- Move random password generation block inside final "fresh install" if block, ensure password is ONLY generated on fresh installs.
- Add additional check for fresh install around setting of PIHOLE_DNS1/2, QUERY_LOGGING, and PRIVACY_LEVEL
- Remove dedicated displayFinalMessage function.
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
fix the `if statement` that doesn't seem to work for neither of alpine's ash / bash - applying some workaround with the `stat` command
Signed-off-by: Karol Kania <44871508+karolkania@users.noreply.github.com>
Do not check whether the pihole user can read /etc/pihole/logrotate. It needs to be readable by root only, which is always true.
Signed-off-by: MichaIng <micha@dietpi.com>
FTL correctly creates the cert and especially private key with 0600 mode. But the prestart scripts changes it to 0660.
After removing the dedicated webserver from Pi-hole setups, the pihole group has no purpose anymore, and files should not be writable to any other user than pihole itself, and the private TLS key not reasable to anyone else either.
Additionally, this commit consolidates the chmod calls, applying 0755 to all directories and 0640 to all files, but the TLS key and cert.
Signed-off-by: MichaIng <micha@dietpi.com>
Fix Text+URL for allowlisting/denylisting. Keep former terms for when people search for them.
Signed-off-by: Jeroen Habets <jeroenhabets@users.noreply.github.com>
If service start/stop/restart/enable/disable fails, it help to debug the issue, if STDERR is not hidden, hence the error message can be seen. systemctl furthermore has the `-q` option to suppress non-error output. It works as well for "is-enabled", but until a certain systemd version still throws an error, if the checked service does not exist at all. Once Debian Bullseye support is dropped by Pi-hole, also STDERR form systemctl is-enabled does not need to be suppressed anymore.
Signed-off-by: MichaIng <micha@dietpi.com>
`/etc/lighttpd/conf-enabled` usually contains symlinks to the actual files in `/etc/lighttpd/conf-available`, at least `lighty-enable-mod` does exactly this. If `/etc/lighttpd/conf-available/15-pihole-admin.conf` is removed first, `/etc/lighttpd/conf-enabled/15-pihole-admin.conf` hence points to nowhere, which makes the `-f` check return false. The orphaned symlink is hence not removed, if `lighty-disable-mod` is not available.
This PR changes the order, to remove the symlink first, and to be failsafe also if it is orphaned already, and the actual config afterwards.
Signed-off-by: MichaIng <micha@dietpi.com>
The dnsmasq config files were removed in `remove_old_dnsmasq_ftl_configs()`, before they were tried to be migrated via `migrate_dnsmasq_configs()`, and hence most settings were lost during v5 to v6 update.
This commit renames and adjussts `remove_old_dnsmasq_ftl_configs()` to move dnsmasq config files into the migration directory instead, to be picked up by `migrate_dnsmasq_configs()` later.
Signed-off-by: MichaIng <micha@dietpi.com>
