diff --git a/README.md b/README.md index e29f63c..48a1d5f 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ AdGuard Home is a network-wide software for blocking ads & tracking. After you s It operates as a DNS server that re-routes tracking domains to a "black hole", thus preventing your devices from connecting to those servers. It's based on software we use for our public AdGuard DNS servers -- both share a lot of common code. -**Shipped version:** 0.107.8~ynh1 +**Shipped version:** 0.107.8~ynh2 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 99dc7dc..bd89f42 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ AdGuard Home est un logiciel à l'échelle du réseau pour bloquer les publicit Il fonctionne comme un serveur DNS qui redirige les domaines de pistage vers un "trou noir", empêchant ainsi vos appareils de se connecter à ces serveurs. Il est basé sur un logiciel que nous utilisons pour nos serveurs DNS publics AdGuard - les deux partagent beaucoup de code commun. -**Version incluse :** 0.107.8~ynh1 +**Version incluse :** 0.107.8~ynh2 ## Captures d'écran diff --git a/check_process b/check_process index f04e942..75a77b0 100644 --- a/check_process +++ b/check_process @@ -14,6 +14,8 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=c57900238fe703377b39d2dc54027e4b5303e9e6 + # 0.107.8~ynh1 + upgrade=1 from_commit=66d2a70352aa1337f0f7fcef20a91efaf557b0ec backup_restore=1 multi_instance=0 change_url=1 diff --git a/conf/nginx.conf b/conf/nginx.conf index 3a3bff2..6ee6940 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,4 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { proxy_pass http://127.0.0.1:__PORT__/; diff --git a/doc/.DS_Store b/doc/.DS_Store deleted file mode 100644 index c90376b..0000000 Binary files a/doc/.DS_Store and /dev/null differ diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..e69de29 diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..e69de29 diff --git a/manifest.json b/manifest.json index 2cc51ca..30bb6fb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Network-wide ads & trackers blocking DNS server", "fr": "Serveur DNS, bloqueur de publicités et trackers" }, - "version": "0.107.8~ynh1", + "version": "0.107.8~ynh2", "url": "https://adguard.com/adguard-home.html", "upstream": { "license": "GPL-3.0", @@ -17,8 +17,8 @@ }, "license": "GPL-3.0", "maintainer": { - "name": "liberodark", - "email": "liberodark@gmail.com" + "name": "", + "email": "" }, "requirements": { "yunohost": ">= 4.3.0" diff --git a/scripts/backup b/scripts/backup index 049e406..27063e5 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -41,7 +40,6 @@ ynh_print_info --message="Declaring files to be backed up..." #================================================= ynh_backup --src_path="$final_path" -ynh_backup --src_path="/etc/dnsmasq.d/$app" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -55,6 +53,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/dnsmasq.d/$app" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index f3bed7d..e489cf4 100644 --- a/scripts/install +++ b/scripts/install @@ -13,6 +13,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -20,13 +23,11 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN password=$YNH_APP_ARG_PASSWORD dns_over_https=$YNH_APP_ARG_DNS_OVER_HTTPS -architecture=$YNH_ARCH app=$YNH_APP_INSTANCE_NAME @@ -58,6 +59,8 @@ else fi ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https +#================================================= +# STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= @@ -79,22 +82,15 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $adguard_port #================================================= ynh_script_progression --message="Installing dependencies..." --weight=1 -# Define and install dependencies ynh_install_app_dependencies $pkg_dependencies -#================================================= -# CRYPT PASSWORD -#================================================= -password=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b\"$password\", bcrypt.gensalt(rounds=10)).decode())") -ynh_app_setting_set --app=$app --key=password --value=$password - #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create --username=$app --home_dir=$final_path +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -103,11 +99,11 @@ ynh_script_progression --message="Setting up source files..." --weight=4 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir=$final_path --source_id="$architecture" +ynh_setup_source --dest_dir=$final_path --source_id="$YNH_ARCH" chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chown -R $app:$app "$final_path" setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome @@ -120,9 +116,11 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=3 ynh_add_nginx_config #================================================= -# MODIFY A CONFIG FILE +# SPECIFIC SETUP #================================================= -ynh_script_progression --message="Modifying a config file..." --weight=1 +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 # echo the ip route command to prevent a crash if the server doesn't have any ipv4/6 ipv4_interface=$(echo "$(ip -4 route get 1.2.3.4 2> /dev/null)" | head -n1 | grep -oP '(?