Merge pull request 'Add trufflehog to testworkflow' (#17) from trufflehog into master

Reviewed-on: #17

.codespellignore

@@ -1,3 +1,4 @@
 doubleclick
 wan
 nwe
+padd

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# see https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+*       @pi-hole/core-maintainers

.github/dependabot.yml

@@ -8,8 +8,10 @@ updates:
     time: "10:00"
   open-pull-requests-limit: 10
   target-branch: development
-  reviewers:
-    - "pi-hole/core-maintainers"
+  groups:
+    github-actions-dependencies:
+      patterns:
+        - "*"
 - package-ecosystem: pip
   directory: "/test"
   schedule:
@@ -18,5 +20,7 @@ updates:
     time: "10:00"
   open-pull-requests-limit: 10
   target-branch: development
-  reviewers:
-    - "pi-hole/core-maintainers"
+  groups:
+    python-dependencies:
+      patterns:
+        - "*"

.github/release.yml

@@ -2,6 +2,7 @@ changelog:
   exclude:
     labels:
       - internal
+      - dependencies
     authors:
       - dependabot
       - github-actions

.github/workflows/codeql-analysis.yml

@@ -25,16 +25,16 @@ jobs:
     steps:
     -
       name: Checkout repository
-      uses: actions/checkout@v3.4.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
     # Initializes the CodeQL tools for scanning.
     -
       name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
       with:
         languages: 'python'
     -
       name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6
     -
       name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6

.github/workflows/merge-conflict.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check if PRs are have merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@v2.1.0
+        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 #v3.0.3
         with:
           dirtyLabel: "PR: Merge Conflict"
           repoToken: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/stale.yml

@@ -4,23 +4,44 @@ on:
   schedule:
     - cron: '0 8 * * *'
   workflow_dispatch:
+  issue_comment:
+
+env:
+  stale_label: stale
 
 jobs:
-  stale:
-
+  stale_action:
+    if: github.event_name != 'issue_comment'
     runs-on: ubuntu-latest
     permissions:
       issues: write
 
     steps:
-      - uses: actions/stale@v7.0.0
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30
           days-before-close: 5
           stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
-          stale-issue-label: 'stale'
-          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed'
+          stale-issue-label: '${{ env.stale_label }}'
+          exempt-issue-labels: 'Internal, Fixed in next release, Bug: Confirmed, Documentation Needed, never-stale'
           exempt-all-issue-assignees: true
           operations-per-run: 300
           close-issue-reason: 'not_planned'
+
+  remove_stale:
+    # trigger "stale" removal immediately when stale issues are commented on
+    # we need to explicitly check that the trigger does not run on comment on a PR as
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only
+    if: ${{ !github.event.issue.pull_request && github.event_name != 'schedule' }}
+    permissions:
+      contents: read #  for actions/checkout
+      issues: write #  to edit issues label
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+      - name: Remove 'stale' label
+        run: gh issue edit ${{ github.event.issue.number }} --remove-label ${{ env.stale_label }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale_pr.yml

@@ -17,7 +17,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@v7.0.0
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale

.github/workflows/sync-back-to-dev.yml

@@ -33,7 +33,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
       - name: Opening pull request
         run: gh pr create -B development -H master --title 'Sync master back into development' --body 'Created by Github action' --label 'internal'
         env:

.github/workflows/test.yml

@@ -7,13 +7,20 @@ on:
 permissions:
   contents: read
 
+env:
+  FORCE_COLOR: 1
+  PYTHONUNBUFFERED: 1
+  PYTHONUTF8: 1
+
 jobs:
   smoke-tests:
     if: github.event.pull_request.draft == false
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        with:
+          fetch-depth: 0 # Differential ShellCheck requires full git history
 
       - name: Check scripts in repository are executable
         run: |
@@ -23,19 +30,30 @@ jobs:
           # If FAIL is 1 then we fail.
           [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!"
 
+      - name: Differential ShellCheck
+        uses: redhat-plumbers-in-action/differential-shellcheck@d965e66ec0b3b2f821f75c8eff9b12442d9a7d1e #v5.5.6
+        with:
+          severity: warning
+          display-engine: sarif-fmt
+
+      - name: Secret Scanning with TruffleHog
+        uses: trufflesecurity/trufflehog@821e8b9e5cdf8dc484dd23e06f78941fcf6b9191 #v3.91.2
+        with:
+          extra_args: --results=verified,unknown
+
       - name: Spell-Checking
-        uses: codespell-project/actions-codespell@master
+        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 #v2.2
         with:
           ignore_words_file: .codespellignore
 
       - name: Get editorconfig-checker
-        uses: editorconfig-checker/action-editorconfig-checker@main # tag v1.0.0 is really out of date
+        uses: editorconfig-checker/action-editorconfig-checker@4b6cd6190d435e7e084fb35e36a096e98506f7b9 #v2.1.0
 
       - name: Run editorconfig-checker
         run: editorconfig-checker
 
       - name: Check python code formatting with black
-        uses: psf/black@stable
+        uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 #26.3.1
         with:
           src: "./test"
           options: "--check --diff --color"
@@ -49,25 +67,32 @@ jobs:
       matrix:
         distro:
           [
-            debian_10,
             debian_11,
+            debian_12,
+            debian_13,
             ubuntu_20,
             ubuntu_22,
-            centos_8,
+            ubuntu_24,
             centos_9,
-            fedora_36,
-            fedora_37,
+            centos_10,
+            fedora_40,
+            fedora_41,
+            fedora_42,
+            fedora_43,
+            alpine_3_21,
+            alpine_3_22,
+            alpine_3_23,
           ]
     env:
       DISTRO: ${{matrix.distro}}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.4.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
 
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4.5.0
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0
         with:
-          python-version: "3.10"
+          python-version: "3.13"
 
       - name: Install wheel
         run:  pip install wheel

.gitignore

@@ -10,3 +10,6 @@ __pycache__
 .idea/
 *.iml
 .vscode/
+.venv/
+.fleet/
+.cache/

.shellcheckrc

@@ -0,0 +1,6 @@
+external-sources=true # allow shellcheck to read external sources
+disable=SC3043 #disable SC3043: In POSIX sh, local is undefined.
+enable=useless-use-of-cat # disabled by default as of shellcheck 0.11.0
+enable=avoid-negated-conditions # avoid-negated-conditions is optional as of shellcheck 0.11.0
+enable=require-variable-braces
+enable=deprecate-which

.stickler.yml

@@ -1,10 +0,0 @@
----
-linters:
-  shellcheck:
-    shell: bash
-  phpcs:
-  flake8:
-    max-line-length: 120
-  yamllint:
-    config: ./.yamllint.conf
-  remarklint:

.yamllint.conf

@@ -1,3 +0,0 @@
-rules:
-  line-length: disable
-  document-start: disable

README.md

@@ -3,13 +3,9 @@
 #
 
 <p align="center">
-  <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_darkmode.png">
-    <source media="(prefers-color-scheme: light)" srcset="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png">
-    <img src="https://pi-hole.github.io/graphics/Vortex/Vortex_Vertical_wordmark_lightmode.png" width="168" height="270" alt="Pi-hole website">
-  </picture>
-    <br>
-    <strong>Network-wide ad blocking via your own Linux hardware</strong>
+  <img src="https://raw.githubusercontent.com/pi-hole/graphics/refs/heads/master/Vortex/vortex_with_text.svg" alt="Pi-hole website" width="168" height="270">
+  <br>
+  <strong>Network-wide ad blocking via your own Linux hardware</strong>
 </p>
 
 <!-- markdownlint-enable MD033 -->
@@ -33,7 +29,9 @@ The Pi-hole® is a [DNS sinkhole](https://en.wikipedia.org/wiki/DNS_Sinkhole) th
 
 Those who want to get started quickly and conveniently may install Pi-hole using the following command:
 
-### `curl -sSL https://install.pi-hole.net | bash`
+```bash
+curl -sSL https://install.pi-hole.net | bash
+```
 
 ## Alternative Install Methods
 
@@ -130,7 +128,10 @@ Some of the statistics you can integrate include:
 - Queries cached
 - Unique clients
 
-Access the API via [`telnet`](https://github.com/pi-hole/FTL), the Web (`admin/api.php`) and Command Line (`pihole -c -j`). You can find out [more details over here](https://discourse.pi-hole.net/t/pi-hole-api/1863).
+Access the API using:
+- your browser: http://pi.hole/api/docs
+- `curl`: `curl --connect-timeout 2 -ks "https://pi.hole/api/stats/summary" -H "Accept: application/json"`;
+- the command line - examples: `pihole api config/webserver/port` or `pihole api stats/summary`.
 
 ### The Command-Line Interface
 
@@ -138,7 +139,7 @@ The [pihole](https://docs.pi-hole.net/core/pihole-command/) command has all the
 
 Some notable features include:
 
-- [Whitelisting, Blacklisting, and Regex](https://docs.pi-hole.net/core/pihole-command/#whitelisting-blacklisting-and-regex)
+- [Allowlisting, Denylisting (fka Whitelisting, Blacklisting), and Regex](https://docs.pi-hole.net/core/pihole-command/#allowlisting-denylisting-and-regex)
 - [Debugging utility](https://docs.pi-hole.net/core/pihole-command/#debugger)
 - [Viewing the live log file](https://docs.pi-hole.net/core/pihole-command/#tail)
 - [Updating Ad Lists](https://docs.pi-hole.net/core/pihole-command/#gravity)
@@ -150,7 +151,7 @@ You can read our [Core Feature Breakdown](https://docs.pi-hole.net/core/pihole-c
 
 ### The Web Interface Dashboard
 
-This [optional dashboard](https://github.com/pi-hole/AdminLTE) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve!
+This [optional dashboard](https://github.com/pi-hole/web) allows you to view stats, change settings, and configure your Pi-hole. It's the power of the Command Line Interface, with none of the learning curve!
 
 Some notable features include:
 

advanced/01-pihole.conf

@@ -1,35 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Dnsmasq config for Pi-hole's FTLDNS
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
-#                      /etc/pihole/setupVars.conf                             #
-#                                                                             #
-#        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-addn-hosts=/etc/pihole/local.list
-addn-hosts=/etc/pihole/custom.list
-
-domain-needed
-
-localise-queries
-
-bogus-priv
-
-no-resolv
-
-log-queries
-log-facility=/var/log/pihole/pihole.log
-
-log-async

advanced/06-rfc6761.conf

@@ -1,42 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2021 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# RFC 6761 config file for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-#                                                                             #
-#             CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE                #
-#                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
-###############################################################################
-
-# RFC 6761: Caching DNS servers SHOULD recognize
-#     test, localhost, invalid
-# names as special and SHOULD NOT attempt to look up NS records for them, or
-# otherwise query authoritative DNS servers in an attempt to resolve these
-# names.
-server=/test/
-server=/localhost/
-server=/invalid/
-
-# The same RFC requests something similar for
-#     10.in-addr.arpa.      21.172.in-addr.arpa.  27.172.in-addr.arpa.
-#     16.172.in-addr.arpa.  22.172.in-addr.arpa.  28.172.in-addr.arpa.
-#     17.172.in-addr.arpa.  23.172.in-addr.arpa.  29.172.in-addr.arpa.
-#     18.172.in-addr.arpa.  24.172.in-addr.arpa.  30.172.in-addr.arpa.
-#     19.172.in-addr.arpa.  25.172.in-addr.arpa.  31.172.in-addr.arpa.
-#     20.172.in-addr.arpa.  26.172.in-addr.arpa.  168.192.in-addr.arpa.
-# Pi-hole implements this via the dnsmasq option "bogus-priv" (see
-# 01-pihole.conf) because this also covers IPv6.
-
-# OpenWRT furthermore blocks    bind, local, onion    domains
-# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
-# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
-# We do not include the ".local" rule ourselves, see https://github.com/pi-hole/pi-hole/pull/4282#discussion_r689112972
-server=/bind/
-server=/onion/

advanced/Scripts/COL_TABLE

@@ -1,10 +1,12 @@
+#!/usr/bin/env sh
+# shellcheck disable=SC2034  # Disable warning about unused variables
+
 # Determine if terminal is capable of showing colors
-if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
+# When COL_TABLE is sourced via gravity invoked by FTL, FORCE_COLOR is set to true
+if { [ -t 1 ] && [ "$(tput colors)" -ge 8 ]; } || [ "${FORCE_COLOR}" ]; then
   # Bold and underline may not show up on all clients
   # If something MUST be emphasized, use both
   COL_BOLD=''
-  COL_ULINE=''
-
   COL_NC=''
   COL_GRAY=''
   COL_RED=''
@@ -16,8 +18,6 @@ if ([[ -t 1 ]] && [[ $(tput colors) -ge 8 ]]) || [[ "${WEBCALL}" ]]; then
 else
   # Provide empty variables for `set -u`
   COL_BOLD=""
-  COL_ULINE=""
-
   COL_NC=""
   COL_GRAY=""
   COL_RED=""
@@ -28,22 +28,8 @@ else
   COL_CYAN=""
 fi
 
-# Deprecated variables
-COL_WHITE="${COL_BOLD}"
-COL_BLACK="${COL_NC}"
-COL_LIGHT_BLUE="${COL_BLUE}"
-COL_LIGHT_GREEN="${COL_GREEN}"
-COL_LIGHT_CYAN="${COL_CYAN}"
-COL_LIGHT_RED="${COL_RED}"
-COL_URG_RED="${COL_RED}${COL_BOLD}${COL_ULINE}"
-COL_LIGHT_PURPLE="${COL_PURPLE}"
-COL_BROWN="${COL_YELLOW}"
-COL_LIGHT_GRAY="${COL_GRAY}"
-COL_DARK_GRAY="${COL_GRAY}"
-
 TICK="[${COL_GREEN}✓${COL_NC}]"
 CROSS="[${COL_RED}✗${COL_NC}]"
 INFO="[i]"
 QST="[?]"
-DONE="${COL_GREEN} done!${COL_NC}"
 OVER="\\r"

