-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup.sh
More file actions
executable file
·226 lines (186 loc) · 8.82 KB
/
setup.sh
File metadata and controls
executable file
·226 lines (186 loc) · 8.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
#!/bin/bash
#===============================================================================
# Pi-hole Docker Setup Script
# Automatically sets up Pi-hole with monitoring stack on any Linux machine
#===============================================================================
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
print_header() {
echo -e "${BLUE}"
echo "╔═══════════════════════════════════════════════════════════════════╗"
echo "║ Pi-hole Docker Setup ║"
echo "║ DNS Ad-Blocking with Monitoring Stack ║"
echo "╚═══════════════════════════════════════════════════════════════════╝"
echo -e "${NC}"
}
print_step() {
echo -e "${GREEN}[✓]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[!]${NC} $1"
}
print_error() {
echo -e "${RED}[✗]${NC} $1"
}
# Get the directory where this script is located
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
print_header
#===============================================================================
# Step 1: Check Prerequisites
#===============================================================================
echo -e "\n${BLUE}[1/7] Checking prerequisites...${NC}"
# Check if Docker is installed
if ! command -v docker &> /dev/null; then
print_error "Docker is not installed. Please install Docker first."
echo " For Arch Linux: sudo pacman -S docker docker-compose"
echo " Then: sudo systemctl enable --now docker"
exit 1
fi
print_step "Docker is installed"
# Check if Docker is running
if ! docker info &> /dev/null; then
print_error "Docker is not running. Please start Docker."
echo " Run: sudo systemctl start docker"
exit 1
fi
print_step "Docker is running"
# Check if user is in docker group
if ! groups | grep -q docker; then
print_warning "User is not in docker group. You may need to use sudo."
fi
#===============================================================================
# Step 2: Detect Local IP
#===============================================================================
echo -e "\n${BLUE}[2/7] Detecting network configuration...${NC}"
# Get local IP address
LOCAL_IP=$(ip -4 addr show | grep -oP '(?<=inet\s)192\.168\.\d+\.\d+' | head -1)
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP=$(ip -4 addr show | grep -oP '(?<=inet\s)10\.\d+\.\d+\.\d+' | head -1)
fi
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP=$(hostname -I | awk '{print $1}')
fi
if [ -z "$LOCAL_IP" ]; then
print_error "Could not detect local IP address"
read -p "Enter your local IP address: " LOCAL_IP
fi
print_step "Local IP: $LOCAL_IP"
# Get public IP for WireGuard
PUBLIC_IP=$(curl -s --max-time 5 ifconfig.me 2>/dev/null || echo "")
if [ -n "$PUBLIC_IP" ]; then
print_step "Public IP: $PUBLIC_IP"
fi
#===============================================================================
# Step 3: Create Environment File
#===============================================================================
echo -e "\n${BLUE}[3/7] Creating configuration...${NC}"
# Create .env.pihole
cat > .env.pihole << EOF
# Pi-hole v6 Configuration
# Generated by setup.sh on $(date)
TZ=${TZ:-America/New_York}
FTLCONF_webserver_api_password=
FTLCONF_dns_listeningMode=all
EOF
print_step "Created .env.pihole"
#===============================================================================
# Step 4: Generate TLS Certificates
#===============================================================================
echo -e "\n${BLUE}[4/7] Generating TLS certificates...${NC}"
if [ ! -f "certs/tls.pem" ]; then
chmod +x generate-certs.sh
./generate-certs.sh
print_step "Generated TLS certificates"
else
print_step "TLS certificates already exist"
fi
#===============================================================================
# Step 5: Create Docker Network
#===============================================================================
echo -e "\n${BLUE}[5/7] Setting up Docker network...${NC}"
docker network create pihole_network 2>/dev/null || true
print_step "Docker network ready"
#===============================================================================
# Step 6: Start Services
#===============================================================================
echo -e "\n${BLUE}[6/7] Starting Pi-hole stack...${NC}"
docker compose -f compose.monitoring.yaml up -d
# Wait for Pi-hole to be healthy
echo "Waiting for Pi-hole to be healthy..."
for i in {1..60}; do
status=$(docker inspect --format='{{.State.Health.Status}}' pihole 2>/dev/null || echo "starting")
if [ "$status" = "healthy" ]; then
print_step "Pi-hole is healthy"
break
fi
sleep 2
done
#===============================================================================
# Step 7: Update Gravity (Blocklists)
#===============================================================================
echo -e "\n${BLUE}[7/7] Downloading blocklists...${NC}"
# Add additional blocklists if not already present
echo "Adding recommended blocklists..."
