Modularization updates (#12)

* Store install-cni-plugins.sh once * Newlines in on-boot-script * Update example on_boot.sh for directory * Update README.md examples * Store 20-dns.conflist once * Add modularized nextdns config w/IPv6 support * Make nextdns script more generic * Use common setup script for each dns service * Add missing newlines * Readme updates and ipv6 support * Readme updates and ipv6 support * Final updates and Ipv6 Co-authored-by: exodious <exodious@users.noreply.github.com>
2024-08-30 18:32:21 +00:00 · 2020-06-28 06:02:50 -07:00 · 2020-06-28 06:02:50 -07:00 · ccba186f6e
commit ccba186f6e
parent 8fb14cb538
23 changed files with 306 additions and 271 deletions
--- a/AdguardHome/README.md
+++ b/AdguardHome/README.md
@ -5,43 +5,32 @@
 2. Persists through reboots and firmware updates.
 ### Requirements
-1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
+1. You have setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
-2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this)
+2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this). It needs 2 folders, a Work and Configuration folder. Please create the 2 folders in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir"
-It needs 2 folders, a Work and Configuration folder. Plese create the 2 folder in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir"
+3. The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
 The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
 ### Customization
-* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh).  The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
+* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
-* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist), also update all the ips accordingly
+* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
 * If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 ### Steps
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/install-cni-plugins.sh) on your UDM
+1. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) symlink).  This will create your podman macvlan network
+1. Execute /mnt/data/on_boot.d/10-dns.sh
-4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh).  You can leave out the iptables rules if you don't want to DNAT all DNS calls to your AdGuard instance
+1. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-5. Execute on_boot.sh
+1. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration.  They are mounted as volumes in the command below.
 6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration.  They are mounted as volumes in the command below.
-```
+    ```shell script
-podman run -d --network dns --restart always  \
+    podman run -d --network dns --restart always  \
-    --name adguardhome \
+        --name adguardhome \
-    -v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
+        -v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
-    -v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
+        -v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
-    --dns=127.0.0.1 --dns=1.1.1.1 \
+        --dns=127.0.0.1 --dns=1.1.1.1 \
-    --hostname adguardhome \
+        --hostname adguardhome \
-    adguard/adguardhome:arm64-latest
+        adguard/adguardhome:arm64-latest
-```
+    ```
-7. Change on_boot.sh line 17
+7. Browse to 10.0.5.3:3000 and follow the setup wizard
-From
+8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
-```
+9. Access the AdguardHome like you would normally.
 #podman start AdguardHome
 ```
 To
 ```
 podman start AdguardHome
 ```
 This makes sure that the AdguardHome container will start after reboot of UDM. 
 8. Browse to 10.0.5.3:3000 and follow the setup wizard
 9. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
 10. Access the AdguardHome like you would normally.
--- a/AdguardHome/udm-files/on_boot.sh
+++ b/AdguardHome/udm-files/on_boot.sh
@ -1,24 +0,0 @@
 #!/bin/sh
 mkdir -p /opt/cni
 ln -s /mnt/data/podman/cni/ /opt/cni/bin
 ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Create a new bridge interface so the host can talk to containers inside the podman macvlan network
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
 ip link set br5 promisc on
 ip link add br5.mac link br5 type macvlan mode bridge
 ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
 ip link set br5.mac up
 ip route add 10.0.5.3/32 dev br5.mac
 #Remove the # on the line below when Docker container is deployed. 
 #podman start adguardhome
 # Uncomment and adjust these rules if you want to use DNAT to force DNS to this container.
 # iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
--- a/README.md
+++ b/README.md
@ -4,6 +4,9 @@ A collection of things to enhance the capabilities of your Unifi Dream Machine o
 ### on-boot-script
 Run any commands when your UDM starts.
