804df8414463ec908631e453",
"sha256:403c0911cd5d5791605808b942c88a8155c2592e05332d2bf78f18697a5fa15e",
"sha256:411bf8515f3be9813d06004cac41ccf7d1cd46dfe233705933dd163b60e37600",
"sha256:425bf820055005bfc8aa9a0b99ccb52cc2f4070153e34b701acc98d201693733",
"sha256:435a0984199d81ca178b9ae2c26ec3d49692d20ee29bc4c11a2a8d4514c67eda",
"sha256:4a6a4f196f08c58c59e0b8ef8ec441d12aee4125a7d4f4fef000ccb22f8d7241",
"sha256:4cc0ef8b962ac7a5e62b9e826bd0cd5040e7d401bc45a6835910ed699037a461",
"sha256:51d035609b86722963404f711db441cf7134f1889107fb171a970c9701f92e1e",
"sha256:53689bb4e102200a4fafa9de9c7c3c212ab40a7ab2c8e474491914d2305f187e",
"sha256:55205d03e8a598cfc688c71ca8ea5f66447164efff8869517f175ea632c7cb7b",
"sha256:5c0631926c4f58e9a5ccce555ad7747d9a9f8b10619621f22f9635f069f6233e",
"sha256:5cb241881eefd96b46f89b1a056187ea8e9ba14ab88ba632e68d7a2ecb7aadf7",
"sha256:60d698e8179a42ec85172d12f50b1668254628425a6bd611aba022257cac1386",
"sha256:612d1156111ae11d14afaf3a0669ebf6c170dbb735e510a7438ffe2369a847fd",
"sha256:6214c5a5571802c33f80e6c84713b2c79e024995b9c5897f794b43e714daeec9",
"sha256:6939c95381e003f54cd4c5516740faba40cf5ad3eeff460c3ad1d3e0ea2549bf",
"sha256:69db76c09796b313331bb7048229e3bee7928eb62bab5e071e9f7fcc4879caee",
"sha256:6bf7a982604375a8d49b6cc1b781c1747f243d91b81035a9b43a2126c04766f5",
"sha256:766c8f7511df26d9f11cd3a8be623e59cca73d44643abab3f8c8c07620524e4a",
"sha256:76c0de87358b192de7ea9649beb392f107dcad9ad27276324c24c91774ca5271",
"sha256:76f067f5121dcecf0d63a67f29080b26c43c71a98b10c701b0677e4a065fbd54",
"sha256:7901c05ead4b3fb75113fb1dd33eb1253c6d3ee37ce93305acd9d38e0b5f21a4",
"sha256:79660376075cfd4b2c80f295528aa6beb2058fd289f4c9252f986751a4cd0496",
"sha256:79a6d2ba910adb2cbafc95dad936f8b9386e77c84c35bc0add315b856d7c3abb",
"sha256:7afcdd1fc07befad18ec4523a782cde4e93e0a2bf71239894b8d61ee578c1319",
"sha256:7be7047bd08accdb7487737631d25735c9a04327911de89ff1b26b81745bd4e3",
"sha256:7c6390cf87ff6234643428991b7359b5f59cc15155695deb4eda5c777d2b880f",
"sha256:7df704ca8cf4a073334e0427ae2345323613e4df18cc224f647f251e5e75a527",
"sha256:85f67aed7bb647f93e7520633d8f51d3cbc6ab96957c71272b286b2f30dc70ed",
"sha256:896ebdcf62683551312c30e20614305f53125750803b614e9e6ce74a96232604",
"sha256:92d16a3e275e38293623ebf639c471d3e03bb20b8ebb845237e0d3664914caef",
"sha256:99f60d34c048c5c2fabc766108c103612344c46e35d4ed9ae0673d33c8fb26e8",
"sha256:9fe7b0653ba3d9d65cbe7698cca585bf0f8c83dbbcc710db9c90f478e175f2d5",
"sha256:a3145cb08d8625b2d3fee1b2d596a8766352979c9bffe5d7833e0503d0f0b5e5",
"sha256:aeaf541ddbad8311a87dd695ed9642401131ea39ad7bc8cf3ef3967fd093b626",
"sha256:b55358304d7a73d7bdf5de62494aaf70bd33015831ffd98bc498b433dfe5b10c",
"sha256:b82cc8ace10ab5bd93235dfaab2021c70637005e1ac787031f4d1da63d493c1d",
"sha256:c0868d64af83169e4d4152ec612637a543f7a336e4a307b119e98042e852ad9c",
"sha256:c1c1496e73051918fcd4f58ff2e0f2f3066d1c76a0c6aeffd9b45d53243702cc",
"sha256:c9bf56195c6bbd293340ea82eafd0071cb3d450c703d2c93afb89f93b8386ccc",
"sha256:cbebcd5bcaf1eaf302617c114aa67569dd3f090dd0ce8ba9e35e9985b41ac35b",
"sha256:cd6c8fca38178e12c00418de737aef1261576bd1b6e8c6134d3e729a4e858b38",
"sha256:ceb3b7e6a0135e092de86110c5a74e46bda4bd4fbfeeb3a3bcec79c0f861e450",
"sha256:cf590b134eb70629e350691ecca88eac3e3b8b3c86992042fb82e3cb1830d5e1",
"sha256:d3eb1ceec286eba8220c26f3b0096cf189aea7057b6e7b7a2e60ed36b373b77f",
"sha256:d65f25da8e248202bd47445cec78e0025c0fe7582b23ec69c3b27a640dd7a8e3",
"sha256:d6f6d4f185481c9669b9447bf9d9cf3b95a0e9df9d169bbc17e363b7d5487755",
"sha256:d84a5c3a5f7ce6db1f999fb9438f686bc2e09d38143f2d93d8406ed2dd6b9226",
"sha256:d946b0a9eb8aaa590df1fe082cee553ceab173e6cb5b03239716338629c50c7a",
