From bf8e9b75b50b86e4c6e1f7886deab4fe89575578 Mon Sep 17 00:00:00 2001
From: John Dorman <dorman@ataxia.cloud>
Date: Sun, 28 Jun 2020 06:02:14 -0700
Subject: [PATCH] Final updates and Ipv6

---
 AdguardHome/README.md              | 11 ++---
 cni-plugins/20-dnsipv6.conflist    |  4 +-
 dns-common/on_boot.d/10-dns.sh     | 57 ++++++++++++++++-------
 dns-common/on_boot.d/10-dnsipv6.sh | 75 ------------------------------
 nextdns/README.md                  | 15 +++---
 on-boot-script/install.sh          |  5 +-
 run-pihole/README.md               | 11 ++---
 7 files changed, 62 insertions(+), 116 deletions(-)
 delete mode 100644 dns-common/on_boot.d/10-dnsipv6.sh

diff --git a/AdguardHome/README.md b/AdguardHome/README.md
index 8de6684..d13d1df 100644
--- a/AdguardHome/README.md
+++ b/AdguardHome/README.md
@@ -12,15 +12,14 @@
 ### Customization
 * Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
 * Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
-* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
+* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 
 ### Steps
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
-3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-5. Execute /mnt/data/on_boot.d/10-dns.sh
-6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration.  They are mounted as volumes in the command below.
+1. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
+1. Execute /mnt/data/on_boot.d/10-dns.sh
+1. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
+1. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration.  They are mounted as volumes in the command below.
 
     ```shell script
     podman run -d --network dns --restart always  \
diff --git a/cni-plugins/20-dnsipv6.conflist b/cni-plugins/20-dnsipv6.conflist
index 5d9654a..7e781d5 100644
--- a/cni-plugins/20-dnsipv6.conflist
+++ b/cni-plugins/20-dnsipv6.conflist
@@ -14,8 +14,8 @@
             "gateway": "10.0.5.1"
           },
           {
-              "address": "fd62:89a2:fda9:e23:0:0:0:2",
-              "gateway": "fd62:89a2:fda9:e23:0:0:0:1"
+              "address": "fd62:89a2:fda9:e23::2/64",
+              "gateway": "fd62:89a2:fda9:e23::1"
             }
         ],
         "routes": [
diff --git a/dns-common/on_boot.d/10-dns.sh b/dns-common/on_boot.d/10-dns.sh
index 5e7db6a..981673a 100644
--- a/dns-common/on_boot.d/10-dns.sh
+++ b/dns-common/on_boot.d/10-dns.sh
@@ -10,7 +10,12 @@ IPV4_GW="10.0.5.1/24"
 # the 20-dns.conflist is updated appropriately. It will need the IP and GW
 # added along with a ::/0 route. Also make sure that additional --dns options
 # are passed to podman with your IPv6 DNS IPs when deploying the container for
-# the first time.
+# the first time. You will also need to configure your VLAN to have a static
+# IPv6 block.
+
+# IPv6 Also works with Prefix Delegation from your provider. The gateway is the
+# IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
+# isn't serving
 IPV6_IP=""
 IPV6_GW=""
 
@@ -23,10 +28,22 @@ FORCED_INTFC=""
 CONTAINER=nextdns
 
 ## network configuration and startup:
+CNI_PATH=/mnt/data/podman/cni
+if [ ! -f "$CNI_PATH"/macvlan ]
+then
+    mkdir -p $CNI_PATH
+    curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
+fi
 
 mkdir -p /opt/cni
-ln -s /mnt/data/podman/cni/ /opt/cni/bin
-ln -s /mnt/data/podman/cni/20-dnsipv6.conflist /etc/cni/net.d/20-dnsipv6.conflist
+ln -s $CNI_PATH /opt/cni/bin
+
+for file in "$CNI_PATH"/*.conflist
+do
+    if [ -f "$file" ]; then
+        ln -s "$file" "/etc/cni/net.d/$(basename "$file")"
+    fi
+done
 
 # set VLAN bridge promiscuous
 ip link set br${VLAN} promisc on
@@ -52,24 +69,30 @@ if [ -n "${IPV6_IP}" ]; then
   ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
 fi
 
-podman container exists ${CONTAINER} && podman start ${CONTAINER}
+if podman container exists ${CONTAINER}; then
+  podman start ${CONTAINER}
+else
+  echo "Container $CONTAINER not found, make sure you set the proper name, if you have you can ignore this error"
+fi
 
 # (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
 for intfc in ${FORCED_INTFC}; do
-  for proto in udp tcp; do
-    prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
-    iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
+  if [ -d "/sys/class/net/${intfc}" ]; then
+    for proto in udp tcp; do
+      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
+      iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
 
-    postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
-    iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
+      postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
+      iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
 
-    # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
-    if [ -n "${IPV6_IP}" ]; then
-      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
-      ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
+      # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
+      if [ -n "${IPV6_IP}" ]; then
+        prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
+        ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
 
