daily autocommit

5 years ago · d3eabcb678
parent c9c836561e
commit d3eabcb678
16 changed files with 128 additions and 27 deletions
--- a/.etckeeper
+++ b/.etckeeper
@ -601,6 +601,8 @@ maybe chmod 0755 'dhcp/.git/objects/18'
 maybe chmod 0444 'dhcp/.git/objects/18/85ed3cbc03eba3dc2440435189540340338889'
 maybe chmod 0755 'dhcp/.git/objects/1e'
 maybe chmod 0444 'dhcp/.git/objects/1e/af530529e64ffc8337a67a5141bb4878d3ce7c'
+maybe chmod 0755 'dhcp/.git/objects/22'
+maybe chmod 0444 'dhcp/.git/objects/22/1ced2a48e038e41a847dac9d869c5b27600045'
 maybe chmod 0755 'dhcp/.git/objects/3b'
 maybe chmod 0444 'dhcp/.git/objects/3b/d38dcc122be1859f47e083e24af89820df27e6'
 maybe chmod 0755 'dhcp/.git/objects/47'
@ -629,6 +631,8 @@ maybe chmod 0755 'dhcp/.git/objects/a9'
 maybe chmod 0444 'dhcp/.git/objects/a9/eff0800f0c85706e4ae8a7472ce2e2d1db5c04'
 maybe chmod 0755 'dhcp/.git/objects/b0'
 maybe chmod 0444 'dhcp/.git/objects/b0/194cd648bd47c73e78ce5e89de83d57cb5c471'
+maybe chmod 0755 'dhcp/.git/objects/b4'
+maybe chmod 0444 'dhcp/.git/objects/b4/b46470257f7d5e6229d78dab89c09a9651162c'
 maybe chmod 0755 'dhcp/.git/objects/b7'
 maybe chmod 0444 'dhcp/.git/objects/b7/7b713acfb1a0437f438b20a71fbdbba4d9d288'
 maybe chmod 0444 'dhcp/.git/objects/b7/8a7c0610b5de094961bf2b6d492a80b6c53810'
@ -650,6 +654,8 @@ maybe chmod 0755 'dhcp/.git/objects/e7'
 maybe chmod 0444 'dhcp/.git/objects/e7/67214abab058ee2af123641d9fa94d45c05054'
 maybe chmod 0755 'dhcp/.git/objects/e9'
 maybe chmod 0444 'dhcp/.git/objects/e9/d158fe37c5e3c5f2566359e91f8af0af92edae'
+maybe chmod 0755 'dhcp/.git/objects/f0'
+maybe chmod 0444 'dhcp/.git/objects/f0/08ffdb9148b9d430c6806fb1c9b3caa11b6991'
 maybe chmod 0755 'dhcp/.git/objects/f3'
 maybe chmod 0444 'dhcp/.git/objects/f3/950790d5f3de2cdb5f29882cc2c843bb68b5db'
 maybe chmod 0755 'dhcp/.git/objects/f4'
@ -692,6 +698,7 @@ maybe chmod 0644 'dhcpcd.duid'
 maybe chmod 0644 'dnsmasq.conf'
 maybe chmod 0755 'dnsmasq.d'
 maybe chmod 0644 'dnsmasq.d/01-pihole.conf'
+maybe chmod 0644 'dnsmasq.d/02-custom.conf'
 maybe chmod 0644 'dphys-swapfile'
 maybe chmod 0755 'dpkg'
 maybe chmod 0644 'dpkg/dpkg.cfg'
@ -6051,6 +6058,7 @@ maybe chmod 0644 'nginx/scgi_params'
 maybe chmod 0755 'nginx/sites-available'
 maybe chmod 0644 'nginx/sites-available/default'
 maybe chmod 0644 'nginx/sites-available/novnc'
+maybe chmod 0644 'nginx/sites-available/pihole'
 maybe chmod 0644 'nginx/sites-available/rss'
 maybe chmod 0644 'nginx/sites-available/rush'
 maybe chmod 0644 'nginx/sites-available/slim'
@ -6174,6 +6182,7 @@ maybe chown 'pihole' 'pihole/regex.list'
 maybe chgrp 'www-data' 'pihole/regex.list'
 maybe chmod 0664 'pihole/regex.list'
 maybe chmod 0644 'pihole/setupVars.conf'
+maybe chmod 0644 'pihole/setupVars.conf.update.bak'
 maybe chmod 0644 'pihole/whitelist.txt'
 maybe chmod 0644 'pip.conf'
 maybe chmod 0755 'plymouth'
@ -6324,7 +6333,6 @@ maybe chmod 0644 'subuid-'
 maybe chmod 0440 'sudoers'
 maybe chmod 0755 'sudoers.d'
 maybe chmod 0440 'sudoers.d/010_at-export'
-maybe chmod 0440 'sudoers.d/010_pi-nopasswd'
 maybe chmod 0440 'sudoers.d/README'
 maybe chmod 0440 'sudoers.d/pihole'
 maybe chmod 0644 'sysctl.conf'
--- a/bind/named.conf.local
+++ b/bind/named.conf.local
@ -9,17 +9,11 @@
 zone "natalieandjoshua.com" {
 	type slave;
 	file "/var/cache/bind/db.natalieandjoshua";
-	masters { 10.3.14.15; };
-};
-
-zone "blackhole" {
-	type slave;
-	file "/var/cache/bind/db.blackhole";
-	masters { 10.3.14.15; };
+	masters port 8053 { 10.3.14.15; };
 };