"sha256:dce1c6912ab9ff5f179eaf6efe7365c1f425ed690b03341911bf4939ef2f3046",
"sha256:de170c7b4fe6859beb8926e84f7d7d6c693dfe8e27372ce3b76f01c46e489fcf",
"sha256:e02021f87a5b6932fa6ce916ca004c4d441509d33bbdbeca70d05dff5e9d2479",
"sha256:e030047e85cbcedbfc073f71836d62dd5dadfbe7531cae27789ff66bc551bd5e",
"sha256:e0e79d91e71b9867c73323a3444724d496c037e578a0e1755ae159ba14f4f3d1",
"sha256:e4428b29611e989719874670fd152b6625500ad6c686d464e99f5aaeeaca175a",
"sha256:e4972624066095e52b569e02b5ca97dbd7a7ddd4294bf4e7247d52635630dd83",
"sha256:e7be68734bd8c9a513f2b0cfd508802d6609da068f40dc57d4e3494cefc92929",
"sha256:e8e94e6912639a02ce173341ff62cc1201232ab86b8a8fcc05572741a5dc7d93",
"sha256:ea1456df2a27c73ce51120fa2f519f1bea2f4a03a917f4a43c8707cf4cbbae1a",
"sha256:ebd8d160f91a764652d3e51ce0d2956b38efe37c9231cd82cfc0bed2e40b581c",
"sha256:eca2e9d0cc5a889850e9bbd68e98314ada174ff6ccd1129500103df7a94a7a44",
"sha256:edd08e6f2f1a390bf137080507e44ccc086353c8e98c657e666c017718561b89",
"sha256:f285e862d2f153a70586579c15c44656f888806ed0e5b56b64489afe4a2dbfba",
"sha256:f2a1dee728b52b33eebff5072817176c172050d44d67befd681609b4746e1c2e",
"sha256:f7e301075edaf50500f0b341543c41194d8df3ae5caf4702f2095f3ca73dd8da",
"sha256:fb616be3538599e797a2017cccca78e354c767165e8858ab5116813146041a24",
"sha256:fce28b3c8a81b6b36dfac9feb1de115bab619b3c13905b419ec71d03a3fc1423",
"sha256:fe5d7785250541f7f5019ab9cba2c71169dc7d74d0f45253f8313f436458a4ef"
],
"markers": "python_version >= '3.7'",
"version": "==6.0.5"
},
"mypy-extensions": {
"hashes": [
"sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d",
"sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782"
],
"markers": "python_version >= '3.5'",
"version": "==1.0.0"
},
"packaging": {
"hashes": [
"sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002",
"sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"
],
"markers": "python_version >= '3.8'",
"version": "==24.1"
},
"pathspec": {
"hashes": [
"sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08",
"sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"
],
"markers": "python_version >= '3.8'",
"version": "==0.12.1"
},
"platformdirs": {
"hashes": [
"sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee",
"sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3"
],
"markers": "python_version >= '3.8'",
"version": "==4.2.2"
},
"pluggy": {
"hashes": [
"sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1",
"sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"
],
"markers": "python_version >= '3.8'",
"version": "==1.5.0"
},
"py": {
"hashes": [
"sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719",
"sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"
],
"markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
"version": "==1.11.0"
},
"pytest": {
"hashes": [
"sha256:4ba08f9ae7dcf84ded419494d229b48d0903ea6407b030eaec46df5e6a73bba5",
"sha256:c132345d12ce551242c87269de812483f5bcc87cdbb4722e48487ba194f9fdce"
],
"index": "pypi",
"markers": "python_version >= '3.8'",
"version": "==8.3.2"
},
"pytest-forked": {
"hashes": [
"sha256:4dafd46a9a600f65d822b8f605133ecf5b3e1941ebb3588e943b4e3eb71a5a3f",
"sha256:810958f66a91afb1a1e2ae83089d8dc1cd2437ac96b12963042fbb9fb4d16af0"
],
"markers": "python_version >= '3.7'",
"version": "==1.6.0"
},
"pytest-testinfra": {
"hashes": [
"sha256:a876f1453a01b58d94d9d936dd50344c2c01ac7880a2b41d15bdf233aed9cf1f",
"sha256:b990dc7d77b49a1bba24818fbff49b6171d8c46d606fb5ca86b937de690d7062"
],
"index": "pypi",
"markers": "python_version >= '3.9'",
"version": "==10.1.1"
},
"pytest-xdist": {
"hashes": [
"sha256:9ed4adfb68a016610848639bb7e02c9352d5d9f03d04809919e2dafc3be4cca7",
