Initial project commit

Author: i8degrees

.gitignore

@@ -0,0 +1,14 @@
+# Simplified BSD License
+
+Copyright (c) 2023 Jeffrey Carpenter <1329364+i8degrees@users.noreply.github.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

LICENSE.md

@@ -0,0 +1,48 @@
+# pihole_sync
+
+This is a simple workaround script I have come up with in order to maintain a
+secondary DNS server while using Pi-Hole as my primary DNS resolver --
+although, ad-blocking functionality is lost when the primary goes down, internal
+host resolving remains and therefore the critical functionality I need is
+preserved.
+
+It was not feasible for me to maintain a block-list on the RAM-starved router
+box I am using this script on -- I've tried! Oh well.
+
+## Target
+
+OpenWrt 22.03.3 r20028-43d71ad93e
+
+## Installation
+
+From within the root directory of this project repository...
+
+```shell
+# Install dependencies; we need scp from the package...
+opkg install openssh-client-utils
+mkdir -p /root/bin
+cp -av bin/pihole_sync.sh /root/bin/pihole_sync.sh
+cp -av etc/init.d/pihole /etc/init.d/pihole
+# rc.d run-level scripts have yet to be written, so no enable syntax like we
+# have with other services -- so you must start the daemon manually upon boot
+cat etc/rc.local >> /etc/rc.local
+# Sync every five minutes is the default
+cp -av cron/crontab /var/spool/cron/crontabs/root
+/etc/init.d/cron enable
+/etc/init.d/cron start
+```
+
+You must modify the **sync** function in `/root/bin/pihole_sync.sh` if you
+expect this to work on your network; change the path of the source configuration
+files.
+
+## usage
+
+```shell
+# SSH user and host of the pihole box to sync
+/root/bin/pihole_sync.sh user@domain.tld
+```
+
+**NOTE:** I have not tested this script with non-superuser accounts. I do not
+expect it to work out of the box! It should be simple to add, though, as
+the `dnsmasq` daemon is ran under a *user* account, not `root`.

README.md

@@ -0,0 +1,8 @@
+# TODO
+
+- [ ] Create a Debian package file
+- [ ] Write rc.d init scripts for `bin/pihole_sync.sh`
+  * Base off of `/etc/rc.d/S19dnsmasq`
+  * **OpenWrt v22.03.3** *r20028-43d71ad93e*
+- [ ] Install script
+