<=dev )\w+' || true) @@ -171,11 +169,14 @@ for i in $(seq "$(echo $ipv6_route_output | wc -w)" -1 1); do fi done +password=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b\"$password\", bcrypt.gensalt(rounds=10)).decode())") +ynh_app_setting_set --app=$app --key=password --value=$password + # Main config File ynh_add_config --template="../conf/AdGuardHome.yaml" --destination="$final_path/AdGuardHome.yaml" chmod 600 "$final_path/AdGuardHome.yaml" -chown -R $app: "$final_path/AdGuardHome.yaml" +chown -R $app:$app "$final_path/AdGuardHome.yaml" #================================================= # SETUP SYSTEMD @@ -192,14 +193,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Ads & trackers blocking DNS server" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +yunohost service add $app --description="Ads & trackers blocking DNS server" --needs_exposed_ports $adguard_port #================================================= # START SYSTEMD SERVICE @@ -209,6 +203,13 @@ ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service ynh_systemd_action --service_name=$app --action="restart" --log_path=systemd +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." + +ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index 873c0b8..55b8349 100644 --- a/scripts/remove +++ b/scripts/remove @@ -42,14 +42,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -66,6 +58,14 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index 15ea74b..065e38d 100644 --- a/scripts/restore +++ b/scripts/restore @@ -14,6 +14,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -27,23 +30,18 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -62,7 +60,7 @@ ynh_restore_file --origin_path="$final_path" # this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chown -R $app:$app "$final_path" setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome @@ -80,6 +78,13 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=1 # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # RESTORE SYSTEMD #================================================= @@ -93,7 +98,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Ads & trackers blocking DNS server" +yunohost service add $app --description="Ads & trackers blocking DNS server" --needs_exposed_ports $adguard_port #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index 1e1e15d..105361e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,35 +24,14 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port) dns_over_https=$(ynh_app_setting_get --app=$app --key=dns_over_https) -architecture=$YNH_ARCH #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -# The dns port should be 53 -if [ "$adguard_port" -ne "53" ]; then - adguard_port=53 - ynh_app_setting_set --app=$app --key=adguard_port --value=$adguard_port -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" -fi - -if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ]; -then - dns_over_https="true" - ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https -elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ]; -then - dns_over_https="false" - ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -61,8 +40,9 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup + ynh_clean_check_starting + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -86,9 +66,30 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Cleaning legacy permissions if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all + ynh_legacy_permissions_delete_all - ynh_app_setting_delete --app=$app --key=is_public + ynh_app_setting_delete --app=$app --key=is_public +fi + +# The dns port should be 53 +if [ "$adguard_port" -ne "53" ]; then + adguard_port=53 + ynh_app_setting_set --app=$app --key=adguard_port --value=$adguard_port +fi + +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi + +if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ]; +then + dns_over_https="true" + ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https +elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ]; +then + dns_over_https="false" + ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https fi #================================================= @@ -105,18 +106,25 @@ ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=1 - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir=$final_path --source_id="$architecture" + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir=$final_path --source_id="$YNH_ARCH" fi chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chown -R $app:$app "$final_path" setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # NGINX CONFIGURATION #================================================= @@ -126,12 +134,7 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_install_app_dependencies $pkg_dependencies - +# SPECIFIC UPGRADE #================================================= # UPDATE A CONFIG FILE #================================================= @@ -141,20 +144,20 @@ ipv4_interface=$(echo "$(ip -4 route get 1.2.3.4 2> /dev/null)" | head -n1 | gre ipv6_interface=$(echo "$(ip -6 route get ::1.2.3.4 2> /dev/null)" | head -n1 | grep -oP '(?<=dev )\w+' || true) if [ -z "$ipv4_interface" ] && [ -z "$ipv6_interface" ]; then - ynh_die --message="Impossible to find the main network interface, please report this issue." + ynh_die --message="Impossible to find the main network interface, please report this issue." elif [ "$ipv4_interface" != "$ipv6_interface" ]; then - if [ -z "$ipv4_interface" ]; then - echo "bind-interfaces + if [ -z "$ipv4_interface" ]; then + echo "bind-interfaces except-interface=$ipv6_interface" > "/etc/dnsmasq.d/$app" - elif [ -z "$ipv6_interface" ]; then - echo "bind-interfaces + elif [ -z "$ipv6_interface" ]; then + echo "bind-interfaces except-interface=$ipv4_interface" > "/etc/dnsmasq.d/$app" - else - echo "bind-interfaces + else + echo "bind-interfaces except-interface=$ipv4_interface, $ipv6_interface" > "/etc/dnsmasq.d/$app" - fi + fi else - echo "bind-interfaces + echo "bind-interfaces except-interface=$ipv4_interface" > "/etc/dnsmasq.d/$app" fi @@ -167,48 +170,48 @@ ipv6_route_output=$(echo "$(ip -6 route get ::1.2.3.4 2> /dev/null)" | head -n1) ipv4_addr="" for i in $(seq "$(echo $ipv4_route_output | wc -w)" -1 1); do - ip=$(echo $ipv4_route_output | awk "{print \$$i}") - if ynh_validate_ip4 --ip_address=$ip; then - ipv4_addr="$ip" - break - fi + ip=$(echo $ipv4_route_output | awk "{print \$$i}") + if ynh_validate_ip4 --ip_address=$ip; then + ipv4_addr="$ip" + break + fi done ipv6_addr="" for i in $(seq "$(echo $ipv6_route_output | wc -w)" -1 1); do - ip=$(echo $ipv6_route_output | awk "{print \$$i}") - if ynh_validate_ip6 --ip_address=$ip; then - ipv6_addr="$ip" - break - fi + ip=$(echo $ipv6_route_output | awk "{print \$$i}") + if ynh_validate_ip6 --ip_address=$ip; then + ipv6_addr="$ip" + break + fi done # Reset the bind_hosts if the current ip is 0.0.0.0 python3 -c "import yaml with open(\"$final_path/AdGuardHome.yaml\", 'r') as file: - conf_file = yaml.safe_load(file) + conf_file = yaml.safe_load(file) need_file_update = False if \"0.0.0.0\" in conf_file[\"dns\"][\"bind_hosts\"]: - conf_file[\"dns\"][\"bind_hosts\"] = [] - if \"$ipv4_addr\": - conf_file[\"dns\"][\"bind_hosts\"].append(\"$ipv4_addr\") - if \"$ipv6_addr\": - conf_file[\"dns\"][\"bind_hosts\"].append(\"$ipv6_addr\") - need_file_update = True + conf_file[\"dns\"][\"bind_hosts\"] = [] + if \"$ipv4_addr\": + conf_file[\"dns\"][\"bind_hosts\"].append(\"$ipv4_addr\") + if \"$ipv6_addr\": + conf_file[\"dns\"][\"bind_hosts\"].append(\"$ipv6_addr\") + need_file_update = True if conf_file[\"dns\"][\"port\"] != $adguard_port: - conf_file[\"dns\"][\"port\"] = $adguard_port - need_file_update = True - + conf_file[\"dns\"][\"port\"] = $adguard_port + need_file_update = True + if need_file_update: - with open(\"$final_path/AdGuardHome.yaml\", 'w') as file: - yaml.dump(conf_file, file) + with open(\"$final_path/AdGuardHome.yaml\", 'w') as file: + yaml.dump(conf_file, file) " chmod 600 "$final_path/AdGuardHome.yaml" -chown -R $app: "$final_path/AdGuardHome.yaml" +chown -R $app:$app "$final_path/AdGuardHome.yaml" #================================================= # SETUP SYSTEMD @@ -223,7 +226,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Ads & trackers blocking DNS server" +yunohost service add $app --description="Ads & trackers blocking DNS server" --needs_exposed_ports $adguard_port #================================================= # START SYSTEMD SERVICE