make sure that setup_FTL_ProcessDNSSettings is the last thing called, else user set environment variables will be overridden when it sources setupVars.conf
Some additional tweaks
This commit is contained in:
parent
970c45c950
commit
e75e3800a2
|
@ -1,4 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
|
||||
# else it will get overridden itself when we source basic-install.sh
|
||||
[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
|
||||
|
||||
# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
|
||||
[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
|
||||
[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
|
||||
|
||||
# Some of the bash_functions use utilities from Pi-hole's utils.sh
|
||||
# shellcheck disable=SC2154
|
||||
# shellcheck source=/dev/null
|
||||
|
@ -356,28 +365,26 @@ load_web_password_secret() {
|
|||
|
||||
setup_web_password() {
|
||||
if [ -z "${WEBPASSWORD+x}" ] ; then
|
||||
# ENV WEBPASSWORD is not set
|
||||
# ENV WEBPASSWORD_OVERRIDE is not set
|
||||
|
||||
# Exit if setupvars already has a password
|
||||
setup_var_exists "WEBPASSWORD" && return
|
||||
|
||||
# Generate new random password
|
||||
WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
|
||||
echo "Assigning random password: $WEBPASSWORD"
|
||||
else
|
||||
# ENV WEBPASSWORD is set an will be used
|
||||
# ENV WEBPASSWORD_OVERRIDE is set and will be used
|
||||
echo "::: Assigning password defined by Environment Variable"
|
||||
# WEBPASSWORD="$WEBPASSWORD"
|
||||
fi
|
||||
|
||||
PASS="$WEBPASSWORD"
|
||||
|
||||
# Explicitly turn off bash printing when working with secrets
|
||||
{ set +x; } 2>/dev/null
|
||||
|
||||
if [[ "$PASS" == "" ]] ; then
|
||||
if [[ "$WEBPASSWORD" == "" ]] ; then
|
||||
echo "" | pihole -a -p
|
||||
else
|
||||
pihole -a -p "$PASS" "$PASS"
|
||||
pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
|
||||
fi
|
||||
|
||||
# To avoid printing this if conditional in bash debug, turn off debug above..
|
||||
|
|
|
@ -1,14 +1,5 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
|
||||
# else it will get overridden when we source bash_functions.sh
|
||||
# (which then sources basic-install.sh)
|
||||
[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
|
||||
|
||||
# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
|
||||
[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_REPLY_ADDR4" && export "FTLCONF_REPLY_ADDR4"="$ServerIP"
|
||||
[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_REPLY_ADDR6" && export "FTLCONF_REPLY_ADDR6"="$ServerIPv6"
|
||||
|
||||
# The below functions are all contained in bash_functions.sh
|
||||
# shellcheck source=/dev/null
|
||||
. /bash_functions.sh
|
||||
|
@ -30,21 +21,6 @@ echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
|
|||
validate_env || exit 1
|
||||
ensure_basic_configuration
|
||||
|
||||
# FTL setup
|
||||
# ===========================
|
||||
setup_FTL_upstream_DNS
|
||||
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
|
||||
apply_FTL_Configs_From_Env
|
||||
setup_FTL_User
|
||||
setup_FTL_Interface
|
||||
setup_FTL_CacheSize
|
||||
setup_FTL_query_logging
|
||||
setup_FTL_server || true
|
||||
[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
|
||||
[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
|
||||
[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
|
||||
setup_FTL_ProcessDNSSettings
|
||||
|
||||
# Web interface setup
|
||||
# ===========================
|
||||
setup_web_port
|
||||
|
@ -65,6 +41,22 @@ setup_lighttpd_bind
|
|||
setup_admin_email
|
||||
setup_blocklists
|
||||
|
||||
# FTL setup
|
||||
# ===========================
|
||||
setup_FTL_upstream_DNS
|
||||
[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
|
||||
apply_FTL_Configs_From_Env
|
||||
setup_FTL_User
|
||||
setup_FTL_Interface
|
||||
setup_FTL_CacheSize
|
||||
setup_FTL_query_logging
|
||||
setup_FTL_server || true
|
||||
[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
|
||||
[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
|
||||
[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
|
||||
# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
|
||||
setup_FTL_ProcessDNSSettings
|
||||
|
||||
test_configs
|
||||
|
||||
[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
|
||||
|
|
|
@ -13,14 +13,14 @@ RUN apt-get update && \
|
|||
RUN curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
COPY ./Dockerfile.sh /usr/local/bin/
|
||||
COPY ./cmd.sh /usr/local/bin/
|
||||
COPY Pipfile* /root/
|
||||
WORKDIR /root
|
||||
|
||||
RUN pipenv install --system \
|
||||
&& sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.8/site-packages/testinfra/backend/docker.py
