From abf58f17ef37d9fb23deb010649710d87b59de49 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Wed, 6 Oct 2021 08:19:21 +0200 Subject: [PATCH 1/9] Add PIHOLE_PTR=HOSTNAMEFQDN documentation Signed-off-by: DL6ER --- docs/ftldns/configfile.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/ftldns/configfile.md b/docs/ftldns/configfile.md index 565a419..4e17231 100644 --- a/docs/ftldns/configfile.md +++ b/docs/ftldns/configfile.md @@ -142,6 +142,7 @@ Controls whether and how FTL will reply with for address for which a local inter - `PI.HOLE` (the default) respond with `pi.hole` - `HOSTNAME` serve the machine's global hostname +- `HOSTNAMEFQDN` serve the machine's global hostname as fully qualified domain by adding the local suffix. If no local suffix has been defined, FTL appends `.fqdn` - `NONE` Pi-hole will **not** respond automatically on PTR requests to local interface addresses. Ensure `pi.hole` and/or hostname records exist elsewhere. #### `DELAY_STARTUP=0` (PR [#716](https://github.com/pi-hole/FTL/pull/716)) {#delay_startup data-toc-label='Delay resolver startup'} From cc5c1990e777481c67e62b0b24d38165c577c0bf Mon Sep 17 00:00:00 2001 From: DL6ER Date: Fri, 8 Oct 2021 09:13:37 +0200 Subject: [PATCH 2/9] Add note about why users see .no_fqdn_available when no local suffix is defined. Signed-off-by: DL6ER --- docs/ftldns/configfile.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/ftldns/configfile.md b/docs/ftldns/configfile.md index 4e17231..bf1df56 100644 --- a/docs/ftldns/configfile.md +++ b/docs/ftldns/configfile.md @@ -142,9 +142,11 @@ Controls whether and how FTL will reply with for address for which a local inter - `PI.HOLE` (the default) respond with `pi.hole` - `HOSTNAME` serve the machine's global hostname -- `HOSTNAMEFQDN` serve the machine's global hostname as fully qualified domain by adding the local suffix. If no local suffix has been defined, FTL appends `.fqdn` +- `HOSTNAMEFQDN` serve the machine's global hostname as fully qualified domain by adding the local suffix. See note below. - `NONE` Pi-hole will **not** respond automatically on PTR requests to local interface addresses. Ensure `pi.hole` and/or hostname records exist elsewhere. +Note about `HOSTNAMEFQDN`: If no local suffix has been defined, FTL appends the local domain `.no_fqdn_available`. In this case you should either add `domain=whatever.com` (to set `whatever.com` as local domain) or use `domain=#` which will try to derive the local domain from `/etc/resolv.conf` (or whatever is set with `resolv-file`, when multiple `search` directives exist, the first one is used). + #### `DELAY_STARTUP=0` (PR [#716](https://github.com/pi-hole/FTL/pull/716)) {#delay_startup data-toc-label='Delay resolver startup'} In certain configurations, you may want FTL to wait a given amount of time before trying to start the DNS revolver. This is typically found when network interfaces appear only late during system startup and the interface startup priorities are configured incorrectly. This setting takes any integer value between 0 and 300 seconds. From 5245b6b47df650b50d18509dc079cceec679e7a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 23 Oct 2021 18:53:13 +0000 Subject: [PATCH 3/9] Bump markdownlint-cli2 from 0.3.0 to 0.3.2 Bumps [markdownlint-cli2](https://github.com/DavidAnson/markdownlint-cli2) from 0.3.0 to 0.3.2. - [Release notes](https://github.com/DavidAnson/markdownlint-cli2/releases) - [Commits](https://github.com/DavidAnson/markdownlint-cli2/compare/v0.3.0...v0.3.2) --- updated-dependencies: - dependency-name: markdownlint-cli2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 