From d56e33944351e1a84137ad9cf034c1e15bc5ebdc Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Tue, 28 Jan 2025 01:41:31 +0100 Subject: [PATCH 1/3] CT Nginx: Disable OCSP/ssl_stapling by default Disableing this due to LE dropping support for it on May 7th, 2025 --- CT-Files/nginx/Configs/nginx.conf | 2 -- CT-Files/nginx/Scripts/AddDomain.sh | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/CT-Files/nginx/Configs/nginx.conf b/CT-Files/nginx/Configs/nginx.conf index 9585809..07d3b0d 100644 --- a/CT-Files/nginx/Configs/nginx.conf +++ b/CT-Files/nginx/Configs/nginx.conf @@ -37,8 +37,6 @@ http { ssl_ecdh_curve secp384r1; ssl_session_cache shared:le_nginx_SSL:1m; ssl_session_timeout 1440m; - ssl_stapling on; - ssl_stapling_verify on; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; diff --git a/CT-Files/nginx/Scripts/AddDomain.sh b/CT-Files/nginx/Scripts/AddDomain.sh index 97fe2f6..bfe065d 100644 --- a/CT-Files/nginx/Scripts/AddDomain.sh +++ b/CT-Files/nginx/Scripts/AddDomain.sh @@ -64,7 +64,7 @@ if $request; then service nginx reload #Enabling SSL - /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --ocsp --keylength 'ec-384' -d "$domain" + /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --nginx --keylength 'ec-384' -d "$domain" certsatus=$? if test $certsatus -eq 0 From c65282871f49945be8af56233cc4e8789f31273b Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 9 May 2025 23:00:06 +0200 Subject: [PATCH 2/3] CT's linkwarden, hass & nextcloud: Minor fixes -linkwarden: Updated `yarn` commands for managing the application -hass: Fixed homefolder for hass application user -nextcloud: Bumped php version to project default (8.4) --- CT-Files/hass/Scripts/Init.sh | 2 +- CT-Files/linkwarden/Scripts/FirstRun.sh | 4 ++-- CT-Files/linkwarden/Scripts/Init.sh | 8 +++++--- .../linkwarden/Scripts/Update-linkwarden.sh | 20 ++++++++++--------- CT-Files/nextcloud/Scripts/Init.sh | 2 +- 5 files changed, 20 insertions(+), 16 deletions(-) diff --git a/CT-Files/hass/Scripts/Init.sh b/CT-Files/hass/Scripts/Init.sh index 09c807c..bfc7461 100644 --- a/CT-Files/hass/Scripts/Init.sh +++ b/CT-Files/hass/Scripts/Init.sh @@ -4,7 +4,7 @@ mkdir -p /opt/HomeAssistant/srv mkdir -p /opt/HomeAssistant/data/custom_components/hacs touch /opt/HomeAssistant/data/home-assistant.log addgroup hass -adduser -h /opt/HomeAssistant/data -D -G hass -s /bin/sh hass +adduser -h /opt/HomeAssistant -D -G hass -s /bin/sh hass chown -R hass:hass /opt/HomeAssistant sudo -u hass python3 -m venv /opt/HomeAssistant/srv diff --git a/CT-Files/linkwarden/Scripts/FirstRun.sh b/CT-Files/linkwarden/Scripts/FirstRun.sh index cdf6172..db17713 100644 --- a/CT-Files/linkwarden/Scripts/FirstRun.sh +++ b/CT-Files/linkwarden/Scripts/FirstRun.sh @@ -26,6 +26,6 @@ sed -i "s#http://localhost:3000#$LinkwardenURL#" /opt/node/linkwarden/.env sudo -u node bash << EOF (cd /opt/node/linkwarden; yarn prisma migrate deploy) pm2 install pm2-logrotate -pm2 start yarn --name Linkwarden --cwd /opt/node/linkwarden -- start +pm2 start yarn --name Linkwarden --cwd /opt/node/linkwarden -- concurrently:start pm2 save -EOF \ No newline at end of file +EOF diff --git a/CT-Files/linkwarden/Scripts/Init.sh b/CT-Files/linkwarden/Scripts/Init.sh index e2545fb..9fa8b8a 100644 --- a/CT-Files/linkwarden/Scripts/Init.sh +++ b/CT-Files/linkwarden/Scripts/Init.sh @@ -21,9 +21,11 @@ cd /opt/node/linkwarden npx playwright install --with-deps chromium rm -rf /root/.cache + yarn install -yarn prisma generate -yarn build +yarn prisma:generate +yarn web:build +yarn next build yarn cache clean apt clean @@ -31,4 +33,4 @@ cd $startpath cp /opt/node/linkwarden/.env.sample /opt/node/linkwarden/.env chown node: -R /opt/node/linkwarden su -c "cd /opt/node/linkwarden; npx playwright install chromium" node -mv /opt/Setup/Scripts/Update-linkwarden.sh /opt/Update-linkwarden.sh \ No newline at end of file +mv /opt/Setup/Scripts/Update-linkwarden.sh /opt/Update-linkwarden.sh diff --git a/CT-Files/linkwarden/Scripts/Update-linkwarden.sh b/CT-Files/linkwarden/Scripts/Update-linkwarden.sh index b7b18ea..0350bbd 100644 --- a/CT-Files/linkwarden/Scripts/Update-linkwarden.sh +++ b/CT-Files/linkwarden/Scripts/Update-linkwarden.sh @@ -6,17 +6,19 @@ if test "$CurLinkwardenVersion" = "$(cat /opt/linkwarden-Version)" ; then exit else echo 'Updating Linkwarden' -sudo -u node bash << EOF - /usr/bin/pm2 stop Linkwarden + +sudo -u node /usr/bin/pm2 stop Linkwarden cd /opt/node/linkwarden git pull /usr/bin/yarn install - /usr/bin/yarn prisma generate - /usr/bin/yarn build + /usr/bin/yarn prisma:generate + /usr/bin/yarn web:build + /usr/bin/yarn next build /usr/bin/yarn cache clean - /usr/bin/yarn prisma migrate deploy - /usr/bin/pm2 start Linkwarden - npx playwright install chromium -EOF + /usr/bin/yarn prisma:deploy + chown node:node -R /opt/node/linkwarden +sudo -u node /usr/bin/pm2 start Linkwarden + + echo "$CurLinkwardenVersion" > /opt/linkwarden-Version -fi \ No newline at end of file +fi diff --git a/CT-Files/nextcloud/Scripts/Init.sh b/CT-Files/nextcloud/Scripts/Init.sh index 81de277..0344849 100644 --- a/CT-Files/nextcloud/Scripts/Init.sh +++ b/CT-Files/nextcloud/Scripts/Init.sh @@ -7,7 +7,7 @@ rm -rf /etc/nginx/conf.d mv /opt/Setup/Configs/nginx.conf /etc/nginx/nginx.conf #Setup PHP -ash /opt/Setup/Scripts/PHPTool.sh -dv 83 nextcloud || exit 1 +ash /opt/Setup/Scripts/PHPTool.sh -d nextcloud || exit 1 rm /opt/Setup/Scripts/PHPTool.sh From 31629ec39fb0f12e32b3fd5ff804a2f02fb3b682 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Sat, 10 May 2025 00:35:53 +0200 Subject: [PATCH 3/3] CT Pihole: Update install methode for PiHoleV6 --- CT-Build/Debian.yaml | 19 ++++--------- .../pihole/Configs/lighthttpd-redirect.conf | 1 - CT-Files/pihole/Configs/pihole.toml | 28 +++++++++++++++++++ CT-Files/pihole/Configs/setupVars.conf | 7 ----- CT-Files/pihole/Scripts/FirstRun.sh | 14 +++++++++- CT-Files/pihole/Scripts/Init.sh | 8 +++--- CT-Files/pihole/Scripts/PTKAppUpdate.sh | 2 +- 7 files changed, 52 insertions(+), 27 deletions(-) delete mode 100644 CT-Files/pihole/Configs/lighthttpd-redirect.conf create mode 100644 CT-Files/pihole/Configs/pihole.toml delete mode 100644 CT-Files/pihole/Configs/setupVars.conf diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml index 83005d0..e73c302 100644 --- a/CT-Build/Debian.yaml +++ b/CT-Build/Debian.yaml @@ -1339,33 +1339,26 @@ packages: #pihole pkgs - packages: + - grep - grep - dnsutils + - binutils - git - iproute2 - - whiptail + - dialog - cron - curl - iputils-ping - - lsof - - netcat-openbsd - psmisc - sudo - unzip - - idn2 - - sqlite3 - libcap2-bin - dns-root-data - libcap2 - - jq + - netcat-openbsd - procps - - lighttpd - - php-common - - php-cli - - php-cgi - - php-sqlite3 - - php-xml - - php-intl + - jq + - lshw action: install variants: - pihole diff --git a/CT-Files/pihole/Configs/lighthttpd-redirect.conf