advanced/Scripts/api.sh

@@ -0,0 +1,376 @@
+#!/usr/bin/env sh
+
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Script to hold api functions for use in other scripts
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+
+# The basic usage steps are
+# 1) Test Availability of the API
+# 2) Try to authenticate (read password if needed)
+# 3) Get the data from the API endpoint
+# 4) Delete the session
+
+
+TestAPIAvailability() {
+
+    local chaos_api_list authResponse authStatus authData apiAvailable DNSport
+
+    # as we are running locally, we can get the port value from FTL directly
+    PI_HOLE_SCRIPT_DIR="/opt/pihole"
+    utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+    # shellcheck source=./advanced/Scripts/utils.sh
+    . "${utilsfile}"
+
+    DNSport=$(getFTLConfigValue dns.port)
+
+    # Query the API URLs from FTL using CHAOS TXT local.api.ftl
+    # The result is a space-separated enumeration of full URLs
+    # e.g., "http://localhost:80/api/" "https://localhost:443/api/"
+    chaos_api_list="$(dig +short -p "${DNSport}" chaos txt local.api.ftl @127.0.0.1)"
+
+    # If the query was not successful, the variable is empty
+    if [ -z "${chaos_api_list}" ]; then
+        echo "API not available. Please check connectivity"
+        exit 1
+    fi
+
+    # If an error occurred, the variable starts with ;;
+    if [ "${chaos_api_list#;;}" != "${chaos_api_list}" ]; then
+        echo "Communication error. Is FTL running?"
+        exit 1
+    fi
+
+    # Iterate over space-separated list of URLs
+    while [ -n "${chaos_api_list}" ]; do
+        # Get the first URL
+        API_URL="${chaos_api_list%% *}"
+        # Strip leading and trailing quotes
+        API_URL="${API_URL%\"}"
+        API_URL="${API_URL#\"}"
+
+        # Test if the API is available at this URL, include delimiter for ease in splitting payload
+        authResponse=$(curl --connect-timeout 2 -skS -w ">>%{http_code}" "${API_URL}auth")
+
+        # authStatus is the response http_code, eg. 200, 401.
+        # Shell parameter expansion, remove everything up to and including the >> delim
+        authStatus=${authResponse#*>>}
+        # data is everything from response
+        # Shell parameter expansion, remove the >> delim and everything after
+        authData=${authResponse%>>*}
+
+        # Test if http status code was 200 (OK) or 401 (authentication required)
+        if [ "${authStatus}" = 200 ]; then
+            # API is available without authentication
+            apiAvailable=true
+            needAuth=false
+            break
+
+        elif [ "${authStatus}" = 401 ]; then
+            # API is available with authentication
+            apiAvailable=true
+            needAuth=true
+            # Check if 2FA is required
+            needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null)
+            break
+
+        else
+            # API is not available at this port/protocol combination
+            apiAvailable=false
+            # Remove the first URL from the list
+            local last_api_list
+            last_api_list="${chaos_api_list}"
+            chaos_api_list="${chaos_api_list#* }"
+
+            # If the list did not change, we are at the last element
+            if [ "${last_api_list}" = "${chaos_api_list}" ]; then
+                # Remove the last element
+                chaos_api_list=""
+            fi
+        fi
+    done
+
+    # if apiAvailable is false, no working API was found
+    if [ "${apiAvailable}" = false ]; then
+        echo "API not available. Please check FTL.log"
+        echo "Exiting."
+        exit 1
+    fi
+}
+
+LoginAPI() {
+    # If the API URL is not set, test the availability
+    if [ -z "${API_URL}" ]; then
+        TestAPIAvailability
+    fi
+
+    # Exit early if authentication is not needed
+    if [ "${needAuth}" = false ]; then
+        if [ "${1}" = "verbose" ]; then
+            echo "API Authentication: Not needed"
+        fi
+        return
+    fi
+
+    # Try to read the CLI password (if enabled and readable by the current user)
+    if [ -r /etc/pihole/cli_pw ]; then
+        password=$(cat /etc/pihole/cli_pw)
+
+        if [ "${1}" = "verbose" ]; then
+            echo "API Authentication: Trying to use CLI password"
+        fi
+
+        # If we can read the CLI password, we can skip 2FA even when it's required otherwise
+        needTOTP=false
+    elif [ "${1}" = "verbose" ]; then
+        echo "API Authentication: CLI password not available"
+    fi
+
+    if [ -z "${password}" ]; then
+        # no password read from CLI file
+        echo "Please enter your password:"
+        # secretly read the password
+        secretRead; printf '\n'
+    fi
+
+    if [ "${needTOTP}" = true ]; then
+        # 2FA required
+        echo "Please enter the correct second factor."
+        echo "(Can be any number if you used the app password)"
+        read -r totp
+    fi
+
+    # Try to authenticate using the supplied password (CLI file or user input) and TOTP
+    Authentication "${1}"
+
+    # Try to login again until the session is valid
+    while [ ! "${validSession}" = true ]  ; do
+
+        # Print the error message if there is one
+        if  [ ! "${sessionError}" = "null"  ] && [ "${1}" = "verbose" ]; then
+            echo "Error: ${sessionError}"
+        fi
+        # Print the session message if there is one
+        if  [ ! "${sessionMessage}" = "null" ] && [ "${1}" = "verbose" ]; then
+            echo "Error: ${sessionMessage}"
+        fi
+
+        if  [ "${1}" = "verbose" ]; then
+            # If we are not in verbose mode, no need to print the error message again
+            echo "Please enter your Pi-hole password"
+        else
+
+            echo "Authentication failed. Please enter your Pi-hole password"
+        fi
+
+        # secretly read the password
+        secretRead; printf '\n'
+
+        if [ "${needTOTP}" = true ]; then
+            echo "Please enter the correct second factor:"
+            echo "(Can be any number if you used the app password)"
+            read -r totp
+        fi
+
+        # Try to authenticate again
+        Authentication "${1}"
+    done
+
+}
+
+Authentication() {
+    sessionResponse="$(curl --connect-timeout 2 -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli" --data "{\"password\":\"${password}\", \"totp\":${totp:-null}}" )"
+
+    if [ -z "${sessionResponse}" ]; then
+        echo "No response from FTL server. Please check connectivity"
+        exit 1
+    fi
+
+    # obtain validity, session ID, sessionMessage and error message from
+    # session response, apply default values if none returned
+    result=$(echo "${sessionResponse}" | jq -r '
+        (.session.valid // false),
+        (.session.sid // null),
+        (.session.message // null),
+        (.error.message // null)
+    ' 2>/dev/null)
+
+    validSession=$(echo "${result}" | sed -n '1p')
+    SID=$(echo "${result}" | sed -n '2p')
+    sessionMessage=$(echo "${result}" | sed -n '3p')
+    sessionError=$(echo "${result}" | sed -n '4p')
+
+    if [ "${1}" = "verbose" ]; then
+        if [ "${validSession}" = true ]; then
+            echo "API Authentication: ${COL_GREEN}Success${COL_NC}"
+        else
+            echo "API Authentication: ${COL_RED}Failed${COL_NC}"
+        fi
+    fi
+}
+
+LogoutAPI() {
+    # if a valid Session exists (no password required or successful Authentication) and
+    # SID is not null (successful Authentication only), delete the session
+    if [ "${validSession}" = true ] && [ ! "${SID}" = null ]; then
+        # Try to delete the session. Omit the output, but get the http status code
+        deleteResponse=$(curl -skS -o /dev/null -w "%{http_code}" -X DELETE "${API_URL}auth"  -H "Accept: application/json" -H "sid: ${SID}")
+
+        case "${deleteResponse}" in
+            "401") echo "Logout attempt without a valid session. Unauthorized!";;
+            "204") if [ "${1}" = "verbose" ]; then echo "API Logout: ${COL_GREEN}Success${COL_NC} (session deleted)"; fi;;
+        esac;
+    elif [ "${1}" = "verbose" ]; then
+        echo "API Logout: ${COL_GREEN}Success${COL_NC} (no valid session)"
+    fi
+}
+
+GetFTLData() {
+  local data response status
+  # get the data from querying the API as well as the http status code
+  response=$(curl -skS -w "%{http_code}" -X GET "${API_URL}$1" -H "Accept: application/json" -H "sid: ${SID}" )
+
+  if [ "${2}" = "raw" ]; then
+    # return the raw response
+    echo "${response}"
+  else
+
+    # status are the last 3 characters
+    # not using ${response#"${response%???}"}" here because it's extremely slow on big responses
+    status=$(printf "%s" "${response}" | tail -c 3)
+    # data is everything from response without the last 3 characters
+    data="${response%???}"
+
+    # return only the data
+    if [ "${status}" = 200 ]; then
+        # response OK
+        printf %s "${data}"
+    else
+        # connection lost
+        echo "${status}"
+    fi
+  fi
+}
+
+PostFTLData() {
+  local data response status
+  # send the data to the API
+  response=$(curl -skS -w "%{http_code}" -X POST "${API_URL}$1" --data-raw "$2" -H "Accept: application/json" -H "sid: ${SID}" )
+  # data is everything from response without the last 3 characters
+  if [ "${3}" = "status" ]; then
+    # Keep the status code appended if requested
+    printf %s "${response}"
+  else
+    # Strip the status code
+    printf %s "${response%???}"
+  fi
+}
+
+secretRead() {
+
+    # POSIX compliant function to read user-input and
+    # mask every character entered by (*)
+    #
+    # This is challenging, because in POSIX, `read` does not support
+    # `-s` option (suppressing the input) or
+    # `-n` option (reading n chars)
+
+
+    # This workaround changes the terminal characteristics to not echo input and later resets this option
+    # credits https://stackoverflow.com/a/4316765
+    # showing asterisk instead of password
+    # https://stackoverflow.com/a/24600839
+    # https://unix.stackexchange.com/a/464963
+
+
+    # Save current terminal settings (needed for later restore after password prompt)
+    stty_orig=$(stty -g)
+
+    stty -echo # do not echo user input
+    stty -icanon min 1 time 0 # disable canonical mode https://man7.org/linux/man-pages/man3/termios.3.html
+
+    unset password
+    unset key
+    unset charcount
+    charcount=0
+    while key=$(dd ibs=1 count=1 2>/dev/null); do #read one byte of input
+        if [ "${key}" = "$(printf '\0' | tr -d '\0')" ] ; then
+            # Enter - accept password
+            break
+        fi
+        if [ "${key}" = "$(printf '\177')" ] ; then
+            # Backspace
+            if [ $charcount -gt 0 ] ; then
+                charcount=$((charcount-1))
+                printf '\b \b'
+                password="${password%?}"
+            fi
+        else
+            # any other character
+            charcount=$((charcount+1))
+            printf '*'
+            password="$password$key"
+        fi
+    done
+
+    # restore original terminal settings
+    stty "${stty_orig}"
+}
+
+apiFunc() {
+  local data response status status_col verbosity
+
+  # Define if the output will be silent (default) or verbose
+  verbosity="silent"
+  if [ "$1" = "verbose" ]; then
+    verbosity="verbose"
+    shift
+  fi
+
+  # Authenticate with the API
+  LoginAPI "${verbosity}"
+
+  if [ "${verbosity}" = "verbose" ]; then
+    echo ""
+    echo "Requesting: ${COL_PURPLE}GET ${COL_CYAN}${API_URL}${COL_YELLOW}$1${COL_NC}"
+    echo ""
+  fi
+
+  # Get the data from the API
+  response=$(GetFTLData "$1" raw)
+
+  # status are the last 3 characters
+  # not using ${response#"${response%???}"}" here because it's extremely slow on big responses
+  status=$(printf "%s" "${response}" | tail -c 3)
+  # data is everything from response without the last 3 characters
+  data="${response%???}"
+
+  # Output the status (200 -> green, else red)
+  if [ "${status}" = 200 ]; then
+    status_col="${COL_GREEN}"
+  else
+    status_col="${COL_RED}"
+  fi
+
+  # Only print the status in verbose mode or if the status is not 200
+  if [ "${verbosity}" = "verbose" ] || [ "${status}" != 200 ]; then
+    echo "Status: ${status_col}${status}${COL_NC}"
+  fi
+
+  # Output the data. Format it with jq if available and data is actually JSON.
+  # Otherwise just print it
+  if [ "${verbosity}" = "verbose" ]; then
+    echo "Data:"
+  fi
+  # Attempt to print the data with jq, if it is not valid JSON, or not installed
+  # then print the plain text.
+  echo "${data}" | jq . 2>/dev/null || echo "${data}"
+
+  # Delete the session
+  LogoutAPI "${verbosity}"
+}