24 ++++++++++++------------ package.json | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index d01b2d0..cd15ec1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -568,9 +568,9 @@ } }, "fastq": { - "version": "1.12.0", - "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.12.0.tgz", - "integrity": "sha512-VNX0QkHK3RsXVKr9KrlUv/FoTa0NdbYoHHl7uXHv2rzyHSlxjdNAKug2twd9luJxpcyNeAgf5iPPMutJO67Dfg==", + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.13.0.tgz", + "integrity": "sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw==", "dev": true, "requires": { "reusify": "^1.0.4" @@ -847,9 +847,9 @@ "dev": true }, "is-glob": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz", - "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", "dev": true, "requires": { "is-extglob": "^2.1.1" @@ -968,9 +968,9 @@ "dev": true }, "linkify-it": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.2.tgz", - "integrity": "sha512-gDBO4aHNZS6coiZCKVhSNh43F9ioIL4JwRjLZPkoLIY4yZFwg264Y5lu2x6rb1Js42Gh6Yqm2f6L2AJcnkzinQ==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", + "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", "dev": true, "requires": { "uc.micro": "^1.0.1" @@ -1073,9 +1073,9 @@ } }, "markdownlint-cli2": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/markdownlint-cli2/-/markdownlint-cli2-0.3.0.tgz", - "integrity": "sha512-0nmB8MMqxwTolfkOaGW9RLqkBVG6DW6oBTyDKd3SP+7e8FPhihg6KBqpz1puj37C2Wd3POS98xiE1GljEVNyHw==", + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/markdownlint-cli2/-/markdownlint-cli2-0.3.2.tgz", + "integrity": "sha512-Wj4iQy2J49m9CVkWkLTdFxMTPDqD3AyL3NbLQgz/nUnTu8LnDguFCbQtFhdzQPvncHVjrKT2vYqg7DifzVP4tA==", "dev": true, "requires": { "globby": "~11.0.4", diff --git a/package.json b/package.json index f9e69c0..988f646 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,6 @@ }, "devDependencies": { "linkinator": "^2.14.4", - "markdownlint-cli2": "0.3.0" + "markdownlint-cli2": "0.3.2" } } From 8899989d72bb8694dcd0199249f44b1b49525b1d Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 26 Oct 2021 17:07:47 +0200 Subject: [PATCH 4/9] Clarify where to add the domain= setting Signed-off-by: DL6ER --- docs/ftldns/configfile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ftldns/configfile.md b/docs/ftldns/configfile.md index bf1df56..9831ed6 100644 --- a/docs/ftldns/configfile.md +++ b/docs/ftldns/configfile.md @@ -145,7 +145,7 @@ Controls whether and how FTL will reply with for address for which a local inter - `HOSTNAMEFQDN` serve the machine's global hostname as fully qualified domain by adding the local suffix. See note below. - `NONE` Pi-hole will **not** respond automatically on PTR requests to local interface addresses. Ensure `pi.hole` and/or hostname records exist elsewhere. -Note about `HOSTNAMEFQDN`: If no local suffix has been defined, FTL appends the local domain `.no_fqdn_available`. In this case you should either add `domain=whatever.com` (to set `whatever.com` as local domain) or use `domain=#` which will try to derive the local domain from `/etc/resolv.conf` (or whatever is set with `resolv-file`, when multiple `search` directives exist, the first one is used). +Note about `HOSTNAMEFQDN`: If no local suffix has been defined, FTL appends the local domain `.no_fqdn_available`. In this case you should either add `domain=whatever.com` to a custom config file inside `/etc/dnsmasq.d/` (to set `whatever.com` as local domain) or use `domain=#` which will try to derive the local domain from `/etc/resolv.conf` (or whatever is set with `resolv-file`, when multiple `search` directives exist, the first one is used). #### `DELAY_STARTUP=0` (PR [#716](https://github.com/pi-hole/FTL/pull/716)) {#delay_startup data-toc-label='Delay resolver startup'} From 4e6e19aa00b398da1e969a386d99984c34c828af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Oct 2021 10:05:30 +0000 Subject: [PATCH 5/9] Bump mkdocs-material from 7.3.4 to 7.3.5 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 7.3.4 to 7.3.5. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/7.3.4...7.3.5) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8d2f756..80498ed 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ markdown-include==0.6.0 mkdocs==1.2.3 mkdocs-git-revision-date-localized-plugin==0.10.0 -mkdocs-material==7.3.4 +mkdocs-material==7.3.5 mkdocs-redirects==1.0.3 From 40d09937c0772ad23032b13474422c2a0576fcd1 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 31 Oct 2021 10:00:28 +0100 Subject: [PATCH 6/9] Enable instant loading Signed-off-by: DL6ER --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index 28960a3..43c9b2e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -17,6 +17,7 @@ theme: code: 'Roboto Mono' features: - navigation.top + - navigation.instant - search.suggest - search.highlight - search.share From 92ab23c5648ba81296410d8151a7cf63003af28a Mon Sep 17 00:00:00 2001 From: Alexander Lieret Date: Tue, 2 Nov 2021 11:03:31 +0100 Subject: [PATCH 7/9] Fix wireguard guide Removed the server config line "SaveConfig = true". This one does only appear in the add client section. --- docs/guides/vpn/wireguard/client.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/guides/vpn/wireguard/client.md b/docs/guides/vpn/wireguard/client.md index 86a6a06..4864426 100644 --- a/docs/guides/vpn/wireguard/client.md +++ b/docs/guides/vpn/wireguard/client.md @@ -84,7 +84,6 @@ After a restart, the server file should look like: [Interface] Address = 10.100.0.1/24, fd08::1/128 ListenPort = 47111 -SaveConfig = true PrivateKey = XYZ123456ABC= # PrivateKey will be different [Peer] From cc4887be9ce4b1b0474bf8414a3c700666fca420 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 7 Nov 2021 12:07:38 +0100 Subject: [PATCH 8/9] Add script for automated Wireguard client generation Signed-off-by: DL6ER --- docs/guides/vpn/wireguard/client.md | 69 ++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 21 deletions(-) diff --git a/docs/guides/vpn/wireguard/client.md b/docs/guides/vpn/wireguard/client.md index 4864426..e4af0d0 100644 --- a/docs/guides/vpn/wireguard/client.md +++ b/docs/guides/vpn/wireguard/client.md @@ -5,35 +5,62 @@ Adding clients is really simple and easy. The process for setting up a client is For each new client, the following steps must be taken. For the sake of simplicity, we will create the config file on the server itself. This, however, means that you need to transfer the config file *securely* to your server as it contains the private key of your client. An alternative way of doing this is to generate the configuration locally on your client and add the necessary lines to your server's configuration. -??? info "All commands described below at once" +??? info "Script to generate clients automatically" + Script content: + + ```bash + #!