 ### dns-common
 Configurations for DNS containers, both IPv4 and IPv6
 ### run-pihole
 Run pihole on your UDM with podman.  Utilizes macvlan cni plugins to completely isolate the network stack
--- a/AdguardHome/udm-files/20-dns.conflist
+++ b/AdguardHome/udm-files/20-dns.conflist
--- a/nextdns/udm-files/20-dns.conflist
+++ b/nextdns/udm-files/20-dns.conflist
@ -12,10 +12,14 @@
          {
            "address": "10.0.5.3/24",
            "gateway": "10.0.5.1"
-          }
+          },
          {
              "address": "fd62:89a2:fda9:e23::2/64",
              "gateway": "fd62:89a2:fda9:e23::1"
            }
        ],
        "routes": [
-          {"dst": "0.0.0.0/0"}
+          {"dst": "0.0.0.0/0"},{"dst": "::/0"}
        ]
      }
    }
--- a/cni-plugins/install-cni-plugins.sh
+++ b/cni-plugins/install-cni-plugins.sh
@ -1,4 +1,5 @@
 #!/bin/sh
 curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
 mkdir -p /mnt/data/podman/cni/
 tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/
--- a/dns-common/on_boot.d/10-dns.sh
+++ b/dns-common/on_boot.d/10-dns.sh
@ -0,0 +1,98 @@
 #!/bin/sh
 ## configuration variables:
 VLAN=5
 IPV4_IP="10.0.5.3"
 IPV4_GW="10.0.5.1/24"
 # if you want IPv6 support, generate a ULA, select an IP for the dns server
 # and an appropriate gateway address on the same /64 network. Make sure that
 # the 20-dns.conflist is updated appropriately. It will need the IP and GW
 # added along with a ::/0 route. Also make sure that additional --dns options
 # are passed to podman with your IPv6 DNS IPs when deploying the container for
 # the first time. You will also need to configure your VLAN to have a static
 # IPv6 block.
 # IPv6 Also works with Prefix Delegation from your provider. The gateway is the
 # IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
 # isn't serving
 IPV6_IP=""
 IPV6_GW=""
 # set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
 # re-routed through the DNS container. separate interfaces with spaces.
 # e.g. "br0" or "br0 br1" etc.
 FORCED_INTFC=""
 # container name; e.g. nextdns, pihole, adguardhome, etc.
 CONTAINER=nextdns
 ## network configuration and startup:
 CNI_PATH=/mnt/data/podman/cni
 if [ ! -f "$CNI_PATH"/macvlan ]
 then
    mkdir -p $CNI_PATH
    curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
 fi
 mkdir -p /opt/cni
 ln -s $CNI_PATH /opt/cni/bin
 for file in "$CNI_PATH"/*.conflist
 do
    if [ -f "$file" ]; then
        ln -s "$file" "/etc/cni/net.d/$(basename "$file")"
    fi
 done
 # set VLAN bridge promiscuous
 ip link set br${VLAN} promisc on
 # create macvlan bridge and add IPv4 IP
 ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
 ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
 # (optional) add IPv6 IP to VLAN bridge macvlan bridge
 if [ -n "${IPV6_GW}" ]; then
  ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
 fi
 # set macvlan bridge promiscuous and bring it up
 ip link set br${VLAN}.mac promisc on
 ip link set br${VLAN}.mac up
 # add IPv4 route to DNS container
 ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
 # (optional) add IPv6 route to DNS container
 if [ -n "${IPV6_IP}" ]; then
  ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
 fi
 if podman container exists ${CONTAINER}; then
  podman start ${CONTAINER}
 else
  echo "Container $CONTAINER not found, make sure you set the proper name, if you have you can ignore this error"
 fi
 # (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
 for intfc in ${FORCED_INTFC}; do
  if [ -d "/sys/class/net/${intfc}" ]; then
    for proto in udp tcp; do
      prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
      iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
      postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
      iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
      # (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
      if [ -n "${IPV6_IP}" ]; then
        prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
        ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
        postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
        ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
      fi
    done
  fi
 done
--- a/nextdns/README.md
+++ b/nextdns/README.md
@ -7,24 +7,25 @@
 4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config.