advanced/Scripts/chronometer.sh

@@ -1,577 +0,0 @@
-#!/usr/bin/env bash
-# shellcheck disable=SC1090,SC1091
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Calculates stats and displays to an LCD
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-LC_ALL=C
-LC_NUMERIC=C
-
-# Retrieve stats from FTL engine
-pihole-FTL() {
-    local ftl_port LINE
-    # shellcheck disable=SC1091
-    . /opt/pihole/utils.sh
-    ftl_port=$(getFTLAPIPort)
-    if [[ -n "$ftl_port" ]]; then
-        # Open connection to FTL
-        exec 3<>"/dev/tcp/127.0.0.1/$ftl_port"
-
-        # Test if connection is open
-        if { "true" >&3; } 2> /dev/null; then
-            # Send command to FTL and ask to quit when finished
-            echo -e ">$1 >quit" >&3
-
-            # Read input until we received an empty string and the connection is
-            # closed
-            read -r -t 1 LINE <&3
-            until [[ -z "${LINE}" ]] && [[ ! -t 3 ]]; do
-                echo "$LINE" >&1
-                read -r -t 1 LINE <&3
-            done
-
-            # Close connection
-            exec 3>&-
-            exec 3<&-
-        fi
-    else
-        echo "0"
-    fi
-}
-
-# Print spaces to align right-side additional text
-printFunc() {
-    local text_last
-
-    title="$1"
-    title_len="${#title}"
-
-    text_main="$2"
-    text_main_nocol="$text_main"
-    if [[ "${text_main:0:1}" == "" ]]; then
-        text_main_nocol=$(sed 's/\[[0-9;]\{1,5\}m//g' <<< "$text_main")
-    fi
-    text_main_len="${#text_main_nocol}"
-
-    text_addn="$3"
-    if [[ "$text_addn" == "last" ]]; then
-        text_addn=""
-        text_last="true"
-    fi
-
-    # If there is additional text, define max length of text_main
-    if [[ -n "$text_addn" ]]; then
-        case "$scr_cols" in
-            [0-9]|1[0-9]|2[0-9]|3[0-9]|4[0-4]) text_main_max_len="9";;
-            4[5-9]) text_main_max_len="14";;
-            *) text_main_max_len="19";;
-        esac
-    fi
-
-    [[ -z "$text_addn" ]] && text_main_max_len="$(( scr_cols - title_len ))"
-
-    # Remove excess characters from main text
-    if [[ "$text_main_len" -gt "$text_main_max_len" ]]; then
-        # Trim text without colors
-        text_main_trim="${text_main_nocol:0:$text_main_max_len}"
-        # Replace with trimmed text
-        text_main="${text_main/$text_main_nocol/$text_main_trim}"
-    fi
-
-    # Determine amount of spaces for each line
-    if [[ -n "$text_last" ]]; then
-        # Move cursor to end of screen
-        spc_num=$(( scr_cols - ( title_len + text_main_len ) ))
-    else
-        spc_num=$(( text_main_max_len - text_main_len ))
-    fi
-
-    [[ "$spc_num" -le 0 ]] && spc_num="0"
-    spc=$(printf "%${spc_num}s")
-    #spc="${spc// /.}" # Debug: Visualize spaces
-
-    printf "%s%s$spc" "$title" "$text_main"
-
-    if [[ -n "$text_addn" ]]; then
-        printf "%s(%s)%s\\n" "$COL_NC$COL_DARK_GRAY" "$text_addn" "$COL_NC"
-    else
-        # Do not print trailing newline on final line
-        [[ -z "$text_last" ]] && printf "%s\\n" "$COL_NC"
-    fi
-}
-
-# Perform on first Chrono run (not for JSON formatted string)
-get_init_stats() {
-    calcFunc(){ awk "BEGIN {print $*}" 2> /dev/null; }
-
-    # Convert bytes to human-readable format
-    hrBytes() {
-        awk '{
-            num=$1;
-            if(num==0) {
-                print "0 B"
-            } else {
-                xxx=(num<0?-num:num)
-                sss=(num<0?-1:1)
-                split("B KB MB GB TB PB",type)
-                for(i=5;yyy < 1;i--) {
-                    yyy=xxx / (2^(10*i))
-                }
-            printf "%.0f " type[i+2], yyy*sss
-            }
-        }' <<< "$1";
-    }
-
-    # Convert seconds to human-readable format
-    hrSecs() {
-        day=$(( $1/60/60/24 )); hrs=$(( $1/3600%24 ))
-        mins=$(( ($1%3600)/60 )); secs=$(( $1%60 ))
-        [[ "$day" -ge "2" ]] && plu="s"
-        [[ "$day" -ge "1" ]] && days="$day day${plu}, " || days=""
-        printf "%s%02d:%02d:%02d\\n" "$days" "$hrs" "$mins" "$secs"
-    }
-
-    # Set Color Codes
-    coltable="/opt/pihole/COL_TABLE"
-    if [[ -f "${coltable}" ]]; then
-        source ${coltable}
-    else
-        COL_NC=""
-        COL_DARK_GRAY=""
-        COL_LIGHT_GREEN=""
-        COL_LIGHT_BLUE=""
-        COL_LIGHT_RED=""
-        COL_YELLOW=""
-        COL_LIGHT_RED=""
-        COL_URG_RED=""
-    fi
-
-    # Get RPi throttle state (RPi 3B only) & model number, or OS distro info
-    if command -v vcgencmd &> /dev/null; then
-        local sys_throttle_raw
-        local sys_rev_raw
-
-        sys_throttle_raw=$(vgt=$(sudo vcgencmd get_throttled); echo "${vgt##*x}")
-
-        # Active Throttle Notice: https://bit.ly/2gnunOo
-        if [[ "$sys_throttle_raw" != "0" ]]; then
-            case "$sys_throttle_raw" in
-                *0001) thr_type="${COL_YELLOW}Under Voltage";;
-                *0002) thr_type="${COL_LIGHT_BLUE}Arm Freq Cap";;
-                *0003) thr_type="${COL_YELLOW}UV${COL_DARK_GRAY},${COL_NC} ${COL_LIGHT_BLUE}AFC";;
-                *0004) thr_type="${COL_LIGHT_RED}Throttled";;
-                *0005) thr_type="${COL_YELLOW}UV${COL_DARK_GRAY},${COL_NC} ${COL_LIGHT_RED}TT";;
-                *0006) thr_type="${COL_LIGHT_BLUE}AFC${COL_DARK_GRAY},${COL_NC} ${COL_LIGHT_RED}TT";;
-                *0007) thr_type="${COL_YELLOW}UV${COL_DARK_GRAY},${COL_NC} ${COL_LIGHT_BLUE}AFC${COL_DARK_GRAY},${COL_NC} ${COL_LIGHT_RED}TT";;
-            esac
-        [[ -n "$thr_type" ]] && sys_throttle="$thr_type${COL_DARK_GRAY}"
-        fi
-
-        sys_rev_raw=$(awk '/Revision/ {print $3}' < /proc/cpuinfo)
-        case "$sys_rev_raw" in
-            000[2-6]) sys_model=" 1, Model B";; # 256MB
-            000[7-9]) sys_model=" 1, Model A";; # 256MB
-            000d|000e|000f) sys_model=" 1, Model B";; # 512MB
-            0010|0013) sys_model=" 1, Model B+";; # 512MB
-            0012|0015) sys_model=" 1, Model A+";; # 256MB
-            a0104[0-1]|a21041|a22042) sys_model=" 2, Model B";; # 1GB
-            900021) sys_model=" 1, Model A+";; # 512MB
-            900032) sys_model=" 1, Model B+";; # 512MB
-            90009[2-3]|920093) sys_model=" Zero";; # 512MB
-            9000c1) sys_model=" Zero W";; # 512MB
-            a02082|a[2-3]2082) sys_model=" 3, Model B";; # 1GB
-            a020d3) sys_model=" 3, Model B+";; # 1GB
-            *) sys_model="";;
-        esac
-        sys_type="Raspberry Pi$sys_model"
-    else
-        source "/etc/os-release"
-        CODENAME=$(sed 's/[()]//g' <<< "${VERSION/* /}")
-        sys_type="${NAME/ */} ${CODENAME^} $VERSION_ID"
-    fi
-
-    # Get core count
-    sys_cores=$(grep -c "^processor" /proc/cpuinfo)
-
-    # Test existence of clock speed file for ARM CPU
-    if [[ -f "/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq" ]]; then
-        scaling_freq_file="/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq"
-    fi
-
-    # Test existence of temperature file
-    if [[ -f "/sys/class/thermal/thermal_zone0/temp" ]]; then
-        temp_file="/sys/class/thermal/thermal_zone0/temp"
-    elif [[ -f "/sys/class/hwmon/hwmon0/temp1_input" ]]; then
-        temp_file="/sys/class/hwmon/hwmon0/temp1_input"
-    else
-        temp_file=""
-    fi
-
-    # Test existence of setupVars config
-    if [[ -f "/etc/pihole/setupVars.conf" ]]; then
-        setupVars="/etc/pihole/setupVars.conf"
-    fi
-}
-
-get_sys_stats() {
-    local ph_ver_raw
-    local cpu_raw
-    local ram_raw
-    local disk_raw
-
-    # Update every 12 refreshes (Def: every 60s)
-    count=$((count+1))
-    if [[ "$count" == "1" ]] || (( "$count" % 12 == 0 )); then
-        # Do not source setupVars if file does not exist
-        [[ -n "$setupVars" ]] && source "$setupVars"
-
-        mapfile -t ph_ver_raw < <(pihole -v -c 2> /dev/null | sed -n 's/^.* v/v/p')
-        if [[ -n "${ph_ver_raw[0]}" ]]; then
-            ph_core_ver="${ph_ver_raw[0]}"
-            if [[ ${#ph_ver_raw[@]} -eq 2 ]]; then
-                # AdminLTE not installed
-                ph_lte_ver="(not installed)"
-                ph_ftl_ver="${ph_ver_raw[1]}"
-            else
-                ph_lte_ver="${ph_ver_raw[1]}"
-                ph_ftl_ver="${ph_ver_raw[2]}"
-            fi
-        else
-            ph_core_ver="-1"
-        fi
-
-        sys_name=$(hostname)
-
-        [[ -n "$TEMPERATUREUNIT" ]] && temp_unit="${TEMPERATUREUNIT^^}" || temp_unit="C"
-
-        # Get storage stats for partition mounted on /
-        read -r -a disk_raw <<< "$(df -B1 / 2> /dev/null | awk 'END{ print $3,$2,$5 }')"
-        disk_used="${disk_raw[0]}"
-        disk_total="${disk_raw[1]}"
-        disk_perc="${disk_raw[2]}"
-
-        net_gateway=$(ip route | grep default | cut -d ' ' -f 3 | head -n 1)
-
-        # Get DHCP stats, if feature is enabled
-        if [[ "$DHCP_ACTIVE" == "true" ]]; then
-            ph_dhcp_max=$(( ${DHCP_END##*.} - ${DHCP_START##*.} + 1 ))
-        fi
-
-        # Get DNS server count
-        dns_count="0"
-        [[ -n "${PIHOLE_DNS_1}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_2}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_3}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_4}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_5}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_6}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_7}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_8}" ]] && dns_count=$((dns_count+1))
-        [[ -n "${PIHOLE_DNS_9}" ]] && dns_count="$dns_count+"
-    fi
-
-    # Get screen size
-    read -r -a scr_size <<< "$(stty size 2>/dev/null || echo 24 80)"
-    scr_lines="${scr_size[0]}"
-    scr_cols="${scr_size[1]}"
-
-    # Determine Chronometer size behavior
-    if [[ "$scr_cols" -ge 58 ]]; then
-        chrono_width="large"
-    elif [[ "$scr_cols" -gt 40 ]]; then
-        chrono_width="medium"
-    else
-        chrono_width="small"
-    fi
-
-    # Determine max length of divider string
-    scr_line_len=$(( scr_cols - 2 ))
-    [[ "$scr_line_len" -ge 58 ]] && scr_line_len="58"
-    scr_line_str=$(printf "%${scr_line_len}s")
-    scr_line_str="${scr_line_str// /—}"
-
-    sys_uptime=$(hrSecs "$(cut -d. -f1 /proc/uptime)")
-    sys_loadavg=$(cut -d " " -f1,2,3 /proc/loadavg)
-
-    # Get CPU usage, only counting processes over 1% as active
-    # shellcheck disable=SC2009
-    cpu_raw=$(ps -eo pcpu,rss --no-headers | grep -E -v "    0")
-    cpu_tasks=$(wc -l <<< "$cpu_raw")
-    cpu_taskact=$(sed -r "/(^ 0.)/d" <<< "$cpu_raw" | wc -l)
-    cpu_perc=$(awk '{sum+=$1} END {printf "%.0f\n", sum/'"$sys_cores"'}' <<< "$cpu_raw")
-
-    # Get CPU clock speed
-    if [[ -n "$scaling_freq_file" ]]; then
-        cpu_mhz=$(( $(< /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq) / 1000 ))
-    else
-        cpu_mhz=$(lscpu | awk -F ":" '/MHz/ {print $2;exit}')
-        cpu_mhz=$(printf "%.0f" "${cpu_mhz//[[:space:]]/}")
-    fi
-
-    # Determine whether to display CPU clock speed as MHz or GHz
-    if [[ -n "$cpu_mhz" ]]; then
-        [[ "$cpu_mhz" -le "999" ]] && cpu_freq="$cpu_mhz MHz" || cpu_freq="$(printf "%.1f" $(calcFunc "$cpu_mhz"/1000)) GHz"
-        [[ "${cpu_freq}" == *".0"* ]] && cpu_freq="${cpu_freq/.0/}"
-    fi
-
-    # Determine color for temperature
-    if [[ -n "$temp_file" ]]; then
-        if [[ "$temp_unit" == "C" ]]; then
-            cpu_temp=$(printf "%.0fc\\n" "$(calcFunc "$(< $temp_file) / 1000")")
-
-            case "${cpu_temp::-1}" in
-                -*|[0-9]|[1-3][0-9]) cpu_col="$COL_LIGHT_BLUE";;
-                4[0-9]) cpu_col="";;
-                5[0-9]) cpu_col="$COL_YELLOW";;
-                6[0-9]) cpu_col="$COL_LIGHT_RED";;
-                *) cpu_col="$COL_URG_RED";;
-            esac
-
-            # $COL_NC$COL_DARK_GRAY is needed for $COL_URG_RED
-            cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
-
-        elif [[ "$temp_unit" == "F" ]]; then
-            cpu_temp=$(printf "%.0ff\\n" "$(calcFunc "($(< $temp_file) / 1000) * 9 / 5 + 32")")
-
-            case "${cpu_temp::-1}" in
-                -*|[0-9]|[0-9][0-9]) cpu_col="$COL_LIGHT_BLUE";;
-                1[0-1][0-9]) cpu_col="";;
-                1[2-3][0-9]) cpu_col="$COL_YELLOW";;
-                1[4-5][0-9]) cpu_col="$COL_LIGHT_RED";;
-                *) cpu_col="$COL_URG_RED";;
-            esac
-
-            cpu_temp_str=" @ $cpu_col$cpu_temp$COL_NC$COL_DARK_GRAY"
-
-        else
-            cpu_temp_str=$(printf " @ %.0fk\\n" "$(calcFunc "($(< $temp_file) / 1000) + 273.15")")
-        fi
-    else
-        cpu_temp_str=""
-    fi
-
-    read -r -a ram_raw <<< "$(awk '/MemTotal:/{total=$2} /MemFree:/{free=$2} /Buffers:/{buffers=$2} /^Cached:/{cached=$2} END {printf "%.0f %.0f %.0f", (total-free-buffers-cached)*100/total, (total-free-buffers-cached)*1024, total*1024}' /proc/meminfo)"
-    ram_perc="${ram_raw[0]}"
-    ram_used="${ram_raw[1]}"
-    ram_total="${ram_raw[2]}"
-
-    if [[ "$(pihole status web 2> /dev/null)" -ge "1" ]]; then
-        ph_status="${COL_LIGHT_GREEN}Active"
-    else
-        ph_status="${COL_LIGHT_RED}Offline"
-    fi
-
-    if [[ "$DHCP_ACTIVE" == "true" ]]; then
-        local ph_dhcp_range
-
-        ph_dhcp_range=$(seq -s "|" -f "${DHCP_START%.*}.%g" "${DHCP_START##*.}" "${DHCP_END##*.}")
-
-        # Count dynamic leases from available range, and not static leases
-        ph_dhcp_num=$(grep -cE "$ph_dhcp_range" "/etc/pihole/dhcp.leases")
-        ph_dhcp_percent=$(( ph_dhcp_num * 100 / ph_dhcp_max ))
-    fi
-}
-
-get_ftl_stats() {
-    local stats_raw
-
-    mapfile -t stats_raw < <(pihole-FTL "stats")
-    domains_being_blocked_raw="${stats_raw[0]#* }"
-    dns_queries_today_raw="${stats_raw[1]#* }"
-    ads_blocked_today_raw="${stats_raw[2]#* }"
-    ads_percentage_today_raw="${stats_raw[3]#* }"
-    queries_forwarded_raw="${stats_raw[5]#* }"
-    queries_cached_raw="${stats_raw[6]#* }"
-
-    # Only retrieve these stats when not called from jsonFunc
-    if [[ -z "$1" ]]; then
-        local top_ad_raw
-        local top_domain_raw
-        local top_client_raw
-
-        domains_being_blocked=$(printf "%.0f\\n" "${domains_being_blocked_raw}" 2> /dev/null)
-        dns_queries_today=$(printf "%.0f\\n" "${dns_queries_today_raw}")
-        ads_blocked_today=$(printf "%.0f\\n" "${ads_blocked_today_raw}")
-        ads_percentage_today=$(printf "%'.0f\\n" "${ads_percentage_today_raw}")
-        queries_cached_percentage=$(printf "%.0f\\n" "$(calcFunc "$queries_cached_raw * 100 / ( $queries_forwarded_raw + $queries_cached_raw )")")
-        recent_blocked=$(pihole-FTL recentBlocked)
-        read -r -a top_ad_raw <<< "$(pihole-FTL "top-ads (1)")"
-        read -r -a top_domain_raw <<< "$(pihole-FTL "top-domains (1)")"
-        read -r -a top_client_raw <<< "$(pihole-FTL "top-clients (1)")"
-
-        top_ad="${top_ad_raw[2]}"
-        top_domain="${top_domain_raw[2]}"
-        if [[ "${top_client_raw[3]}" ]]; then
-            top_client="${top_client_raw[3]}"
-        else
-            top_client="${top_client_raw[2]}"
-        fi
-    fi
-}
-
-get_strings() {
-    # Expand or contract strings depending on screen size
-    if [[ "$chrono_width" == "large" ]]; then
-        phc_str="        ${COL_DARK_GRAY}Core"
-        lte_str="        ${COL_DARK_GRAY}Web"
-        ftl_str="        ${COL_DARK_GRAY}FTL"
-        api_str="${COL_LIGHT_RED}API Offline"
-
-        host_info="$sys_type"
-        sys_info="$sys_throttle"
-        sys_info2="Active: $cpu_taskact of $cpu_tasks tasks"
-        used_str="Used: "
-        leased_str="Leased: "
-        domains_being_blocked=$(printf "%'.0f" "$domains_being_blocked")
-        ads_blocked_today=$(printf "%'.0f" "$ads_blocked_today")
-        dns_queries_today=$(printf "%'.0f" "$dns_queries_today")
-        ph_info="Blocking: $domains_being_blocked sites"
-        total_str="Total: "
-    else
-        phc_str=" ${COL_DARK_GRAY}Core"
-        lte_str=" ${COL_DARK_GRAY}Web"
-        ftl_str=" ${COL_DARK_GRAY}FTL"
-        api_str="${COL_LIGHT_RED}API Down"
-        ph_info="$domains_being_blocked blocked"
-    fi
-
-    [[ "$sys_cores" -ne 1 ]] && sys_cores_txt="${sys_cores}x "
-    cpu_info="$sys_cores_txt$cpu_freq$cpu_temp_str"
-    ram_info="$used_str$(hrBytes "$ram_used") of $(hrBytes "$ram_total")"
-    disk_info="$used_str$(hrBytes "$disk_used") of $(hrBytes "$disk_total")"
-
-    lan_info="Gateway: $net_gateway"
-    dhcp_info="$leased_str$ph_dhcp_num of $ph_dhcp_max"
-
-    ads_info="$total_str$ads_blocked_today of $dns_queries_today"
-    dns_info="$dns_count DNS servers"
-
-    [[ "$recent_blocked" == "0" ]] && recent_blocked="${COL_LIGHT_RED}FTL offline${COL_NC}"
-}
-
-chronoFunc() {
-    local extra_arg="$1"
-    local extra_value="$2"
-
-    get_init_stats
-
-    for (( ; ; )); do
-        get_sys_stats
-        get_ftl_stats
-        get_strings
-
-        # Strip excess development version numbers
-        if [[ "$ph_core_ver" != "-1" ]]; then
-            phc_ver_str="$phc_str: ${ph_core_ver%-*}${COL_NC}"
-            lte_ver_str="$lte_str: ${ph_lte_ver%-*}${COL_NC}"
-            ftl_ver_str="$ftl_str: ${ph_ftl_ver%-*}${COL_NC}"
-        else
-            phc_ver_str="$phc_str: $api_str${COL_NC}"
-        fi
-
-        # Get refresh number
-        if [[ "${extra_arg}" = "refresh" ]]; then
-            num="${extra_value}"
-            num_str="Refresh set for every $num seconds"
-        else
-            num_str=""
-        fi
-
-        clear
-
-        # Remove exit message heading on third refresh
-        if [[ "$count" -le 2 ]] && [[ "${extra_arg}" != "exit" ]]; then
-            echo -e " ${COL_LIGHT_GREEN}Pi-hole Chronometer${COL_NC}
-            $num_str
-            ${COL_LIGHT_RED}Press Ctrl-C to exit${COL_NC}
-            ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
-        else
-            echo -e "|¯¯¯(¯)_|¯|_  ___|¯|___$phc_ver_str\\n| ¯_/¯|_| ' \\/ _ \\ / -_)$lte_ver_str\\n|_| |_| |_||_\\___/_\\___|$ftl_ver_str\\n ${COL_DARK_GRAY}$scr_line_str${COL_NC}"
-        fi
-
-        printFunc "  Hostname: " "$sys_name" "$host_info"
-        printFunc "    Uptime: " "$sys_uptime" "$sys_info"
-        printFunc " Task Load: " "$sys_loadavg" "$sys_info2"
-        printFunc " CPU usage: " "$cpu_perc%" "$cpu_info"
-        printFunc " RAM usage: " "$ram_perc%" "$ram_info"
-        printFunc " HDD usage: " "$disk_perc" "$disk_info"
-
-        if [[ "$DHCP_ACTIVE" == "true" ]]; then
-            printFunc "DHCP usage: " "$ph_dhcp_percent%" "$dhcp_info"
-        fi
-
-        printFunc "   Pi-hole: " "$ph_status" "$ph_info"
-        printFunc "   Blocked: " "$ads_percentage_today%" "$ads_info"
-        printFunc "Local Qrys: " "$queries_cached_percentage%" "$dns_info"
-
-        printFunc "Last Block: " "$recent_blocked"
-        printFunc " Top Block: " "$top_ad"
-
-        # Provide more stats on screens with more lines
-        if [[ "$scr_lines" -eq 17 ]]; then
-            if [[ "$DHCP_ACTIVE" == "true" ]]; then
-                printFunc "Top Domain: " "$top_domain" "last"
-            else
-                print_client="true"
-            fi
-        else
-            print_client="true"
-        fi
-
-        if [[ -n "$print_client" ]]; then
-            printFunc "Top Domain: " "$top_domain"
-            printFunc "Top Client: " "$top_client" "last"
-        fi
-
-        # Handle exit/refresh options
-        if [[ "${extra_arg}" == "exit" ]]; then
-            exit 0
-        else
-            if [[ "${extra_arg}" == "refresh" ]]; then
-                sleep "$num"
-            else
-                sleep 5
-            fi
-        fi
-
-    done
-}
-
-jsonFunc() {
-    get_ftl_stats "json"
-    echo "{\"domains_being_blocked\":${domains_being_blocked_raw},\"dns_queries_today\":${dns_queries_today_raw},\"ads_blocked_today\":${ads_blocked_today_raw},\"ads_percentage_today\":${ads_percentage_today_raw}}"
-}
-
-helpFunc() {
-    if [[ "$1" == "?" ]]; then
-        echo "Unknown option. Please view 'pihole -c --help' for more information"
-    else
-        echo "Usage: pihole -c [options]
-Example: 'pihole -c -j'
-Calculates stats and displays to an LCD
-
-Options:
-  -j, --json          Output stats as JSON formatted string
-  -r, --refresh       Set update frequency (in seconds)
-  -e, --exit          Output stats and exit without refreshing
-  -h, --help          Display this help text"
-  fi
-
-  exit 0
-}
-
-if [[ $# = 0 ]]; then
-    chronoFunc
-fi
-
-case "$1" in
-    "-j" | "--json"    ) jsonFunc;;
-    "-h" | "--help"    ) helpFunc;;
-    "-r" | "--refresh" ) chronoFunc refresh "$2";;
-    "-e" | "--exit"    ) chronoFunc exit;;
-    *                  ) helpFunc "?";;
-esac

advanced/Scripts/database_migration/gravity-db.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# shellcheck disable=SC1090
+
 
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2019 Pi-hole, LLC (https://pi-hole.net)
@@ -13,119 +13,147 @@
 readonly scriptPath="/etc/.pihole/advanced/Scripts/database_migration/gravity"
 
 upgrade_gravityDB(){
-	local database piholeDir auditFile version
-	database="${1}"
-	piholeDir="${2}"
-	auditFile="${piholeDir}/auditlog.list"
+    local database version
+    database="${1}"
 
-	# Get database version
-	version="$(pihole-FTL sqlite3 "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
+    # Exit early if the database does not exist (e.g. in CI tests)
+    if [[ ! -f "${database}" ]]; then
+        return
+    fi
 
-	if [[ "$version" == "1" ]]; then
-		# This migration script upgrades the gravity.db file by
-		# adding the domain_audit table
-		echo -e "  ${INFO} Upgrading gravity database from version 1 to 2"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/1_to_2.sql"
-		version=2
+    # Get database version
+    version="$(pihole-FTL sqlite3 -ni "${database}" "SELECT \"value\" FROM \"info\" WHERE \"property\" = 'version';")"
 
