diff --git a/AGHTechDoc.md b/AGHTechDoc.md index 5e9fa0d5..5bae787a 100644 --- a/AGHTechDoc.md +++ b/AGHTechDoc.md @@ -830,6 +830,36 @@ Request: "private_key_path":"..." // if set, private_key must be empty } +Response: + + 200 OK + +### API: Validate TLS configuration + +Request: + + POST /control/tls/validate + + { + "enabled":true, + "port_https":443, + "port_dns_over_tls":853, + "port_dns_over_quic":784, + "allow_unencrypted_doh":false, + "certificate_chain":"...", + "private_key":"...", + "certificate_path":"...", + "private_key_path":"...", + "valid_cert":true, + "valid_chain":false, + "not_before":"2019-03-19T08:23:45Z", + "not_after":"2029-03-16T08:23:45Z", + "dns_names":null, + "valid_key":true, + "valid_pair":true + } + + Response: 200 OK @@ -1948,6 +1978,29 @@ Check if host name is blocked by SB/PC service: sha256(sub.host.com)[0..1] -> hashes[2],... ... +## API: Get DNS over HTTPS .mobileconfig + +Request: + + GET /apple/doh.mobileconfig + +Response: + + 200 OK + + DOH plist file + +## API: Get DNS over TLS .mobileconfig + +Request: + + GET /apple/dot.mobileconfig + +Response: + + 200 OK + + DOT plist file ## ipset diff --git a/Makefile b/Makefile index f83b45eb..121dcc91 100644 --- a/Makefile +++ b/Makefile @@ -56,10 +56,10 @@ ifeq ($(CHANNEL),edge) endif # goreleaser command depends on the $CHANNEL -GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot +GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --snapshot --parallelism 1 ifneq ($(CHANNEL),edge) # If this is not an "edge" build, use normal release command - GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish + GORELEASER_COMMAND=goreleaser release --rm-dist --skip-publish --parallelism 1 endif # Version properties diff --git a/README.md b/README.md index 8f9805c3..addbf204 100644 --- a/README.md +++ b/README.md @@ -64,14 +64,29 @@ It operates as a DNS server that re-routes tracking domains to a "black hole," t ## Getting Started -Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home, and how to configure your devices to use it. +### Automated install (Linux and Mac) +Run the following command in your terminal: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh +``` + +### Alternative methods + +#### Manual installation + +Please read the **[Getting Started](https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started)** article on our Wiki to learn how to install AdGuard Home manually, and how to configure your devices to use it. + +#### Docker + +You can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome). + +#### Snap Store If you're running **Linux**, there's a secure and easy way to install AdGuard Home - you can get it from the [Snap Store](https://snapcraft.io/adguard-home). -Alternatively, you can use our [official Docker image](https://hub.docker.com/r/adguard/adguardhome). - ### Guides +* [FAQ](https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ) * [Configuration](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration) * [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption) * [How to install and run AdGuard Home on Raspberry Pi](https://github.com/AdguardTeam/AdGuardHome/wiki/Raspberry-Pi) @@ -228,13 +243,17 @@ There are three options how you can install an unstable version: 1. [Snap Store](https://snapcraft.io/adguard-home) -- look for "beta" and "edge" channels there. 