-      postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
-      ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
-    fi
-  done
+        postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
+        ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
+      fi
+    done
+  fi
 done
diff --git a/dns-common/on_boot.d/10-dnsipv6.sh b/dns-common/on_boot.d/10-dnsipv6.sh
deleted file mode 100644
index b0afc5e..0000000
--- a/dns-common/on_boot.d/10-dnsipv6.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/sh
-
-## configuration variables:
-VLAN=5
-IPV4_IP="10.0.5.3"
-IPV4_GW="10.0.5.1/24"
-
-# if you want IPv6 support, generate a ULA, select an IP for the dns server
-# and an appropriate gateway address on the same /64 network. Make sure that
-# the 20-dns.conflist is updated appropriately. It will need the IP and GW
-# added along with a ::/0 route. Also make sure that additional --dns options
-# are passed to podman with your IPv6 DNS IPs when deploying the container for
-# the first time.
-IPV6_IP="fd62:89a2:fda9:e23:0:0:0:2"
-IPV6_GW="fd62:89a2:fda9:e23:0:0:0:1"
-
-# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
-# re-routed through the DNS container. separate interfaces with spaces.
-# e.g. "br0" or "br0 br1" etc.
-FORCED_INTFC=""
-
-# container name; e.g. nextdns, pihole, adguardhome, etc.
-CONTAINER=nextdns
-
-## network configuration and startup:
-
-mkdir -p /opt/cni
-ln -s /mnt/data/podman/cni/ /opt/cni/bin
-ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
-
-# set VLAN bridge promiscuous
-ip link set br${VLAN} promisc on
-
-# create macvlan bridge and add IPv4 IP
-ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
-ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
-
-# (optional) add IPv6 IP to VLAN bridge macvlan bridge
-if [ -n "${IPV6_GW}" ]; then
-  ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
-fi
-
-# set macvlan bridge promiscuous and bring it up
-ip link set br${VLAN}.mac promisc on
-ip link set br${VLAN}.mac up
-
-# add IPv4 route to DNS container
-ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
-
-# (optional) add IPv6 route to DNS container
-if [ -n "${IPV6_IP}" ]; then
-  ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
-fi
-
-podman container exists ${CONTAINER} && podman start ${CONTAINER}
-
-# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
-for intfc in ${FORCED_INTFC}; do
-  for proto in udp tcp; do
-    prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
-    iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
-
-    postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
-    iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
-
-    # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
-    if [ -n "${IPV6_IP}" ]; then
-      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
-      ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
-
-      postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
-      ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
-    fi
-  done
-done
diff --git a/nextdns/README.md b/nextdns/README.md
index db7a99e..4e13b4c 100644
--- a/nextdns/README.md
+++ b/nextdns/README.md
@@ -15,7 +15,7 @@
 * The NextDNS docker image is not supported by NextDNS. It is built out of this repo.  If you make any enhancements please contribute back via a Pull Request.
 * If you want to inject custom DNS names into NextDNS use --add-host docker commands.  The /etc/resolv.conf and /etc/hosts is  generated from that and --dns.
 * Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
-* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
+* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 
 ### Docker
 The official repo is boostchicken/nextdns-udm.  Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
@@ -33,12 +33,11 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
 If you have already installed PiHole, skip right to step 6.
 
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
-3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-5. Execute /mnt/data/on_boot.d/10-dns.sh
-6. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
-7. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
+2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
+3. Execute /mnt/data/on_boot.d/10-dns.sh
+4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
+5. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
+6. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
     ```shell script
      podman run -d -it --privileged --network dns --restart always  \
         --name nextdns \
@@ -49,5 +48,5 @@ If you have already installed PiHole, skip right to step 6.
         --hostname nextdns \
         boostchicken/nextdns-udm:latest
     ```
-8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
+7. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
 
diff --git a/on-boot-script/install.sh b/on-boot-script/install.sh
index 4439081..042d7ea 100644
--- a/on-boot-script/install.sh
+++ b/on-boot-script/install.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 echo "Creating on boot script on device"
-echo "#!/bin/sh
+echo '#!/bin/sh
 
 if [ -d /mnt/data/on_boot.d ]; then
     for i in /mnt/data/on_boot.d/*.sh; do
@@ -10,7 +10,8 @@ if [ -d /mnt/data/on_boot.d ]; then
         fi
     done
 fi
-" > /mnt/data/20-python.sh
+' > /mnt/data/on_boot.sh
+
 chmod u+x /mnt/data/on_boot.sh
 mkdir -p /mnt/data/on_boot.d
 
diff --git a/run-pihole/README.md b/run-pihole/README.md
index c51e053..1c47582 100644
--- a/run-pihole/README.md
+++ b/run-pihole/README.md
@@ -11,15 +11,14 @@
 ### Customization
 * Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
 * Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
-* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh)  and change the docker command to IPv6=True. Also, please provide IPv6 servers to podman using --dns arguments.
+* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 
 ### Steps
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
-3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-5. Execute /mnt/data/on_boot.d/10-dns.sh
-6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration.  They are mounted as volumes in the command below.
+2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
+3. Execute /mnt/data/on_boot.d/10-dns.sh
+4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
+5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration.  They are mounted as volumes in the command below.
 
     ```shell script
      podman run -d --network dns --restart always \