Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Readme updates and ipv6 support

Browse Source
This commit is contained in:
John Dorman 2020-06-28 02:59:55 -07:00
parent ba40353421
commit 28b0595923
11 changed files with 285 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
AdguardHome/README.md
View File

@ -5,43 +5,33 @@
2. Persists through reboots and firmware updates. 2. Persists through reboots and firmware updates.
### Requirements ### Requirements
1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script) 1. You have setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this) 2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this). It needs 2 folders, a Work and Configuration folder. Please create the 2 folder in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir"
It needs 2 folders, a Work and Configuration folder. Plese create the 2 folder in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir" 3. The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
### Customization ### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge. * Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist), also update all the ips accordingly * Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
### Steps ### Steps
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5. 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/install-cni-plugins.sh) on your UDM 2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) symlink). This will create your podman macvlan network 3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to your AdGuard instance 4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment (specifically the container name)
5. Execute on_boot.sh 5. Execute /mnt/data/on_boot.d/10-dns.sh
6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below. 6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
``` ```shell script
podman run -d --network dns --restart always \ podman run -d --network dns --restart always \
--name adguardhome \ --name adguardhome \
-v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \ -v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
-v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \ -v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
--dns=127.0.0.1 --dns=1.1.1.1 \ --dns=127.0.0.1 --dns=1.1.1.1 \
--hostname adguardhome \ --hostname adguardhome \
adguard/adguardhome:arm64-latest adguard/adguardhome:arm64-latest
``` ```
7. Change on_boot.sh line 17 7. Browse to 10.0.5.3:3000 and follow the setup wizard
From 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
``` 9. Access the AdguardHome like you would normally.
#podman start AdguardHome
```
To
```
podman start AdguardHome
```
This makes sure that the AdguardHome container will start after reboot of UDM.
8. Browse to 10.0.5.3:3000 and follow the setup wizard
9. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
10. Access the AdguardHome like you would normally.

0
AdguardHome/udm-files/on_boot.sh
View File

3
README.md
View File

@ -4,6 +4,9 @@ A collection of things to enhance the capabilities of your Unifi Dream Machine o
### on-boot-script ### on-boot-script
Run any commands when your UDM starts. Run any commands when your UDM starts.
### dns-common
Configurations for DNS containers, both IPv4 and IPv6
### run-pihole ### run-pihole
Run pihole on your UDM with podman. Utilizes macvlan cni plugins to completely isolate the network stack Run pihole on your UDM with podman. Utilizes macvlan cni plugins to completely isolate the network stack

27
cni-plugins/20-dnsipv6.conflist Normal file
View File

@ -0,0 +1,27 @@
{
"cniVersion": "0.4.0",
"name": "dns",
"plugins": [
{
"type": "macvlan",
"mode": "bridge",
"master": "br5",
"ipam": {
"type": "static",
"addresses": [
{
"address": "10.0.5.3/24",
"gateway": "10.0.5.1"
},
{
"address": "fd62:89a2:fda9:e23:0:0:0:2",
"gateway": "fd62:89a2:fda9:e23:0:0:0:1"
}
],
"routes": [
{"dst": "0.0.0.0/0"},{"dst": "::/0"}
]
}
}
]
}