-		# Store audit domains in database table
-		if [ -e "${auditFile}" ]; then
-			echo -e "  ${INFO} Migrating content of ${auditFile} into new database"
-			# database_table_from_file is defined in gravity.sh
-			database_table_from_file "domain_audit" "${auditFile}"
-		fi
-	fi
-	if [[ "$version" == "2" ]]; then
-		# This migration script upgrades the gravity.db file by
-		# renaming the regex table to regex_blacklist, and
-		# creating a new regex_whitelist table + corresponding linking table and views
-		echo -e "  ${INFO} Upgrading gravity database from version 2 to 3"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/2_to_3.sql"
-		version=3
-	fi
-	if [[ "$version" == "3" ]]; then
-		# This migration script unifies the formally separated domain
-		# lists into a single table with a UNIQUE domain constraint
-		echo -e "  ${INFO} Upgrading gravity database from version 3 to 4"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/3_to_4.sql"
-		version=4
-	fi
-	if [[ "$version" == "4" ]]; then
-		# This migration script upgrades the gravity and list views
-		# implementing necessary changes for per-client blocking
-		echo -e "  ${INFO} Upgrading gravity database from version 4 to 5"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/4_to_5.sql"
-		version=5
-	fi
-	if [[ "$version" == "5" ]]; then
-		# This migration script upgrades the adlist view
-		# to return an ID used in gravity.sh
-		echo -e "  ${INFO} Upgrading gravity database from version 5 to 6"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/5_to_6.sql"
-		version=6
-	fi
-	if [[ "$version" == "6" ]]; then
-		# This migration script adds a special group with ID 0
-		# which is automatically associated to all clients not
-		# having their own group assignments
-		echo -e "  ${INFO} Upgrading gravity database from version 6 to 7"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/6_to_7.sql"
-		version=7
-	fi
-	if [[ "$version" == "7" ]]; then
-		# This migration script recreated the group table
-		# to ensure uniqueness on the group name
-		# We also add date_added and date_modified columns
-		echo -e "  ${INFO} Upgrading gravity database from version 7 to 8"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/7_to_8.sql"
-		version=8
-	fi
-	if [[ "$version" == "8" ]]; then
-		# This migration fixes some issues that were introduced
-		# in the previous migration script.
-		echo -e "  ${INFO} Upgrading gravity database from version 8 to 9"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/8_to_9.sql"
-		version=9
-	fi
-	if [[ "$version" == "9" ]]; then
-		# This migration drops unused tables and creates triggers to remove
-		# obsolete groups assignments when the linked items are deleted
-		echo -e "  ${INFO} Upgrading gravity database from version 9 to 10"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/9_to_10.sql"
-		version=10
-	fi
-	if [[ "$version" == "10" ]]; then
-		# This adds timestamp and an optional comment field to the client table
-		# These fields are only temporary and will be replaces by the columns
-		# defined in gravity.db.sql during gravity swapping. We add them here
-		# to keep the copying process generic (needs the same columns in both the
-		# source and the destination databases).
-		echo -e "  ${INFO} Upgrading gravity database from version 10 to 11"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/10_to_11.sql"
-		version=11
-	fi
-	if [[ "$version" == "11" ]]; then
-		# Rename group 0 from "Unassociated" to "Default"
-		echo -e "  ${INFO} Upgrading gravity database from version 11 to 12"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/11_to_12.sql"
-		version=12
-	fi
-	if [[ "$version" == "12" ]]; then
-		# Add column date_updated to adlist table
-		echo -e "  ${INFO} Upgrading gravity database from version 12 to 13"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/12_to_13.sql"
-		version=13
-	fi
-	if [[ "$version" == "13" ]]; then
-		# Add columns number and status to adlist table
-		echo -e "  ${INFO} Upgrading gravity database from version 13 to 14"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/13_to_14.sql"
-		version=14
-	fi
-	if [[ "$version" == "14" ]]; then
-		# Changes the vw_adlist created in 5_to_6
-		echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
-		pihole-FTL sqlite3 "${database}" < "${scriptPath}/14_to_15.sql"
-		version=15
-	fi
+    if [[ "$version" == "1" ]]; then
+        # This migration script upgraded the gravity.db file by
+        # adding the domain_audit table. It is now a no-op
+        echo -e "  ${INFO} Upgrading gravity database from version 1 to 2"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/1_to_2.sql"
+        version=2
+    fi
+    if [[ "$version" == "2" ]]; then
+        # This migration script upgrades the gravity.db file by
+        # renaming the regex table to regex_blacklist, and
+        # creating a new regex_whitelist table + corresponding linking table and views
+        echo -e "  ${INFO} Upgrading gravity database from version 2 to 3"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/2_to_3.sql"
+        version=3
+    fi
+    if [[ "$version" == "3" ]]; then
+        # This migration script unifies the formally separated domain
+        # lists into a single table with a UNIQUE domain constraint
+        echo -e "  ${INFO} Upgrading gravity database from version 3 to 4"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/3_to_4.sql"
+        version=4
+    fi
+    if [[ "$version" == "4" ]]; then
+        # This migration script upgrades the gravity and list views
+        # implementing necessary changes for per-client blocking
+        echo -e "  ${INFO} Upgrading gravity database from version 4 to 5"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/4_to_5.sql"
+        version=5
+    fi
+    if [[ "$version" == "5" ]]; then
+        # This migration script upgrades the adlist view
+        # to return an ID used in gravity.sh
+        echo -e "  ${INFO} Upgrading gravity database from version 5 to 6"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/5_to_6.sql"
+        version=6
+    fi
+    if [[ "$version" == "6" ]]; then
+        # This migration script adds a special group with ID 0
+        # which is automatically associated to all clients not
+        # having their own group assignments
+        echo -e "  ${INFO} Upgrading gravity database from version 6 to 7"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/6_to_7.sql"
+        version=7
+    fi
+    if [[ "$version" == "7" ]]; then
+        # This migration script recreated the group table
+        # to ensure uniqueness on the group name
+        # We also add date_added and date_modified columns
+        echo -e "  ${INFO} Upgrading gravity database from version 7 to 8"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/7_to_8.sql"
+        version=8
+    fi
+    if [[ "$version" == "8" ]]; then
+        # This migration fixes some issues that were introduced
+        # in the previous migration script.
+        echo -e "  ${INFO} Upgrading gravity database from version 8 to 9"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/8_to_9.sql"
+        version=9
+    fi
+    if [[ "$version" == "9" ]]; then
+        # This migration drops unused tables and creates triggers to remove
+        # obsolete groups assignments when the linked items are deleted
+        echo -e "  ${INFO} Upgrading gravity database from version 9 to 10"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/9_to_10.sql"
+        version=10
+    fi
+    if [[ "$version" == "10" ]]; then
+        # This adds timestamp and an optional comment field to the client table
+        # These fields are only temporary and will be replaces by the columns
+        # defined in gravity.db.sql during gravity swapping. We add them here
+        # to keep the copying process generic (needs the same columns in both the
+        # source and the destination databases).
+        echo -e "  ${INFO} Upgrading gravity database from version 10 to 11"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/10_to_11.sql"
+        version=11
+    fi
+    if [[ "$version" == "11" ]]; then
+        # Rename group 0 from "Unassociated" to "Default"
+        echo -e "  ${INFO} Upgrading gravity database from version 11 to 12"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/11_to_12.sql"
+        version=12
+    fi
+    if [[ "$version" == "12" ]]; then
+        # Add column date_updated to adlist table
+        echo -e "  ${INFO} Upgrading gravity database from version 12 to 13"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/12_to_13.sql"
+        version=13
+    fi
+    if [[ "$version" == "13" ]]; then
+        # Add columns number and status to adlist table
+        echo -e "  ${INFO} Upgrading gravity database from version 13 to 14"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/13_to_14.sql"
+        version=14
+    fi
+    if [[ "$version" == "14" ]]; then
+        # Changes the vw_adlist created in 5_to_6
+        echo -e "  ${INFO} Upgrading gravity database from version 14 to 15"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/14_to_15.sql"
+        version=15
+    fi
+    if [[ "$version" == "15" ]]; then
+        # Add column abp_entries to adlist table
+        echo -e "  ${INFO} Upgrading gravity database from version 15 to 16"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/15_to_16.sql"
+        version=16
+    fi
+    if [[ "$version" == "16" ]]; then
+        # Add antigravity table
+        # Add column type to adlist table (to support adlist types)
+        echo -e "  ${INFO} Upgrading gravity database from version 16 to 17"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/16_to_17.sql"
+        version=17
+    fi
+    if [[ "$version" == "17" ]]; then
+        # Add adlist.id to vw_gravity and vw_antigravity
+        echo -e "  ${INFO} Upgrading gravity database from version 17 to 18"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/17_to_18.sql"
+        version=18
+    fi
+    if [[ "$version" == "18" ]]; then
+        # Modify DELETE triggers to delete BEFORE instead of AFTER to prevent
+        # foreign key constraint violations
+        echo -e "  ${INFO} Upgrading gravity database from version 18 to 19"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/18_to_19.sql"
+        version=19
+    fi
+    if [[ "$version" == "19" ]]; then
+        # Update views to use new allowlist/denylist names
+        echo -e "  ${INFO} Upgrading gravity database from version 19 to 20"
+        pihole-FTL sqlite3 -ni "${database}" < "${scriptPath}/19_to_20.sql"
+        version=20
+    fi
 }

advanced/Scripts/database_migration/gravity/15_to_16.sql

@@ -0,0 +1,11 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+
+ALTER TABLE adlist ADD COLUMN abp_entries INTEGER NOT NULL DEFAULT 0;
+
+UPDATE info SET value = 16 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/16_to_17.sql

@@ -0,0 +1,33 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+
+ALTER TABLE adlist ADD COLUMN type INTEGER NOT NULL DEFAULT 0;
+
+UPDATE adlist SET type = 0;
+
+CREATE TABLE IF NOT EXISTS antigravity
+(
+    domain TEXT NOT NULL,
+    adlist_id INTEGER NOT NULL REFERENCES adlist (id)
+);
+
+CREATE VIEW vw_antigravity AS SELECT domain, adlist_by_group.group_id AS group_id
+    FROM antigravity
+    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = antigravity.adlist_id
+    LEFT JOIN adlist ON adlist.id = antigravity.adlist_id
+    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
+    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) AND adlist.type = 1;
+
+DROP VIEW vw_adlist;
+
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id, type
+    FROM adlist
+    WHERE enabled = 1
+    ORDER BY id;
+
+UPDATE info SET value = 17 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/17_to_18.sql

@@ -0,0 +1,25 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+
+DROP VIEW vw_gravity;
+CREATE VIEW vw_gravity AS SELECT domain, adlist.id AS adlist_id, adlist_by_group.group_id AS group_id
+    FROM gravity
+    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = gravity.adlist_id
+    LEFT JOIN adlist ON adlist.id = gravity.adlist_id
+    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
+    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
+
+DROP VIEW vw_antigravity;
+CREATE VIEW vw_antigravity AS SELECT domain, adlist.id AS adlist_id, adlist_by_group.group_id AS group_id
+    FROM antigravity
+    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = antigravity.adlist_id
+    LEFT JOIN adlist ON adlist.id = antigravity.adlist_id
+    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
+    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) AND adlist.type = 1;
+
+UPDATE info SET value = 18 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/18_to_19.sql

@@ -0,0 +1,27 @@
+.timeout 30000
+
+PRAGMA FOREIGN_KEYS=OFF;
+
+BEGIN TRANSACTION;
+
+DROP TRIGGER tr_domainlist_delete;
+CREATE TRIGGER tr_domainlist_delete BEFORE DELETE ON domainlist
+    BEGIN
+      DELETE FROM domainlist_by_group WHERE domainlist_id = OLD.id;
+    END;
+
+DROP TRIGGER tr_adlist_delete;
+CREATE TRIGGER tr_adlist_delete BEFORE DELETE ON adlist
+    BEGIN
+      DELETE FROM adlist_by_group WHERE adlist_id = OLD.id;
+    END;
+
+DROP TRIGGER tr_client_delete;
+CREATE TRIGGER tr_client_delete BEFORE DELETE ON client
+    BEGIN
+      DELETE FROM client_by_group WHERE client_id = OLD.id;
+    END;
+
+UPDATE info SET value = 19 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/19_to_20.sql

@@ -0,0 +1,43 @@
+.timeout 30000
+
+BEGIN TRANSACTION;
+
+DROP VIEW vw_whitelist;
+CREATE VIEW vw_allowlist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+    FROM domainlist
+    LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
+    LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
+    WHERE domainlist.enabled = 1 AND (domainlist_by_group.group_id IS NULL OR "group".enabled = 1)
+    AND domainlist.type = 0
+    ORDER BY domainlist.id;
+
+DROP VIEW vw_blacklist;
+CREATE VIEW vw_denylist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+    FROM domainlist
+    LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
+    LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
+    WHERE domainlist.enabled = 1 AND (domainlist_by_group.group_id IS NULL OR "group".enabled = 1)
+    AND domainlist.type = 1
+    ORDER BY domainlist.id;
+
+DROP VIEW vw_regex_whitelist;
+CREATE VIEW vw_regex_allowlist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+    FROM domainlist
+    LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
+    LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
+    WHERE domainlist.enabled = 1 AND (domainlist_by_group.group_id IS NULL OR "group".enabled = 1)
+    AND domainlist.type = 2
+    ORDER BY domainlist.id;
+
+DROP VIEW vw_regex_blacklist;
+CREATE VIEW vw_regex_denylist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+    FROM domainlist
+    LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
+    LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
+    WHERE domainlist.enabled = 1 AND (domainlist_by_group.group_id IS NULL OR "group".enabled = 1)
+    AND domainlist.type = 3
+    ORDER BY domainlist.id;
+
+UPDATE info SET value = 20 WHERE property = 'version';
+
+COMMIT;

advanced/Scripts/database_migration/gravity/1_to_2.sql

@@ -2,13 +2,6 @@
 
 BEGIN TRANSACTION;
 
-CREATE TABLE domain_audit
-(
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	domain TEXT UNIQUE NOT NULL,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int))
-);
-
 UPDATE info SET value = 2 WHERE property = 'version';
 
 COMMIT;

advanced/Scripts/database_migration/gravity/2_to_3.sql

@@ -8,9 +8,9 @@ ALTER TABLE regex RENAME TO regex_blacklist;
 
 CREATE TABLE regex_blacklist_by_group
 (
-	regex_blacklist_id INTEGER NOT NULL REFERENCES regex_blacklist (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (regex_blacklist_id, group_id)
+    regex_blacklist_id INTEGER NOT NULL REFERENCES regex_blacklist (id),
+    group_id INTEGER NOT NULL REFERENCES "group" (id),
+    PRIMARY KEY (regex_blacklist_id, group_id)
 );
 
 INSERT INTO regex_blacklist_by_group SELECT * FROM regex_by_group;
@@ -32,19 +32,19 @@ CREATE TRIGGER tr_regex_blacklist_update AFTER UPDATE ON regex_blacklist
 
 CREATE TABLE regex_whitelist
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	domain TEXT UNIQUE NOT NULL,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    domain TEXT UNIQUE NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    comment TEXT
 );
 
 CREATE TABLE regex_whitelist_by_group
 (
-	regex_whitelist_id INTEGER NOT NULL REFERENCES regex_whitelist (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (regex_whitelist_id, group_id)
+    regex_whitelist_id INTEGER NOT NULL REFERENCES regex_whitelist (id),
+    group_id INTEGER NOT NULL REFERENCES "group" (id),
+    PRIMARY KEY (regex_whitelist_id, group_id)
 );
 
 CREATE VIEW vw_regex_whitelist AS SELECT DISTINCT domain

advanced/Scripts/database_migration/gravity/3_to_4.sql

@@ -6,13 +6,13 @@ BEGIN TRANSACTION;
 
 CREATE TABLE domainlist
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	type INTEGER NOT NULL DEFAULT 0,
-	domain TEXT UNIQUE NOT NULL,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    type INTEGER NOT NULL DEFAULT 0,
+    domain TEXT UNIQUE NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    comment TEXT
 );
 
 ALTER TABLE whitelist ADD COLUMN type INTEGER;
@@ -41,9 +41,9 @@ DROP TABLE regex_whitelist_by_group;
 DROP TABLE regex_blacklist_by_group;
 CREATE TABLE domainlist_by_group
 (
-	domainlist_id INTEGER NOT NULL REFERENCES domainlist (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (domainlist_id, group_id)
+    domainlist_id INTEGER NOT NULL REFERENCES domainlist (id),
+    group_id INTEGER NOT NULL REFERENCES "group" (id),
+    PRIMARY KEY (domainlist_id, group_id)
 );
 
 DROP TRIGGER tr_whitelist_update;

advanced/Scripts/database_migration/gravity/4_to_5.sql

@@ -7,9 +7,9 @@ BEGIN TRANSACTION;
 DROP TABLE gravity;
 CREATE TABLE gravity
 (
-	domain TEXT NOT NULL,
-	adlist_id INTEGER NOT NULL REFERENCES adlist (id),
-	PRIMARY KEY(domain, adlist_id)
+    domain TEXT NOT NULL,
+    adlist_id INTEGER NOT NULL REFERENCES adlist (id),
+    PRIMARY KEY(domain, adlist_id)
 );
 
 DROP VIEW vw_gravity;
@@ -22,15 +22,15 @@ CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
 
 CREATE TABLE client
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	ip TEXT NOL NULL UNIQUE
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    ip TEXT NOL NULL UNIQUE
 );
 
 CREATE TABLE client_by_group
 (
-	client_id INTEGER NOT NULL REFERENCES client (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (client_id, group_id)
+    client_id INTEGER NOT NULL REFERENCES client (id),
+    group_id INTEGER NOT NULL REFERENCES "group" (id),
+    PRIMARY KEY (client_id, group_id)
 );
 
 UPDATE info SET value = 5 WHERE property = 'version';

advanced/Scripts/database_migration/gravity/5_to_6.sql

@@ -15,4 +15,3 @@ CREATE VIEW vw_adlist AS SELECT DISTINCT address, adlist.id AS id
 UPDATE info SET value = 6 WHERE property = 'version';
 
 COMMIT;
-

advanced/Scripts/database_migration/gravity/7_to_8.sql

@@ -8,12 +8,12 @@ ALTER TABLE "group" RENAME TO "group__";
 
 CREATE TABLE "group"
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	name TEXT UNIQUE NOT NULL,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	description TEXT
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    name TEXT UNIQUE NOT NULL,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    description TEXT
 );
 
 CREATE TRIGGER tr_group_update AFTER UPDATE ON "group"

advanced/Scripts/list.sh

@@ -1,309 +1,229 @@
 #!/usr/bin/env bash
-# shellcheck disable=SC1090
 
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
-# Whitelist and blacklist domains
+# allowlist and denylist domains
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-# Globals
-piholeDir="/etc/pihole"
-GRAVITYDB="${piholeDir}/gravity.db"
-# Source pihole-FTL from install script
-pihole_FTL="${piholeDir}/pihole-FTL.conf"
-if [[ -f "${pihole_FTL}" ]]; then
-    source "${pihole_FTL}"
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "${utilsfile}"
+
+apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
+# shellcheck source="./advanced/Scripts/api.sh"
+source "${apifile}"
+
+# Determine database location
+DBFILE=$(getFTLConfigValue "files.database")
+if [ -z "$DBFILE" ]; then
+    DBFILE="/etc/pihole/pihole-FTL.db"
 fi
 
-# Set this only after sourcing pihole-FTL.conf as the gravity database path may
-# have changed
-gravityDBfile="${GRAVITYDB}"
+# Determine gravity database location
+GRAVITYDB=$(getFTLConfigValue "files.gravity")
+if [ -z "$GRAVITYDB" ]; then
+    GRAVITYDB="/etc/pihole/gravity.db"
+fi
 
-noReloadRequested=false
 addmode=true
 verbose=true
 wildcard=false
-web=false
 
 domList=()
 
 typeId=""
 comment=""
-declare -i domaincount
-domaincount=0
-reload=false
 
 colfile="/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/COL_TABLE"
 source ${colfile}
 