 ### Requirements
-1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
+1. You have already setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
 2. NextDNS persists through firmware updates. The on-boot script does not.  If you update your firmware, setup on-boot again and everything should work.
 ### Customization
-* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
+* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container. 
 * If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
 * The NextDNS docker image is not supported by NextDNS. It is built out of this repo.  If you make any enhancements please contribute back via a Pull Request.
-* If  you want to inject custom DNS names into NextDNS use --add-host docker commands.  The /etc/resolv.conf and /etc/hosts is  generated from that and --dns.
+* If you want to inject custom DNS names into NextDNS use --add-host docker commands.  The /etc/resolv.conf and /etc/hosts is  generated from that and --dns.
 * Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
 * If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 ### Docker
-The offical repo is boostchicken/nextdns-udm.  Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
+The official repo is boostchicken/nextdns-udm.  Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
 The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations
-```
+```shell script
 podman build . -t nextdns-udm:latest
 ```
 Building from another device is possible.  You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
-```
+```shell script
 docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
 ```
@ -32,22 +33,20 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
 If you have already installed PiHole, skip right to step 6.
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM
+2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink).  This will create your podman macvlan network
+3. Execute /mnt/data/on_boot.d/10-dns.sh
-4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh).  You can leave out the iptables rules if you don't want to DNAT all DNS calls to NextDNS
+4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-5. Execute on_boot.sh
+5. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
-6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
+6. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
-7. Run the NextDNS docker container.  Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
+    ```shell script
-```
+     podman run -d -it --privileged --network dns --restart always  \
- podman run -d -it --privileged --network dns --restart always  \
+        --name nextdns \
-    --name nextdns \
+        -v "/mnt/data/nextdns/:/etc/nextdns/" \
-    -v "/mnt/data/nextdns/:/etc/nextdns/" \
+        -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
-    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
+        --mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
-    --mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
+        --dns=45.90.28.163 --dns=45.90.30.163 \
-    --dns=45.90.28.163 --dns=45.90.30.163 \
+        --hostname nextdns \
-    --hostname nextdns \
+        boostchicken/nextdns-udm:latest
-    boostchicken/nextdns-udm:latest
+    ```
-```
+7. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
-Note: 
+
 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
 9. Uncomment ```podman start nextdns``` in on_boot.sh
--- a/nextdns/docker/Dockerfile
+++ b/nextdns/docker/Dockerfile
@ -8,4 +8,4 @@ RUN apk add --no-cache ca-certificates \
    && rm /tmp/nextdns.tar.gz
 EXPOSE 53/tcp 53/udp
 ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]
-CMD []
+CMD []