14
dns-common/on_boot.d/10-dns.sh
View File

@ -11,17 +11,14 @@ IPV4_GW="10.0.5.1/24"
# added along with a ::/0 route. Also make sure that additional --dns options # added along with a ::/0 route. Also make sure that additional --dns options
# are passed to podman with your IPv6 DNS IPs when deploying the container for # are passed to podman with your IPv6 DNS IPs when deploying the container for
# the first time. # the first time.
IPV6_IP="" IPV6_IP="fd62:89a2:fda9:e23:0:0:0:2"
IPV6_GW="" IPV6_GW="fd62:89a2:fda9:e23:0:0:0:1"
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic # set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
# re-routed through the DNS container. separate interfaces with spaces. # re-routed through the DNS container. separate interfaces with spaces.
# e.g. "br0" or "br0 br1" etc. # e.g. "br0" or "br0 br1" etc.
FORCED_INTFC="" FORCED_INTFC=""
# uncomment after after the container has been deployed
#PODMAN_START=1
# container name; e.g. nextdns, pihole, adguardhome, etc. # container name; e.g. nextdns, pihole, adguardhome, etc.
CONTAINER=nextdns CONTAINER=nextdns
@ -29,7 +26,7 @@ CONTAINER=nextdns
mkdir -p /opt/cni mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist ln -s /mnt/data/podman/cni/20-dnsipv6.conflist /etc/cni/net.d/20-dnsipv6.conflist
# set VLAN bridge promiscuous # set VLAN bridge promiscuous
ip link set br${VLAN} promisc on ip link set br${VLAN} promisc on
@ -56,10 +53,7 @@ if [ -n "${IPV6_IP}" ]; then
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
fi fi
# Start the container podman container exists ${CONTAINER} && podman start ${CONTAINER}
if [ "${PODMAN_START}" == "1" ]; then
podman start ${CONTAINER}
fi
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container # (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
for intfc in ${FORCED_INTFC}; do for intfc in ${FORCED_INTFC}; do

76
dns-common/on_boot.d/10-dnsipv6.sh Normal file
View File

@ -0,0 +1,76 @@
#!/bin/sh
## configuration variables:
VLAN=5
IPV4_IP="10.0.5.3"
IPV4_GW="10.0.5.1/24"
# if you want IPv6 support, generate a ULA, select an IP for the dns server
# and an appropriate gateway address on the same /64 network. Make sure that
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
# added along with a ::/0 route. Also make sure that additional --dns options
# are passed to podman with your IPv6 DNS IPs when deploying the container for
# the first time.
IPV6_IP=""
IPV6_GW=""
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
# re-routed through the DNS container. separate interfaces with spaces.
# e.g. "br0" or "br0 br1" etc.
FORCED_INTFC=""
# container name; e.g. nextdns, pihole, adguardhome, etc.
CONTAINER=nextdns
## network configuration and startup:
mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
# set VLAN bridge promiscuous
ip link set br${VLAN} promisc on
# create macvlan bridge and add IPv4 IP
ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
if [ -n "${IPV6_GW}" ]; then
ip -6 addr add ${IPV6_GW} dev br${VLAN}
ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
fi
# set macvlan bridge promiscuous and bring it up
ip link set br${VLAN}.mac promisc on
ip link set br${VLAN}.mac up
# add IPv4 route to DNS container
ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
# (optional) add IPv6 route to DNS container
if [ -n "${IPV6_IP}" ]; then
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
fi
podman container exists ${CONTAINER} && podman start ${CONTAINER}
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
for intfc in ${FORCED_INTFC}; do
for proto in udp tcp; do
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
if [ -n "${IPV6_IP}" ]; then
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
fi
done
done

48
nextdns/README.md
View File

@ -7,24 +7,25 @@
4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config. 4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config.
### Requirements ### Requirements
1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script) 1. You have already setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. NextDNS persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work. 2. NextDNS persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work.
### Customization ### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge. * Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request. * The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns. * If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
* Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
### Docker ### Docker
The offical repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4). The official repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations
``` ```shell script
podman build . -t nextdns-udm:latest podman build . -t nextdns-udm:latest
``` ```
Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
``` ```shell script
docker buildx build --platform linux/arm64 -t nextdns-udm:latest . docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
``` ```
@ -32,22 +33,21 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
If you have already installed PiHole, skip right to step 6. If you have already installed PiHole, skip right to step 6.
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5. 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM 2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink). This will create your podman macvlan network 3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to NextDNS 4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment (specifically the container name)
5. Execute on_boot.sh 5. Execute /mnt/data/on_boot.d/10-dns.sh
6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it. 6. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS. 7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
``` ```shell script
podman run -d -it --privileged --network dns --restart always \ podman run -d -it --privileged --network dns --restart always \
--name nextdns \ --name nextdns \
-v "/mnt/data/nextdns/:/etc/nextdns/" \ -v "/mnt/data/nextdns/:/etc/nextdns/" \
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \ -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
--mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \ --mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
--dns=45.90.28.163 --dns=45.90.30.163 \ --dns=45.90.28.163 --dns=45.90.30.163 \
--hostname nextdns \ --hostname nextdns \
boostchicken/nextdns-udm:latest boostchicken/nextdns-udm:latest
``` ```
Note:
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs. 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Uncomment ```podman start nextdns``` in on_boot.sh

