2023-03-22 20:48:20 -04:00
#!/usr/bin/env bash
2025-01-01 13:37:29 +01:00
# Copyright (c) 2021-2025 tteck
2023-03-22 20:48:20 -04:00
# Author: tteck (tteckster)
# License: MIT
2024-11-02 08:48:05 +01:00
# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
2023-03-22 20:48:20 -04:00
source /dev/stdin <<< " $FUNCTIONS_FILE_PATH "
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
2025-02-20 12:18:35 +01:00
$STD apt-get install -y \
curl \
sudo \
mc \
ufw
2023-03-22 20:48:20 -04:00
msg_ok "Installed Dependencies"
msg_info "Installing Pi-hole"
2025-02-20 12:18:35 +01:00
mkdir -p /etc/pihole
touch /etc/pihole/pihole.toml
2023-06-18 07:35:55 -04:00
$STD bash <( curl -fsSL https://install.pi-hole.net) --unattended
2025-02-20 12:18:35 +01:00
sed -i -E '
/^\s *upstreams = / s| = .*| = [ "8.8.8.8" , "8.8.4.4" ] |
/^\s *interface = / s| = .*| = "eth0" |
/^\s *queryLogging = / s| = .*| = true|
/^\s *size = / s| = .*| = 10000|
/^\s *active = / s| = .*| = true|
/^\s *listeningMode = / s| = .*| = "LOCAL" |
/^\s *port = / s| = .*| = "80o,443os,[::]:80o,[::]:443os" |
/^\s *pwhash = / s| = .*| = "" |
# DHCP Disable
/^\s *\[ dhcp\] /,/^\s *\[ /{ s/^\s *active = true/ active = false/}
# NTP Disable
/^\s *\[ ntp.ipv4\] /,/^\s *\[ /{ s/^\s *active = true/ active = false/}
/^\s *\[ ntp.ipv6\] /,/^\s *\[ /{ s/^\s *active = true/ active = false/}
/^\s *\[ ntp.sync\] /,/^\s *\[ /{ s/^\s *active = true/ active = false/}
/^\s *\[ ntp.sync\] /,/^\s *\[ /{ s/^\s *interval = [ 0-9] +/ interval = 0/}
/^\s *\[ ntp.sync.rtc\] /,/^\s *\[ /{ s/^\s *set = true/ set = false/}
# set domainNeeded und expandHosts
/^\s *domainNeeded = / s| = .*| = true|
/^\s *expandHosts = / s| = .*| = true|
' /etc/pihole/pihole.toml
cat <<EOF > /etc/dnsmasq.d/01-pihole.conf
server = 8.8.8.8
server = 8.8.4.4
EOF
$STD pihole-FTL --config ntp.sync.interval 0
systemctl restart pihole-FTL.service
2023-03-22 20:48:20 -04:00
msg_ok "Installed Pi-hole"
2024-02-04 21:49:15 +01:00
read -r -p "Would you like to add Unbound? <y/N> " prompt
if [ [ ${ prompt ,, } = ~ ^( y| yes) $ ] ] ; then
2024-11-14 16:00:58 -06:00
read -r -p "Unbound is configured as a recursive DNS server by default, would you like it to be configured as a forwarding DNS server (using DNS-over-TLS (DoT)) instead? <y/N> " prompt
2024-02-04 21:49:15 +01:00
msg_info "Installing Unbound"
$STD apt-get install -y unbound
cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
server:
verbosity: 0
2024-10-28 15:10:48 -04:00
interface: 127.0.0.1
2024-02-04 21:49:15 +01:00
port: 5335
do -ip6: no
do -ip4: yes
do -udp: yes
do -tcp: yes
num-threads: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
use-caps-for-id: no
harden-algo-downgrade: no
qname-minimisation: yes
aggressive-nsec: yes
rrset-roundrobin: yes
cache-min-ttl: 300
cache-max-ttl: 14400
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
serve-expired: yes
serve-expired-ttl: 3600
edns-buffer-size: 1232
prefetch: yes
prefetch-key: yes
target-fetch-policy: "3 2 1 1 1"
unwanted-reply-threshold: 10000000
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
EOF
mkdir -p /etc/dnsmasq.d/
cat <<EOF >/etc/dnsmasq.d/99-edns.conf
edns-packet-max= 1232
EOF
2024-11-14 16:00:58 -06:00
if [ [ ${ prompt ,, } = ~ ^( y| yes) $ ] ] ; then
cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
forward-zone:
name: "."
forward-tls-upstream: yes
forward-first: no
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
EOF
fi
2025-02-20 12:18:35 +01:00
cat <<EOF > /etc/dnsmasq.d/01-pihole.conf
server = 127.0.0.1#5335
server = 8.8.8.8
server = 8.8.4.4
EOF
2024-11-14 16:00:58 -06:00
2025-02-26 09:50:13 +01:00
sed -i -E 's|^(\s*upstreams =).*|\1 ["127.0.0.1#5335", "8.8.4.4"]|' /etc/pihole/pihole.toml
2024-02-04 21:49:15 +01:00
systemctl enable -q --now unbound
systemctl restart pihole-FTL.service
msg_ok "Installed Unbound"
fi
2023-03-22 20:48:20 -04:00
motd_ssh
2023-05-15 07:39:30 -04:00
customize
2023-03-22 20:48:20 -04:00
msg_info "Cleaning up"
2024-05-02 13:26:16 -04:00
$STD apt-get -y autoremove
$STD apt-get -y autoclean
2023-03-22 20:48:20 -04:00
msg_ok "Cleaned"