"sha256:ead156a4db231eec769737f57668ef58a2084a34b2e55c4a8fa20d861107300d"
],
"index": "pypi",
"markers": "python_version >= '3.8'",
"version": "==3.6.1"
},
"yarl": {
"hashes": [
"sha256:008d3e808d03ef28542372d01057fd09168419cdc8f848efe2804f894ae03e51",
"sha256:03caa9507d3d3c83bca08650678e25364e1843b484f19986a527630ca376ecce",
"sha256:07574b007ee20e5c375a8fe4a0789fad26db905f9813be0f9fef5a68080de559",
"sha256:09efe4615ada057ba2d30df871d2f668af661e971dfeedf0c159927d48bbeff0",
"sha256:0d2454f0aef65ea81037759be5ca9947539667eecebca092733b2eb43c965a81",
"sha256:0e9d124c191d5b881060a9e5060627694c3bdd1fe24c5eecc8d5d7d0eb6faabc",
"sha256:18580f672e44ce1238b82f7fb87d727c4a131f3a9d33a5e0e82b793362bf18b4",
"sha256:1f23e4fe1e8794f74b6027d7cf19dc25f8b63af1483d91d595d4a07eca1fb26c",
"sha256:206a55215e6d05dbc6c98ce598a59e6fbd0c493e2de4ea6cc2f4934d5a18d130",
"sha256:23d32a2594cb5d565d358a92e151315d1b2268bc10f4610d098f96b147370136",
"sha256:26a1dc6285e03f3cc9e839a2da83bcbf31dcb0d004c72d0730e755b33466c30e",
"sha256:29e0f83f37610f173eb7e7b5562dd71467993495e568e708d99e9d1944f561ec",
"sha256:2b134fd795e2322b7684155b7855cc99409d10b2e408056db2b93b51a52accc7",
"sha256:2d47552b6e52c3319fede1b60b3de120fe83bde9b7bddad11a69fb0af7db32f1",
"sha256:357495293086c5b6d34ca9616a43d329317feab7917518bc97a08f9e55648455",
"sha256:35a2b9396879ce32754bd457d31a51ff0a9d426fd9e0e3c33394bf4b9036b099",
"sha256:3777ce5536d17989c91696db1d459574e9a9bd37660ea7ee4d3344579bb6f129",
"sha256:3986b6f41ad22988e53d5778f91855dc0399b043fc8946d4f2e68af22ee9ff10",
"sha256:44d8ffbb9c06e5a7f529f38f53eda23e50d1ed33c6c869e01481d3fafa6b8142",
"sha256:49a180c2e0743d5d6e0b4d1a9e5f633c62eca3f8a86ba5dd3c471060e352ca98",
"sha256:4aa9741085f635934f3a2583e16fcf62ba835719a8b2b28fb2917bb0537c1dfa",
"sha256:4b21516d181cd77ebd06ce160ef8cc2a5e9ad35fb1c5930882baff5ac865eee7",
"sha256:4b3c1ffe10069f655ea2d731808e76e0f452fc6c749bea04781daf18e6039525",
"sha256:4c7d56b293cc071e82532f70adcbd8b61909eec973ae9d2d1f9b233f3d943f2c",
"sha256:4e9035df8d0880b2f1c7f5031f33f69e071dfe72ee9310cfc76f7b605958ceb9",
"sha256:54525ae423d7b7a8ee81ba189f131054defdb122cde31ff17477951464c1691c",
"sha256:549d19c84c55d11687ddbd47eeb348a89df9cb30e1993f1b128f4685cd0ebbf8",
"sha256:54beabb809ffcacbd9d28ac57b0db46e42a6e341a030293fb3185c409e626b8b",
"sha256:566db86717cf8080b99b58b083b773a908ae40f06681e87e589a976faf8246bf",
"sha256:5a2e2433eb9344a163aced6a5f6c9222c0786e5a9e9cac2c89f0b28433f56e23",
"sha256:5aef935237d60a51a62b86249839b51345f47564208c6ee615ed2a40878dccdd",
"sha256:604f31d97fa493083ea21bd9b92c419012531c4e17ea6da0f65cacdcf5d0bd27",
"sha256:63b20738b5aac74e239622d2fe30df4fca4942a86e31bf47a81a0e94c14df94f",
"sha256:686a0c2f85f83463272ddffd4deb5e591c98aac1897d65e92319f729c320eece",
"sha256:6a962e04b8f91f8c4e5917e518d17958e3bdee71fd1d8b88cdce74dd0ebbf434",
"sha256:6ad6d10ed9b67a382b45f29ea028f92d25bc0bc1daf6c5b801b90b5aa70fb9ec",
"sha256:6f5cb257bc2ec58f437da2b37a8cd48f666db96d47b8a3115c29f316313654ff",
"sha256:6fe79f998a4052d79e1c30eeb7d6c1c1056ad33300f682465e1b4e9b5a188b78",
"sha256:7855426dfbddac81896b6e533ebefc0af2f132d4a47340cee6d22cac7190022d",
"sha256:7d5aaac37d19b2904bb9dfe12cdb08c8443e7ba7d2852894ad448d4b8f442863",
"sha256:801e9264d19643548651b9db361ce3287176671fb0117f96b5ac0ee1c3530d53",
"sha256:81eb57278deb6098a5b62e88ad8281b2ba09f2f1147c4767522353eaa6260b31",
"sha256:824d6c50492add5da9374875ce72db7a0733b29c2394890aef23d533106e2b15",
"sha256:8397a3817d7dcdd14bb266283cd1d6fc7264a48c186b986f32e86d86d35fbac5",
"sha256:848cd2a1df56ddbffeb375535fb62c9d1645dde33ca4d51341378b3f5954429b",
"sha256:84fc30f71689d7fc9168b92788abc977dc8cefa806909565fc2951d02f6b7d57",