--- a/nextdns/install-cni-plugins.sh
+++ b/nextdns/install-cni-plugins.sh
@ -1,5 +0,0 @@
 #!/bin/sh
 curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
 mkdir -p /mnt/data/podman/cni/
 tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/
 rm /tmp/cni.tgz
--- a/nextdns/udm-files/on_boot.sh
+++ b/nextdns/udm-files/on_boot.sh
@ -1,25 +0,0 @@
 #!/bin/sh
 mkdir -p /opt/cni
 ln -s /mnt/data/podman/cni/ /opt/cni/bin
 ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
 ip link set br5 promisc on
 ip link add br5.mac link br5 type macvlan mode bridge
 ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
 ip link set br5.mac up
 ip route add 10.0.5.3/32 dev br5.mac
 # Remove the # on the line below when Docker container is deployed.
 #podman start nextdns
 # optional if you dont want to force everything through nextdns. also add anymore bridges for other networks (br5, 10 etc), un comment if you want to use them
 # iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
 # iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE
--- a/on-boot-script/README.md
+++ b/on-boot-script/README.md
@ -1,75 +1,69 @@
 # UDM / UDMPro Boot Script
 ### Features
 1. Allows you to run a shell script at S95 anytime your UDM starts / reboots
 1. Persists through reboot
 1. Must be re-done after firmware updates
-### Compatiblity
+### Compatibility
 1. Should work on any UDM/UDMPro after 1.6.3
-2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4
+2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4, 1.7.3rc1
 ## Steps
 # 1. Make your script on the UDM/UDMPRO
 ```
 vi /mnt/data/on_boot.sh 
 chmod u+x /mnt/data/on_boot.sh
 ```
 Example: see examples/udm-files/on_boot.sh
 ```
 #!/bin/sh
 podman start wpa_supplicant-udmpro
-iptables -t nat -C PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
+### Automated Setup
 iptables -t nat -C PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
 iptables -t nat -C POSTROUTING -j MASQUERADE || iptables -t nat -A POSTROUTING -j MASQUERADE
 ```
 1. Copy [install.sh](install.sh) to your UDM and execute it
 1. Copy any shell scripts you want to run to /mnt/data/on_boot.d and make sure they are executable and have the correct shebang (#!/bin/sh)
    Examples: 
    * Start a DNS Container [10-dns.sh](../dns-common/on_boot.d/10-dns.sh)
    * Start wpa_supplicant [on_boot.d/10-wpa_supplicant.sh](examples/udm-files/on_boot.d/10-wpa_supplicant.sh)
-# 2. Make the unifios docker container execute this script on startup, this has to be done after every firmware update.  It does persist through reboots.
+### Manual Setup
-## Automatic
+1. Copy on_boot.sh and make on_boot.d and add scripts to on_boot.d
    ```shell script
    mkdir -p /mnt/data/on_boot.d
    vi /mnt/data/on_boot.sh 
    chmod u+x /mnt/data/on_boot.sh
    ```
    Example: [on_boot.sh](examples/udm-files/on_boot.sh)
-1. Copy install.sh and install-unifios.sh to your UDM
+1. Enter the container shell
-2. Execute install.sh
+    ```shell script 
    unifi-os shell
    ```
 1. make a script that sshs to the udm and runs on our boot script. 127.0.1.1 always points to the UDM
    ```shell script 
    echo "#!/bin/sh
    ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh
    chmod u+x /etc/init.d/udm.sh
    ```
    Example: [udm.sh](examples/unifi-os-files/udm.sh)
 1. make a service that runs on startup, after we have networking
    ```shell script 
    echo "[Unit]
    Description=Run On Startup UDM
    After=network.target
    [Service]
    ExecStart=/etc/init.d/udm.sh
    [Install]
    WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
    ```
    Example: [udmboot.service](examples/unifi-os-files/udmboot.service)
-## Manual
+1. enable it and test
-```
+    ```shell script 
-podman exec -it unifi-os sh
+    systemctl enable udmboot
-```
+    systemctl start udmboot
-### make a script that sshs to the udm and runs on our boot script
+    ```
-Example: examples/unifi-os-files/udm.sh
+1. back to the udm
-```
+    ```shell script 
-echo "#!/bin/sh
+    exit
-ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh # 127.0.1.1 always points to the UDM
+    ```
-```
+1. reboot your udm/udmpro and make sure it worked
-#### make said script executable
+    ```shell script
-```
+    reboot
-chmod u+x /etc/init.d/udm.sh
+    exit
-```
+    ```
 ### make a service that runs on startup, after we have networking
 Example: examples/unifi-os-files/udmboot.service
 ```
 echo "[Unit]
 Description=Run On Startup UDM
 After=network.target
 [Service]
 ExecStart=/etc/init.d/udm.sh
 [Install]
 WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
 ```
 ### enable it and test
 ```
 systemctl enable udmboot
 systemctl start udmboot
 ```
 ### back to the udm
 ```
 exit
 ```
 # reboot your udm/udmpro and make sure it worked
 ```
 reboot
 exit
 ```
--- a/on-boot-script/examples/udm-files/on_boot.d/10-wpa_supplicant.sh
+++ b/on-boot-script/examples/udm-files/on_boot.d/10-wpa_supplicant.sh
@ -0,0 +1,7 @@
 #!/bin/sh
 ## create files like this with different numbers for execution order
 ## ala /etc/profile.d
 ## example command to run, please replace with your own.
 podman start wpa_supplicant-udmpro
--- a/on-boot-script/examples/udm-files/on_boot.sh
+++ b/on-boot-script/examples/udm-files/on_boot.sh
@ -1,5 +1,9 @@
 #!/bin/sh
-## example command to run, please replace with your own.