109
on-boot-script/README.md
View File

@ -1,66 +1,69 @@
# UDM / UDMPro Boot Script # UDM / UDMPro Boot Script
### Features ### Features
1. Allows you to run a shell script at S95 anytime your UDM starts / reboots 1. Allows you to run a shell script at S95 anytime your UDM starts / reboots
1. Persists through reboot
1. Must be re-done after firmware updates
### Compatiblity ### Compatibility
1. Should work on any UDM/UDMPro after 1.6.3 1. Should work on any UDM/UDMPro after 1.6.3
2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4 2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4, 1.7.3rc1
## Steps ## Steps
# 1. Make your script on the UDM/UDMPRO
```
vi /mnt/data/on_boot.sh
chmod u+x /mnt/data/on_boot.sh
```
Example: see examples/udm-files/on_boot.sh, examples/udm-files/on_boot.d/*.sh
# 2. Make the unifios docker container execute this script on startup, this has to be done after every firmware update. It does persist through reboots. ### Automated Setup
## Automatic 1. Copy [install.sh](install.sh) to your UDM and execute it
1. Copy any shell scripts you want to run to /mnt/data/on_boot.d and make sure they are executable and have the correct shebang (#!/bin/sh)
Examples:
* Start a DNS Container [10-dns.sh](../dns-common/on_boot.d/10-dns.sh)
* Start wpa_supplicant [on_boot.d/10-wpa_supplicant.sh](examples/udm-files/on_boot.d/10-wpa_supplicant.sh)
1. Copy install.sh and install-unifios.sh to your UDM ### Manual Setup
2. Execute install.sh
## Manual 1. Copy on_boot.sh and make on_boot.d and add scripts to on_boot.d
``` ```shell script
podman exec -it unifi-os sh mkdir -p /mnt/data/on_boot.d
``` vi /mnt/data/on_boot.sh
### make a script that sshs to the udm and runs on our boot script chmod u+x /mnt/data/on_boot.sh
Example: examples/unifi-os-files/udm.sh ```
``` Example: [on_boot.sh](examples/udm-files/on_boot.sh)
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh # 127.0.1.1 always points to the UDM
```
#### make said script executable
```
chmod u+x /etc/init.d/udm.sh
```
### make a service that runs on startup, after we have networking
Example: examples/unifi-os-files/udmboot.service
```
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service] 1. Enter the container shell
ExecStart=/etc/init.d/udm.sh ```shell script
unifi-os shell
```
1. make a script that sshs to the udm and runs on our boot script. 127.0.1.1 always points to the UDM
```shell script
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh
chmod u+x /etc/init.d/udm.sh
```
Example: [udm.sh](examples/unifi-os-files/udm.sh)
1. make a service that runs on startup, after we have networking
```shell script
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service]
ExecStart=/etc/init.d/udm.sh
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
```
Example: [udmboot.service](examples/unifi-os-files/udmboot.service)
[Install] 1. enable it and test
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service ```shell script
``` systemctl enable udmboot
systemctl start udmboot
### enable it and test ```
``` 1. back to the udm
systemctl enable udmboot ```shell script
systemctl start udmboot exit
``` ```
### back to the udm 1. reboot your udm/udmpro and make sure it worked
``` ```shell script
exit reboot
``` exit
# reboot your udm/udmpro and make sure it worked ```
```
reboot
exit
```

45
on-boot-script/install.sh
View File

@ -1,5 +1,44 @@
#!/bin/sh #!/bin/sh
podman cp install-unifios.sh unifi-os:/root/install-unifios.sh echo "Creating on boot script on device"
podman exec unifi-os chmod +x /root/install-unifios.sh echo "#!/bin/sh
podman exec unifi-os sh -c /root/install-unifios.sh
if [ -d /mnt/data/on_boot.d ]; then