TODO.md

@@ -0,0 +1,148 @@
+#!/usr/bin/env ash
+#
+# /root/dns_sync.sh:jeff
+#
+# Sync ns1.lan dnsmasq configuration and suit it for running a backup NS on this box
+# for redundancy sake. We lose adblocking in doing so like this, but we maintain the
+# crucial internal LAN hostname mappings.
+#
+# TODO(jeff): Consider using a dedicated user account for sync?
+#
+
+PATH="/bin:/sbin:/usr/bin:/usr/sbin"
+
+PING_BIN="$(command -v ping)"
+# Internal variables used in the sync function.
+SCP_BIN="$(command -v scp)"
+
+# Sanity check of the existence of a given path (executable).
+check_app_path() {
+  APP="$1"
+  if [ ! -x "$APP" ]; then
+    echo "CRITICAL: Could not find ${APP} or it is non-executable."
+    echo
+    exit 2
+  fi
+}
+
+# Sanity check of the existence of a host.
+#
+# check_ip4_host(addr)
+# ...where addr is an IPv4 address or a hostname that is
+# resolvable by DNS.
+check_ip4_host() {
+  ADDR="$1"
+  if [ ! $("$PING_BIN" -4 -w5 "$ADDR") ]; then
+    echo "CRITICAL: Could not reach the host at ${ADDR}."
+    echo
+    exit 254
+  fi
+}
+
+# Perform allocation duties of target directory paths and
+# logging files.
+setup() {
+  mkdir -p "/etc/pihole"
+  mkdir -p "/etc/dnsmasq.d"
+  mkdir -p "/var/log/pihole"
+  touch "/var/log/pihole/pihole.log"
+  touch "/etc/pihole/dnsmasq.conf"
+  
+  # IMPORTANT(jeff): This matches /etc/dnsmasq.conf on the virtual Pihole box that 
+  # we do not have SSH access to, less and except the username swap from pihole
+  # to dnsmasq.
+  if [ ! $(grep -i -e "conf-dir=/etc/dnsmasq.d" /etc/pihole/dnsmasq.conf) ]; then
+    echo -e "conf-dir=/etc/dnsmasq.d" >> "/etc/pihole/dnsmasq.conf"
+  fi
+
+  if [ ! $(grep -i -e "user=dnsmasq" /etc/pihole/dnsmasq.conf) ]; then
+    echo -e "user=dnsmasq\n" >> "/etc/pihole/dnsmasq.conf"
+  fi
+}
+
+# Synchronize the local authoritative nameserver to then host as a backup
+# nameserver for the host resolution of local hosts.
+#
+# sync(ssh_source_host)
+# ...where ssh_source_host is a string containing the username and host of the
+# SSH target whose files we are copying from.
+sync() {
+  SCP_ARGS="-O" # openwrt compat
+  SOURCE="$1"
+  SOURCE_CONFIG_PATH="/mnt/npool0/software/Applications/pihole-1/config"
+  SOURCE_DNSMASQ_PATH="/mnt/npool0/software/Applications/pihole-1/mounts/dnsmasq"
+  TARGET_CONFIG_PATH="/etc/pihole"
+  TARGET_DNSMASQ_PATH="/etc/dnsmasq.d"
+  
+  if [ -z "${SOURCE}" ]; then
+    echo "CRITICAL: Missing function parameter in sync function -- ssh source host."
+    echo
+    exit 253
+  fi
+
+  # TO /etc/pihole
+  "${SCP_BIN}" "${SCP_ARGS}" "${SOURCE}:${SOURCE_CONFIG_PATH}/local.list" "${TARGET_CONFIG_PATH}/local.list"
+  "${SCP_BIN}" "${SCP_ARGS}" "${SOURCE}:${SOURCE_CONFIG_PATH}/custom.list" "${TARGET_CONFIG_PATH}/custom.list"
+  #"${SCP_BIN}" "${SCP_ARGS}" "${SOURCE}:${SOURCE_CONFIG_PATH}/hosts" "${TARGET_CONFIG_PATH}/hosts"
+
+  # TO /etc/dnsmasq.d
+  "$SCP_BIN" "$SCP_ARGS" "${SOURCE}:${SOURCE_DNSMASQ_PATH}/01-pihole.conf" "${TARGET_DNSMASQ_PATH}/01-pihole.conf"
+  "$SCP_BIN" "$SCP_ARGS" "${SOURCE}:${SOURCE_DNSMASQ_PATH}/05-pihole-custom-cname.conf" "${TARGET_DNSMASQ_PATH}/05-pihole-custom-cname.conf"
+  "$SCP_BIN" "$SCP_ARGS" "${SOURCE}:${SOURCE_DNSMASQ_PATH}/06-rfc6761.conf" "${TARGET_DNSMASQ_PATH}/06-rfc6761.conf"
+  "$SCP_BIN" "$SCP_ARGS" "${SOURCE}:${SOURCE_DNSMASQ_PATH}/99-extra.conf" "${TARGET_DNSMASQ_PATH}/99-extra.conf"
+}
+
+# The source configuration files must be modified before usage on another host.
+# This function strives to perform the most minimal changes necessary for working
+# functionality as a backup nameserver.
+#
+# adjust_config(boolean)
+# ...where boolean is an optional parameter whose non-nil value will abort performing
+# any adjustments, giving one the raw configuration as was seen on the source.
+adjust_config() {
+  NOM_SYNC_RAW="$1"
+  if [ "$NOM_FIX_CONFIG" = "true" ] || [ "$NOM_FIX_CONFIG" = "1" ]; then
+    if [ ! $(grep -i -e "interface=br-lan" /etc/dnsmasq.d/01-pihole.conf) ]; then
+      echo "interface=br-lan" >> /etc/dnsmasq.d/01-pihole.conf
+      sed -i 's/^rev-server=/#&/' /etc/dnsmasq.d/01-pihole.conf
+      #echo "addn-hosts=/etc/pihole/hosts\n" >> /etc/dnsmasq.d/01-pihole.conf
+    fi
+  else
+    if [ -n "$NOM_DEBUG" ]; then
+      echo "DEBUG: Not adjusting the source configuration -- this is likely to"
+      echo "break things!"
+    fi
+  fi
+}
+
+# Final function call; wrap things up before this is called!
+on_finish() {
+  /etc/init.d/pihole reload
+}
+
+# Begin main execution...
+
+SOURCE_SSH="$1"
+
+if [[ -z "$SOURCE_SSH" ]]; then
+  echo "CRITICAL: Missing function argument -- a SSH host we may obtain the "
+  echo "primary configuration files from."
+  echo
+  exit 2
+fi
+
+check_app_path "${SCP_BIN}"
+check_app_path "${PING_BIN}"
+#check_ip4_host "${SOURCE_SSH_HOST}"
+setup
+
+echo "Opening a connection to... ${SOURCE_SSH}"
+sync "$SOURCE_SSH"
+
+adjust_config "true"
+on_finish
+
+exit 0
+
+# End main execution...
+