"sha256:8619d6915b3b0b34420cf9b2bb6d81ef59d984cb0fde7544e9ece32b4b3043c3",
"sha256:8a854227cf581330ffa2c4824d96e52ee621dd571078a252c25e3a3b3d94a1b1",
"sha256:8be9e837ea9113676e5754b43b940b50cce76d9ed7d2461df1af39a8ee674d9f",
"sha256:928cecb0ef9d5a7946eb6ff58417ad2fe9375762382f1bf5c55e61645f2c43ad",
"sha256:957b4774373cf6f709359e5c8c4a0af9f6d7875db657adb0feaf8d6cb3c3964c",
"sha256:992f18e0ea248ee03b5a6e8b3b4738850ae7dbb172cc41c966462801cbf62cf7",
"sha256:9fc5fc1eeb029757349ad26bbc5880557389a03fa6ada41703db5e068881e5f2",
"sha256:a00862fb23195b6b8322f7d781b0dc1d82cb3bcac346d1e38689370cc1cc398b",
"sha256:a3a6ed1d525bfb91b3fc9b690c5a21bb52de28c018530ad85093cc488bee2dd2",
"sha256:a6327976c7c2f4ee6816eff196e25385ccc02cb81427952414a64811037bbc8b",
"sha256:a7409f968456111140c1c95301cadf071bd30a81cbd7ab829169fb9e3d72eae9",
"sha256:a825ec844298c791fd28ed14ed1bffc56a98d15b8c58a20e0e08c1f5f2bea1be",
"sha256:a8c1df72eb746f4136fe9a2e72b0c9dc1da1cbd23b5372f94b5820ff8ae30e0e",
"sha256:a9bd00dc3bc395a662900f33f74feb3e757429e545d831eef5bb280252631984",
"sha256:aa102d6d280a5455ad6a0f9e6d769989638718e938a6a0a2ff3f4a7ff8c62cc4",
"sha256:aaaea1e536f98754a6e5c56091baa1b6ce2f2700cc4a00b0d49eca8dea471074",
"sha256:ad4d7a90a92e528aadf4965d685c17dacff3df282db1121136c382dc0b6014d2",
"sha256:b8477c1ee4bd47c57d49621a062121c3023609f7a13b8a46953eb6c9716ca392",
"sha256:ba6f52cbc7809cd8d74604cce9c14868306ae4aa0282016b641c661f981a6e91",
"sha256:bac8d525a8dbc2a1507ec731d2867025d11ceadcb4dd421423a5d42c56818541",
"sha256:bef596fdaa8f26e3d66af846bbe77057237cb6e8efff8cd7cc8dff9a62278bbf",
"sha256:c0ec0ed476f77db9fb29bca17f0a8fcc7bc97ad4c6c1d8959c507decb22e8572",
"sha256:c38c9ddb6103ceae4e4498f9c08fac9b590c5c71b0370f98714768e22ac6fa66",
"sha256:c7224cab95645c7ab53791022ae77a4509472613e839dab722a72abe5a684575",
"sha256:c74018551e31269d56fab81a728f683667e7c28c04e807ba08f8c9e3bba32f14",
"sha256:ca06675212f94e7a610e85ca36948bb8fc023e458dd6c63ef71abfd482481aa5",
"sha256:d1d2532b340b692880261c15aee4dc94dd22ca5d61b9db9a8a361953d36410b1",
"sha256:d25039a474c4c72a5ad4b52495056f843a7ff07b632c1b92ea9043a3d9950f6e",
"sha256:d5ff2c858f5f6a42c2a8e751100f237c5e869cbde669a724f2062d4c4ef93551",
"sha256:d7d7f7de27b8944f1fee2c26a88b4dabc2409d2fea7a9ed3df79b67277644e17",
"sha256:d7eeb6d22331e2fd42fce928a81c697c9ee2d51400bd1a28803965883e13cead",
"sha256:d8a1c6c0be645c745a081c192e747c5de06e944a0d21245f4cf7c05e457c36e0",
"sha256:d8b889777de69897406c9fb0b76cdf2fd0f31267861ae7501d93003d55f54fbe",
"sha256:d9e09c9d74f4566e905a0b8fa668c58109f7624db96a2171f21747abc7524234",
"sha256:db8e58b9d79200c76956cefd14d5c90af54416ff5353c5bfd7cbe58818e26ef0",
"sha256:ddb2a5c08a4eaaba605340fdee8fc08e406c56617566d9643ad8bf6852778fc7",
"sha256:e0381b4ce23ff92f8170080c97678040fc5b08da85e9e292292aba67fdac6c34",
"sha256:e23a6d84d9d1738dbc6e38167776107e63307dfc8ad108e580548d1f2c587f42",
"sha256:e516dc8baf7b380e6c1c26792610230f37147bb754d6426462ab115a02944385",
"sha256:ea65804b5dc88dacd4a40279af0cdadcfe74b3e5b4c897aa0d81cf86927fee78",
"sha256:ec61d826d80fc293ed46c9dd26995921e3a82146feacd952ef0757236fc137be",
"sha256:ee04010f26d5102399bd17f8df8bc38dc7ccd7701dc77f4a68c5b8d733406958",
"sha256:f3bc6af6e2b8f92eced34ef6a96ffb248e863af20ef4fde9448cc8c9b858b749",
"sha256:f7d6b36dd2e029b6bcb8a13cf19664c7b8e19ab3a58e0fefbb5b8461447ed5ec"
],
"markers": "python_version >= '3.7'",
"version": "==1.9.4"
}
},
"develop": {}
}

7
test/cmd.sh
View File

@@ -1,12 +1,11 @@
#!/usr/bin/env bash
#!/usr/bin/env sh
set -eux
docker build ./src --tag pihole:${GIT_TAG} --no-cache
docker buildx build ./src --build-arg TARGETPLATFORM="${TARGETPLATFORM}" --tag pihole:${GIT_TAG} --no-cache