+if [ -d /mnt/data/on_boot.d ]; then
-podman start wpa_supplicant-udmpro
+    for i in /mnt/data/on_boot.d/*.sh; do
-
+        if [ -r $i ]; then
            . $i
        fi
    done
 fi
--- a/on-boot-script/examples/unifi-os-files/udm.sh
+++ b/on-boot-script/examples/unifi-os-files/udm.sh
@ -1,2 +1,3 @@
 #!/bin/sh
 ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'
--- a/on-boot-script/install-unifios.sh
+++ b/on-boot-script/install-unifios.sh
@ -1,4 +1,5 @@
 #!/bin/sh
 echo "#!/bin/sh
 ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh
 chmod u+x /etc/init.d/udm.sh
@ -14,4 +15,4 @@ ExecStart=/etc/init.d/udm.sh
 WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
 systemctl enable udmboot
-systemctl start udmboot
+systemctl start udmboot
--- a/on-boot-script/install.sh
+++ b/on-boot-script/install.sh
@ -1,3 +1,45 @@
-podman cp install-unifios.sh unifi-os:/root/install-unifios.sh
+#!/bin/sh
-podman exec unifi-os chmod +x /root/install-unifios.sh
+
-podman exec unifi-os sh -c /root/install-unifios.sh
+echo "Creating on boot script on device"
 echo '#!/bin/sh
 if [ -d /mnt/data/on_boot.d ]; then
    for i in /mnt/data/on_boot.d/*.sh; do
        if [ -r $i ]; then
            . $i
        fi
    done
 fi
 ' > /mnt/data/on_boot.sh
 chmod u+x /mnt/data/on_boot.sh
 mkdir -p /mnt/data/on_boot.d
 echo "Creating script to modify unifios container"
 echo '#!/bin/sh
 echo "#!/bin/sh
 ssh -o StrictHostKeyChecking=no root@127.0.1.1 ''/mnt/data/on_boot.sh''" > /etc/init.d/udm.sh
 chmod u+x /etc/init.d/udm.sh
 echo "[Unit]
 Description=Run On Startup UDM
 After=network.target
 [Service]
 ExecStart=/etc/init.d/udm.sh
 [Install]
 WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
 systemctl enable udmboot
 systemctl start udmboot
 ' > /tmp/install-unifios.sh
 podman cp /tmp/install-unifios.sh unifi-os:/root/install-unifios.sh
 podman exec -it unifi-os chmod +x /root/install-unifios.sh
 echo "Executing container modifications"
 podman exec -it unifi-os sh -c /root/install-unifios.sh
 rm /tmp/install-unifios.sh
 echo "Installed on_boot hook. Populate /mnt/data/on_boot.d with scripts to run"
--- a/python/install_pip.sh
+++ b/python/install_pip.sh
@ -8,4 +8,4 @@ python get-pip.py
 ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/local/bin/pip3 /usr/bin/pip
 rm /usr/lib64/libssl.so.1.1
-rm /usr/lib64/libcrypto.so.1.1
+rm /usr/lib64/libcrypto.so.1.1
--- a/python/on_boot.d/20-python.sh
+++ b/python/on_boot.d/20-python.sh
--- a/run-pihole/README.md
+++ b/run-pihole/README.md
@ -5,45 +5,44 @@
 2. Persists through reboots and firmware updates.
 ### Requirements
-1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
+1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
 2. PiHole persists through firmware updates. The on-boot script does not.  If you update your firmware, setup on-boot again and everything should work.
