From b86d4225ce268a4618bfd6b39e5cc2c2bc8a6dfb Mon Sep 17 00:00:00 2001
From: Kay0u <pierre@kayou.io>
Date: Thu, 6 Jan 2022 17:49:26 +0100
Subject: [PATCH] add dns_over_https arg

---
 conf/AdGuardHome.yaml                |  2 +-
 manifest.json                        |  8 ++++++++
 scripts/actions/reset_default_config | 10 ++++++++++
 scripts/install                      |  9 +++++++++
 scripts/upgrade                      | 10 ++++++++++
 5 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml
index c3b25af..d0d4c6e 100644
--- a/conf/AdGuardHome.yaml
+++ b/conf/AdGuardHome.yaml
@@ -80,7 +80,7 @@ tls:
   port_dns_over_quic: 784
   port_dnscrypt: 0
   dnscrypt_config_file: ""
-  allow_unencrypted_doh: true
+  allow_unencrypted_doh: __DNS_OVER_HTTPS__
   strict_sni_check: false
   certificate_chain: ""
   private_key: ""
diff --git a/manifest.json b/manifest.json
index 86057a3..199d8b2 100644
--- a/manifest.json
+++ b/manifest.json
@@ -45,6 +45,14 @@
             {
                 "name": "password",
                 "type": "password"
+            },
+            {
+                "name": "dns_over_https",
+                "type": "boolean",
+                "ask": {
+                    "en": "Should DNS-over-HTTPS be enabled? (If so, anyone who knows your adguard address can make a doh request to https://adguardomain.tld/dns-query)"
+                },
+                "default": true
             }
         ]
     }
diff --git a/scripts/actions/reset_default_config b/scripts/actions/reset_default_config
index 8b5c01e..eedcdf8 100644
--- a/scripts/actions/reset_default_config
+++ b/scripts/actions/reset_default_config
@@ -27,6 +27,16 @@ password=$(ynh_app_setting_get --app=$app --key=password)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port)
+dns_over_https=$(ynh_app_setting_get --app=$app --key=dns_over_https)
+
+if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ];
+then
+  dns_over_https="true"
+  ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+else
+  dns_over_https="false"
+  ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+fi
 
 ipv4_route_output=$(echo "$(ip -4 route get 1.2.3.4 2> /dev/null)" | head -n1)
 ipv6_route_output=$(echo "$(ip -6 route get ::1.2.3.4 2> /dev/null)" | head -n1)
diff --git a/scripts/install b/scripts/install
index cca67f4..2fc400f 100644
--- a/scripts/install
+++ b/scripts/install
@@ -25,6 +25,7 @@ domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
 password=$YNH_APP_ARG_PASSWORD
+dns_over_https=$YNH_APP_ARG_DNS_OVER_HTTPS
 architecture=$YNH_ARCH
 
 app=$YNH_APP_INSTANCE_NAME
@@ -49,6 +50,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
 
+if [ "$dns_over_https" == "1" ];
+then
+    dns_over_https="true"
+else
+    dns_over_https="false"
+fi
+ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 41c6430..e649e03 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,6 +23,7 @@ password=$(ynh_app_setting_get --app=$app --key=password)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port)
+dns_over_https=$(ynh_app_setting_get --app=$app --key=dns_over_https)
 architecture=$YNH_ARCH
 
 #=================================================
@@ -42,6 +43,15 @@ if ! ynh_permission_exists --permission="api"; then
     ynh_permission_create --permission="api" --label="api" --url="re:$domain/dns-query" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 fi
 
+if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ];
+then
+  dns_over_https="true"
+  ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+else
+  dns_over_https="false"
+  ynh_app_setting_set --app=$app --key=dns_over_https --value=$dns_over_https
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================