docker images pihole:${GIT_TAG}
# auto-format the pytest code
python3 -m black ./test/tests/
# TODO: Add junitxml output and have something consume it
# 2 parallel max b/c race condition with docker fixture (I think?)
py.test -vv -n 2 ./test/tests/
COLUMNS=120 py.test -vv -n auto ./test/tests/

5
test/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
pytest == 7.4
pytest-xdist == 3.5.0
pytest-testinfra == 10.0.0
black == 23.12.0
pytest-clarity == 1.0.1

125
test/tests/conftest.py
View File

@@ -35,19 +35,14 @@ def run_and_stream_command_output():
return run_and_stream_command_output_inner
@pytest.fixture()
def args_volumes():
return "-v /dev/null:/etc/pihole/adlists.list"
@pytest.fixture()
def args_env():
return '-e FTLCONF_LOCAL_IPV4="127.0.0.1"'
return '-e TZ="Europe/London" -e FTLCONF_dns_upstreams="8.8.8.8"'
@pytest.fixture()
def args(args_volumes, args_env):
return "{} {}".format(args_volumes, args_env)
def args(args_env):
return "{}".format(args_env)
@pytest.fixture()
@@ -87,33 +82,6 @@ def docker(request, test_args, args, image, cmd, entrypoint):
return docker_generic(request, test_args, args, image, cmd, entrypoint)
@pytest.fixture(scope="module")
def docker_persist(
request,
persist_test_args,
persist_args,
persist_image,
persist_cmd,
persist_entrypoint,
dig,
):
"""
Persistent Docker container for multiple tests, instead of stopping container after one test
Uses DUP'd module scoped fixtures because smaller scoped fixtures won't mix with module scope
"""
persistent_container = docker_generic(
request,
persist_test_args,
persist_args,
persist_image,
persist_cmd,
persist_entrypoint,
)
""" attach a dig container for lookups """
persistent_container.dig = dig(persistent_container.id)
return persistent_container
@pytest.fixture
def entrypoint():
return ""
@@ -129,12 +97,6 @@ def tag(version):
return "{}".format(version)
@pytest.fixture
def webserver(tag):
"""TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests?"""
return "lighttpd"
@pytest.fixture()
def image(tag):
image = "pihole"
@@ -146,64 +108,6 @@ def cmd():
return TAIL_DEV_NULL
@pytest.fixture(scope="module")
def persist_version():
return version
@pytest.fixture(scope="module")
def persist_args_dns():
return "--dns 127.0.0.1 --dns 1.1.1.1"
@pytest.fixture(scope="module")
def persist_args_volumes():
return "-v /dev/null:/etc/pihole/adlists.list"
@pytest.fixture(scope="module")
def persist_args_env():
return '-e ServerIP="127.0.0.1"'
@pytest.fixture(scope="module")
def persist_args(persist_args_volumes, persist_args_env):
return "{} {}".format(persist_args_volumes, persist_args_env)
@pytest.fixture(scope="module")
def persist_test_args():
"""test override fixture to provide arguments separate from our core args"""
return ""
@pytest.fixture(scope="module")
def persist_tag(persist_version):
return "{}".format(persist_version)
@pytest.fixture(scope="module")
def persist_webserver(persist_tag):
"""TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests?"""