bin/pihole_sync.sh

@@ -0,0 +1,11 @@
+# 1. https://openwrt.org/docs/guide-user/base-system/cron
+# 2. https://crontab.guru
+
+SHELL=/bin/ash
+MAILFROM=root
+MAILTO=i8degrees@gmail.com
+CRON_TZ=America/Chicago
+
+# Sync every 5 minutes
+5/60 * * * * /root/bin/pihole_sync.sh admin@ns1.lan >> /var/log/pihole_sync.log 2>&1
+

cron/crontab

@@ -0,0 +1,5 @@
+/root/bin/pihole_sync.sh
+/etc/init.d/pihole
+/etc/dnsmasq.d
+/etc/pihole
+/var/log/pihole

debian/debian.package

@@ -0,0 +1,105 @@
+#!/usr/bin/env ash
+#
+# /etc/init.d/pihole:jeff
+#
+
+function usage_info() {
+  SCR_NAME=$(basename)
+  echo "Syntax: /etc/init.d/${SCR_NAME} [command]"
+  echo
+  echo -e "Available commands:"
+  echo -e "\tstart\t\tStart the service"
+  echo -e "\tstop\t\tStop the service"
+  echo -e "\trestart\t\tRestart the service"
+  echo -e "\treload\t\tReload configuration files (or restart if service does not implement reload)"
+  echo -e "\tenable\t\tEnable service autostart"
+  echo -e "\tdisable\t\tDisable service autostart"
+  echo -e "\tenabled\t\tCheck if service is started on boot"
+  echo -e "\trunning\t\tCheck if service is running"
+  echo -e "\tstatus\t\tService status"
+  echo -e "\ttrace\t\tStart with syscall trace"
+  echo -e "\tinfo\t\tDump procd service info"
+}
+
+function service_status() {
+  DNSMASQ_PID=$(pgrep dnsmasq)
+  if [[ "$DNSMASQ_PID" != "" ]]; then
+    echo "running"
+  else
+    echo "stopped"
+  fi
+}
+
+function service_running() {
+  DNSMASQ_PID=$(pgrep dnsmasq)
+  if [[ "$DNSMASQ_PID" != "" ]]; then
+    echo "running"
+  fi
+}
+
+# reload configuration of dnsmasq daemon
+function service_reload() {
+  echo "Reloading configuration for dnsmasq..."
+  DNSMASQ_PID=$(pgrep dnsmasq)
+  if [[ "$DNSMASQ_PID" != "" ]]; then
+    kill -s HUP "$DNSMASQ_PID"
+  fi
+}
+
+function _setup() {
+  [[ -n "$NOM_DEBUG" ]] && echo "Creating log file..."
+  mkdir -p /var/log/pihole || exit 255
+  touch /var/log/pihole/pihole.log || exit 255
+}
+
+function service_stop() {
+  echo "Stopping dnsmasq..."
+  DNSMASQ_PID=$(pgrep dnsmasq)
+  if [[ "$DNSMASQ_PID" != "" ]]; then
+    kill -s 15 "$DNSMASQ_PID"
+  fi
+}
+
+function service_restart() {
+  echo "Restarting dnsmasq..." 
+  service_stop
+  service_start
+}
+
+function service_start() {
+  echo "Starting dnsmasq..."
+  _setup
+    
+  dnsmasq --pid-file=/var/run/pihole.pid --conf-file=/etc/pihole/dnsmasq.conf 2>&1
+}
+
+COMMAND=$1
+
+if [[ -z "$COMMAND" ]]; then
+  usage_info
+  exit 1
+fi
+
+case "$COMMAND" in
+  start)
+    service_start
+  ;;
+  reload)
+    service_reload
+  ;;
+  res*|restart*)
+    service_restart
+  ;;
+  stop)
+    service_stop
+  ;;
+  running)
+    service_running
+  ;;
+  status)
+    service_status
+  ;;
+esac
+
+exit 0
+

etc/init.d/pihole

@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+
+/etc/init.d/pihole restart
+
+exit 0