b/CT-Files/pihole/Configs/lighthttpd-redirect.conf deleted file mode 100644 index 6d932dd..0000000 --- a/CT-Files/pihole/Configs/lighthttpd-redirect.conf +++ /dev/null @@ -1 +0,0 @@ -url.redirect = ("^/$" => "/admin" ) \ No newline at end of file diff --git a/CT-Files/pihole/Configs/pihole.toml b/CT-Files/pihole/Configs/pihole.toml new file mode 100644 index 0000000..fb208f4 --- /dev/null +++ b/CT-Files/pihole/Configs/pihole.toml @@ -0,0 +1,28 @@ +# Pi-hole configuration file (v6.1) +# Encoding: UTF-8 + +[dns] + upstreams = [ + "9.9.9.9", + "149.112.112.112" + ] + piholePTR = "HOSTNAME" + + listeningMode = "SINGLE" + + domainNeeded = true + + [ntp.ipv4] + active = false + + [ntp.ipv6] + active = false + + [ntp.sync] + active = false + + [ntp.sync.rtc] + utc = false + +[webserver] + port = "80o,[::]:80o" \ No newline at end of file diff --git a/CT-Files/pihole/Configs/setupVars.conf b/CT-Files/pihole/Configs/setupVars.conf deleted file mode 100644 index c609f51..0000000 --- a/CT-Files/pihole/Configs/setupVars.conf +++ /dev/null @@ -1,7 +0,0 @@ -WEBPASSWORD= -QUERY_LOGGING=true -INSTALL_WEB=true -DNSMASQ_LISTENING=single -PIHOLE_DNS_1=192.168.2.1 -PIHOLE_DNS_2=192.168.2.1 -TEMPERATUREUNIT=C diff --git a/CT-Files/pihole/Scripts/FirstRun.sh b/CT-Files/pihole/Scripts/FirstRun.sh index 59c75fe..cc1e6a8 100644 --- a/CT-Files/pihole/Scripts/FirstRun.sh +++ b/CT-Files/pihole/Scripts/FirstRun.sh @@ -1,5 +1,17 @@ #!/bin/bash +read -p "IP for the upstream dns server: " UpStreamDNS1 + +while true; do + read -p "Add seconndary upstream dns server Y/N? " yn + case $yn in + [Yy]* ) read -p "IP for second the upstream dns server: " UpStreamDNS2;break;; + [Nn]* ) UpStreamDNS2=$UpStreamDNS1;break;; + * ) echo "Please answer yes or no.";; + esac +done + +sed -i "/upstreams = \[/,/\]/c\upstreams = [ \"$UpStreamDNS1\" , \"$UpStreamDNS2\" ]" /etc/pihole/pihole.toml #Finialize instaltation /etc/.pihole/automated\ install/basic-install.sh --reconfigure --unattended #Set password -pihole -a -p \ No newline at end of file +pihole setpassword \ No newline at end of file diff --git a/CT-Files/pihole/Scripts/Init.sh b/CT-Files/pihole/Scripts/Init.sh index 58c8de8..577ba06 100644 --- a/CT-Files/pihole/Scripts/Init.sh +++ b/CT-Files/pihole/Scripts/Init.sh @@ -1,9 +1,9 @@ #!/bin/sh mkdir -p /etc/pihole -mv /opt/Setup/Configs/setupVars.conf /etc/pihole/setupVars.conf -mv /opt/Setup/Configs/lighthttpd-redirect.conf /etc/lighttpd/conf-available/14-root-redirect.conf -ln -s ../conf-available/14-root-redirect.conf /etc/lighttpd/conf-enabled/14-root-redirect.conf +mv /opt/Setup/Configs/pihole.toml /etc/pihole/pihole.toml echo "DNSStubListener=no" >> /etc/systemd/resolved.conf ln -s /etc/systemd/system/pihole-FTL.service /etc/systemd/system/multi-user.target.wants/pihole-FTL.service -curl -sSL https://install.pi-hole.net | bash /dev/stdin --unattended || true \ No newline at end of file +curl -sSL https://install.pi-hole.net | bash /dev/stdin --unattended || true + +rm -rf /opt/Setup/Configs \ No newline at end of file diff --git a/CT-Files/pihole/Scripts/PTKAppUpdate.sh b/CT-Files/pihole/Scripts/PTKAppUpdate.sh index cc1d504..19fd13c 100644 --- a/CT-Files/pihole/Scripts/PTKAppUpdate.sh +++ b/CT-Files/pihole/Scripts/PTKAppUpdate.sh @@ -1,3 +1,3 @@ #!/bin/sh # Update script for updating apps with ProxmoxHelper/ProxMoxToolKit -/usr/local/bin/pihole -up \ No newline at end of file +/usr/local/bin/pihole updatePihole \ No newline at end of file