2. [Docker Hub](https://hub.docker.com/r/adguard/adguardhome) -- look for "beta" and "edge" tags there. -3. Standalone builds. Look for the available builds below. +3. Standalone builds. Use the automated installation script or look for the available builds below. -There are three options how you can install an unstable version. +Beta: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s beta +``` -1. You can either install AdGuard Home from "beta" or "edge" distribution channel which we update periodically. If you're already using stable version of AdGuard Home, just replace the executable file with a new one. -2. You can use the Docker image from the `edge` tag, which is synced with the repo master branch. -3. You can install AdGuard Home from `beta` or `edge` channels on the Snap Store. +Edge: +``` +curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s edge +``` * Beta channel builds * Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz) diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 678dd39f..8f2eb5c9 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -249,6 +249,8 @@ "blocking_ipv6": "Blocking IPv6", "dns_over_https": "DNS-over-HTTPS", "dns_over_tls": "DNS-over-TLS", + "download_mobileconfig_doh": "Download .mobileconfig for DNS-over-HTTPS", + "download_mobileconfig_dot": "Download .mobileconfig for DNS-over-TLS", "plain_dns": "Plain DNS", "form_enter_rate_limit": "Enter rate limit", "rate_limit": "Rate limit", @@ -415,7 +417,8 @@ "dns_privacy": "DNS Privacy", "setup_dns_privacy_1": "<0>DNS-over-TLS: Use <1>{{address}} string.", "setup_dns_privacy_2": "<0>DNS-over-HTTPS: Use <1>{{address}} string.", - "setup_dns_privacy_3": "<0>Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.<0>Here's a list of software you can use.", + "setup_dns_privacy_3": "<0>Here's a list of software you can use.", + "setup_dns_privacy_4": "On an iOS 14 or MacOS Big Sur device you can download special '.mobileconfig' file that adds DNS-over-HTTPS or DNS-over-TLS servers to the DNS settings.", "setup_dns_privacy_android_1": "Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.", "setup_dns_privacy_android_2": "<0>AdGuard for Android supports <1>DNS-over-HTTPS and <1>DNS-over-TLS.", "setup_dns_privacy_android_3": "<0>Intra adds <1>DNS-over-HTTPS support to Android.", diff --git a/client/src/components/ui/Guide.js b/client/src/components/ui/Guide.js index 0cb738d8..ec629e1b 100644 --- a/client/src/components/ui/Guide.js +++ b/client/src/components/ui/Guide.js @@ -1,10 +1,43 @@ import React, { useState } from 'react'; import PropTypes from 'prop-types'; -import { Trans, withTranslation } from 'react-i18next'; - +import { Trans, useTranslation } from 'react-i18next'; +import i18next from 'i18next'; import Tabs from './Tabs'; import Icons from './Icons'; +const MOBILE_CONFIG_LINKS = { + DOT: '/apple/dot.mobileconfig', + DOH: '/apple/doh.mobileconfig', +}; + +const renderMobileconfigInfo = ({ label, components }) =>
  • + {label} + +
    • ; + +const renderLi = ({ label, components }) =>
  • + { + if (React.isValidElement(props)) { + return props; + } + const { + // eslint-disable-next-line react/prop-types + href, target = '_blank', rel = 'noopener noreferrer', key = '0', + } = props; + + return link; + })}> + {label} + +
    • ; + const dnsPrivacyList = [{ title: 'Android', list: [ @@ -36,6 +69,23 @@ const dnsPrivacyList = [{ { title: 'iOS', list: [ + { + label: 'setup_dns_privacy_ios_2', + components: [ + { + key: 0, + href: 'https://adguard.com/adguard-ios/overview.html', + }, + text, + ], + }, + { + label: 'setup_dns_privacy_4', + components: { + highlight: , + }, + renderComponent: renderMobileconfigInfo, + }, { label: 'setup_dns_privacy_ios_1', components: [ @@ -51,16 +101,6 @@ const dnsPrivacyList = [{ ], }, - { - label: 'setup_dns_privacy_ios_2', - components: [ - { - key: 0, - href: 'https://adguard.com/adguard-ios/overview.html', - }, - text, - ], - }, ], }, { @@ -116,26 +156,15 @@ const dnsPrivacyList = [{ }, ]; -const renderDnsPrivacyList = ({ title, list }) =>