|
||||
|
||||
RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
|
||||
RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh
|
||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||
ENTRYPOINT entrypoint.sh
|
||||
CMD Dockerfile.sh
|
||||
CMD cmd.sh
|
||||
|
|
|
@ -5,9 +5,9 @@ import re
|
|||
|
||||
SETUPVARS_LOC='/etc/pihole/setupVars.conf'
|
||||
DNSMASQ_CONFIG_LOC = '/etc/dnsmasq.d/01-pihole.conf'
|
||||
EVAL_SETUP_FTL_CACHESIZE='. ./bash_functions.sh ; eval `grep setup_FTL_CacheSize /start.sh`'
|
||||
EVAL_SETUP_FTL_INTERFACE='. ./bash_functions.sh ; eval `grep setup_FTL_Interface /start.sh`'
|
||||
EVAL_SETUP_WEB_PASSWORD='. ./bash_functions.sh ; eval `grep setup_web_password /start.sh`'
|
||||
CMD_SETUP_FTL_CACHESIZE='. bash_functions.sh ; setup_FTL_CacheSize'
|
||||
CMD_SETUP_FTL_INTERFACE='. bash_functions.sh ; setup_FTL_Interface'
|
||||
CMD_SETUP_WEB_PASSWORD='. bash_functions.sh ; setup_web_password'
|
||||
|
||||
def _cat(file):
|
||||
return 'cat {}'.format(file)
|
||||
|
@ -76,7 +76,7 @@ def test_overrides_default_custom_cache_size(docker, slow, test_args, cache_size
|
|||
def test_bad_input_to_custom_cache_size(docker, slow, test_args):
|
||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||
|
||||
docker.run(EVAL_SETUP_FTL_CACHESIZE)
|
||||
docker.run(CMD_SETUP_FTL_CACHESIZE)
|
||||
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
||||
|
||||
@pytest.mark.parametrize('test_args', [
|
||||
|
@ -85,7 +85,7 @@ def test_bad_input_to_custom_cache_size(docker, slow, test_args):
|
|||
def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
|
||||
CONFIG_LINE = r'cache-size\s*=\s*10000'
|
||||
|
||||
docker.run(EVAL_SETUP_FTL_CACHESIZE)
|
||||
docker.run(CMD_SETUP_FTL_CACHESIZE)
|
||||
slow(lambda: re.search(CONFIG_LINE, docker.run(_cat(DNSMASQ_CONFIG_LOC)).stdout) != None)
|
||||
|
||||
|
||||
|
@ -95,7 +95,7 @@ def test_dnssec_enabled_with_custom_cache_size(docker, slow, test_args):
|
|||
])
|
||||
def test_dns_interface_override_defaults(docker, slow, args_env, expected_stdout, expected_config_line):
|
||||
''' When INTERFACE environment var is passed in, overwrite dnsmasq interface '''
|
||||
function = docker.run(EVAL_SETUP_FTL_INTERFACE)
|
||||
function = docker.run(CMD_SETUP_FTL_INTERFACE)
|
||||
assert expected_stdout in function.stdout
|
||||
slow(lambda: expected_config_line + '\n' == docker.run('grep "^PIHOLE_INTERFACE" {}'.format(SETUPVARS_LOC)).stdout)
|
||||
|
||||
|
@ -125,7 +125,7 @@ def test_debian_setup_php_env(docker, expected_lines, repeat_function):
|
|||
|
||||
def test_webpassword_random_generation(docker):
|
||||
''' When a user sets webPassword env the admin password gets set to that '''
|
||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
||||
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||
assert 'assigning random password' in function.stdout.lower()
|
||||
|
||||
|
||||
|
@ -136,7 +136,7 @@ def test_webpassword_random_generation(docker):
|
|||
])
|
||||
def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, args_env, secure, setupvars_hash):
|
||||
''' When a user sets webPassword env the admin password gets set or removed if empty '''
|
||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
||||
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||
|
||||
if secure:
|
||||
assert 'new password set' in function.stdout.lower()
|
||||
|
@ -150,7 +150,7 @@ def test_webpassword_env_assigns_password_to_file_or_removes_if_empty(docker, ar
|
|||
@pytest.mark.parametrize('test_args', ['-e WEBPASSWORD=login', '-e WEBPASSWORD=""'])
|
||||
def test_env_always_updates_password(docker, args_env, test_args):
|
||||
'''When a user sets the WEBPASSWORD environment variable, ensure it always sets the password'''
|
||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
||||
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||
|
||||
assert '::: Assigning password defined by Environment Variable' in function.stdout
|
||||
|
||||
|
@ -159,7 +159,7 @@ def test_env_always_updates_password(docker, args_env, test_args):
|
|||
def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):
|
||||
'''If a password is already set in setupvars, and no password is set in the environment variable, do not generate a random password'''
|
||||
docker.run('. /opt/pihole/utils.sh ; addOrEditKeyValPair {} WEBPASSWORD volumepass'.format(SETUPVARS_LOC))
|
||||
function = docker.run(EVAL_SETUP_WEB_PASSWORD)
|
||||
function = docker.run(CMD_SETUP_WEB_PASSWORD)
|
||||
|
||||
assert 'Pre existing WEBPASSWORD found' in function.stdout
|
||||
assert docker.run(_grep('WEBPASSWORD=volumepass', SETUPVARS_LOC)).rc == 0
|
||||
|
|
Loading…
Reference in New Issue