YunoHost-Apps/adguardhome_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/adguardhome_ynh.git synced 2024-09-03 18:06:23 +02:00
Code Issues Activity Actions

exposing port 53 on the Internet should be a deliberate choice, see #135

Browse source
This commit is contained in:
OniriCorpe 2023-12-27 00:17:16 +01:00
parent 0c6de738af
commit e8f7f50369
5 changed files with 78 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config_panel.toml
View file

@ -4,8 +4,14 @@ version = "1.0"
name = "AdguardHome configuration" name = "AdguardHome configuration"
services = ["__APP__"] services = ["__APP__"]
[main.options.open_port_53]
ask = "Open port 53 to the Internet?"
no = "false"
type = "boolean"
yes = "true"
[main.options.dns_over_https] [main.options.dns_over_https]
ask = "Enable DNS-over-HTTPS/QUIC" ask = "Enable DNS-over-HTTPS/QUIC?"
no = "false" no = "false"
type = "boolean" type = "boolean"
yes = "true" yes = "true"

37
scripts/config
View file

@ -15,21 +15,40 @@ ynh_abort_if_errors
# SPECIFIC SETTERS # SPECIFIC SETTERS
#================================================= #=================================================
set__open_port_53() {
if [ "$open_port_53" == "true" ]; then
ynh_script_progression --message="Opening port 53..."
# if the user would expose port 53 to the Internet, open it
ynh_exec_warn_less yunohost firewall allow Both "$port_adguard"
yunohost firewall reload
elif [ "$open_port_53" == "false" ]; then
# else if false, close it
ynh_script_progression --message="Closing port 53..."
ynh_exec_warn_less yunohost firewall disallow Both "$port_adguard"
yunohost firewall reload
else
# else, throw error
ynh_print_warn --message="The variable 'open_port_53' should be 'true' or 'false' but isn't, please report this."
fi
# save the new setting
ynh_app_setting_set "$app" --key=open_port_53 --value="$open_port_53"
}
set__dns_over_https() { set__dns_over_https() {
if [ "$dns_over_https" == "true" ]; then if [ "$dns_over_https" == "true" ]; then
ynh_script_progression --message="Opening DoH and DoQ ports..." ynh_script_progression --message="Opening DoH and DoQ ports..."
# if DNS over HTTPS/QUIC is activated, open the associated ports # if DNS over HTTPS/QUIC is activated, open the associated ports
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall allow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall allow UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP "$port_dns_over_quic"
yunohost firewall reload yunohost firewall reload
elif [ "$dns_over_https" == "false" ]; then elif [ "$dns_over_https" == "false" ]; then
# else if false, close them # else if false, close them
ynh_script_progression --message="Closing DoH and DoQ ports..." ynh_script_progression --message="Closing DoH and DoQ ports..."
ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
yunohost firewall reload yunohost firewall reload
else else
# else, throw error # else, throw error
@ -37,6 +56,10 @@ set__dns_over_https() {
fi fi
# save the new setting # save the new setting
ynh_app_setting_set "$app" prices "$dns_over_https" ynh_app_setting_set "$app" --key=dns_over_https --value="$dns_over_https"
} }
#=================================================
# GENERIC FINALIZATION
#=================================================
ynh_app_config_run $1

22
scripts/install
View file

@ -14,22 +14,34 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_script_progression --message="Storing installation settings..." --weight=2
if [ "$dns_over_https" == "1" ]; if [ "$dns_over_https" == "1" ]; then
then
dns_over_https="true" dns_over_https="true"
# no need to open the ports, as they were opened at the 'Provisioning ports' step # no need to open the ports, as they were opened at the 'Provisioning ports' step
else else
dns_over_https="false" dns_over_https="false"
# if dns_over_https is false, we need to close ports, # if dns_over_https is false, we need to close ports,
# as they were opened at the 'Provisioning ports' step # as they were opened at the 'Provisioning ports' step
ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall reload ynh_exec_warn_less yunohost firewall reload
fi fi
ynh_app_setting_set --app="$app" --key=dns_over_https --value="$dns_over_https" ynh_app_setting_set --app="$app" --key=dns_over_https --value="$dns_over_https"
if [ "$open_port_53" == "1" ]; then
open_port_53="true"
# no need to open th port, as it were opened at the 'Provisioning ports' step
else
open_port_53="false"
# if open_port_53 is false, we need to close port,
# as it were opened at the 'Provisioning ports' step
ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall reload
fi
ynh_app_setting_set --app="$app" --key=open_port_53 --value="$open_port_53"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================

10
scripts/restore
View file

@ -18,9 +18,13 @@ source /usr/share/yunohost/helpers
if [ "$dns_over_https" == "false" ]; then if [ "$dns_over_https" == "false" ]; then
# if dns_over_https is false, we need to close ports, # if dns_over_https is false, we need to close ports,
# as they were opened at the 'Provisioning ports' step # as they were opened at the 'Provisioning ports' step
ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic" ynh_exec_warn_less yunohost firewall reload
fi
if [ "$open_port_53" == "false" ]; then
ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall reload ynh_exec_warn_less yunohost firewall reload
fi fi

24
scripts/upgrade
View file

@ -29,23 +29,33 @@ ynh_systemd_action --service_name="$app" --action="stop"
#================================================= #=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ]; if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ]; then
then
dns_over_https="true" dns_over_https="true"
ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https
# no need to open the ports, as they were opened at the 'Provisioning ports' step # no need to open the ports, as they were opened at the 'Provisioning ports' step
elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ]; elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ]; then
then
dns_over_https="false" dns_over_https="false"
ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https
# if dns_over_https is false, we need to close ports, # if dns_over_https is false, we need to close ports,
# as they were opened at the 'Provisioning ports' step # as they were opened at the 'Provisioning ports' step
ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http" ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
ynh_exec_warn_less yunohost firewall reload ynh_exec_warn_less yunohost firewall reload
fi fi
if [ -n "$open_port_53" ] && [ "$open_port_53" == "1" ]; then
open_port_53="true"
# no need to open th port, as it were opened at the 'Provisioning ports' step
elif [ -z "$open_port_53" ] || [ "$open_port_53" == "0" ]; then
open_port_53="false"
# if open_port_53 is false, we need to close port,
# as it were opened at the 'Provisioning ports' step
ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
ynh_exec_warn_less yunohost firewall reload
fi
ynh_app_setting_set --app="$app" --key=open_port_53 --value="$open_port_53"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================