-# IDs are hard-wired to domain interpretation in the gravity database scheme
-# Clients (including FTL) will read them through the corresponding views
-readonly whitelist="0"
-readonly blacklist="1"
-readonly regex_whitelist="2"
-readonly regex_blacklist="3"
-
-GetListnameFromTypeId() {
-    if [[ "$1" == "${whitelist}" ]]; then
-        echo "whitelist"
-    elif  [[ "$1" == "${blacklist}" ]]; then
-        echo "blacklist"
-    elif  [[ "$1" == "${regex_whitelist}" ]]; then
-        echo "regex whitelist"
-    elif  [[ "$1" == "${regex_blacklist}" ]]; then
-        echo "regex blacklist"
-    fi
-}
-
-GetListParamFromTypeId() {
-    if [[ "${typeId}" == "${whitelist}" ]]; then
-        echo "w"
-    elif  [[ "${typeId}" == "${blacklist}" ]]; then
-        echo "b"
-    elif  [[ "${typeId}" == "${regex_whitelist}" && "${wildcard}" == true ]]; then
-        echo "-white-wild"
-    elif  [[ "${typeId}" == "${regex_whitelist}" ]]; then
-        echo "-white-regex"
-    elif  [[ "${typeId}" == "${regex_blacklist}" && "${wildcard}" == true ]]; then
-        echo "-wild"
-    elif  [[ "${typeId}" == "${regex_blacklist}" ]]; then
-        echo "-regex"
-    fi
-}
-
 helpFunc() {
-    local listname param
-
-    listname="$(GetListnameFromTypeId "${typeId}")"
-    param="$(GetListParamFromTypeId)"
-
-    echo "Usage: pihole -${param} [options] <domain> <domain2 ...>
-Example: 'pihole -${param} site.com', or 'pihole -${param} site1.com site2.com'
-${listname^} one or more domains
+    echo "Usage: pihole ${abbrv} [options] <domain> <domain2 ...>
+Example: 'pihole ${abbrv} site.com', or 'pihole ${abbrv} site1.com site2.com'
+${typeId^} one or more ${kindId} domains
 
 Options:
-  -d, --delmode       Remove domain(s) from the ${listname}
-  -nr, --noreload     Update ${listname} without reloading the DNS server
+  remove, delete, -d  Remove domain(s)
   -q, --quiet         Make output less verbose
   -h, --help          Show this help dialog
-  -l, --list          Display all your ${listname}listed domains
-  --nuke              Removes all entries in a list
+  -l, --list          Display domains
   --comment \"text\"    Add a comment to the domain. If adding multiple domains the same comment will be used for all"
 
   exit 0
 }
 
-ValidateDomain() {
-    # Convert to lowercase
-    domain="${1,,}"
-    local str validDomain
-
-    # Check validity of domain (don't check for regex entries)
-    if [[ ( "${typeId}" == "${regex_blacklist}" || "${typeId}" == "${regex_whitelist}" ) && "${wildcard}" == false ]]; then
-        validDomain="${domain}"
-    else
-        # Check max length
-        if [[ "${#domain}" -le 253 ]]; then
-            validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
-            validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
-            # set error string
-            str="is not a valid argument or domain name!"
-        else
-            validDomain=
-            str="is too long!"
-
-        fi
+CreateDomainList() {
+    # Format domain into regex filter if requested
+    local dom=${1}
+    if [[ "${wildcard}" == true ]]; then
+        dom="(\\.|^)${dom//\./\\.}$"
     fi
-
-    if [[ -n "${validDomain}" ]]; then
-        domList=("${domList[@]}" "${validDomain}")
-    else
-        echo -e "  ${CROSS} ${domain} ${str}"
-    fi
-
-    domaincount=$((domaincount+1))
-}
-
-ProcessDomainList() {
-    for dom in "${domList[@]}"; do
-        # Format domain into regex filter if requested
-        if [[ "${wildcard}" == true ]]; then
-            dom="(\\.|^)${dom//\./\\.}$"
-        fi
-
-        # Logic: If addmode then add to desired list and remove from the other;
-        # if delmode then remove from desired list but do not add to the other
-        if ${addmode}; then
-            AddDomain "${dom}"
-        else
-            RemoveDomain "${dom}"
-        fi
-    done
+    domList=("${domList[@]}" "${dom}")
 }
 
 AddDomain() {
-    local domain num requestedListname existingTypeId existingListname
-    domain="$1"
+    local json num data
 
-    # Is the domain in the list we want to add it to?
-    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}';")"
-    requestedListname="$(GetListnameFromTypeId "${typeId}")"
+    # Authenticate with the API
+    LoginAPI
 
-    if [[ "${num}" -ne 0 ]]; then
-        existingTypeId="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT type FROM domainlist WHERE domain = '${domain}';")"
-        if [[ "${existingTypeId}" == "${typeId}" ]]; then
-            if [[ "${verbose}" == true ]]; then
-                echo -e "  ${INFO} ${1} already exists in ${requestedListname}, no need to add!"
+    # Prepare request to POST /api/domains/{type}/{kind}
+    # Build JSON object of the following form
+    #  {
+    #    "domain": [ <domains> ],
+    #    "comment": <comment>
+    #  }
+    # where <domains> is an array of domain strings and <comment> is a string
+    # We use jq to build the JSON object
+    json=$(jq --null-input --compact-output --arg domains "${domList[*]}" --arg comment "${comment}" '{domain: $domains | split(" "), comment: $comment}')
+
+    # Send the request
+    data=$(PostFTLData "domains/${typeId}/${kindId}" "${json}")
+
+    # Display domain(s) added
+    # (they are listed in .processed.success, use jq)
+    num=$(echo "${data}" | jq '.processed.success | length')
+    if [[ "${num}" -gt 0 ]] && [[ "${verbose}" == true ]]; then
+        echo -e "  ${TICK} Added ${num} domain(s):"
+        for i in $(seq 0 $((num-1))); do
+            echo -e "    - ${COL_BLUE}$(echo "${data}" | jq --raw-output ".processed.success[$i].item")${COL_NC}"
+        done
+    fi
+    # Display failed domain(s)
+    # (they are listed in .processed.errors, use jq)
+    num=$(echo "${data}" | jq '.processed.errors | length')
+    if [[ "${num}" -gt 0 ]] && [[ "${verbose}" == true ]]; then
+        echo -e "  ${CROSS} Failed to add ${num} domain(s):"
+        for i in $(seq 0 $((num-1))); do
+            echo -e "    - ${COL_BLUE}$(echo "${data}" | jq --raw-output ".processed.errors[$i].item")${COL_NC}"
+            error=$(echo "${data}" | jq --raw-output ".processed.errors[$i].error")
+            if [[ "${error}" == "UNIQUE constraint failed: domainlist.domain, domainlist.type" ]]; then
+                error="Domain already in the specified list"
             fi
-        else
-            existingListname="$(GetListnameFromTypeId "${existingTypeId}")"
-            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE domainlist SET type = ${typeId} WHERE domain='${domain}';"
-            if [[ "${verbose}" == true ]]; then
-                echo -e "  ${INFO} ${1} already exists in ${existingListname}, it has been moved to ${requestedListname}!"
-            fi
-        fi
-        return
+            echo -e "      ${error}"
+        done
     fi
 
-    # Domain not found in the table, add it!
-    if [[ "${verbose}" == true ]]; then
-        echo -e "  ${INFO} Adding ${domain} to the ${requestedListname}..."
-    fi
-    reload=true
-    # Insert only the domain here. The enabled and date_added fields will be filled
-    # with their default values (enabled = true, date_added = current timestamp)
-    if [[ -z "${comment}" ]]; then
-        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type) VALUES ('${domain}',${typeId});"
-    else
-        # also add comment when variable has been set through the "--comment" option
-        pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domainlist (domain,type,comment) VALUES ('${domain}',${typeId},'${comment}');"
-    fi
+    # Log out
+    LogoutAPI
 }
 
 RemoveDomain() {
-    local domain num requestedListname
-    domain="$1"
+    local json num data status
 
-    # Is the domain in the list we want to remove it from?
-    num="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(*) FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};")"
+    # Authenticate with the API
+    LoginAPI
 
-    requestedListname="$(GetListnameFromTypeId "${typeId}")"
+    # Prepare request to POST /api/domains:batchDelete
+    # Build JSON object of the following form
+    #  [{
+    #    "item": <domain>,
+    #    "type": "${typeId}",
+    #    "kind": "${kindId}",
+    #  }]
+    # where <domain> is the domain string and ${typeId} and ${kindId} are the type and kind IDs
+    # We use jq to build the JSON object)
+    json=$(jq --null-input --compact-output --arg domains "${domList[*]}" --arg typeId "${typeId}" --arg kindId "${kindId}" '[ $domains | split(" ")[] as $item | {item: $item, type: $typeId, kind: $kindId} ]')
 
-    if [[ "${num}" -eq 0 ]]; then
-        if [[ "${verbose}" == true ]]; then
-            echo -e "  ${INFO} ${domain} does not exist in ${requestedListname}, no need to remove!"
-        fi
-        return
+    # Send the request
+    data=$(PostFTLData "domains:batchDelete" "${json}" "status")
+    # Separate the status from the data
+    status=$(printf %s "${data#"${data%???}"}")
+    data=$(printf %s "${data%???}")
+
+    # If there is an .error object in the returned data, display it
+    local error
+    error=$(jq --compact-output <<< "${data}" '.error')
+    if [[ $error != "null" && $error != "" ]]; then
+        echo -e "  ${CROSS} Failed to remove domain(s):"
+        echo -e "      $(jq <<< "${data}" '.error')"
+    elif [[ "${verbose}" == true && "${status}" == "204" ]]; then
+        echo -e "  ${TICK} Domain(s) removed from the ${kindId} ${typeId}list"
+    elif [[ "${verbose}" == true && "${status}" == "404" ]]; then
+        echo -e "  ${TICK} Requested domain(s) not found on ${kindId} ${typeId}list"
     fi
 
-    # Domain found in the table, remove it!
-    if [[ "${verbose}" == true ]]; then
-        echo -e "  ${INFO} Removing ${domain} from the ${requestedListname}..."
-    fi
-    reload=true
-    # Remove it from the current list
-    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE domain = '${domain}' AND type = ${typeId};"
+    # Log out
+    LogoutAPI
 }
 
 Displaylist() {
-    local count num_pipes domain enabled status nicedate requestedListname
+    local data
 
-    requestedListname="$(GetListnameFromTypeId "${typeId}")"
-    data="$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain,enabled,date_modified FROM domainlist WHERE type = ${typeId};" 2> /dev/null)"
-
-    if [[ -z $data ]]; then
-        echo -e "Not showing empty list"
-    else
-        echo -e "Displaying ${requestedListname}:"
-        count=1
-        while IFS= read -r line
-        do
-            # Count number of pipes seen in this line
-            # This is necessary because we can only detect the pipe separating the fields
-            # from the end backwards as the domain (which is the first field) may contain
-            # pipe symbols as they are perfectly valid regex filter control characters
-            num_pipes="$(grep -c "^" <<< "$(grep -o "|" <<< "${line}")")"
-
-            # Extract domain and enabled status based on the obtained number of pipe characters
-            domain="$(cut -d'|' -f"-$((num_pipes-1))" <<< "${line}")"
-            enabled="$(cut -d'|' -f"$((num_pipes))" <<< "${line}")"
-            datemod="$(cut -d'|' -f"$((num_pipes+1))" <<< "${line}")"
-
-            # Translate boolean status into human readable string
-            if [[ "${enabled}" -eq 1 ]]; then
-                status="enabled"
-            else
-                status="disabled"
-            fi
-
-            # Get nice representation of numerical date stored in database
-            nicedate=$(date --rfc-2822 -d "@${datemod}")
-
-            echo "  ${count}: ${domain} (${status}, last modified ${nicedate})"
-            count=$((count+1))
-        done <<< "${data}"
+    # if either typeId or kindId is empty, we cannot display the list
+    if [[ -z "${typeId}" ]] || [[ -z "${kindId}" ]]; then
+        echo "  ${CROSS} Unable to display list. Please specify a list type and kind."
+        exit 1
     fi
-    exit 0;
-}
 
-NukeList() {
-    count=$(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT COUNT(1) FROM domainlist WHERE type = ${typeId};")
-    listname="$(GetListnameFromTypeId "${typeId}")"
-    if [ "$count" -gt 0 ];then
-        pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domainlist WHERE type = ${typeId};"
-        echo "  ${TICK} Removed ${count} domain(s) from the ${listname}"
+    # Authenticate with the API
+    LoginAPI
+
+    # Send the request
+    data=$(GetFTLData "domains/${typeId}/${kindId}")
+
+    # Display the list
+    num=$(echo "${data}" | jq '.domains | length')
+    if [[ "${num}" -gt 0 ]]; then
+        echo -e "  ${TICK} Found ${num} domain(s) in the ${kindId} ${typeId}list:"
+        for i in $(seq 0 $((num-1))); do
+            echo -e "    - ${COL_BLUE}$(echo "${data}" | jq --compact-output ".domains[$i].domain")${COL_NC}"
+            echo -e "      Comment: $(echo "${data}" | jq --compact-output ".domains[$i].comment")"
+            echo -e "      Groups: $(echo "${data}" | jq --compact-output ".domains[$i].groups")"
+            echo -e "      Added: $(date -d @"$(echo "${data}" | jq --compact-output ".domains[$i].date_added")")"
+            echo -e "      Last modified: $(date -d @"$(echo "${data}" | jq --compact-output ".domains[$i].date_modified")")"
+        done
     else
-        echo "  ${INFO} ${listname} already empty. Nothing to do!"
+        echo -e "  ${INFO} No domains found in the ${kindId} ${typeId}list"
     fi
-    exit 0;
+
+    # Log out
+    LogoutAPI
+
+    # Return early without adding/deleting domains
+    exit 0
 }
 
 GetComment() {
     comment="$1"
     if [[ "${comment}" =~ [^a-zA-Z0-9_\#:/\.,\ -] ]]; then
         echo "  ${CROSS} Found invalid characters in domain comment!"
-        exit
+        exit 1
     fi
 }
 
 while (( "$#" )); do
     case "${1}" in
-        "-w" | "whitelist"   ) typeId=0;;
-        "-b" | "blacklist"   ) typeId=1;;
-        "--white-regex" | "white-regex" ) typeId=2;;
-        "--white-wild" | "white-wild" ) typeId=2; wildcard=true;;
-        "--wild" | "wildcard" ) typeId=3; wildcard=true;;
-        "--regex" | "regex"   ) typeId=3;;
-        "-nr"| "--noreload"  ) noReloadRequested=true;;
-        "-d" | "--delmode"   ) addmode=false;;
+        "allow" | "allowlist" ) kindId="exact"; typeId="allow"; abbrv="allow";;
+        "deny" | "denylist"   ) kindId="exact"; typeId="deny"; abbrv="deny";;
+        "--allow-regex" | "allow-regex" ) kindId="regex"; typeId="allow"; abbrv="--allow-regex";;
+        "--allow-wild" | "allow-wild" ) kindId="regex"; typeId="allow"; wildcard=true; abbrv="--allow-wild";;
+        "--regex" | "regex"   ) kindId="regex"; typeId="deny"; abbrv="--regex";;
+        "--wild" | "wildcard" ) kindId="regex"; typeId="deny"; wildcard=true; abbrv="--wild";;
+        "-d" | "remove" | "delete" ) addmode=false;;
         "-q" | "--quiet"     ) verbose=false;;
         "-h" | "--help"      ) helpFunc;;
         "-l" | "--list"      ) Displaylist;;
-        "--nuke"             ) NukeList;;
-        "--web"              ) web=true;;
         "--comment"          ) GetComment "${2}"; shift;;
-        *                    ) ValidateDomain "${1}";;
+        *                    ) CreateDomainList "${1}";;
     esac
     shift
 done
 
 shift
 
-if [[ ${domaincount} == 0 ]]; then
+if [[ ${#domList[@]} == 0 ]]; then
     helpFunc
 fi
 
-ProcessDomainList
-
-# Used on web interface
-if $web; then
-    echo "DONE"
-fi
-
-if [[ ${reload} == true && ${noReloadRequested} == false ]]; then
-    pihole restartdns reload-lists
+if ${addmode}; then
+    AddDomain
+else
+    RemoveDomain
 fi

advanced/Scripts/pihole-reenable.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2020 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-#
-#
-# The pihole disable command has the option to set a specified time before
-# blocking is automatically re-enabled.
-#
-# Present script is responsible for the sleep & re-enable part of the job and
-# is automatically terminated if it is still running when pihole is enabled by
-# other means.
-#
-# This ensures that pihole ends up in the correct state after a sequence of
-# commands suchs as: `pihole disable 30s; pihole enable; pihole disable`
-
-readonly PI_HOLE_BIN_DIR="/usr/local/bin"
-
-sleep "${1}"
-"${PI_HOLE_BIN_DIR}"/pihole enable

advanced/Scripts/piholeARPTable.sh

@@ -1,66 +0,0 @@
-#!/usr/bin/env bash
-# shellcheck disable=SC1090
-
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# ARP table interaction
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-coltable="/opt/pihole/COL_TABLE"
-if [[ -f ${coltable} ]]; then
-    source ${coltable}
-fi
-
-# Determine database location
-# Obtain DBFILE=... setting from pihole-FTL.db
-# Constructed to return nothing when
-# a) the setting is not present in the config file, or
-# b) the setting is commented out (e.g. "#DBFILE=...")
-FTLconf="/etc/pihole/pihole-FTL.conf"
-if [ -e "$FTLconf" ]; then
-    DBFILE="$(sed -n -e 's/^\s*DBFILE\s*=\s*//p' ${FTLconf})"
-fi
-# Test for empty string. Use standard path in this case.
-if [ -z "$DBFILE" ]; then
-    DBFILE="/etc/pihole/pihole-FTL.db"
-fi
-
-
-flushARP(){
-    local output
-    if [[ "${args[1]}" != "quiet" ]]; then
-        echo -ne "  ${INFO} Flushing network table ..."
-    fi
-
-    # Truncate network_addresses table in pihole-FTL.db
-    # This needs to be done before we can truncate the network table due to
-    # foreign key constraints
-    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network_addresses" 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to truncate network_addresses table"
-        echo "  Database location: ${DBFILE}"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    # Truncate network table in pihole-FTL.db
-    if ! output=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM network" 2>&1); then
-        echo -e "${OVER}  ${CROSS} Failed to truncate network table"
-        echo "  Database location: ${DBFILE}"
-        echo "  Output: ${output}"
-        return 1
-    fi
-
-    if [[ "${args[1]}" != "quiet" ]]; then
-        echo -e "${OVER}  ${TICK} Flushed network table"
-    fi
-}
-
-args=("$@")
-
-case "${args[0]}" in
-    "arpflush"            ) flushARP;;
-esac

advanced/Scripts/piholeCheckout.sh

@@ -10,25 +10,23 @@
 
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 SKIP_INSTALL="true"
+# shellcheck source="./automated install/basic-install.sh"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
 
 # webInterfaceGitUrl set in basic-install.sh
 # webInterfaceDir set in basic-install.sh
 # piholeGitURL set in basic-install.sh
 # is_repo() sourced from basic-install.sh
-# setupVars set in basic-install.sh
 # check_download_exists sourced from basic-install.sh
 # fully_fetch_repo sourced from basic-install.sh
 # get_available_branches sourced from basic-install.sh
 # fetch_checkout_pull_branch sourced from basic-install.sh
 # checkout_pull_branch sourced from basic-install.sh
 
