Merge branch 'dev' of github.com:pi-hole/docker-pi-hole into beta-v5.0

Dockerfile.py

@@ -17,7 +17,6 @@ Examples:
 """
 
 
-from docopt import docopt
 from jinja2 import Environment, FileSystemLoader
 from docopt import docopt
 import os

Dockerfile.template

@@ -44,6 +44,6 @@ LABEL image="{{ pihole.name }}:{{ pihole.version }}_{{ pihole.arch }}"
 LABEL maintainer="{{ pihole.maintainer }}"
 LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
 
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_amd64

@@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_amd64"
 LABEL maintainer="adam@diginc.us"
 LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
 
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_arm64

@@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_arm64"
 LABEL maintainer="adam@diginc.us"
 LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
 
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_armel

@@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_armel"
 LABEL maintainer="adam@diginc.us"
 LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
 
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

Dockerfile_armhf

@@ -44,6 +44,6 @@ LABEL image="pihole/pihole:release-v5.0_armhf"
 LABEL maintainer="adam@diginc.us"
 LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
 
-HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
 
 SHELL ["/bin/bash", "-c"]

README.md

@@ -75,7 +75,7 @@ A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86
 
 This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh)
 
-If you're using a Red Hat based distrubution with an SELinux Enforcing policy add `:z` to line with volumes like so:
+If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so:
 
 ```
     -v "$(pwd)/etc-pihole/:/etc/pihole/:z" \
@@ -152,6 +152,7 @@ The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubList
 
 This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the `/etc/resolv.conf` symlink to point to `/run/systemd/resolve/resolv.conf`, which is automatically updated to follow the system's [`netplan`](https://netplan.io/):
 `sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'`
+After making these changes, you should restart systemd-resolved using `systemctl restart systemd-resolved`
 
 Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`.
 Example netplan:
@@ -178,7 +179,7 @@ The primary docker tags / versions are explained in the following table.  [Click
 | tag                 | architecture | description                                                             | Dockerfile |
 | ---                 | ------------ | -----------                                                             | ---------- |
 | `latest`            | auto detect  | x86, arm, or arm64 container, docker auto detects your architecture.    | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile_amd64) |
-| `v4.0.0-1`          | auto detect  | Versioned tags, if you want to pin against a specific version, use one of thesse |  |
+| `v4.0.0-1`          | auto detect  | Versioned tags, if you want to pin against a specific version, use one of these |  |
 | `v4.0.0-1_<arch>`   | based on tag | Specific architectures tags | |
 | `dev`       | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
 

bash_functions.sh

@@ -287,6 +287,14 @@ setup_web_port() {
 
 }
 
+load_web_password_secret() {
+   # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
+   # allowing secrets to be passed via docker secrets
+   if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
+     WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
+   fi;
+}
+
 generate_password() {
     if [ -z "${WEBPASSWORD+x}" ] ; then
         # Not set at all, give the user a random pass

circle-deploy.sh

@@ -37,13 +37,15 @@ if [[ "$CIRCLE_PR_NUMBER" == "" ]]; then
         images+=($arch_image)
     done
 
-    docker manifest create $MULTIARCH_IMAGE ${images[*]}
-    for arch in *; do