 zone "10.in-addr.arpa" {
 	type slave;
 	file "/var/cache/bind/db.10.42";
-	masters { 10.3.14.15; };
+	masters port 8053 { 10.3.14.15; };
 };
--- a/bind/named.conf.options
+++ b/bind/named.conf.options
@ -23,7 +23,9 @@ options {
 	dnssec-validation auto;

 	auth-nxdomain no;    # conform to RFC1035
-	listen-on { any; };
+	listen-on-v6 {none;};
+	listen-on { 127.0.0.1; };
+	listen-on port 8053 {any;};
 	allow-notify { 10.3.14.15; };
 	transfer-source 10.3.14.92;
 };
--- a/cron.d/pihole
+++ b/cron.d/pihole
@ -18,7 +18,7 @@
 #          early morning. Download any updates from the adlists
 #          Squash output to log, then splat the log to stdout on error to allow for
 #          standard crontab job error handling.
-23 3   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
+9 4   * * 7   root    PATH="$PATH:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log

 # Pi-hole: Flush the log daily at 00:00
 #          The flush script will use logrotate if available
@ -32,5 +32,5 @@
 */10 *  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker local

 # Pi-hole: Grab remote version every 24 hours
-51 16  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
+51 17  * * *   root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote
@reboot root    PATH="$PATH:/usr/local/bin/" pihole updatechecker remote reboot
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9bb6f52cb636a4c88603aef0dcd558ebe53b24ec
+Subproject commit f008ffdb9148b9d430c6806fb1c9b3caa11b6991
--- a/dnsmasq.d/01-pihole.conf
+++ b/dnsmasq.d/01-pihole.conf
@ -43,6 +43,7 @@ log-async
 # This fixes a security hole. see CERT Vulnerability VU#598349
 dhcp-name-match=set:wpad-ignore,wpad
 dhcp-ignore-names=tag:wpad-ignore
-server=127.0.0.1
-server=127.0.0.1
+server=127.0.0.1#53
+server=127.0.0.1#53
+domain-needed
 interface=eth0
--- a/dnsmasq.d/02-custom.conf
+++ b/dnsmasq.d/02-custom.conf
@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=lo
--- a/nginx/sites-available/pihole
+++ b/nginx/sites-available/pihole
@ -0,0 +1,47 @@
+server {
+    listen  443 ssl;
+    server_name rss.natalieandjoshua.com;
+    root /var/www/html;
+    index index.php index.html index.htm;
+    ssl_certificate           /etc/dehydrated/certs/rss.natalieandjoshua.com/fullchain.pem;
+    ssl_certificate_key       /etc/dehydrated/certs/rss.natalieandjoshua.com/privkey.pem;
+    ssl_protocols             TLSv1.2 TLSv1 TLSv1.1;
+
+    error_log /var/log/nginx/rss.error;
+    access_log /var/log/nginx/rss.access;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+
+        autoindex off;
+
+        index pihole/index.php index.php index.html index.htm;
+
+
+        location /*.js {
+                index pihole/index.js;
+        }
+
+        location /admin {
+                root /var/www/html;
+                index index.php index.html index.htm;
+        }
+
+        location ~ /\.ht {
+                deny all;
+        }
+
+   location ~* \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        include       fastcgi_params;
+        fastcgi_pass  unix:/run/php/php7.3-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_buffer_size 16k;
+        fastcgi_buffers 4 16k;
+   }
+
+}
--- a/nginx/sites-available/rss
+++ b/nginx/sites-available/rss
@ -14,7 +14,41 @@ server {
    access_log /var/log/nginx/rss.access;