-source "${setupVars}"
-
 warning1() {
     echo "  Please note that changing branches severely alters your Pi-hole subsystems"
     echo "  Features that work on the master branch, may not on a development branch"
-    echo -e "  ${COL_LIGHT_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
+    echo -e "  ${COL_RED}This feature is NOT supported unless a Pi-hole developer explicitly asks!${COL_NC}"
     read -r -p "  Have you read and understood this? [y/N] " response
     case "${response}" in
         [yY][eE][sS]|[yY])
@@ -43,6 +41,22 @@ warning1() {
 }
 
 checkout() {
+
+    local skipFTL additionalFlag
+    skipFTL=false
+    # Check arguments
+    for var in "$@"; do
+        case "$var" in
+            "--skipFTL") skipFTL=true ;;
+        esac
+    done
+
+    if [ "${skipFTL}" == true ]; then
+        additionalFlag="--skipFTL"
+    else
+        additionalFlag=""
+    fi
+
     local corebranches
     local webbranches
 
@@ -57,20 +71,19 @@ checkout() {
 
     # This is unlikely
     if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
-        echo -e "  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
+        echo -e "  ${COL_RED}Error: Core Pi-hole repo is missing from system!"
         echo -e "  Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
         exit 1;
     fi
-    if [[ "${INSTALL_WEB_INTERFACE}" == "true" ]]; then
-        if ! is_repo "${webInterfaceDir}" ; then
-            echo -e "  ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
-            echo -e "  Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
-            exit 1;
-        fi
+
+    if ! is_repo "${webInterfaceDir}" ; then
+        echo -e "  ${COL_RED}Error: Web Admin repo is missing from system!"
+        echo -e "  Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}"
+        exit 1;
     fi
 
     if [[ -z "${1}" ]]; then
-        echo -e "  ${COL_LIGHT_RED}Invalid option${COL_NC}"
+        echo -e "  ${COL_RED}Invalid option${COL_NC}"
         echo -e "  Try 'pihole checkout --help' for more information."
         exit 1
     fi
@@ -81,15 +94,13 @@ checkout() {
 
     if [[ "${1}" == "dev" ]] ; then
         # Shortcut to check out development branches
-        echo -e "  ${INFO} Shortcut \"dev\" detected - checking out development / devel branches..."
+        echo -e "  ${INFO} Shortcut \"${COL_YELLOW}dev${COL_NC}\" detected - checking out development branches..."
         echo ""
         echo -e "  ${INFO} Pi-hole Core"
         fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "development" || { echo "  ${CROSS} Unable to pull Core development branch"; exit 1; }
-        if [[ "${INSTALL_WEB_INTERFACE}" == "true" ]]; then
-            echo ""
-            echo -e "  ${INFO} Web interface"
-            fetch_checkout_pull_branch "${webInterfaceDir}" "devel" || { echo "  ${CROSS} Unable to pull Web development branch"; exit 1; }
-        fi
+        echo ""
+        echo -e "  ${INFO} Web interface"
+        fetch_checkout_pull_branch "${webInterfaceDir}" "development" || { echo "  ${CROSS} Unable to pull Web development branch"; exit 1; }
         #echo -e "  ${TICK} Pi-hole Core"
 
         local path
@@ -98,13 +109,11 @@ checkout() {
         chmod 644 /etc/pihole/ftlbranch
     elif [[ "${1}" == "master" ]] ; then
         # Shortcut to check out master branches
-        echo -e "  ${INFO} Shortcut \"master\" detected - checking out master branches..."
+        echo -e "  ${INFO} Shortcut \"${COL_YELLOW}master${COL_NC}\" detected - checking out master branches..."
         echo -e "  ${INFO} Pi-hole core"
         fetch_checkout_pull_branch "${PI_HOLE_FILES_DIR}" "master" || { echo "  ${CROSS} Unable to pull Core master branch"; exit 1; }
-        if [[ ${INSTALL_WEB_INTERFACE} == "true" ]]; then
-            echo -e "  ${INFO} Web interface"
-            fetch_checkout_pull_branch "${webInterfaceDir}" "master" || { echo "  ${CROSS} Unable to pull Web master branch"; exit 1; }
-        fi
+        echo -e "  ${INFO} Web interface"
+        fetch_checkout_pull_branch "${webInterfaceDir}" "master" || { echo "  ${CROSS} Unable to pull Web master branch"; exit 1; }
         #echo -e "  ${TICK} Web Interface"
         local path
         path="master/${binary}"
@@ -117,7 +126,7 @@ checkout() {
             echo -e "${OVER}  ${CROSS} $str"
             exit 1
         fi
-        corebranches=($(get_available_branches "${PI_HOLE_FILES_DIR}"))
+        mapfile -t corebranches < <(get_available_branches "${PI_HOLE_FILES_DIR}")
 
         if [[ "${corebranches[*]}" == *"master"* ]]; then
             echo -e "${OVER}  ${TICK} $str"
@@ -131,20 +140,20 @@ checkout() {
         echo ""
         # Have the user choose the branch they want
         if ! (for e in "${corebranches[@]}"; do [[ "$e" == "${2}" ]] && exit 0; done); then
-            echo -e "  ${INFO} Requested branch \"${2}\" is not available"
+            echo -e "  ${INFO} Requested branch \"${COL_CYAN}${2}${COL_NC}\" is not available"
             echo -e "  ${INFO} Available branches for Core are:"
             for e in "${corebranches[@]}"; do echo "      - $e"; done
             exit 1
         fi
         checkout_pull_branch "${PI_HOLE_FILES_DIR}" "${2}"
-    elif [[ "${1}" == "web" ]] && [[ "${INSTALL_WEB_INTERFACE}" == "true" ]] ; then
+    elif [[ "${1}" == "web" ]] ; then
         str="Fetching branches from ${webInterfaceGitUrl}"
         echo -ne "  ${INFO} $str"
         if ! fully_fetch_repo "${webInterfaceDir}" ; then
             echo -e "${OVER}  ${CROSS} $str"
             exit 1
         fi
-        webbranches=($(get_available_branches "${webInterfaceDir}"))
+        mapfile -t webbranches < <(get_available_branches "${webInterfaceDir}")
 
         if [[ "${webbranches[*]}" == *"master"* ]]; then
             echo -e "${OVER}  ${TICK} $str"
@@ -158,7 +167,7 @@ checkout() {
         echo ""
         # Have the user choose the branch they want
         if ! (for e in "${webbranches[@]}"; do [[ "$e" == "${2}" ]] && exit 0; done); then
-            echo -e "  ${INFO} Requested branch \"${2}\" is not available"
+            echo -e "  ${INFO} Requested branch \"${COL_CYAN}${2}${COL_NC}\" is not available"
             echo -e "  ${INFO} Available branches for Web Admin are:"
             for e in "${webbranches[@]}"; do echo "      - $e"; done
             exit 1
@@ -169,39 +178,83 @@ checkout() {
     elif [[ "${1}" == "ftl" ]] ; then
         local path
         local oldbranch
+        local existing=false
         path="${2}/${binary}"
         oldbranch="$(pihole-FTL -b)"
 
-        if check_download_exists "$path"; then
-            echo "  ${TICK} Branch ${2} exists"
-            echo "${2}" > /etc/pihole/ftlbranch
-            chmod 644 /etc/pihole/ftlbranch
-            echo -e "  ${INFO} Switching to branch: \"${2}\" from \"${oldbranch}\""
-            FTLinstall "${binary}"
-            restart_service pihole-FTL
-            enable_service pihole-FTL
-            # Update local and remote versions via updatechecker
-            /opt/pihole/updatecheck.sh
-        else
-            echo "  ${CROSS} Requested branch \"${2}\" is not available"
-            ftlbranches=( $(git ls-remote https://github.com/pi-hole/ftl | grep 'heads' | sed 's/refs\/heads\///;s/ //g' | awk '{print $2}') )
-            echo -e "  ${INFO} Available branches for FTL are:"
-            for e in "${ftlbranches[@]}"; do echo "      - $e"; done
+        # Check if requested branch is available
+        echo -e "  ${INFO} Checking for availability of branch ${COL_CYAN}${2}${COL_NC} on GitHub"
+        mapfile -t ftlbranches < <(git ls-remote https://github.com/pi-hole/ftl | grep "refs/heads" | cut -d'/' -f3- -)
+        # If returned array is empty -> connectivity issue
+        if [[ ${#ftlbranches[@]} -eq 0 ]]; then
+            echo -e "  ${CROSS} Unable to fetch branches from GitHub. Please check your Internet connection and try again later."
             exit 1
         fi
 
+        for e in "${ftlbranches[@]}"; do [[ "$e" == "${2}" ]] && existing=true; done
+        if [[ "${existing}" == false ]]; then
+            echo -e "  ${CROSS} Requested branch is not available\n"
+            echo -e "  ${INFO} Available branches are:"
+            for e in "${ftlbranches[@]}"; do echo "      - $e"; done
+            exit 1
+        fi
+        echo -e "  ${TICK} Branch ${2} exists on GitHub"
+
+        echo -e "  ${INFO} Checking for ${COL_YELLOW}${binary}${COL_NC} binary on https://ftl.pi-hole.net"
+
+        if check_download_exists "$path"; then
+            echo "  ${TICK} Binary exists"
+            echo "${2}" > /etc/pihole/ftlbranch
+            chmod 644 /etc/pihole/ftlbranch
+            echo -e "  ${INFO} Switching to branch: ${COL_CYAN}${2}${COL_NC} from ${COL_CYAN}${oldbranch}${COL_NC}"
+            FTLinstall "${binary}"
+            restart_service pihole-FTL
+            enable_service pihole-FTL
+            str="Restarting FTL..."
+            echo -ne "  ${INFO} ${str}"
+            # Wait until name resolution is working again after restarting FTL,
+            # so that the updatechecker can run successfully and does not fail
+            # trying to resolve github.com
+            until getent hosts github.com &> /dev/null; do
+                # Append one dot for each second waiting
+                str="${str}."
+                echo -ne "  ${OVER}  ${INFO} ${str}"
+                sleep 1
+            done
+            echo -e "  ${OVER}  ${TICK} Restarted FTL service"
+
+            # Update local and remote versions via updatechecker
+            /opt/pihole/updatecheck.sh
+        else
+            local status
+            status=$?
+            if [ $status -eq 1 ]; then
+                # Binary for requested branch is not available, may still be
+                # int he process of being built or CI build job failed
+                printf "  %b Binary for requested branch is not available, please try again later.\\n" "${CROSS}"
+                printf "      If the issue persists, please contact Pi-hole Support and ask them to re-generate the binary.\\n"
+                exit 1
+            elif [ $status -eq 2 ]; then
+                printf "  %b Unable to download from ftl.pi-hole.net. Please check your Internet connection and try again later.\\n" "${CROSS}"
+                exit 1
+            else
+                printf "  %b Unknown checkout error. Please contact Pi-hole Support\\n" "${CROSS}"
+                exit 1
+            fi
+        fi
+
     else
-        echo -e "  ${INFO} Requested option \"${1}\" is not available"
+        echo -e "  ${CROSS} Requested option \"${1}\" is not available"
         exit 1
     fi
 
     # Force updating everything
     if [[  ! "${1}" == "web" && ! "${1}" == "ftl" ]]; then
         echo -e "  ${INFO} Running installer to upgrade your installation"
-        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended; then
+        if "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" --unattended ${additionalFlag}; then
             exit 0
         else
-            echo -e "  ${COL_LIGHT_RED} Error: Unable to complete update, please contact support${COL_NC}"
+            echo -e "  ${COL_RED} Error: Unable to complete update, please contact support${COL_NC}"
             exit 1
         fi
     fi

advanced/Scripts/piholeLogFlush.sh

@@ -9,67 +9,68 @@
 # Please see LICENSE file for your rights under this license.
 
 colfile="/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/COL_TABLE"
 source ${colfile}
 
-# In case we're running at the same time as a system logrotate, use a
-# separate logrotate state file to prevent stepping on each other's
-# toes.
-STATEFILE="/var/lib/logrotate/pihole"
+readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "${utilsfile}"
 
 # Determine database location
-# Obtain DBFILE=... setting from pihole-FTL.db
-# Constructed to return nothing when
-# a) the setting is not present in the config file, or
-# b) the setting is commented out (e.g. "#DBFILE=...")
-FTLconf="/etc/pihole/pihole-FTL.conf"
-if [ -e "$FTLconf" ]; then
-    DBFILE="$(sed -n -e 's/^\s*DBFILE\s*=\s*//p' ${FTLconf})"
-fi
-# Test for empty string. Use standard path in this case.
+DBFILE=$(getFTLConfigValue "files.database")
 if [ -z "$DBFILE" ]; then
     DBFILE="/etc/pihole/pihole-FTL.db"
 fi
 
-if [[ "$@" != *"quiet"* ]]; then
-    echo -ne "  ${INFO} Flushing /var/log/pihole/pihole.log ..."
+# Determine log file location
+LOGFILE=$(getFTLConfigValue "files.log.dnsmasq")
+if [ -z "$LOGFILE" ]; then
+    LOGFILE="/var/log/pihole/pihole.log"
 fi
-if [[ "$@" == *"once"* ]]; then
-    # Nightly logrotation
-    if command -v /usr/sbin/logrotate >/dev/null; then
-        # Logrotate once
-        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
-    else
-        # Copy pihole.log over to pihole.log.1
-        # and empty out pihole.log
-        # Note that moving the file is not an option, as
-        # dnsmasq would happily continue writing into the
-        # moved file (it will have the same file handler)
-        cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
-        echo " " > /var/log/pihole/pihole.log
-        chmod 640 /var/log/pihole/pihole.log
-    fi
-else
-    # Manual flushing
-    if command -v /usr/sbin/logrotate >/dev/null; then
-        # Logrotate twice to move all data out of sight of FTL
-        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate; sleep 3
-        /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
-    else
-        # Flush both pihole.log and pihole.log.1 (if existing)
-        echo " " > /var/log/pihole/pihole.log
-        if [ -f /var/log/pihole/pihole.log.1 ]; then
-            echo " " > /var/log/pihole/pihole.log.1
-            chmod 640 /var/log/pihole/pihole.log.1
-        fi
-    fi
-    # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
-    deleted=$(pihole-FTL sqlite3 "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
-
-    # Restart pihole-FTL to force reloading history
-    sudo pihole restartdns
+FTLFILE=$(getFTLConfigValue "files.log.ftl")
+if [ -z "$FTLFILE" ]; then
+    FTLFILE="/var/log/pihole/FTL.log"
+fi
+WEBFILE=$(getFTLConfigValue "files.log.webserver")
+if [ -z "$WEBFILE" ]; then
+    WEBFILE="/var/log/pihole/webserver.log"
 fi
 
-if [[ "$@" != *"quiet"* ]]; then
-    echo -e "${OVER}  ${TICK} Flushed /var/log/pihole/pihole.log"
-    echo -e "  ${TICK} Deleted ${deleted} queries from database"
+# Helper function to handle log flushing for a single file
+flush_log() {
+    local logfile="$1"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Flushing ${logfile} ..."
+    fi
+    echo " " > "${logfile}"
+    chmod 640 "${logfile}"
+    if [ -f "${logfile}.1" ]; then
+        echo " " > "${logfile}.1"
+        chmod 640 "${logfile}.1"
+    fi
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -e "${OVER}  ${TICK} Flushed ${logfile} ..."
+    fi
+}
+
+# Manual flushing
+flush_log "${LOGFILE}"
+flush_log "${FTLFILE}"
+flush_log "${WEBFILE}"
+
+if [[ "$*" != *"quiet"* ]]; then
+    echo -ne "  ${INFO} Flushing database, DNS resolution temporarily unavailable ..."
+fi
+
+# Stop FTL to make sure it doesn't write to the database while we're deleting data
+service pihole-FTL stop
+
+# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
+deleted=$(pihole-FTL sqlite3 -ni "${DBFILE}" "DELETE FROM query_storage WHERE timestamp >= strftime('%s','now')-86400; select changes() from query_storage limit 1")
+
+# Restart FTL
+service pihole-FTL restart
+if [[ "$*" != *"quiet"* ]]; then
+    echo -e "${OVER}  ${TICK} Deleted ${deleted} queries from long-term query database"
 fi

advanced/Scripts/piholeLogRotate.sh

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2025 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Rotate Pi-hole's log file
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+colfile="/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/COL_TABLE"
+source ${colfile}
+
+readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "${utilsfile}"
+
+# In case we're running at the same time as a system logrotate, use a
+# separate logrotate state file to prevent stepping on each other's
+# toes.
+STATEFILE="/var/lib/logrotate/pihole"
+
+
+# Determine log file location
+LOGFILE=$(getFTLConfigValue "files.log.dnsmasq")
+if [ -z "$LOGFILE" ]; then
+    LOGFILE="/var/log/pihole/pihole.log"
+fi
+FTLFILE=$(getFTLConfigValue "files.log.ftl")
+if [ -z "$FTLFILE" ]; then
+    FTLFILE="/var/log/pihole/FTL.log"
+fi
+WEBFILE=$(getFTLConfigValue "files.log.webserver")
+if [ -z "$WEBFILE" ]; then
+    WEBFILE="/var/log/pihole/webserver.log"
+fi
+
+# Helper function to handle log rotation for a single file
+rotate_log() {
+    # This function copies x.log over to x.log.1
+    # and then empties x.log
+    # Note that moving the file is not an option, as
+    # dnsmasq would happily continue writing into the
+    # moved file (it will have the same file handler)
+    local logfile="$1"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Rotating ${logfile} ..."
+    fi
+    cp -p "${logfile}" "${logfile}.1"
+    echo " " > "${logfile}"
+    chmod 640 "${logfile}"
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -e "${OVER}  ${TICK} Rotated ${logfile} ..."
+    fi
+}
+
+# Nightly logrotation
+if command -v /usr/sbin/logrotate >/dev/null; then
+    # Logrotate once
+    if [[ "$*" != *"quiet"* ]]; then
+        echo -ne "  ${INFO} Running logrotate ..."
+    fi
+    mkdir -p "${STATEFILE%/*}"
+    /usr/sbin/logrotate --force --state "${STATEFILE}" /etc/pihole/logrotate
+else
+    # Handle rotation for each log file
+    rotate_log "${LOGFILE}"
+    rotate_log "${FTLFILE}"
+    rotate_log "${WEBFILE}"
+fi

advanced/Scripts/piholeNetworkFlush.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2019 Pi-hole, LLC (https://pi-hole.net)
+# Network-wide ad blocking via your own hardware.
+#
+# Network table flush
+#
+# This file is copyright under the latest version of the EUPL.
+# Please see LICENSE file for your rights under this license.
+
+coltable="/opt/pihole/COL_TABLE"
+if [[ -f ${coltable} ]]; then
+# shellcheck source="./advanced/Scripts/COL_TABLE"
+    source ${coltable}
+fi
+
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
+utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source=./advanced/Scripts/utils.sh
+source "${utilsfile}"
+
+# Source api functions
+# shellcheck source="./advanced/Scripts/api.sh"
+. "${PI_HOLE_SCRIPT_DIR}/api.sh"
+
+flushNetwork(){
+    local output
+
+    echo -ne "  ${INFO} Flushing network table ..."
+
+    local data status error
+    # Authenticate with FTL
+    LoginAPI
+
+    # send query again
+    data=$(PostFTLData "action/flush/network" "" "status")
+
+    # Separate the status from the data
+    status=$(printf %s "${data#"${data%???}"}")
+    data=$(printf %s "${data%???}")
+
+    # If there is an .error object in the returned data, display it
+    local error
+    error=$(jq --compact-output <<< "${data}" '.error')
+    if [[ $error != "null" && $error != "" ]]; then
+        echo -e "${OVER}  ${CROSS} Failed to flush the network table:"
+        echo -e "      $(jq <<< "${data}" '.error')"
+        LogoutAPI
+        exit 1
+    elif [[ "${status}" == "200" ]]; then
+        echo -e "${OVER}  ${TICK} Flushed network table"
+    fi
+
+    # Delete session
+    LogoutAPI
+}
+
+flushArp(){
+    # Flush ARP cache of the host
+    if ! output=$(ip -s -s neigh flush all 2>&1); then
+        echo -e "${OVER}  ${CROSS} Failed to flush ARP cache"
+        echo "  Output: ${output}"
+        return 1
+    fi
+}
+
+# Process all options (if present)
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+    "--arp" ) doARP=true ;;
+    esac
+    shift
+done
+
+flushNetwork
+
+if [[ "${doARP}" == true ]]; then
+    echo -ne "  ${INFO} Flushing ARP cache"
+    if flushArp; then
+        echo -e "${OVER}  ${TICK} Flushed ARP cache"
+    fi
+fi
+

advanced/Scripts/query.sh

@@ -1,274 +1,144 @@
-#!/usr/bin/env bash
-# shellcheck disable=SC1090
+#!/usr/bin/env sh
 