-        arch_image=$(cat $arch)
-        docker pull $arch_image
-        annotate "$MULTIARCH_IMAGE" "$arch_image" "$arch"
-    done
+    for docker_tag in $MULTIARCH_IMAGE $LATEST_IMAGE; do
+        docker manifest create $docker_tag ${images[*]}
+        for arch in *; do
+            arch_image=$(cat $arch)
+            docker pull $arch_image
+            annotate "$docker_tag" "$arch_image" "$arch"
+        done
 
-    docker manifest inspect "$MULTIARCH_IMAGE"
-    docker manifest push "$MULTIARCH_IMAGE"
+        docker manifest inspect "$docker_tag"
+        docker manifest push --purge "$docker_tag"
+    done;
 fi

circle-vars.sh

@@ -32,6 +32,17 @@ if [[ -n "$DOCKER_TAG" ]]; then
     # latest- sometimes has a trailing slash, remove it
     ARCH_IMAGE="${ARCH_IMAGE/%-/}"
 fi
+
+# To get latest released, cut a release on https://github.com/pi-hole/docker-pi-hole/releases (manually gated for quality control)
+latest_tag=''
+if ! latest_tag=$(curl -sI https://github.com/pi-hole/docker-pi-hole/releases/latest | grep --color=never -i Location | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then
+    print "Failed to retrieve latest docker-pi-hole release metadata"
+else
+    if [[ "$DOCKER_TAG" == "$latest_tag" ]] ; then
+        LATEST_IMAGE="$BASE_IMAGE:latest"
+    fi
+fi
+
 MULTIARCH_IMAGE="$BASE_IMAGE:$DOCKER_TAG"
 
 set +a

docker_run.sh

@@ -12,6 +12,10 @@ docker run -d \
     -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
     --dns=127.0.0.1 --dns=1.1.1.1 \
     --restart=unless-stopped \
+    --hostname pi.hole \
+    -e VIRTUAL_HOST="pi.hole" \
+    -e PROXY_LOCATION="pi.hole" \
+    -e ServerIP="127.0.0.1" \ # should be replaced with your external ip
     pihole/pihole:latest
 
 printf 'Starting up pihole container '

install.sh

@@ -4,7 +4,7 @@ mkdir -p /etc/pihole/
 mkdir -p /var/run/pihole
 # Production tags with valid web footers
 export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
-export WEB_VERSION="$(cat /etc/docker-pi-hole-version)"
+export WEB_VERSION="v4.3.3"
 
 # Only use for pre-production / testing
 export CHECKOUT_BRANCHES=false

start.sh

@@ -42,6 +42,7 @@ docker_checks
 #fi
 
 fix_capabilities
+load_web_password_secret
 generate_password
 validate_env || exit 1
 prepare_configs

test/conftest.py

@@ -24,7 +24,7 @@ def args_volumes():
 
 @pytest.fixture()
 def args_env():
-    return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"'
+    return '-e ServerIP="127.0.0.1"'
 
 @pytest.fixture()
 def args(args_dns, args_volumes, args_env):
@@ -120,7 +120,7 @@ def persist_args_volumes():
 
 @pytest.fixture(scope='module')
 def persist_args_env():
-    return '-e ServerIP="127.0.0.1" -e ServerIPv6="::1"'
+    return '-e ServerIP="127.0.0.1"'
 
 @pytest.fixture(scope='module')
 def persist_args(persist_args_dns, persist_args_volumes, persist_args_env):

test/test_bash_functions.py

@@ -65,7 +65,7 @@ def test_override_default_servers_with_DNS_EnvVars(Docker, Slow, args_env, expec
     function = Docker.run('. /bash_functions.sh ; eval `grep "^setup_dnsmasq " /start.sh`')
     assert expected_stdout in function.stdout
     expected_servers = 'server={}\n'.format(dns1) if dns2 == None else 'server={}\nserver={}\n'.format(dns1, dns2)
-    Slow(lambda: expected_servers == Docker.run('grep "^server=" /etc/dnsmasq.d/01-pihole.conf').stdout)
+    Slow(lambda: expected_servers == Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout)
 
 
 #@pytest.mark.skipif(os.environ.get('CI') == 'true',
@@ -106,7 +106,7 @@ def test_DNS_Envs_are_secondary_to_setupvars(Docker, Slow, args_env, expected_st
     expected_servers = ['server={}'.format(dns1)]
     if dns2:
         expected_servers.append('server={}'.format(dns2))
-    Slow(lambda: Docker.run('grep "^server=" /etc/dnsmasq.d/01-pihole.conf').stdout.strip().split('\n') == \
+    Slow(lambda: Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout.strip().split('\n') == \
          expected_servers)