diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml
index c3b25af..d0d4c6e 100644
--- a/conf/AdGuardHome.yaml
+++ b/conf/AdGuardHome.yaml
@@ -80,7 +80,7 @@ tls:
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
- allow_unencrypted_doh: true
+ allow_unencrypted_doh: __DNS_OVER_HTTPS__
strict_sni_check: false
certificate_chain: ""
private_key: ""
diff --git a/manifest.json b/manifest.json
index 86057a3..199d8b2 100644
--- a/manifest.json
+++ b/manifest.json
@@ -45,6 +45,14 @@
{
"name": "password",
"type": "password"
+ },
+ {
+ "name": "dns_over_https",
+ "type": "boolean",
+ "ask": {
+ "en": "Should DNS-over-HTTPS be enabled? (If so, anyone who knows your adguard address can make a doh request to https://adguardomain.tld/dns-query)"
+ },
+ "default": true
}
]
}
diff --git a/scripts/actions/reset_default_config b/scripts/actions/reset_default_config
index 8b5c01e..eedcdf8 100644
--- a/scripts/actions/reset_default_config
+++ b/scripts/actions/reset_default_config
@@ -27,6 +27,16 @@ password=$(ynh_app_setting_get --app=$app --key=password)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port)
+dns_over_https=$(ynh_app_setting_get --app=$app --key=dns_over_https)
+
+if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ];
+then
+ dns_over_https="true"
+ ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+else
+ dns_over_https="false"
+ ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+fi
ipv4_route_output=$(echo "$(ip -4 route get 1.2.3.4 2> /dev/null)" | head -n1)
ipv6_route_output=$(echo "$(ip -6 route get ::1.2.3.4 2> /dev/null)" | head -n1)
diff --git a/scripts/install b/scripts/install
index cca67f4..2fc400f 100644
--- a/scripts/install
+++ b/scripts/install
@@ -25,6 +25,7 @@ domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
password=$YNH_APP_ARG_PASSWORD
+dns_over_https=$YNH_APP_ARG_DNS_OVER_HTTPS
architecture=$YNH_ARCH
app=$YNH_APP_INSTANCE_NAME
@@ -49,6 +50,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
+if [ "$dns_over_https" == "1" ];
+then
+ dns_over_https="true"
+else
+ dns_over_https="false"
+fi
+ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+
#=================================================
# FIND AND OPEN A PORT
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 41c6430..e649e03 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,6 +23,7 @@ password=$(ynh_app_setting_get --app=$app --key=password)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port)
+dns_over_https=$(ynh_app_setting_get --app=$app --key=dns_over_https)
architecture=$YNH_ARCH
#=================================================
@@ -42,6 +43,15 @@ if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
fi
+if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ];
+then
+ dns_over_https="true"
+ ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+else
+ dns_over_https="false"
+ ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+fi
+
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================