for i in /mnt/data/on_boot.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
fi
" > /mnt/data/20-python.sh
chmod u+x /mnt/data/on_boot.sh
mkdir -p /mnt/data/on_boot.d
echo "Creating script to modify unifios container"
echo '#!/bin/sh
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 ''/mnt/data/on_boot.sh''" > /etc/init.d/udm.sh
chmod u+x /etc/init.d/udm.sh
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service]
ExecStart=/etc/init.d/udm.sh
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
systemctl enable udmboot
systemctl start udmboot
' > /tmp/install-unifios.sh
podman cp /tmp/install-unifios.sh unifi-os:/root/install-unifios.sh
podman exec -it unifi-os chmod +x /root/install-unifios.sh
echo "Executing container modifications"
podman exec -it unifi-os sh -c /root/install-unifios.sh
rm /tmp/install-unifios.sh
echo "Installed on_boot hook. Populate /mnt/data/on_boot.d with scripts to run"

0
python/on_boot.sh → python/on_boot.d/20-python.sh
View File

62
run-pihole/README.md
View File

@ -5,45 +5,45 @@
2. Persists through reboots and firmware updates. 2. Persists through reboots and firmware updates.
### Requirements ### Requirements
1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script) 1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. PiHole persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work. 2. PiHole persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work.
### Customization ### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge. * Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist), also update all the ips accordingly * Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh) and change the docker command to IPv6=True. Also, please provide IPv6 servers to podman using --dns arguments.
### Steps ### Steps
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5. 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/install-cni-plugins.sh) on your UDM 2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) symlink). This will create your podman macvlan network 3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to your PiHole 4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment (specifically the container name)
5. Execute on_boot.sh 5. Execute /mnt/data/on_boot.d/10-dns.sh
6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below. 6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
``` ```shell script
podman run -d --network dns --restart always \ podman run -d --network dns --restart always \
--name pihole \ --name pihole \
-e TZ="America/Los Angeles" \ -e TZ="America/Los Angeles" \
-v "/mnt/data/etc-pihole/:/etc/pihole/" \ -v "/mnt/data/etc-pihole/:/etc/pihole/" \
-v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \ -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
--dns=127.0.0.1 --dns=1.1.1.1 \ --dns=127.0.0.1 --dns=1.1.1.1 \
--hostname pi.hole \ --hostname pi.hole \
-e VIRTUAL_HOST="pi.hole" \ -e VIRTUAL_HOST="pi.hole" \
-e PROXY_LOCATION="pi.hole" \ -e PROXY_LOCATION="pi.hole" \
-e ServerIP="10.0.5.3" \ -e ServerIP="10.0.5.3" \
-e IPv6="False" \ -e IPv6="False" \
pihole/pihole:latest pihole/pihole:latest
``` ```
The below errors are expected and acceptable The below errors are expected and acceptable
``` ```
ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory
``` ```
7. Set pihole password 7. Set pihole password
``` ```shell script
podman exec -it pihole pihole -a -p YOURNEWPASSHERE podman exec -it pihole pihole -a -p YOURNEWPASSHERE
``` ```
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs. 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Access the pihole like you would normally. 9. Access the pihole like you would normally.
9. Uncomment ```podman start pihole``` in on_boot.sh