Git-Mirrors/shaker
1
0
Fork 0
mirror of https://github.com/unman/shaker.git synced 2025-03-30 10:57:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

Pi-hole - set networking

Browse Source
This commit is contained in:
unman 2022-08-05 14:07:16 +00:00
parent 50fe621d86
commit dec10e8881
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pihole/install.sls
View File

@ -88,4 +88,35 @@ Pihole-setup:
cmd.run: cmd.run:
- name: '/root/pi-hole/automated\ install/basic-install.sh --unattended' - name: '/root/pi-hole/automated\ install/basic-install.sh --unattended'
/rw/config/qubes-firewall-user-script:
file.append:
text:
- nft flush chain nat PR-QBS
- nft insert rule nat PR-QBS iifname "vif*" tcp dport 53 dnat to 127.0.0.1
- nft insert rule nat PR-QBS iifname "vif*" udp dport 53 dnat to 127.0.0.1
/rw/config/qubes-firewall.d/update_nft.sh:
file.managed:
- source:
- salt://pihole/update_nft.sh
- user: root
- group: root
- makedirs: True
- mode: 755
/rw/config/network-hooks.d/internalise.sh:
file.managed:
- source:
- salt://pihole/internalise.sh
- user: root
- group: root
- makedirs: True
- mode: 755
/etc/dnsmasq.conf:
file.prepend:
- text:
- interface=lo
- bind-interfaces
{% endif %} {% endif %}

3
pihole/internalise.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/rw/config/qubes-firewall-user-script
find /proc/sys/net/ipv4/conf -name "vif*" -exec bash -c 'echo 1 | sudo tee {}/route_localnet' \;

10
pihole/update_nft.sh Normal file
View File

@ -0,0 +1,10 @@
cat /rw/config/qubes-firewall.d/update_nft.sh
#!/bin/sh
get_handle(){
local my_handle=$( nft -a list table $1|awk 'BEGIN{c0} /related,established/{c++; if (c==1) print $NF}' )
echo $my_handle
}
handle=$(get_handle filter)
nft add rule filter INPUT position $handle iifname "vif*" tcp dport 53 accept
nft add rule filter INPUT position $handle iifname "vif*" udp dport 53 accept