    location / {
-        try_files $uri $uri/ /index.php;
+        try_files $uri $uri/ /index.php =404;
    }

+
+        autoindex off;
+
+        index pihole/index.php index.php index.html index.htm;
+
+
+        location /*.js {
+                index pihole/index.js;
+                auth_basic "Restricted"; #For Basic Auth
+                auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
+        }
+
+        location /admin {
+                root /var/www/html;
+                index index.php index.html index.htm;
+                auth_basic "Restricted"; #For Basic Auth
+                auth_basic_user_file /etc/nginx/.htpasswd;  #For Basic Auth
+        }
+
+        location ~ /\.ht {
+                deny all;
+        }
+
+   location ~* \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        include       fastcgi_params;
+        fastcgi_pass  unix:/run/php/php7.3-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_buffer_size 16k;
+        fastcgi_buffers 4 16k;
+   }
+
 }
--- a/nginx/sites-enabled/pihole
+++ b/nginx/sites-enabled/pihole
@ -0,0 +1 @@
+../sites-available/pihole
--- a/nginx/sites-enabled/rss
+++ b/nginx/sites-enabled/rss
@ -1 +0,0 @@
-../sites-available/rss
--- a/pihole/GitHubVersions
+++ b/pihole/GitHubVersions
@ -1 +1 @@
-  
+v4.3.1 v4.3 v4.3.1
--- a/pihole/install.log
+++ b/pihole/install.log
--- a/pihole/setupVars.conf
+++ b/pihole/setupVars.conf
@ -1,11 +1,16 @@
+BLOCKING_ENABLED=true
 PIHOLE_INTERFACE=eth0
 IPV4_ADDRESS=10.3.14.92/10
 IPV6_ADDRESS=
-PIHOLE_DNS_1=127.0.0.1
-PIHOLE_DNS_2=127.0.0.1
 QUERY_LOGGING=true
 INSTALL_WEB_SERVER=false
 INSTALL_WEB_INTERFACE=true
 LIGHTTPD_ENABLED=false
-WEBPASSWORD=4755d509df266ebbb1fe61d5363a2e71aea6a48f96907020e0e9464d1328a005
-BLOCKING_ENABLED=true
+WEBPASSWORD=db7ee491a7432b842ef6fb2d7dd2cad174b223b9496da3552873dfb5cffc60fa
+DNSMASQ_LISTENING=single
+PIHOLE_DNS_1=127.0.0.1#53
+PIHOLE_DNS_2=127.0.0.1#53
+DNS_FQDN_REQUIRED=true
+DNS_BOGUS_PRIV=false
+DNSSEC=false
+CONDITIONAL_FORWARDING=false
--- a/pihole/setupVars.conf.update.bak
+++ b/pihole/setupVars.conf.update.bak
@ -0,0 +1,11 @@
+PIHOLE_INTERFACE=eth0
+IPV4_ADDRESS=10.3.14.92/10
+IPV6_ADDRESS=
+PIHOLE_DNS_1=127.0.0.1
+PIHOLE_DNS_2=127.0.0.1
+QUERY_LOGGING=true
+INSTALL_WEB_SERVER=false
+INSTALL_WEB_INTERFACE=true
+LIGHTTPD_ENABLED=false
+WEBPASSWORD=4755d509df266ebbb1fe61d5363a2e71aea6a48f96907020e0e9464d1328a005
+BLOCKING_ENABLED=true
--- a/sudoers.d/010_pi-nopasswd
+++ b/sudoers.d/010_pi-nopasswd
@ -1 +0,0 @@
-pi ALL=(ALL) NOPASSWD: ALL