mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
feat: passwordless pihole admin interface
- Passwordless as it doesn't compromise security; - Firewall blocks access to the interface in case the pihole is exposed to the internet; - setupVars.conf needs to be 644 for non root commands to the pihole script to work, so the WEB_PASSWORD can be read as normal user, restricting root on pihole does not make sense, as it can modify the network setting via pihole web interface.
This commit is contained in:
parent
417843ba75
commit
692659e22d
@ -61,14 +61,9 @@ Pi-hole will be installed with these default settings:
|
||||
- Steven Black's Unified Hosts List is included
|
||||
- Query logging is enabled to show everything.
|
||||
|
||||
You can change these settings via the admin interface:
|
||||
You can change the settings via the admin interface:
|
||||
- URL: http://localhost/admin
|
||||
- default password: `UpSNQsy4`
|
||||
|
||||
You should change this password on first use by running in `sys-pihole`:
|
||||
```sh
|
||||
pihole -a -p
|
||||
```
|
||||
- There is no password (access allowed only through localhost)
|
||||
|
||||
If you want to view statistics or manage the server through a GUI, open
|
||||
`sys-pihole` or `sys-pihole-browser` desktop file `pihole-browser.desktop`
|
||||
@ -90,7 +85,7 @@ netvm chaining (will break tor's client stream isolation) as such:
|
||||
- qube -> sys-pihole -> Tor-gateway -> sys-firewall -> sys-net
|
||||
|
||||
If you encounter problems with DNS after having upstream netvm route changes,
|
||||
restart Pi-Hole DNS from `sys-pihole`:
|
||||
restart Pi-Hole DNS from `sys-pihole` and run the following as root:
|
||||
```sh
|
||||
pihole restartdns
|
||||
```
|
||||
|
@ -13,6 +13,6 @@ CACHE_SIZE=10000
|
||||
DNS_FQDN_REQUIRED=true
|
||||
DNS_BOGUS_PRIV=true
|
||||
DNSMASQ_LISTENING=local
|
||||
WEBPASSWORD=1832d74a8cd6d9b8cb0f9db646500f1ac9733d104ebbf9f9be157391fb051bfb
|
||||
WEBPASSWORD=
|
||||
BLOCKING_ENABLED=true
|
||||
WEBTHEME=default-dark
|
||||
|
@ -23,6 +23,12 @@ insert rule ip6 qubes custom-forward udp dport 53 drop
|
||||
|
||||
flush chain ip qubes custom-input
|
||||
flush chain ip6 qubes custom-input
|
||||
## Admin Web Interface
|
||||
insert rule ip qubes custom-input iifname != "lo" tcp dport 80 drop
|
||||
insert rule ip qubes custom-input iifname != "lo" udp dport 80 drop
|
||||
insert rule ip6 qubes custom-input iifname != "lo" tcp dport 80 drop
|
||||
insert rule ip6 qubes custom-input iifname != "lo" udp dport 80 drop
|
||||
## DNS
|
||||
insert rule ip qubes custom-input iifname "vif*" tcp dport 53 accept
|
||||
insert rule ip qubes custom-input iifname "vif*" udp dport 53 accept
|
||||
insert rule ip6 qubes custom-input iifname "vif*" tcp dport 53 accept
|
||||
|
@ -67,6 +67,7 @@ include:
|
||||
file.managed:
|
||||
- name: /etc/pihole/setupVars.conf
|
||||
- source: salt://{{ slsdotpath }}/files/server/pihole/setupVars.conf
|
||||
- mode: '0644'
|
||||
- user: root
|
||||
- group: root
|
||||
- makedirs: True
|
||||
|
Loading…
Reference in New Issue
Block a user