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2018 Pi-hole, LLC (https://pi-hole.net)
+# (c) 2023 Pi-hole, LLC (https://pi-hole.net)
 # Network-wide ad blocking via your own hardware.
 #
-# Query Domain Lists
+# Search Adlists
 #
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
 # Globals
-piholeDir="/etc/pihole"
-GRAVITYDB="${piholeDir}/gravity.db"
-options="$*"
-all=""
-exact=""
-matchType="match"
-# Source pihole-FTL from install script
-pihole_FTL="${piholeDir}/pihole-FTL.conf"
-if [[ -f "${pihole_FTL}" ]]; then
-    source "${pihole_FTL}"
-fi
-
-# Set this only after sourcing pihole-FTL.conf as the gravity database path may
-# have changed
-gravityDBfile="${GRAVITYDB}"
+PI_HOLE_INSTALL_DIR="/opt/pihole"
+max_results="20"
+partial="false"
+domain=""
 
+# Source color table
 colfile="/opt/pihole/COL_TABLE"
-source "${colfile}"
+# shellcheck source="./advanced/Scripts/COL_TABLE"
+. "${colfile}"
 
-if [[ "${options}" == "-h" ]] || [[ "${options}" == "--help" ]]; then
+# Source api functions
+# shellcheck source="./advanced/Scripts/api.sh"
+. "${PI_HOLE_INSTALL_DIR}/api.sh"
+
+Help() {
     echo "Usage: pihole -q [option] <domain>
-Example: 'pihole -q -exact domain.com'
+Example: 'pihole -q --partial domain.com'
 Query the adlists for a specified domain
 
 Options:
-  -exact              Search the adlists for exact domain matches
-  -all                Return all query matches within the adlists
-  -h, --help          Show this help dialog"
-  exit 0
-fi
+  --partial            Search the adlists for partially matching domains
+  --all                Return all query matches within the adlists
+  -h, --help           Show this help dialog"
+    exit 0
+}
 
-# Handle valid options
-[[ "${options}" == *"-all"* ]] && all=true
-if [[ "${options}" == *"-exact"* ]]; then
-    exact="exact"; matchType="exact ${matchType}"
-fi
+GenerateOutput() {
+    local counts data num_gravity num_lists search_type_str
+    local gravity_data_csv lists_data_csv line url type color
+    data="${1}"
 
-# Strip valid options, leaving only the domain and invalid options
-# This allows users to place the options before or after the domain
-options=$(sed -E 's/ ?-(all|exact) ?//g' <<< "${options}")
+    # Get count of list and gravity matches
+    # Use JQ to count number of entries in lists and gravity
+    # (output is number of list matches then number of gravity matches)
+    counts=$(printf %s "${data}" | jq --raw-output '(.search.domains | length), (.search.gravity | group_by(.address,.type) | length)')
+    num_lists=$(echo "$counts" | sed -n '1p')
+    num_gravity=$(echo "$counts" | sed -n '2p')
 
-# Handle remaining options
-# If $options contain non ASCII characters, convert to punycode
-case "${options}" in
-    ""             ) str="No domain specified";;
-    *" "*          ) str="Unknown query option specified";;
-    *[![:ascii:]]* ) rawDomainQuery=$(idn2 "${options}");;
-    *              ) rawDomainQuery="${options}";;
-esac
+    if [ "${partial}" = true ]; then
+        search_type_str="partially"
+    else
+        search_type_str="exactly"
+    fi
 
-# convert the domain to lowercase
-domainQuery=$(echo "${rawDomainQuery}" | tr '[:upper:]' '[:lower:]')
+    # Results from allow/deny list
+    printf "%s\n\n" "Found ${num_lists} domains ${search_type_str} matching '${COL_BLUE}${domain}${COL_NC}'."
+    if [ "${num_lists}" -gt 0 ]; then
+        # Convert the data to a csv, each line is a "domain,type" string
+        # not using jq's @csv here as it quotes each value individually
+        lists_data_csv=$(printf %s "${data}" | jq --raw-output '.search.domains | map([.domain, .type] | join(",")) | join("\n")')
 
-if [[ -n "${str:-}" ]]; then
-    echo -e "${str}${COL_NC}\\nTry 'pihole -q --help' for more information."
-    exit 1
-fi
+        # Generate output for each csv line, separating line in a domain and type substring at the ','
+        echo "${lists_data_csv}" | while read -r line; do
+            printf "%s\n\n" "  - ${COL_GREEN}${line%,*}${COL_NC} (type: exact ${line#*,} domain)"
+        done
+    fi
 
-# Scan an array of files for matching strings
-scanList(){
-    # Escape full stops
-    local domain="${1}" esc_domain="${1//./\\.}" lists="${2}" list_type="${3:-}"
+    # Results from gravity
+    printf "%s\n\n" "Found ${num_gravity} lists ${search_type_str} matching '${COL_BLUE}${domain}${COL_NC}'."
+    if [ "${num_gravity}" -gt 0 ]; then
+        # Convert the data to a csv, each line is a "URL,type,domain,domain,...." string
+        # not using jq's @csv here as it quotes each value individually
+        gravity_data_csv=$(printf %s "${data}" | jq --raw-output '.search.gravity | group_by(.address,.type) | map([.[0].address, .[0].type, (.[] | .domain)] | join(",")) | join("\n")')
 
-    # Prevent grep from printing file path
-    cd "$piholeDir" || exit 1
+        # Generate line-by-line output for each csv line
+        echo "${gravity_data_csv}" | while read -r line; do
+            # Get first part of the line, the URL
+            url=${line%%,*}
 
-    # Prevent grep -i matching slowly: https://bit.ly/2xFXtUX
-    export LC_CTYPE=C
+            # cut off URL, leaving "type,domain,domain,...."
+            line=${line#*,}
+            type=${line%%,*}
+            # type == "block" -> red, type == "allow" -> green
+            if [ "${type}" = "block" ]; then
+                color="${COL_RED}"
+            else
+                color="${COL_GREEN}"
+            fi
 
-    # /dev/null forces filename to be printed when only one list has been generated
-    case "${list_type}" in
-        "exact" ) grep -i -E -l "(^|(?<!#)\\s)${esc_domain}($|\\s|#)" "${lists}" /dev/null 2>/dev/null;;
-        # Iterate through each regexp and check whether it matches the domainQuery
-        # If it does, print the matching regexp and continue looping
-        # Input 1 - regexps | Input 2 - domainQuery
-        "regex" )
-            for list in ${lists}; do
-                if [[ "${domain}" =~ ${list} ]]; then
-                    printf "%b\n" "${list}";
-                fi
-            done;;
-        *       ) grep -i "${esc_domain}" "${lists}" /dev/null 2>/dev/null;;
+            # print adlist URL
+            printf "%s (%s)\n\n" "  - ${COL_BLUE}${url}${COL_NC}" "${color}${type}${COL_NC}"
+
+            # cut off type, leaving "domain,domain,...."
+            line=${line#*,}
+            # Replace commas with newlines and format output
+            echo "${line}" | sed 's/,/\n/g' | sed "s/^/    - ${COL_GREEN}/" | sed "s/$/${COL_NC}/"
+            printf "\n\n"
+        done
+    fi
+
+    # If no exact results were found, suggest using partial matching
+    if [ "${num_lists}" -eq 0 ] && [ "${num_gravity}" -eq 0 ] && [ "${partial}" = false ]; then
+        printf "%s\n" "Hint: Try partial matching with"
+        printf "%s\n\n" "  ${COL_GREEN}pihole -q --partial ${domain}${COL_NC}"
+    fi
+}
+
+Main() {
+    local data
+
+    if [ -z "${domain}" ]; then
+        echo "No domain specified"
+        exit 1
+    fi
+    # domains are lowercased and converted to punycode by FTL since
+    # https://github.com/pi-hole/FTL/pull/1715
+    # no need to do it here
+
+    # Authenticate with FTL
+    LoginAPI
+
+    # send query again
+    data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
+
+    GenerateOutput "${data}"
+
+    # Delete session
+    LogoutAPI
+}
+
+# Process all options (if present)
+while [ "$#" -gt 0 ]; do
+    case "$1" in
+    "-h" | "--help") Help ;;
+    "--partial") partial="true" ;;
+    "--all") max_results=10000 ;; # hard-coded FTL limit
+    *) domain=$1 ;;
     esac
-}
-
-scanDatabaseTable() {
-    local domain table list_type querystr result extra abpquerystr abpfound abpentry searchstr
-    domain="$(printf "%q" "${1}")"
-    table="${2}"
-    list_type="${3:-}"
-
-    # As underscores are legitimate parts of domains, we escape them when using the LIKE operator.
-    # Underscores are SQLite wildcards matching exactly one character. We obviously want to suppress this
-    # behavior. The "ESCAPE '\'" clause specifies that an underscore preceded by an '\' should be matched
-    # as a literal underscore character. We pretreat the $domain variable accordingly to escape underscores.
-    if [[ "${table}" == "gravity" ]]; then
-
-        # Are there ABP entries on gravity?
-        # Return 1 if abp_domain=1 or Zero if abp_domain=0 or not set
-        abpquerystr="SELECT EXISTS (SELECT 1 FROM info WHERE property='abp_domains' and value='1')"
-        abpfound="$(pihole-FTL sqlite3 "${gravityDBfile}" "${abpquerystr}")" 2> /dev/null
-
-        # Create search string for ABP entries only if needed
-        if [ "${abpfound}" -eq 1 ]; then
-            abpentry="${domain}"
-
-            searchstr="'||${abpentry}^'"
-
-            # While a dot is found ...
-            while [ "${abpentry}" != "${abpentry/./}" ]
-            do
-                # ... remove text before the dot (including the dot) and append the result to $searchstr
-                abpentry=$(echo "${abpentry}" | cut -f 2- -d '.')
-                searchstr="$searchstr, '||${abpentry}^'"
-            done
-
-            # The final search string will look like:
-            # "domain IN ('||sub2.sub1.domain.com^', '||sub1.domain.com^', '||domain.com^', '||com^') OR"
-            searchstr="domain IN (${searchstr}) OR "
-        fi
-
-        case "${exact}" in
-            "exact" ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE domain = '${domain}'";;
-            *       ) querystr="SELECT gravity.domain,adlist.address,adlist.enabled FROM gravity LEFT JOIN adlist ON adlist.id = gravity.adlist_id WHERE ${searchstr} domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-        esac
-    else
-        case "${exact}" in
-            "exact" ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain = '${domain}'";;
-            *       ) querystr="SELECT domain,enabled FROM domainlist WHERE type = '${list_type}' AND domain LIKE '%${domain//_/\\_}%' ESCAPE '\\'";;
-        esac
-    fi
-
-    # Send prepared query to gravity database
-    result="$(pihole-FTL sqlite3 -separator ',' "${gravityDBfile}" "${querystr}")" 2> /dev/null
-    if [[ -z "${result}" ]]; then
-        # Return early when there are no matches in this table
-        return
-    fi
-
-    if [[ "${table}" == "gravity" ]]; then
-        echo "${result}"
-        return
-    fi
-
-    # Mark domain as having been white-/blacklist matched (global variable)
-    wbMatch=true
-
-    # Print table name
-    echo " ${matchType^} found in ${COL_BOLD}exact ${table}${COL_NC}"
-
-    # Loop over results and print them
-    mapfile -t results <<< "${result}"
-    for result in "${results[@]}"; do
-        domain="${result/,*}"
-        if [[ "${result#*,}" == "0" ]]; then
-            extra=" (disabled)"
-        else
-            extra=""
-        fi
-        echo "   ${domain}${extra}"
-    done
-}
-
-scanRegexDatabaseTable() {
-    local domain list list_type
-    domain="${1}"
-    list="${2}"
-    list_type="${3:-}"
-
-    # Query all regex from the corresponding database tables
-    mapfile -t regexList < <(pihole-FTL sqlite3 "${gravityDBfile}" "SELECT domain FROM domainlist WHERE type = ${list_type}" 2> /dev/null)
-
-    # If we have regexps to process
-    if [[ "${#regexList[@]}" -ne 0 ]]; then
-        # Split regexps over a new line
-        str_regexList=$(printf '%s\n' "${regexList[@]}")
-        # Check domain against regexps
-        mapfile -t regexMatches < <(scanList "${domain}" "${str_regexList}" "regex")
-        # If there were regex matches
-        if [[  "${#regexMatches[@]}" -ne 0 ]]; then
-            # Split matching regexps over a new line
-            str_regexMatches=$(printf '%s\n' "${regexMatches[@]}")
-            # Form a "matched" message
-            str_message="${matchType^} found in ${COL_BOLD}regex ${list}${COL_NC}"
-            # Form a "results" message
-            str_result="${COL_BOLD}${str_regexMatches}${COL_NC}"
-            # If we are displaying more than just the source of the block
-            # Set the wildcard match flag
-            wcMatch=true
-            # Echo the "matched" message, indented by one space
-            echo " ${str_message}"
-            # Echo the "results" message, each line indented by three spaces
-            # shellcheck disable=SC2001
-            echo "${str_result}" | sed 's/^/   /'
-        fi
-    fi
-}
-
-# Scan Whitelist and Blacklist
-scanDatabaseTable "${domainQuery}" "whitelist" "0"
-scanDatabaseTable "${domainQuery}" "blacklist" "1"
-
-# Scan Regex table
-scanRegexDatabaseTable "${domainQuery}" "whitelist" "2"
-scanRegexDatabaseTable "${domainQuery}" "blacklist" "3"
-
-# Query block lists
-mapfile -t results <<< "$(scanDatabaseTable "${domainQuery}" "gravity")"
-
-# Handle notices
-if [[ -z "${wbMatch:-}" ]] && [[ -z "${wcMatch:-}" ]] && [[ -z "${results[*]}" ]]; then
-    echo -e "  ${INFO} No ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC} within the adlists"
-    exit 0
-elif [[ -z "${results[*]}" ]]; then
-    # Result found in WL/BL/Wildcards
-    exit 0
-elif [[ -z "${all}" ]] && [[ "${#results[*]}" -ge 100 ]]; then
-    echo -e "  ${INFO} Over 100 ${exact/t/t }results found for ${COL_BOLD}${domainQuery}${COL_NC}
-        This can be overridden using the -all option"
-    exit 0
-fi
-
-# Print "Exact matches for" title
-if [[ -n "${exact}" ]]; then
-    plural=""; [[ "${#results[*]}" -gt 1 ]] && plural="es"
-    echo " ${matchType^}${plural} for ${COL_BOLD}${domainQuery}${COL_NC} found in:"
-fi
-
-for result in "${results[@]}"; do
-    match="${result/,*/}"
-    extra="${result#*,}"
-    adlistAddress="${extra/,*/}"
-    extra="${extra#*,}"
-    if [[ "${extra}" == "0" ]]; then
-        extra=" (disabled)"
-    else
-        extra=""
-    fi
-
-    if [[ -n "${exact}" ]]; then
-        echo "  - ${adlistAddress}${extra}"
-    else
-        if [[ ! "${adlistAddress}" == "${adlistAddress_prev:-}" ]]; then
-            count=""
-            echo " ${matchType^} found in ${COL_BOLD}${adlistAddress}${COL_NC}:"
-            adlistAddress_prev="${adlistAddress}"
-        fi
-        : $((count++))
-
-        # Print matching domain if $max_count has not been reached
-        [[ -z "${all}" ]] && max_count="50"
-        if [[ -z "${all}" ]] && [[ "${count}" -ge "${max_count}" ]]; then
-            [[ "${count}" -gt "${max_count}" ]] && continue
-            echo "   ${COL_GRAY}Over ${count} results found, skipping rest of file${COL_NC}"
-        else
-            echo "   ${match}${extra}"
-        fi
-    fi
+    shift
 done
 
-exit 0
+Main "${domain}"

advanced/Scripts/update.sh

@@ -11,37 +11,45 @@
 # Please see LICENSE file for your rights under this license.
 