return "lighttpd"
@pytest.fixture(scope="module")
def persist_image(persist_tag):
image = "pihole"
return "{}:{}".format(image, persist_tag)
@pytest.fixture(scope="module")
def persist_cmd():
return TAIL_DEV_NULL
@pytest.fixture(scope="module")
def persist_entrypoint():
return ""
@pytest.fixture
def slow():
"""
@@ -225,26 +129,3 @@ def slow():
return
return _slow
@pytest.fixture(scope="module")
def dig():
"""separate container to link to pi-hole and perform lookups"""
""" a docker pull is faster than running an install of dnsutils """
def _dig(docker_id):
args = "--link {}:test_pihole".format(docker_id)
image = "azukiapp/dig"
cmd = TAIL_DEV_NULL
dig_container = docker_generic(request, "", args, image, cmd, "")
return dig_container
return _dig
@pytest.fixture
def running_pihole(docker_persist, slow, persist_webserver):
"""Persist a fully started docker-pi-hole to help speed up subsequent tests"""
slow(lambda: docker_persist.run("pgrep pihole-FTL").rc == 0)
slow(lambda: docker_persist.run("pgrep lighttpd").rc == 0)
return docker_persist

348
test/tests/test_bash_functions.py
View File

@@ -1,335 +1,31 @@
import os
import pytest
import re
SETUPVARS_LOC = "/etc/pihole/setupVars.conf"
DNSMASQ_CONFIG_LOC = "/etc/dnsmasq.d/01-pihole.conf"
CMD_SETUP_FTL_CACHESIZE = ". bash_functions.sh ; setup_FTL_CacheSize"
CMD_SETUP_FTL_INTERFACE = ". bash_functions.sh ; setup_FTL_Interface"
@pytest.mark.parametrize("test_args", ['-e "FTLCONF_webserver_port=999"'])
def test_ftlconf_webserver_port(docker):
func = docker.run("pihole-FTL --config webserver.port")
assert "999" in func.stdout
@pytest.mark.parametrize(
"test_args", ['-e "FTLCONF_dns_upstreams=1.2.3.4;5.6.7.8#1234"']
)
def test_ftlconf_dns_upstreams(docker):
func = docker.run("pihole-FTL --config dns.upstreams")
assert "[ 1.2.3.4, 5.6.7.8#1234 ]" in func.stdout
CMD_SETUP_WEB_PASSWORD = ". bash_functions.sh ; setup_web_password"
def _cat(file):
return "cat {}".format(file)
def _grep(string, file):
return "grep -q '{}' {}".format(string, file)
def test_random_password_assigned_fresh_start(docker):
func = docker.run(CMD_SETUP_WEB_PASSWORD)
assert "assigning random password:" in func.stdout
@pytest.mark.parametrize(
"test_args,expected_ipv6,expected_stdout",
[
("", True, "IPv4 and IPv6"),
('-e "IPv6=True"', True, "IPv4 and IPv6"),
('-e "IPv6=False"', False, "IPv4"),
('-e "IPv6=foobar"', False, "IPv4"),
],
"test_args", ['-e "FTLCONF_webserver_api_password=1234567890"']
)
def test_ipv6_not_true_removes_ipv6(
docker, slow, test_args, expected_ipv6, expected_stdout
):
"""When a user overrides IPv6=True they only get IPv4 listening webservers"""
IPV6_LINE = "use-ipv6.pl"
WEB_CONFIG = "/etc/lighttpd/lighttpd.conf"
function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_ipv4_ipv6")
assert "Using {}".format(expected_stdout) in function.stdout
if expected_stdout == "IPv4":
assert "IPv6" not in function.stdout
# On overlay2(?) docker sometimes writes to disk are slow enough to break some tests...
expected_ipv6_check = (
lambda: (
IPV6_LINE in docker.run("grep 'use-ipv6.pl' {}".format(WEB_CONFIG)).stdout
)
== expected_ipv6
)
slow(expected_ipv6_check)
@pytest.mark.parametrize("test_args", ['-e "WEB_PORT=999"'])
def test_overrides_default_web_port(docker, slow, test_args):
"""When a --net=host user sets WEB_PORT to avoid synology's 80 default IPv4 and or IPv6 ports are updated"""
CONFIG_LINE = r"server.port\s*=\s*999"
WEB_CONFIG = "/etc/lighttpd/lighttpd.conf"
function = docker.run(
". /usr/local/bin/bash_functions.sh ; eval `grep setup_web_port /usr/local/bin/_startup.sh`"
)
assert " [i] Custom WEB_PORT set to 999" in function.stdout
assert (
" [i] Without proper router DNAT forwarding to 127.0.0.1:999, you may not get any blocked websites on ads"
in function.stdout
)
slow(
lambda: re.search(CONFIG_LINE, docker.run(_cat(WEB_CONFIG)).stdout) is not None
)
@pytest.mark.parametrize(
"test_args,expected_error",
[
(
'-e WEB_PORT="LXXX"',
"WARNING: Custom WEB_PORT not used - LXXX is not an integer",
),
(
'-e WEB_PORT="1,000"',
"WARNING: Custom WEB_PORT not used - 1,000 is not an integer",
),
(
'-e WEB_PORT="99999"',
"WARNING: Custom WEB_PORT not used - 99999 is not within valid port range of 1-65535",
),
],
)
def test_bad_input_to_web_port(docker, test_args, expected_error):
function = docker.run(
". /usr/local/bin/bash_functions.sh ; eval `grep setup_web_port /usr/local/bin/_startup.sh`"
)
assert expected_error in function.stdout
@pytest.mark.parametrize(
"test_args,cache_size",
[('-e CUSTOM_CACHE_SIZE="0"', "0"), ('-e CUSTOM_CACHE_SIZE="20000"', "20000")],
)
def test_overrides_default_custom_cache_size(docker, slow, test_args, cache_size):
"""Changes the cache_size setting to increase or decrease the cache size for dnsmasq"""
CONFIG_LINE = r"cache-size\s*=\s*{}".format(cache_size)
function = docker.run(
"echo ${CUSTOM_CACHE_SIZE};. ./usr/local/bin/bash_functions.sh; echo ${CUSTOM_CACHE_SIZE}; eval `grep setup_FTL_CacheSize /usr/local/bin/_startup.sh`"
)
assert "Custom CUSTOM_CACHE_SIZE set to {}".format(cache_size) in function.stdout
slow(
lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout)
is not None
)
@pytest.mark.parametrize(
"test_args",
[
'-e CUSTOM_CACHE_SIZE="-1"',
'-e CUSTOM_CACHE_SIZE="1,000"',
],
)
def test_bad_input_to_custom_cache_size(docker, slow, test_args):
CONFIG_LINE = r"cache-size\s*=\s*10000"
docker.run(CMD_SETUP_FTL_CACHESIZE)
slow(
lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout)
is not None
)
@pytest.mark.parametrize(
"test_args",
[
'-e DNSSEC="true" -e CUSTOM_CACHE_SIZE="0"',
],
)
def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
CONFIG_LINE = r"cache-size\s*=\s*10000"
docker.run(CMD_SETUP_FTL_CACHESIZE)