 ### Customization
-* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh).  The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
+* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
-* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist), also update all the ips accordingly
+* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
 * If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
 ### Steps
 1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
-2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/install-cni-plugins.sh) on your UDM
+2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) symlink).  This will create your podman macvlan network
+3. Execute /mnt/data/on_boot.d/10-dns.sh
-4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh).  You can leave out the iptables rules if you don't want to DNAT all DNS calls to your PiHole
+4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni.  This will create your podman macvlan network
-5. Execute on_boot.sh
+5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration.  They are mounted as volumes in the command below.
 6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration.  They are mounted as volumes in the command below.
-```
+    ```shell script
- podman run -d --network dns --restart always \
+     podman run -d --network dns --restart always \
-    --name pihole \
+        --name pihole \
-    -e TZ="America/Los Angeles" \
+        -e TZ="America/Los Angeles" \
-    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
+        -v "/mnt/data/etc-pihole/:/etc/pihole/" \
-    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
+        -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
-    --dns=127.0.0.1 --dns=1.1.1.1 \
+        --dns=127.0.0.1 --dns=1.1.1.1 \
-    --hostname pi.hole \
+        --hostname pi.hole \
-    -e VIRTUAL_HOST="pi.hole" \
+        -e VIRTUAL_HOST="pi.hole" \
-    -e PROXY_LOCATION="pi.hole" \
+        -e PROXY_LOCATION="pi.hole" \
-    -e ServerIP="10.0.5.3" \
+        -e ServerIP="10.0.5.3" \
-    -e IPv6="False" \
+        -e IPv6="False" \
-    pihole/pihole:latest
+        pihole/pihole:latest
-```
+    ```
-
+    
-The below errors are expected and acceptable
+    The below errors are expected and acceptable
-```
+    ```
-ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
+    ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
-ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory
+    ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory
-```
+    ```
 7. Set pihole password
-```
+    ```shell script
-podman exec -it pihole pihole -a -p YOURNEWPASSHERE
+    podman exec -it pihole pihole -a -p YOURNEWPASSHERE
-```
+    ```
 8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
 9. Access the pihole like you would normally.
 9. Uncomment ```podman start pihole``` in on_boot.sh
--- a/run-pihole/install-cni-plugins.sh
+++ b/run-pihole/install-cni-plugins.sh
@ -1,5 +0,0 @@
 #!/bin/sh
 curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
 mkdir -p /mnt/data/podman/cni/
 tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/
 rm /tmp/cni.tgz
--- a/run-pihole/udm-files/20-dns.conflist
+++ b/run-pihole/udm-files/20-dns.conflist
@ -1,23 +0,0 @@
 {
  "cniVersion": "0.4.0",
  "name": "dns",
  "plugins": [
    {
      "type": "macvlan",
      "mode": "bridge",
      "master": "br5",
      "ipam": {
        "type": "static",
        "addresses": [
          {
            "address": "10.0.5.3/24",
            "gateway": "10.0.5.1"
          }
        ],
        "routes": [
          {"dst": "0.0.0.0/0"}
        ]
      }
    }
  ]
 }
--- a/run-pihole/udm-files/on_boot.sh
+++ b/run-pihole/udm-files/on_boot.sh
@ -1,25 +0,0 @@
 #!/bin/sh
 mkdir -p /opt/cni
 ln -s /mnt/data/podman/cni/ /opt/cni/bin
 ln -s /mnt/data/podman/cni/20-dns.conflist  /etc/cni/net.d/20-dns.conflist
 # Create a new bridge interface so the host can talk to containers inside the podman macvlan network
 # Assumes your Podman network made in the controller is on VLAN 5
 # Adjust the IP to match the address in your cni configuration
 ip link set br5 promisc on
 ip link add br5.mac link br5 type macvlan mode bridge
 ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
 ip link set br5.mac promisc on
 ip link set br5.mac up
 ip route add 10.0.5.3/32 dev br5.mac
 # Remove the # on the line below when Docker container is deployed.
 #podman start pihole
 # Uncomment and adjust these rules if you want to use DNAT to force DNS to this container.
 # iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
 # iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
 # iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0  -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE
`@ -1,2 +1,3 @@`
	`#!/bin/sh`	`#!/bin/sh`

	`ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'`	`ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'`