    +const renderDnsPrivacyList = ({ title, list }) =>
    {title} -
      {list.map(({ label, components }) =>
    • - { - if (React.isValidElement(props)) { - return props; - } - const { - // eslint-disable-next-line react/prop-types - href, target = '_blank', rel = 'noopener noreferrer', key = '0', - } = props; - - return link; - })}> - {label} - -
      • )} +
        {list.map( + ({ + label, + components, + renderComponent = renderLi, + }) => renderComponent({ label, components }), + )}
    ; @@ -195,8 +224,8 @@ const getTabs = ({ }, dns_privacy: { title: 'dns_privacy', - // eslint-disable-next-line react/display-name - getTitle: () =>
    + getTitle: function Title() { + return
    {tlsAddress?.length > 0 && (
    @@ -251,14 +280,15 @@ const getTabs = ({ {dnsPrivacyList.map(renderDnsPrivacyList)} }
    -
    , +
    ; + }, }, }); -const renderContent = ({ title, list, getTitle }, t) =>
    -
    {t(title)}
    +const renderContent = ({ title, list, getTitle }) =>
    +
    {i18next.t(title)}
    - {typeof getTitle === 'function' && getTitle()} + {getTitle?.()} {list &&
      {list.map((item) =>
    1. {item} @@ -267,9 +297,10 @@ const renderContent = ({ title, list, getTitle }, t) =>
      ; -const Guide = ({ dnsAddresses, t }) => { - const tlsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('tls://'))) || ''; - const httpsAddress = (dnsAddresses && dnsAddresses.filter((item) => item.includes('https://'))) || ''; +const Guide = ({ dnsAddresses }) => { + const { t } = useTranslation(); + const tlsAddress = dnsAddresses?.filter((item) => item.includes('tls://')) ?? ''; + const httpsAddress = dnsAddresses?.filter((item) => item.includes('https://')) ?? ''; const showDnsPrivacyNotice = httpsAddress.length < 1 && tlsAddress.length < 1; const [activeTabLabel, setActiveTabLabel] = useState('Router'); @@ -281,7 +312,7 @@ const Guide = ({ dnsAddresses, t }) => { t, }); - const activeTab = renderContent(tabs[activeTabLabel], t); + const activeTab = renderContent(tabs[activeTabLabel]); return (
      @@ -298,12 +329,12 @@ Guide.defaultProps = { Guide.propTypes = { dnsAddresses: PropTypes.array, - t: PropTypes.func.isRequired, }; renderDnsPrivacyList.propTypes = { title: PropTypes.string.isRequired, list: PropTypes.array.isRequired, + renderList: PropTypes.func, }; renderContent.propTypes = { @@ -312,4 +343,11 @@ renderContent.propTypes = { getTitle: PropTypes.func, }; -export default withTranslation()(Guide); +renderLi.propTypes = { + label: PropTypes.string, + components: PropTypes.string, +}; + +renderMobileconfigInfo.propTypes = renderLi.propTypes; + +export default Guide; diff --git a/go.mod b/go.mod index 12616abe..8aaefd0d 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065 github.com/miekg/dns v1.1.31 github.com/pkg/errors v0.9.1 + github.com/satori/go.uuid v1.2.0 github.com/sirupsen/logrus v1.6.0 // indirect github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c github.com/stretchr/testify v1.5.1 @@ -31,4 +32,5 @@ require ( google.golang.org/protobuf v1.25.