-
Notifications
You must be signed in to change notification settings - Fork 4
/
install_nextdnscli.sh
185 lines (151 loc) · 6.15 KB
/
install_nextdnscli.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
#!/bin/bash
# 2.6.3
# Based on a script by Brian Curtis
# https://help.firewalla.com/hc/en-us/community/posts/7469669689619-NextDNS-CLI-on-Firewalla-revisited-working-DHCP-host-resolution-in-NextDNS-logs-
# install & configure NextDNS CLI on startup of Firewalla:
# file goes in: /home/pi/.firewalla/config/post_main.d/
# DNS over HTTPS must be disabled in Firewalla app
# set id with your own NextDNS config ID
# set IP with your Firewalla local lan IP
# you can set up different profiles for different LANs if you wish
# you can use the same profile on more than one LAN if you wish.
# the config section below has to be updated if you add more than one LAN.
id=
IP=
# Put your OpenVPN and WireGuard IP ranges here.
# These are optional.
OpenVPNID=
OpenVPNIP=
WireGuardID=
WireGuardIP=
# If you put your "linked IP" from nextDNS here your DNS will be updated when you start nextDNS.
# you can also use your Firewalla DDNS in the nextDNS console, but remember to update it if that changes
# (e.g. you reinstall Firewalla)
DDNS=
if [ -f /data/stopnextdns ] ; then
echo "❌ not starting nextDNS"
exit
fi
DIR="/home/pi/.firewalla/config/post_main.d"
if [ ! -d $DIR ]; then
mkdir $DIR
chown pi $DIR
chmod 777 $DIR
fi
# Install validation script if not installed.
file=/data/nextdnstest.sh
if [ ! -f "$file" ] ; then
sudo touch $file
sudo chown pi $file
sudo chmod +wx $file
curl https://raw.githubusercontent.com/mbierman/Firewalla-NextDNS-CLI-install/main/nextdnstest.sh > $file
echo "✅ test saved."
else
echo "✅ test in place."
fi
# Install stop Script if not installed.
file=/data/nextdnsstop.sh
if [ ! -f "$file" ] ; then
sudo touch $file
sudo chown pi $file
sudo chmod +wrx $file
curl https://raw.githubusercontent.com/mbierman/Firewalla-NextDNS-CLI-install/main/nextdnsstop.sh > $file
echo "✅ stop saved."
else
echo "✅ stop in place."
fi
# Install data for IFTTT notification
file=/data/nextdnsdata.txt
if [ ! -f "$file" ] ; then
sudo touch $file
sudo chmod +rw $file
sudo chown pi $file
echo "✅ data saved."
curl https://raw.githubusercontent.com/mbierman/Firewalla-NextDNS-CLI-install/main/nextdnsdata.txt >> $file
else
echo "✅ data in place."
fi
# Install Uninstall script if not installed
file=/home/pi/.firewalla/config/post_main.d/uninstall_nextdnscli.nosh
if [ ! -f "$file" ] ; then
touch $file
chown pi $file
chmod +xw $file
curl https://raw.githubusercontent.com/mbierman/Firewalla-NextDNS-CLI-install/main/uninstall_nextdns_cli.nosh > $file
echo "✅ uninstall saved."
else
echo "✅ uninstall in place.."
fi
# Install script if not installed.
file=/home/pi/.firewalla/config/post_main.d/install_nextdnscli.sh
if [ ! -f "$file" ] ; then
touch $file
chown pi $file
chmod +xw $file
curl https://raw.githubusercontent.com/mbierman/Firewalla-NextDNS-CLI-install/main/install_nextdnscli.sh >> $file
echo "✅ install saved."
else
echo "✅ install in place. "
fi
# check for configuration
if [[ -z $id ]] ; then
echo -e "Your nextdns ID is not set.\nEdit using your favorite editor (vi is already installed on Firewalla\n\n \$ vi $file \n\n then run\n \$ $file"
exit
elif [[ -z $IP ]] ; then
echo -e "Your Firewalla IP is not set.\nEdit using your favorite editor (vi is already installed on Firewalla) and run $file ."
exit
else
echo -e "Fully configured and ready to go!\n\n"
fi
# install NextDNS CLI
if [ -z "$(command -v nextdns)" ] ; then
unalias apt
sudo apt install ca-certificates
sudo wget -qO /usr/share/keyrings/nextdns.gpg https://repo.nextdns.io/nextdns.gpg
echo "deb [signed-by=/usr/share/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main" | sudo tee /etc/apt/sources.list.d/nextdns.list
sudo apt update
sudo apt install nextdns
else
echo "✅ nextdns already installed..."
echo "Checking for nextdns update..."
sudo nextdns upgrade
fi
# Create settings file
cat > /home/pi/.firewalla/config/dnsmasq/mynextdns.conf << EOF
server=${IP}#5555
add-mac
add-subnet=32,128
EOF
# modify as needed
# this is an absolute minimal config.
sudo nextdns install \
-config $id \
-report-client-info -cache-size=10MB -max-ttl=5s -discovery-dns ${IP} -listen ${IP}:5555
# alternate command to implement conditional configuration: https://github.com/nextdns/nextdns/wiki/Conditional-Configuration
# sudo nextdns install \
# -config $IP/24=abcdef \
# -config 123456 \
# -report-client-info -cache-size=10MB -max-ttl=5s -discovery-dns 10.10.12.1 -listen 10.10.12.1:5555
# IF you want to apply this to just one network put each network as follows (this one uses the variable IP defined above)
# -config ${IP}/24=${id} \
# For example, you could have a different profile for IoT devices or Guest Networks.
# You can also put a config for an individual mac address like so. Edit to include your actual mac addres and
# put thse before the config above.
# -config xx:yy:zz:aa:bb:cc=${id} \
# For example if you want an Apple TV to use a different nextDNS profile which has different filters.
# You can also set profiles for OpenVPN or WireGuard Profiles. Put thse before the config above.
# -config $OpenVPNIP/24=$VPNID \
# -config $WireGuardIP/24=$VPNID \
# This assumes using the Variables defined above.
# See NextDNS caching: https://github.com/nextdns/nextdns/wiki/Cache-Configuration
# set discovery-dns to IP of Firewalla local DNS
# set NextDNS CLI to listen on local network IP (instead of 127.0.0.1 -- allows DHCP host resolution in NextDNS logs)
# define listen port instead of relying on -setup-router
# sudo nextdns install -config $id -report-client-info -cache-size=10MB -max-ttl=5s -discovery-dns $IP/24 -listen ${IP}:5555
# sudo nextdns install -config $id -report-client-info -cache-size=10MB -max-ttl=5s -discovery-dns $IP -listen ${IP}:5555
# Add dnsmasq integration to enable client reporting in NextDNS logs: https://github.com/nextdns/nextdns/wiki/DNSMasq-Integration
curl -s $DDNS && echo DDNS updated...
# sudo nextdns restart
echo "Restarting Firewalla DNS..." && \
sudo systemctl restart firerouter_dns.service && \
sleep 20 && echo "nextdns is... $(sudo nextdns status)"