From 61c5e5f2f468482ceff71152ac8f4633a1eda9cf Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Fri, 21 Feb 2025 14:28:57 +0100 Subject: [PATCH] feat: bump Pi-hole version --- salt/sys-pihole/README.md | 4 +- .../files/server/lighttpd/50-pihole.conf | 11 -- .../files/server/pihole/setupVars.conf | 18 --- salt/sys-pihole/install.sls | 107 +++++++++++------- 4 files changed, 71 insertions(+), 69 deletions(-) delete mode 100644 salt/sys-pihole/files/server/lighttpd/50-pihole.conf delete mode 100644 salt/sys-pihole/files/server/pihole/setupVars.conf diff --git a/salt/sys-pihole/README.md b/salt/sys-pihole/README.md index 5609e805..39eb60b9 100644 --- a/salt/sys-pihole/README.md +++ b/salt/sys-pihole/README.md @@ -29,7 +29,9 @@ to it. Pi-Hole commits and tags are not signed by individuals, but as they are done through the web interface, they have GitHub Web-Flow signature. This is the best verification we can get for Pi-Hole. If you don't trust the hosting -provider however, don't install this package. +provider however, don't install this package. Besides that, future updates to +Pi-hole modules are not verified as it is done via by the native update +mechanism provided by upstream. * Top: diff --git a/salt/sys-pihole/files/server/lighttpd/50-pihole.conf b/salt/sys-pihole/files/server/lighttpd/50-pihole.conf deleted file mode 100644 index b98cc786..00000000 --- a/salt/sys-pihole/files/server/lighttpd/50-pihole.conf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -$HTTP["remoteip"] !~ "127.0.0.1" { - $HTTP["url"] =~ "^/admin/" { - url.access-deny = ( "" ) - } -} - -# vim: ft=apache diff --git a/salt/sys-pihole/files/server/pihole/setupVars.conf b/salt/sys-pihole/files/server/pihole/setupVars.conf deleted file mode 100644 index b63c6365..00000000 --- a/salt/sys-pihole/files/server/pihole/setupVars.conf +++ /dev/null @@ -1,18 +0,0 @@ -# SPDX-FileCopyrightText: 2022 - 2023 unman -# -# SPDX-License-Identifier: AGPL-3.0-or-later - -PIHOLE_INTERFACE=eth0 -PIHOLE_DNS_1=9.9.9.9 -PIHOLE_DNS_2=149.112.112.112 -QUERY_LOGGING=true -INSTALL_WEB_SERVER=true -INSTALL_WEB_INTERFACE=true -LIGHTTPD_ENABLED=true -CACHE_SIZE=10000 -DNS_FQDN_REQUIRED=true -DNS_BOGUS_PRIV=true -DNSMASQ_LISTENING=local -WEBPASSWORD= -BLOCKING_ENABLED=true -WEBTHEME=default-dark diff --git a/salt/sys-pihole/install.sls b/salt/sys-pihole/install.sls index 20e7418d..7a739be7 100644 --- a/salt/sys-pihole/install.sls +++ b/salt/sys-pihole/install.sls @@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if grains['nodename'] != 'dom0' %} -{% set pihole_tag = 'v5.18.4' -%} +{% set pihole_tag = 'v6.0.4' -%} include: - utils.tools.common.update @@ -28,53 +28,19 @@ include: - qubes-core-agent-dom0-updates - qubes-core-agent-networking - systemd-timesyncd - - ca-certificates - - curl - - dnsutils - git - idn2 - - lighttpd - - netcat-openbsd - - php-cgi - - php-common - - php-intl - - php-json - - php-sqlite3 - - php-xml - - unzip - - bash-completion - man-db + ## Other dependencies brought by local package pihole-meta. -"{{ slsdotpath }}-disable-external-admin-interface": - file.managed: - - name: /etc/lighttpd/conf-available/50-pihole.conf - - source: salt://{{ slsdotpath }}/files/server/lighttpd/50-pihole.conf - - mode: '0644' - - user: root - - group: root - - makedirs: True - -"{{ slsdotpath }}-disable-external-admin-interface-symlink": - file.symlink: - - require: - - file: "{{ slsdotpath }}-disable-external-admin-interface" - - name: /etc/lighttpd/conf-enabled/50-pihole.conf - - target: /etc/lighttpd/conf-available/50-pihole.conf - - force: True +"{{ slsdotpath }}-disable-lighttpd": + service.disabled: + - name: lighttpd "{{ slsdotpath }}-disable-systemd-resolved": service.disabled: - name: systemd-resolved -"{{ slsdotpath }}-setupVars.conf": - file.managed: - - name: /etc/pihole/setupVars.conf - - source: salt://{{ slsdotpath }}/files/server/pihole/setupVars.conf - - mode: '0644' - - user: root - - group: root - - makedirs: True - "{{ slsdotpath }}-git-clone": git.latest: - name: https://github.com/pi-hole/pi-hole.git @@ -146,6 +112,69 @@ include: - cwd: '/root/pi-hole/automated install' - runas: root +"{{ slsdotpath }}-set-empty-api-password": + cmd.run: + - name: printf '' | pihole setpassword + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-set-upstream-dns-servers": + cmd.run: + - name: pihole-FTL --config dns.upstreams '[ "9.9.9.9", "149.112.112.112" ]' + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-set-domain-needed-fqdn": + cmd.run: + - name: pihole-FTL --config dns.domainNeeded true + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-set-dark-theme": + cmd.run: + - name: pihole-FTL --config webserver.interface.theme default-dark + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-restrict-webserver-acl-to-localhost": + cmd.run: + - name: pihole-FTL --config webserver.acl "+127.0.0.1,+[::1]" + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-disable-ntp-sync": + cmd.run: + - name: pihole-FTL --config ntp.sync.active false + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-disable-ntp-ipv4": + cmd.run: + - name: pihole-FTL --config ntp.ipv4.active false + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-disable-ntp-ipv6": + cmd.run: + - name: pihole-FTL --config ntp.ipv6.active false + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + +"{{ slsdotpath }}-enable-loading-dnsmasq.d": + cmd.run: + - name: pihole-FTL --config misc.etc_dnsmasq_d true + - require: + - cmd: "{{ slsdotpath }}-setup" + - runas: root + "{{ slsdotpath }}-firewall": file.managed: - name: /rw/config/qubes-firewall.d/50-sys-pihole