First push of docs

2024-08-30 18:32:21 +00:00 · 2020-05-31 06:40:04 -07:00 · 2020-05-31 06:40:04 -07:00 · 9aae338ab8
commit 9aae338ab8
parent 97a90809ea
8 changed files with 168 additions and 0 deletions
--- a/on-boot-script/README.md
+++ b/on-boot-script/README.md
@ -0,0 +1,69 @@
 # UDM / UDMPro Boot Script
 ### Features
 1. Allows you to run a shell script at S95 anytime your UDM starts / reboots
 All files described here are in the examples folder, automation is coming soon.
 Steps
 # 1. Make your script on the UDM/UDMPRO
 ```
 vi /mnt/data/on_boot.sh 
 chmod u+x /mnt/data/on_boot.sh
 ```
 Example: see examples/udm-files/on_boot.sh
 ```
 #!/bin/sh
 podman start wpa_supplicant-udmpro
 iptables -t nat -C PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
 iptables -t nat -C PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
 iptables -t nat -C POSTROUTING -j MASQUERADE || iptables -t nat -A POSTROUTING -j MASQUERADE
 ```
 # 2. Make the unifios docker container execute this script on startup, this has to be done after every firmware update.  It does persist through reboots.
 ```
 podman exec -it unifi-os sh
 ssh root@127.0.01 # this is to accept the fingerprint of the udm
 exit # back to the container shell
 ```
 ### make a script that sshs to the udm and runs on our boot script
 Example: examples/unifi-os-files/udm.sh
 ```
 echo "#!/bin/sh
 ssh root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh # 127.0.1.1 always points to the UDM
 ```
 #### make said script executable
 ```
 chmod u+x /etc/init.d/udm.sh
 ```
 ### make a service that runs on startup, after we have networking
 Example: examples/unifi-os-files/udmboot.service
 ```
 echo "[Unit]
 Description=Run On Startup UDM
 [Service]
 After=network.target
 ExecStart=/etc/init.d/udm.sh
 [Install]
 WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
 ```
 ### enable it and test
 ```
 systemctl enable udmboot
 systemctl start udmboot
 ```
 ### back to the udm
 ```
 exit
 ```
 # reboot your udm/udmpro and make sure it worked
 ```
 reboot
 exit
 ```
--- a/on-boot-script/examples/udm-files/on_boot.sh
+++ b/on-boot-script/examples/udm-files/on_boot.sh
@ -0,0 +1,3 @@
 #!/bin/sh
 podman start wpa_supplicant-udmpro
--- a/on-boot-script/examples/unifi-os-files/udm.sh
+++ b/on-boot-script/examples/unifi-os-files/udm.sh
@ -0,0 +1,2 @@
 #!/bin/sh
 ssh root@ubnt '/mnt/data/on_boot.sh'
--- a/on-boot-script/examples/unifi-os-files/udmboot.service
+++ b/on-boot-script/examples/unifi-os-files/udmboot.service
@ -0,0 +1,9 @@
 [Unit]
 Description=Run On Startup UDM
 [Service]
 After=network.target
 ExecStart=/etc/init.d/udm.sh
 [Install]
 WantedBy=multi-user.target
--- a/run-pihole/README.md
+++ b/run-pihole/README.md
@ -0,0 +1,35 @@
 # Run PiHole on your UDM PRo
 ### Features
 1. Run PiHole on your UDM with a completely isolated network stack.  This will not port conflict or be influenced by any changes on by Ubiquiti
 ### Requirements
 1. You have setup the on boot script described in this repo
 ### Steps
 1. Make a network with no DHCP server and give it a vlan.  The files in this repo assume VLAN5
 2. Install the CNI plugins with install-cni-plugins.sh
 3. Update your on_boot.sh to include the commands in udm-files/on_boot.sh.  You can leave out the iptables stuff if you don't want to DNAT all DNS calls to your PiHole
 4. Execute on_boot.sh
 5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration.  They are mounted as volumes in the commmand below.
 ```
 podman run -d --network dns \
    --name pihole \
    -e TZ="America/Los Angeles" \
    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 --dns=1.1.1.1 \
    --hostname pi.hole \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e ServerIP="10.0.5.3" \
    pihole/pihole:latest
 ```
 6. Set pihole password
 ```
 podman exec -it pihole pihole -a -p YOURNEWPASSHERE
 ```
 6. Update your DNS Servers to 10.0.5.3 in all your DHCP configs.
 7. Access the pihole like you would normally.  http://10.0.5.3/
--- a/run-pihole/install-cni-plugins.sh
+++ b/run-pihole/install-cni-plugins.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 curl -L https://github.com/containernetworking/plugins/releases -o cni.tgz
 mkdir -p /mnt/data/podman/cni/
 tar xf cni.tgz /mnt/data/podman/cni/
--- a/run-pihole/udm-files/20-dns.conflist
+++ b/run-pihole/udm-files/20-dns.conflist
@ -0,0 +1,26 @@
 {
  "cniVersion": "0.4.0",
  "name": "dns",
  "plugins": [
    {
      "type": "macvlan",
      "mode": "bridge",
      "master": "br5",
      "ipam": {
        "type": "static",
        "addresses": [
          {
            "address": "10.0.5.3/24",
            "gateway": "10.0.5.1"
          }
        ],
        "dns":  {
                       "nameservers": ["127.0.0.1","10.0.0.1"]
               },
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]
      }
    }
  ]
 }
--- a/run-pihole/udm-files/on_boot.sh
+++ b/run-pihole/udm-files/on_boot.sh
@ -0,0 +1,19 @@
 #!/bin/sh
 mkdir -p /opt/cni
 ln -s /mnt/data/podman/cni/ /opt/cni/bin
 ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
 ip link add br5.mac link br5 type macvlan mode bridge
 ip addr add 10.0.5.2/24 dev br5.mac
 ip link set br5.mac up
 ip route add 10.0.5.3/32 dev br5.mac proto static scope link
 podman start pihole
 #Adjust these rules to your setup
 iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 iptables -t nat -C PREROUTING -i br10 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br10 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 iptables -t nat -C PREROUTING -i br10 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br10 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
		`@ -0,0 +1,3 @@`
							`#!/bin/sh`
							`podman start wpa_supplicant-udmpro`
		`@ -0,0 +1,2 @@`
							`#!/bin/sh`
							`ssh root@ubnt '/mnt/data/on_boot.sh'`