/bin/bash + ipv4="$1$4" + ipv6="$2$4" + target="$3" + name="$5" + + wg genkey | tee "${name}.key" | wg pubkey > "${name}.pub" + wg genpsk > "${name}.psk" + + echo "# $name" >> /etc/wireguard/wg0.conf + echo "[Peer]" >> /etc/wireguard/wg0.conf + echo "PublicKey = $(cat "${name}.pub")" >> /etc/wireguard/wg0.conf + echo "PresharedKey = $(cat "${name}.psk")" >> /etc/wireguard/wg0.conf + echo "AllowedIPs = $ipv4/32, $ipv6/128" >> /etc/wireguard/wg0.conf + echo "" >> /etc/wireguard/wg0.conf + + echo "[Interface]" > "${name}.conf" + echo "Address = $ipv4/32, $ipv6/128" >> "${name}.conf" + echo "PrivateKey = $(cat "${name}.key")" >> "${name}.conf" + echo "" >> "${name}.conf" + echo "[Peer]" >> "${name}.conf" + echo "PublicKey = $(cat server.pub)" >> "${name}.conf" + echo "PresharedKey = $(cat "${name}.psk")" >> "${name}.conf" + echo "Endpoint = $target" >> "${name}.conf" + echo "AllowedIPs = ${1}0/24, ${3}/64" >> "${name}.conf" + echo "PersistentKeepalive = 25" >> "${name}.conf" + + # Print QR code scanable by the Wireguard mobile app on screen + qrencode -t ansiutf8 < "${name}.conf" + + systemctl restart wg-quick@wg0 + ``` + + Run the script like + ```bash sudo -i cd /etc/wireguard umask 077 - name="client_name" - - wg genkey | tee "${name}.key" | wg pubkey > "${name}.pub" - wg genpsk > "${name}.psk" - - echo "[Peer]" >> /etc/wireguard/wg0.conf - echo "PublicKey = $(cat "${name}.pub")" >> /etc/wireguard/wg0.conf - echo "PresharedKey = $(cat "${name}.psk")" >> /etc/wireguard/wg0.conf - echo "AllowedIPs = 10.100.0.2/32, fd08:4711::2/128" >> /etc/wireguard/wg0.conf - - systemctl restart wg-quick@wg0 - - echo "[Interface]" > "${name}.conf" - echo "Address = 10.100.0.2/32, fd08:4711::2/128" >> "${name}.conf" # May need editing - echo "DNS = 10.100.0.1" >> "${name}.conf" # Your Pi-hole's IP - echo "PrivateKey = $(cat "${name}.key")" >> "${name}.conf" - echo "PublicKey = $(cat server.pub)" >> "${name}.conf" - echo "PresharedKey = $(cat "${name}.psk")" >> "${name}.conf" - - qrencode -t ansiutf8 -r "${name}.conf" + bash "10.100.0." "fd08:4711::" "my_server_domain:47111" 2 "annas-android" + bash "10.100.0." "fd08:4711::" "my_server_domain:47111" 3 "peters-laptop" exit ``` + + to generate two clients: + + - `annas-android` with addresses `10.100.0.2` and `fd08:4711::2` + - `peters-laptop` with addresses `10.100.0.3` and `fd08:4711::3` + + connecting to the server running at `my_server_domain:47111` ## Key generation From aca6b164e67f9fa7318ab1d640a1332efb179fd6 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sat, 13 Nov 2021 11:51:11 +0100 Subject: [PATCH 9/9] Default should be that clients cannot see each other Signed-off-by: DL6ER --- docs/guides/vpn/wireguard/client.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/guides/vpn/wireguard/client.md b/docs/guides/vpn/wireguard/client.md index e4af0d0..ac040e8 100644 --- a/docs/guides/vpn/wireguard/client.md +++ b/docs/guides/vpn/wireguard/client.md @@ -12,6 +12,8 @@ For each new client, the following steps must be taken. For the sake of simplici #!/bin/bash ipv4="$1$4" ipv6="$2$4" + serv4="${1}1" + serv6="${2}1" target="$3" name="$5" @@ -33,7 +35,8 @@ For each new client, the following steps must be taken. For the sake of simplici echo "PublicKey = $(cat server.pub)" >> "${name}.conf" echo "PresharedKey = $(cat "${name}.psk")" >> "${name}.conf" echo "Endpoint = $target" >> "${name}.conf" - echo "AllowedIPs = ${1}0/24, ${3}/64" >> "${name}.conf" + echo "AllowedIPs = ${serv4}/32, ${serv6}/128" >> "${name}.conf" # clients isolated from one another + # echo "AllowedIPs = ${1}0/24, ${2}/64" >> "${name}.conf" # clients can see each other echo "PersistentKeepalive = 25" >> "${name}.conf" # Print QR code scanable by the Wireguard mobile app on screen @@ -160,7 +163,7 @@ Next, add your server as peer for this client: ```plain [Peer] -AllowedIPs = 10.100.0.0/24, fd08::/64 +AllowedIPs = 10.100.0.1/32, fd08::1/128 Endpoint = [your public IP or domain]:47111 PersistentKeepalive = 25 ```