# Check if blocklists are already added
LISTS_COUNT=$(docker exec pihole curl -s "http://localhost/api/lists?type=block" 2>/dev/null | python3 -c "import sys,json; print(len(json.load(sys.stdin).get('lists',[])))" 2>/dev/null || echo "0")
if [ "$LISTS_COUNT" -lt "5" ]; then
# Add top blocklists
BLOCKLISTS=(
"https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/pro.txt|Hagezi Pro"
"https://big.oisd.nl/domainswild|OISD Big"
"https://v.firebog.net/hosts/AdguardDNS.txt|AdGuard DNS"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext|Peter Lowe List"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt|WindowsSpyBlocker"
"https://o0.pages.dev/Lite/hosts.txt|1Hosts Lite"
"https://v.firebog.net/hosts/static/w3kbl.txt|Firebog Suspicious"
"https://raw.githubusercontent.com/d3ward/toolz/master/src/d3host.txt|d3Host List"
)
for item in "${BLOCKLISTS[@]}"; do
url="${item%%|*}"
comment="${item##*|}"
docker exec pihole curl -s -X POST "http://localhost/api/lists?type=block" \
-H "Content-Type: application/json" \
-d "{\"address\":\"$url\",\"comment\":\"$comment\"}" > /dev/null 2>&1
done
print_step "Added recommended blocklists"
fi
# Update gravity
echo "Updating gravity database (this may take a few minutes)..."
docker exec pihole pihole -g
# Get final count
GRAVITY_COUNT=$(docker exec pihole curl -s "http://localhost/api/stats/summary" 2>/dev/null | python3 -c "import sys,json; print(json.load(sys.stdin).get('gravity',{}).get('domains_being_blocked',0))" 2>/dev/null || echo "unknown")
print_step "Gravity updated: $GRAVITY_COUNT domains blocked"
#===============================================================================
# Print Summary
#===============================================================================
echo -e "\n${GREEN}"
echo "╔═══════════════════════════════════════════════════════════════════╗"
echo "║ Setup Complete! ║"
echo "╚═══════════════════════════════════════════════════════════════════╝"
echo -e "${NC}"
echo -e "${BLUE}Services:${NC}"
echo " Pi-hole Admin: http://$LOCAL_IP/admin"
echo " Pi-hole HTTPS: https://$LOCAL_IP:8443/admin"
echo " Grafana: http://$LOCAL_IP:3000 (admin/admin123)"
echo " Prometheus: http://$LOCAL_IP:9090"
echo -e "\n${BLUE}DNS Configuration:${NC}"
echo " Set your router/device DNS to: $LOCAL_IP"
echo -e "\n${BLUE}To configure this machine to use Pi-hole:${NC}"
echo " sudo bash -c 'chattr -i /etc/resolv.conf 2>/dev/null; echo \"nameserver $LOCAL_IP\" > /etc/resolv.conf; chattr +i /etc/resolv.conf'"
if [ -n "$PUBLIC_IP" ]; then
echo -e "\n${BLUE}For remote access (WireGuard VPN):${NC}"
echo " Run: sudo bash setup-wireguard.sh"
echo " Your public IP: $PUBLIC_IP"
fi
echo -e "\n${BLUE}Useful commands:${NC}"
echo " View logs: docker compose -f compose.monitoring.yaml logs -f"
echo " Restart: docker compose -f compose.monitoring.yaml restart"
echo " Update gravity: docker exec pihole pihole -g"
echo " Stop all: docker compose -f compose.monitoring.yaml down"
echo ""