slow(
lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout)
is not None
)
@pytest.mark.parametrize(
"args_env, expected_stdout, expected_config_line",
[
("", "binding to default interface: eth0", "PIHOLE_INTERFACE=eth0"),
(
'-e INTERFACE="br0"',
"binding to custom interface: br0",
"PIHOLE_INTERFACE=br0",
),
],
)
def test_dns_interface_override_defaults(
docker, slow, args_env, expected_stdout, expected_config_line
):
"""When INTERFACE environment var is passed in, overwrite dnsmasq interface"""
function = docker.run(CMD_SETUP_FTL_INTERFACE)
assert expected_stdout in function.stdout
slow(
lambda: expected_config_line + "\n"
== docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout
)
expected_debian_lines = [
'"VIRTUAL_HOST" => "127.0.0.1"',
'"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log"',
]
@pytest.mark.parametrize(
"expected_lines,repeat_function",
[(expected_debian_lines, 1), (expected_debian_lines, 2)],
)
def test_debian_setup_php_env(docker, expected_lines, repeat_function):
"""confirm all expected output is there and nothing else"""
for _ in range(repeat_function):
docker.run(
". /usr/local/bin/bash_functions.sh ; eval `grep setup_php_env /usr/local/bin/_startup.sh`"
)
for expected_line in expected_lines:
search_config_cmd = (
"grep -c '{}' /etc/lighttpd/conf-enabled/15-pihole-admin.conf".format(
expected_line
)
)
search_config_count = docker.run(search_config_cmd)
found_lines = int(search_config_count.stdout.rstrip("\n"))
if found_lines > 1:
assert (
False
), f"Found line {expected_line} times (more than once): {found_lines}"
def test_webpassword_random_generation(docker):
"""When a user sets webPassword env the admin password gets set to that"""
function = docker.run(CMD_SETUP_WEB_PASSWORD)
assert "assigning random password" in function.stdout.lower()
@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")])
@pytest.mark.parametrize(
"args_env,secure,setupvars_hash",
[
(
"-e WEBPASSWORD=login",
True,
"WEBPASSWORD=6060d59351e8c2f48140f01b2c3f3b61652f396c53a5300ae239ebfbe7d5ff08",
),
('-e WEBPASSWORD=""', False, ""),
],
)
def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(
docker, args_env, secure, setupvars_hash
):
"""When a user sets webPassword env the admin password gets set or removed if empty"""
function = docker.run(CMD_SETUP_WEB_PASSWORD)
if secure:
assert "new password set" in function.stdout.lower()
assert docker.run(_grep(setupvars_hash, SETUPVARS_LOC)).rc == 0
else:
assert "password removed" in function.stdout.lower()
assert docker.run(_grep("^WEBPASSWORD=$", SETUPVARS_LOC)).rc == 0
@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")])
@pytest.mark.parametrize("test_args", ["-e WEBPASSWORD=login", '-e WEBPASSWORD=""'])
def test_env_always_updates_password(docker, args_env, test_args):
"""When a user sets the WEBPASSWORD environment variable, ensure it always sets the password"""
function = docker.run(CMD_SETUP_WEB_PASSWORD)
assert " [i] Assigning password defined by Environment Variable" in function.stdout
@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")])
def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):
"""If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password"""
docker.run(
". /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass".format(
SETUPVARS_LOC
)
)
function = docker.run(CMD_SETUP_WEB_PASSWORD)
assert "Pre existing WEBPASSWORD found" in function.stdout
assert docker.run(_grep("WEBPASSWORD=volumepass", SETUPVARS_LOC)).rc == 0
@pytest.mark.parametrize(
"args_env,test_args,expected_bind,expect_warning",
[
("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "--net=host", "192.0.2.10", True),
("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "", "0.0.0.0", False),
(
"-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10",
"--net=host",
"192.0.2.20",
False,
),
(
"-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10",
"",
"192.0.2.20",
False,
),
],
)
def test_setup_lighttpd_bind(
docker, args_env, test_args, expected_bind, expect_warning
):
"""Lighttpd's bind address is correctly set"""
WEB_CONFIG = "/etc/lighttpd/lighttpd.conf"
WARNING_EXTRACT = "[i] WARNING: running in host network mode forces"
function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_lighttpd_bind")
if expect_warning:
assert WARNING_EXTRACT in function.stdout
else:
assert WARNING_EXTRACT not in function.stdout
config = docker.run(f"cat {WEB_CONFIG} | grep 'server.bind'")
if expected_bind == "0.0.0.0":
assert "server.bind" not in config.stdout
else:
assert f'server.bind = "{expected_bind}"' in config.stdout
@pytest.fixture(autouse=True)
def run_around_test_setup_web_theme(docker):
"""Fixture to execute around test_setup_web_theme"""
docker.run("touch /var/www/html/admin/style/themes/{badtheme,bad.theme.css,goodtheme.css}")
yield
docker.run("rm /var/www/html/admin/style/themes/{badtheme,bad.theme.css,goodtheme.css}")
@pytest.mark.parametrize(
"args_env,test_theme,expected_success",
[
("-e WEBTHEME=asd", "asd", False),
("-e WEBTHEME=default-light", "default-light", True),
#("-e WEBTHEME=", "", False), # the tested function does nothing in this case
("-e WEBTHEME=default-dark", "default-dark", True),
("-e WEBTHEME=efault-dark", "efault-dark", False),
("-e WEBTHEME=efault-dar", "efault-dar", False),
("-e WEBTHEME=default-dar", "default-dar", False),
("-e WEBTHEME=xdefault-dark", "xdefault-dark", False),
("-e WEBTHEME=xdefault-darkx", "xdefault-darkx", False),
("-e WEBTHEME=default-darkx", "default-darkx", False),
("-e WEBTHEME=badtheme", "badtheme", False), # the theme file does not have the right extension
("-e WEBTHEME=badtheme.css", "badtheme.css", False), # hacking attempt ?