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 + howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 ) diff --git a/go.sum b/go.sum index bfc5b5a2..9b45f53e 100644 --- a/go.sum +++ b/go.sum @@ -210,6 +210,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0 h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ= github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= @@ -430,6 +432,8 @@ honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= diff --git a/home/control.go b/home/control.go index e8b2fa8a..78789aa8 100644 --- a/home/control.go +++ b/home/control.go @@ -97,8 +97,11 @@ func registerControlHandlers() { httpRegister(http.MethodGet, "/control/i18n/current_language", handleI18nCurrentLanguage) http.HandleFunc("/control/version.json", postInstall(optionalAuth(handleGetVersionJSON))) httpRegister(http.MethodPost, "/control/update", handleUpdate) + httpRegister(http.MethodGet, "/control/profile", handleGetProfile) - httpRegister("GET", "/control/profile", handleGetProfile) + // No auth is necessary for DOH/DOT configurations + http.HandleFunc("/apple/doh.mobileconfig", postInstall(handleMobileConfigDoh)) + http.HandleFunc("/apple/dot.mobileconfig", postInstall(handleMobileConfigDot)) RegisterAuthHandlers() } diff --git a/home/dns.go b/home/dns.go index bd70ce38..5328bf96 100644 --- a/home/dns.go +++ b/home/dns.go @@ -197,6 +197,44 @@ func generateServerConfig() dnsforward.ServerConfig { return newconfig } +type DNSEncryption struct { + https string + tls string + quic string +} + +func getDNSEncryption() DNSEncryption { + dnsEncryption := DNSEncryption{} + + tlsConf := tlsConfigSettings{} + + Context.tls.WriteDiskConfig(&tlsConf) + + if tlsConf.Enabled && len(tlsConf.ServerName) != 0 { + + if tlsConf.PortHTTPS != 0 { + addr := tlsConf.ServerName + if tlsConf.PortHTTPS != 443 { + addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS) + } + addr = fmt.Sprintf("https://%s/dns-query", addr) + dnsEncryption.https = addr + } + + if tlsConf.PortDNSOverTLS != 0 { + addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS) + dnsEncryption.tls = addr + } + + if tlsConf.PortDNSOverQUIC != 0 { + addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC) + dnsEncryption.quic = addr + } + } + + return dnsEncryption +} + // Get the list of DNS addresses the server is listening on func getDNSAddresses() []string { dnsAddresses := []string{} @@ -217,28 +255,15 @@ func getDNSAddresses() []string { addDNSAddress(&dnsAddresses, config.DNS.BindHost) } - tlsConf := tlsConfigSettings{} - Context.tls.WriteDiskConfig(&tlsConf) - if tlsConf.Enabled && len(tlsConf.ServerName) != 0 { - - if tlsConf.PortHTTPS != 0 { - addr := tlsConf.ServerName - if tlsConf.PortHTTPS != 443 { - addr = fmt.Sprintf("%s:%d", addr, tlsConf.PortHTTPS) - } - addr = fmt.Sprintf("https://%s/dns-query", addr) - dnsAddresses = append(dnsAddresses, addr) - } - - if tlsConf.PortDNSOverTLS != 0 { - addr := fmt.Sprintf("tls://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverTLS) - dnsAddresses = append(dnsAddresses, addr) - } - - if tlsConf.PortDNSOverQUIC != 0 { - addr := fmt.Sprintf("quic://%s:%d", tlsConf.ServerName, tlsConf.PortDNSOverQUIC) - dnsAddresses = append(dnsAddresses, addr) - } + dnsEncryption := getDNSEncryption() + if dnsEncryption.https != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.https) + } + if dnsEncryption.tls != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.tls) + } + if dnsEncryption.quic != "" { + dnsAddresses = append(dnsAddresses, dnsEncryption.quic) } return dnsAddresses diff --git a/home/mobileconfig.go b/home/mobileconfig.go new file mode 100644 index 00000000..e828f117 --- /dev/null +++ b/home/mobileconfig.go @@ -0,0 +1,92 @@ +package home + +import ( + "fmt" + "net/http" + + uuid "github.com/satori/go.uuid" + "howett.net/plist" +) + +type DNSSettings struct { + DNSProtocol string + ServerURL string `plist:",omitempty"` + ServerName string `plist:",omitempty"` +} + +type PayloadContent = struct { + Name string + PayloadDescription string + PayloadDisplayName string + PayloadIdentifier string + PayloadType string + PayloadUUID string + PayloadVersion int + DNSSettings DNSSettings +} + +type MobileConfig = struct { + PayloadContent []PayloadContent + PayloadDescription string + PayloadDisplayName string + PayloadIdentifier string + PayloadRemovalDisallowed bool + PayloadType string + PayloadUUID string + PayloadVersion int +} + +func genUUIDv4() string { + return uuid.NewV4().String() +} + +func getMobileConfig(r *http.Request, d DNSSettings) ([]byte, error) { + name := fmt.Sprintf("%s DNS over %s", r.Host, d.DNSProtocol) + + data := MobileConfig{ + PayloadContent: []PayloadContent{{ + Name: name, + PayloadDescription: "Configures device to use AdGuard Home", + PayloadDisplayName: name, + PayloadIdentifier: fmt.Sprintf("com.apple.dnsSettings.managed.%s", genUUIDv4()), + PayloadType: "com.apple.dnsSettings.managed", + PayloadUUID: genUUIDv4(), + PayloadVersion: 1, + DNSSettings: d, + }}, + PayloadDescription: "Adds AdGuard Home to Big Sur and iOS 14 or newer systems", + PayloadDisplayName: name, + PayloadIdentifier: genUUIDv4(), + PayloadRemovalDisallowed: false, + PayloadType: "Configuration", + PayloadUUID: genUUIDv4(), + PayloadVersion: 1, + } + + return plist.MarshalIndent(data, plist.XMLFormat, "\t") +} + +func handleMobileConfig(w http.ResponseWriter, r *http.Request, d DNSSettings) { + mobileconfig, err := getMobileConfig(r, d) + + if err != nil { + httpError(w, http.StatusInternalServerError, "plist.MarshalIndent: %s", err) + } + + w.Header().Set("Content-Type", "application/xml") + _, _ = w.Write(mobileconfig) +} + +func handleMobileConfigDoh(w http.ResponseWriter, r *http.Request) { + handleMobileConfig(w, r, DNSSettings{ + DNSProtocol: "HTTPS", + ServerURL: fmt.Sprintf("https://%s/dns-query", r.Host), + }) +} + +func handleMobileConfigDot(w http.ResponseWriter, r *http.Request) { + handleMobileConfig(w, r, DNSSettings{ + DNSProtocol: "TLS", + ServerName: r.Host, + }) +} diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index c50d9485..6ad140e2 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -35,6 +35,8 @@ tags: description: AdGuard Home statistics - name: tls description: AdGuard Home HTTPS/DOH/DOT settings + - name: mobileconfig + description: Apple .mobileconfig paths: /status: @@ -915,6 +917,27 @@ paths: application/json: schema: $ref: "#/components/schemas/ProfileInfo" + /apple/doh.mobileconfig: + get: + tags: + - mobileconfig + - global + operationId: mobileConfigDoH + summary: Get DNS over HTTPS .mobileconfig + responses: + "200": + description: DNS over HTTPS plist file + + /apple/dot.mobileconfig: + get: + tags: + - mobileconfig + - global + operationId: mobileConfigDoT + summary: Get TLS over TLS .mobileconfig + responses: + "200": + description: DNS over TLS plist file components: requestBodies: diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100644 index 00000000..b983322c --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,229 @@ +#!/bin/sh + +# AdGuardHome installation script +# +# 1. Download the package +# 2. Unpack it +# 3. Install as a service +# +# Requirements: +# . bash +# . which +# . printf +# . uname +# . id +# . head, tail +# . curl +# . tar or unzip +# . rm + +set -e + +log_info() +{ + printf "[info] %s\\n" "$1" +} + +log_error() +{ + printf "[error] %s\\n" "$1" +} + +# Get OS +# Return: darwin, linux, freebsd +detect_os() +{ + UNAME_S="$(uname -s)" + OS= + case "$UNAME_S" in + Linux) + OS=linux + ;; + + FreeBSD) + OS=freebsd + ;; + + Darwin) + OS=darwin + ;; + + *) + return 1 + ;; + + esac + + echo $OS +} + +# Get CPU endianness +# Return: le, "" +cpu_little_endian() +{ + ENDIAN_FLAG="$(head -c 6 /bin/bash | tail -c 1)" + if [ "$ENDIAN_FLAG" = "$(printf '\001')" ]; then + echo 'le' + return 0 + fi +} + +# Get CPU +# Return: amd64, 386, armv5, armv6, armv7, arm64, mips_softfloat, mipsle_softfloat, mips64_softfloat, mips64le_softfloat +detect_cpu() +{ + UNAME_M="$(uname -m)" + CPU= + + case "$UNAME_M" in + + x86_64 | x86-64 | x64 | amd64) + CPU=amd64 + ;; + + i386 | i486 | i686 | i786 | x86) + CPU=386 + ;; + + armv5l) + CPU=armv5 + ;; + + armv6l) + CPU=armv6 + ;; + + armv7l | armv8l) + CPU=armv7 + ;; + + aarch64) + CPU=arm64 + ;; + + mips) + LE=$(cpu_little_endian) + CPU=mips${LE}_softfloat + ;; + + mips64) + LE=$(cpu_little_endian) + CPU=mips64${LE}_softfloat + ;; + + *) + return 1 + + esac + + echo "${CPU}" +} + +# Get package file name extension +# Return: tar.gz, zip +package_extension() +{ + if [ "$OS" = "darwin" ]; then + echo "zip" + return 0 + fi + echo "tar.gz" +} + +# Download data to a file +# Use: download URL OUTPUT +download() +{ + log_info "Downloading package from $1 -> $2" + if is_command curl ; then + curl -s "$1" --output "$2" || error_exit "Failed to download $1" + else + error_exit "curl is necessary to install AdGuard Home" + fi +} + +# Unpack package to a directory +# Use: unpack INPUT OUTPUT_DIR PKG_EXT +unpack() +{ + log_info "Unpacking package from $1 -> $2" + mkdir -p "$2" + if [ "$3" = "zip" ]; then + unzip -qq "$1" -d "$2" || return 1 + elif [ "$3" = "tar.gz" ]; then + tar xzf "$1" -C "$2" || return 1 + else + return 1 + fi +} + +# Print error message and exit +# Use: error_exit MESSAGE +error_exit() +{ + log_error "$1" + exit 1 +} + +# Check if command exists +# Use: is_command COMMAND +is_command() { + check_command="$1" + command -v "${check_command}" >/dev/null 2>&1 +} + +# Entry point +main() { + log_info "Starting AdGuard Home installation script" + + CHANNEL=${1} + if [ "${CHANNEL}" != "beta" ] && [ "${CHANNEL}" != "edge" ]; then + CHANNEL=release + fi + log_info "Channel ${CHANNEL}" + + OS=$(detect_os) || error_exit "Cannot detect your OS" + CPU=$(detect_cpu) || error_exit "Cannot detect your CPU" + PKG_EXT=$(package_extension) + PKG_NAME=AdGuardHome_${OS}_${CPU}.${PKG_EXT} + + SCRIPT_URL="https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh" + URL="https://static.adguard.com/adguardhome/${CHANNEL}/${PKG_NAME}" + OUT_DIR=/opt + + # Root check + if [ "$(id -u)" -eq 0 ]; then + log_info "Script called with root privileges" + else + if is_command sudo ; then + log_info "Please note, that AdGuard Home requires root privileges to install using this script." + log_info "Restarting with root privileges" + + exec curl -sSL ${SCRIPT_URL} | sudo sh -s "$@" + exit $? + else + log_info "Root privileges are required to install AdGuard Home using this installer." + log_info "Please, re-run this script as root." + exit 1 + fi + fi + + log_info "AdGuard Home will be installed to ${OUT_DIR}/AdGuardHome" + + [ -d "${OUT_DIR}/AdGuardHome" ] && error_exit "Directory ${OUT_DIR}/AdGuardHome already exists, abort installation" + + download "${URL}" "${PKG_NAME}" || error_exit "Cannot download the package" + + unpack "${PKG_NAME}" "${OUT_DIR}" "${PKG_EXT}" || error_exit "Cannot unpack the package" + + # Install AdGuard Home service and run it + ${OUT_DIR}/AdGuardHome/AdGuardHome -s install || error_exit "Cannot install AdGuardHome as a service" + + rm "${PKG_NAME}" + + log_info "AdGuard Home is now installed and running." + log_info "You can control the service status with the following commands:" + log_info " sudo ${OUT_DIR}/AdGuardHome/AdGuardHome -s start|stop|restart|status|install|uninstall" +} + +main "$@" \ No newline at end of file