("-e WEBTHEME=bad.theme", "bad.theme", False), # invalid name - has dot
("-e WEBTHEME=goodtheme", "goodtheme", True),
("-e WEBTHEME=goodtheme.css", "goodtheme.css", False), # hacking attempt ?
("-e WEBTHEME=+", "+", False),
("-e WEBTHEME=.", ".", False),
],
)
def test_setup_web_theme(
docker, args_env, test_theme, expected_success
):
"""Web theme name validation works"""
DEFAULT_THEME = "default-light"
function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_web_theme")
if expected_success:
assert f' [i] setting web theme based on webtheme variable, using value {test_theme}' in function.stdout.lower()
assert docker.run(_grep(f'^WEBTHEME={test_theme}$', SETUPVARS_LOC)).rc == 0
else:
assert f' [!] invalid theme name supplied: {test_theme}, falling back to {DEFAULT_THEME}.' in function.stdout.lower()
assert docker.run(_grep(f'^WEBTHEME={DEFAULT_THEME}$', SETUPVARS_LOC)).rc == 0
def test_password_set_by_envvar(docker):
func = docker.run(CMD_SETUP_WEB_PASSWORD)
assert "Assigning password defined by Environment Variable" in func.stdout

28
test/tests/test_general.py Normal file
View File

@@ -0,0 +1,28 @@
import pytest
@pytest.mark.parametrize("test_args", ['-e "PIHOLE_UID=456"'])
def test_pihole_uid_env_var(docker):
func = docker.run("id -u pihole")
assert "456" in func.stdout
@pytest.mark.parametrize("test_args", ['-e "PIHOLE_GID=456"'])
def test_pihole_gid_env_var(docker):
func = docker.run("id -g pihole")
assert "456" in func.stdout
# Wait 5 seconds for startup, then kill the start.sh script
# Finally, grep the FTL log to see if it has been shut down cleanly
def test_pihole_ftl_clean_shutdown(docker):
func = docker.run(
"""
sleep 5
killall --signal 15 start.sh
sleep 5
grep 'jmpret\|terminated' /var/log/pihole/FTL.log
"""
)
assert "INFO: Shutting down... // exit code 0 // jmpret 0" in func.stdout
assert "INFO: ########## FTL terminated after" in func.stdout

37
test/tests/test_start.py
View File

@@ -1,37 +0,0 @@
import pytest
import time
""" conftest.py provides the defaults through fixtures """
""" Note, testinfra builtins don't seem fully compatible with
docker containers (esp. musl based OSs) stripped down nature """
# If the test runs /usr/local/bin/_startup.sh, do not let s6 run it too! Kill entrypoint to avoid race condition/duplicated execution
@pytest.mark.parametrize("entrypoint,cmd", [("--entrypoint=tail", "-f /dev/null")])
@pytest.mark.parametrize(
"args,error_msg,expect_rc",
[
(
'-e FTLCONF_LOCAL_IPV4="1.2.3.z"',
"FTLCONF_LOCAL_IPV4 Environment variable (1.2.3.z) doesn't appear to be a valid IPv4 address",
1,
),
(
'-e FTLCONF_LOCAL_IPV4="1.2.3.4" -e FTLCONF_LOCAL_IPV6="1234:1234:1234:ZZZZ"',
"Environment variable (1234:1234:1234:ZZZZ) doesn't appear to be a valid IPv6 address",
1,
),
(
'-e FTLCONF_LOCAL_IPV4="1.2.3.4" -e FTLCONF_LOCAL_IPV6="kernel"',
"ERROR: You passed in IPv6 with a value of 'kernel'",
1,
),
],
)
def test_ftlconf_local_addr_invalid_ips_triggers_exit_error(
docker, error_msg, expect_rc
):
start = docker.run("/usr/local/bin/_startup.sh")
assert start.rc == expect_rc
assert "ERROR" in start.stdout
assert error_msg in start.stdout