 # Variables
-readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/AdminLTE.git"
-readonly ADMIN_INTERFACE_DIR="/var/www/html/admin"
+readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git"
 readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git"
 readonly PI_HOLE_FILES_DIR="/etc/.pihole"
 
-# shellcheck disable=SC2034
 SKIP_INSTALL=true
 
 # when --check-only is passed to this script, it will not perform the actual update
 CHECK_ONLY=false
 
-# shellcheck disable=SC1090
+# shellcheck source="./automated install/basic-install.sh"
 source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-# shellcheck disable=SC1091
+# shellcheck source=./advanced/Scripts/COL_TABLE
 source "/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "${PI_HOLE_INSTALL_DIR}/utils.sh"
 
 # is_repo() sourced from basic-install.sh
 # make_repo() sourced from basic-install.sh
 # update_repo() source from basic-install.sh
 # getGitFiles() sourced from basic-install.sh
 # FTLcheckUpdate() sourced from basic-install.sh
+# getFTLConfigValue() sourced from utils.sh
+
+# Honour configured paths for the web application.
+ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
+readonly ADMIN_INTERFACE_DIR
 
 GitCheckUpdateAvail() {
     local directory
     local curBranch
     directory="${1}"
     curdir=$PWD
-    cd "${directory}" || return
+    cd "${directory}" || exit 1
 
     # Fetch latest changes in this repo
-    git fetch --quiet origin
+    if ! git fetch --quiet origin ; then
+        echo -e "\\n  ${COL_RED}Error: Unable to update local repository. Contact Pi-hole Support.${COL_NC}"
+        exit 1
+    fi
 
     # Check current branch. If it is master, then check for the latest available tag instead of latest commit.
     curBranch=$(git rev-parse --abbrev-ref HEAD)
@@ -68,20 +76,20 @@ GitCheckUpdateAvail() {
 
 
     if [[ "${#LOCAL}" == 0 ]]; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
+        echo -e "\\n  ${COL_RED}Error: Local revision could not be obtained, please contact Pi-hole Support"
         echo -e "  Additional debugging output:${COL_NC}"
         git status
-        exit
+        exit 1
     fi
     if [[ "${#REMOTE}" == 0 ]]; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
+        echo -e "\\n  ${COL_RED}Error: Remote revision could not be obtained, please contact Pi-hole Support"
         echo -e "  Additional debugging output:${COL_NC}"
         git status
-        exit
+        exit 1
     fi
 
     # Change back to original directory
-    cd "${curdir}" || exit
+    cd "${curdir}" || exit 1
 
     if [[ "${LOCAL}" != "${REMOTE}" ]]; then
         # Local branch is behind remote branch -> Update
@@ -94,8 +102,52 @@ GitCheckUpdateAvail() {
     fi
 }
 
+updateWarnDialog() {
+    # Display the warning dialog
+
+    local core_str web_str ftl_str
+
+    if [[ "${core_update}" == true ]]; then
+        core_str="Core: \\Zb\\Z1update available\\Zn"
+    else
+        core_str="Core: \\Zb\\Z4up to date\\Zn"
+    fi
+    if [[ "${web_update}" == true ]]; then
+        web_str="Web:  \\Zb\\Z1update available\\Zn"
+    else
+        web_str="Web:  \\Zb\\Z4up to date\\Zn"
+    fi
+    if [[ "${FTL_update}" == true ]]; then
+        ftl_str="FTL:  \\Zb\\Z1update available\\Zn"
+    else
+        ftl_str="FTL:  \\Zb\\Z4up to date\\Zn"
+    fi
+    # shellcheck disable=SC2154 # Variables "${r}" "${c}" are defined in the main script
+    dialog --no-shadow --clear --keep-tite \
+        --colors \
+        --backtitle "Updating Pi-hole" \
+        --title "Warning" \
+        --no-button "Exit" --yes-button "Continue" \
+        --defaultno \
+        --yesno "\\nThe following Pi-hole components are going to be updated.\\n\\n\\n\
+        $core_str\\n\
+        $web_str\\n\
+        $ftl_str\\n\\n\\n\
+\\Zb\\Z1IMPORTANT:\\Zn Make a (teleporter) backup of your system!\\n\\n\
+Updates can come with significant changes. Please read the changelog at https://pi-hole.net/blog carefully.\\n\\n\\n\
+Please confirm you want to start the update process." \
+        "${r}" "${c}" && result=0 || result="$?"
+
+    case "${result}" in
+    "${DIALOG_CANCEL}" | "${DIALOG_ESC}")
+        printf "  %b User canceled the update process.\\n" "${INFO}"
+        exit 1
+        ;;
+    esac
+}
+
 main() {
-    local basicError="\\n  ${COL_LIGHT_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
+    local basicError="\\n  ${COL_RED}Unable to complete update, please contact Pi-hole Support${COL_NC}"
     local core_update
     local web_update
     local FTL_update
@@ -104,16 +156,15 @@ main() {
     web_update=false
     FTL_update=false
 
-    # shellcheck disable=1090,2154
-    source "${setupVars}"
 
     # Install packages used by this installation script (necessary if users have removed e.g. git from their systems)
     package_manager_detect
-    install_dependent_packages "${INSTALLER_DEPS[@]}"
+    build_dependency_package
+    install_dependent_packages
 
     # This is unlikely
     if ! is_repo "${PI_HOLE_FILES_DIR}" ; then
-        echo -e "\\n  ${COL_LIGHT_RED}Error: Core Pi-hole repo is missing from system!"
+        echo -e "\\n  ${COL_RED}Error: Core Pi-hole repo is missing from system!"
         echo -e "  Please re-run install script from https://pi-hole.net${COL_NC}"
         exit 1;
     fi
@@ -125,44 +176,54 @@ main() {
         echo -e "  ${INFO} Pi-hole Core:\\t${COL_YELLOW}update available${COL_NC}"
     else
         core_update=false
-        echo -e "  ${INFO} Pi-hole Core:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
+        echo -e "  ${INFO} Pi-hole Core:\\t${COL_GREEN}up to date${COL_NC}"
     fi
 
-    if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
-        if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
-            echo -e "\\n  ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!"
-            echo -e "  Please re-run install script from https://pi-hole.net${COL_NC}"
-            exit 1;
-        fi
-
-        if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then
-            web_update=true
-            echo -e "  ${INFO} Web Interface:\\t${COL_YELLOW}update available${COL_NC}"
-        else
-            web_update=false
-            echo -e "  ${INFO} Web Interface:\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
-        fi
+    if ! is_repo "${ADMIN_INTERFACE_DIR}" ; then
+        echo -e "\\n  ${COL_RED}Error: Web Admin repo is missing from system!"
+        echo -e "  Please re-run install script from https://pi-hole.net${COL_NC}"
+        exit 1;
     fi
 
-    local funcOutput
-    funcOutput=$(get_binary_name) #Store output of get_binary_name here
-    local binary
-    binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
-
-    if FTLcheckUpdate "${binary}" > /dev/null; then
-        FTL_update=true
-        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
+    if GitCheckUpdateAvail "${ADMIN_INTERFACE_DIR}" ; then
+        web_update=true
+        echo -e "  ${INFO} Web Interface:\\t${COL_YELLOW}update available${COL_NC}"
     else
-        case $? in
-            1)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_GREEN}up to date${COL_NC}"
-                ;;
-            2)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_LIGHT_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
-                ;;
-            *)
-                echo -e "  ${INFO} FTL:\\t\\t${COL_LIGHT_RED}Something has gone wrong, contact support${COL_NC}"
-        esac
+        web_update=false
+        echo -e "  ${INFO} Web Interface:\\t${COL_GREEN}up to date${COL_NC}"
+    fi
+
+    # Allow the user to skip this check if they are using a self-compiled FTL binary from an unsupported architecture
+    if [ "${skipFTL}" != true ]; then
+        local funcOutput
+        funcOutput=$(get_binary_name) #Store output of get_binary_name here
+        local binary
+        binary="pihole-FTL${funcOutput##*pihole-FTL}" #binary name will be the last line of the output of get_binary_name (it always begins with pihole-FTL)
+
+        if FTLcheckUpdate "${binary}" &>/dev/null; then
+            FTL_update=true
+            echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}update available${COL_NC}"
+        else
+            case $? in
+                1)
+                    echo -e "  ${INFO} FTL:\\t\\t${COL_GREEN}up to date${COL_NC}"
+                    ;;
+                2)
+                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Branch is not available.${COL_NC}\\n\\t\\t\\tUse ${COL_GREEN}pihole checkout ftl [branchname]${COL_NC} to switch to a valid branch."
+                    exit 1
+                    ;;
+                3)
+                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, cannot reach download server${COL_NC}"
+                    exit 1
+                    ;;
+                *)
+                    echo -e "  ${INFO} FTL:\\t\\t${COL_RED}Something has gone wrong, contact support${COL_NC}"
+                    exit 1
+            esac
+            FTL_update=false
+        fi
+    else
+        echo -e "  ${INFO} FTL:\\t\\t${COL_YELLOW}--skipFTL set - update check skipped${COL_NC}"
         FTL_update=false
     fi
 
@@ -177,7 +238,7 @@ main() {
     if [[ ! "${ftlBranch}" == "master" && ! "${ftlBranch}" == "development" ]]; then
         # Notify user that they are on a custom branch which might mean they they are lost
         # behind if a branch was merged to development and got abandoned
-        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_LIGHT_RED}" "${COL_NC}" "${ftlBranch}"
+        printf "  %b %bWarning:%b You are using FTL from a custom branch (%s) and might be missing future releases.\\n" "${INFO}" "${COL_RED}" "${COL_NC}" "${ftlBranch}"
     fi
 
     if [[ "${core_update}" == false && "${web_update}" == false && "${FTL_update}" == false ]]; then
@@ -191,6 +252,11 @@ main() {
         exit 0
     fi
 
+    # if there is any update, show the warning dialog and ask for confirmation
+    if [[ "${core_update}" == true || "${web_update}" == true || "${FTL_update}" == true ]]; then
+        updateWarnDialog
+    fi
+
     if [[ "${core_update}" == true ]]; then
         echo ""
         echo -e "  ${INFO} Pi-hole core files out of date, updating local repo."
@@ -202,7 +268,7 @@ main() {
         echo ""
         echo -e "  ${INFO} Pi-hole Web Admin files out of date, updating local repo."
         getGitFiles "${ADMIN_INTERFACE_DIR}" "${ADMIN_INTERFACE_GIT_URL}"
-        echo -e "  ${INFO} If you had made any changes in '/var/www/html/admin/', they have been stashed using 'git stash'"
+        echo -e "  ${INFO} If you had made any changes in '${ADMIN_INTERFACE_DIR}', they have been stashed using 'git stash'"
     fi
 
     if [[ "${FTL_update}" == true ]]; then
@@ -211,7 +277,14 @@ main() {
     fi
 
     if [[ "${FTL_update}" == true || "${core_update}" == true ]]; then
-        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --reconfigure --unattended || \
+        local addionalFlag
+
+        if [[ ${skipFTL} == true ]]; then
+             addionalFlag="--skipFTL"
+        else
+             addionalFlag=""
+        fi
+        ${PI_HOLE_FILES_DIR}/automated\ install/basic-install.sh --repair --unattended ${addionalFlag} || \
             echo -e "${basicError}" && exit 1
     fi
 
@@ -221,12 +294,25 @@ main() {
         echo -e "  ${INFO} Local version file information updated."
     fi
 
+    # if there was only a web update, show the new versions
+    # (on core and FTL updates, this is done as part of the installer run)
+    if [[ "${web_update}" == true &&  "${FTL_update}" == false && "${core_update}" == false ]]; then
+        "${PI_HOLE_BIN_DIR}"/pihole version
+    fi
+
     echo ""
     exit 0
 }
 
-if [[ "$1" == "--check-only" ]]; then
-    CHECK_ONLY=true
-fi
+CHECK_ONLY=false
+skipFTL=false
+
+# Check arguments
+for var in "$@"; do
+    case "$var" in
+    "--check-only") CHECK_ONLY=true ;;
+    "--skipFTL") skipFTL=true ;;
+    esac
+done
 
 main

advanced/Scripts/updatecheck.sh

@@ -10,62 +10,66 @@
 
 function get_local_branch() {
     # Return active branch
-    cd "${1}" 2> /dev/null || return 1
-    git rev-parse --abbrev-ref HEAD || return 1
+    cd "${1}" 2>/dev/null || { echo "null"; return; }
+    git rev-parse --abbrev-ref HEAD || echo "null"
 }
 
 function get_local_version() {
     # Return active version
-    cd "${1}" 2> /dev/null || return 1
-    git describe --tags --always 2> /dev/null || return 1
+    cd "${1}" 2>/dev/null || { echo "null"; return; }
+    git describe --tags --always 2>/dev/null || echo "null"
 }
 
 function get_local_hash() {
-    cd "${1}" 2> /dev/null || return 1
-    git rev-parse --short=8 HEAD || return 1
+    cd "${1}" 2>/dev/null || { echo "null"; return; }
+    git rev-parse --short=8 HEAD || echo "null"
 }
 
 function get_remote_version() {
-    curl -s "https://api.github.com/repos/pi-hole/${1}/releases/latest" 2> /dev/null | jq --raw-output .tag_name || return 1
+    # if ${2} is = "master" we need to use the "latest" endpoint, otherwise, we simply return null
+    if [[ "${2}" == "master" ]]; then
+        curl -s "https://api.github.com/repos/pi-hole/${1}/releases/latest" 2>/dev/null | jq --raw-output .tag_name || echo "null"
+    else
+        echo "null"
+    fi
 }
 
-
-function get_remote_hash(){
-    git ls-remote "https://github.com/pi-hole/${1}" --tags "${2}" | awk '{print substr($0, 0,8);}' || return 1
+function get_remote_hash() {
+    git ls-remote "https://github.com/pi-hole/${1}" --tags "${2}" | awk '{print substr($0, 1,8);}' || echo "null"
 }
 
-# Source the setupvars config file
-# shellcheck disable=SC1091
-. /etc/pihole/setupVars.conf
-
 # Source the utils file for addOrEditKeyValPair()
-# shellcheck disable=SC1091
+# shellcheck source="./advanced/Scripts/utils.sh"
 . /opt/pihole/utils.sh
 
+ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
+readonly ADMIN_INTERFACE_DIR
+
 # Remove the below three legacy files if they exist
 rm -f "/etc/pihole/GitHubVersions"
 rm -f "/etc/pihole/localbranches"
 rm -f "/etc/pihole/localversions"
 
-# Create new versions file if it does not exist
 VERSION_FILE="/etc/pihole/versions"
-touch "${VERSION_FILE}"
+
+# Truncates the file to zero length if it exists to clear it up, otherwise creates an empty file.
+truncate -s 0 "${VERSION_FILE}"
 chmod 644 "${VERSION_FILE}"
 
 # if /pihole.docker.tag file exists, we will use it's value later in this script
 DOCKER_TAG=$(cat /pihole.docker.tag 2>/dev/null)
-regex='^([0-9]+\.){1,2}(\*|[0-9]+)(-.*)?$|(^nightly$)|(^dev.*$)'
+release_regex='^([0-9]+\.){1,2}(\*|[0-9]+)(-.*)?$'
+regex=$release_regex'|(^nightly$)|(^dev.*$)'
 if [[ ! "${DOCKER_TAG}" =~ $regex ]]; then
-  # DOCKER_TAG does not match the pattern (see https://regex101.com/r/RsENuz/1), so unset it.
-  unset DOCKER_TAG
+    # DOCKER_TAG does not match the pattern (see https://regex101.com/r/RsENuz/1), so unset it.
+    unset DOCKER_TAG
 fi
 
 # used in cronjob
 if [[ "$1" == "reboot" ]]; then
-        sleep 30
+    sleep 30
 fi
 
-
 # get Core versions
 
 CORE_VERSION="$(get_local_version /etc/.pihole)"
@@ -77,33 +81,28 @@ addOrEditKeyValPair "${VERSION_FILE}" "CORE_BRANCH" "${CORE_BRANCH}"
 CORE_HASH="$(get_local_hash /etc/.pihole)"
 addOrEditKeyValPair "${VERSION_FILE}" "CORE_HASH" "${CORE_HASH}"
 
-GITHUB_CORE_VERSION="$(get_remote_version pi-hole)"
+GITHUB_CORE_VERSION="$(get_remote_version pi-hole "${CORE_BRANCH}")"
 addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_VERSION" "${GITHUB_CORE_VERSION}"
 
 GITHUB_CORE_HASH="$(get_remote_hash pi-hole "${CORE_BRANCH}")"
 addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_CORE_HASH" "${GITHUB_CORE_HASH}"
 
-
 # get Web versions
 
-if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
+WEB_VERSION="$(get_local_version "${ADMIN_INTERFACE_DIR}")"
+addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
 
-    WEB_VERSION="$(get_local_version /var/www/html/admin)"
-    addOrEditKeyValPair "${VERSION_FILE}" "WEB_VERSION" "${WEB_VERSION}"
+WEB_BRANCH="$(get_local_branch "${ADMIN_INTERFACE_DIR}")"
+addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
 
-    WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
-    addOrEditKeyValPair "${VERSION_FILE}" "WEB_BRANCH" "${WEB_BRANCH}"
+WEB_HASH="$(get_local_hash "${ADMIN_INTERFACE_DIR}")"
+addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}"
 
-    WEB_HASH="$(get_local_hash /var/www/html/admin)"
-    addOrEditKeyValPair "${VERSION_FILE}" "WEB_HASH" "${WEB_HASH}"
+GITHUB_WEB_VERSION="$(get_remote_version web "${WEB_BRANCH}")"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}"
 
-    GITHUB_WEB_VERSION="$(get_remote_version AdminLTE)"
-    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_VERSION" "${GITHUB_WEB_VERSION}"
-
-    GITHUB_WEB_HASH="$(get_remote_hash AdminLTE "${WEB_BRANCH}")"
-    addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_HASH" "${GITHUB_WEB_HASH}"
-
-fi
+GITHUB_WEB_HASH="$(get_remote_hash web "${WEB_BRANCH}")"
+addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_WEB_HASH" "${GITHUB_WEB_HASH}"
 
 # get FTL versions
 
@@ -116,18 +115,23 @@ addOrEditKeyValPair "${VERSION_FILE}" "FTL_BRANCH" "${FTL_BRANCH}"
 FTL_HASH="$(pihole-FTL --hash)"
 addOrEditKeyValPair "${VERSION_FILE}" "FTL_HASH" "${FTL_HASH}"
 
-GITHUB_FTL_VERSION="$(get_remote_version FTL)"
+GITHUB_FTL_VERSION="$(get_remote_version FTL "${FTL_BRANCH}")"
 addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_VERSION" "${GITHUB_FTL_VERSION}"
 
 GITHUB_FTL_HASH="$(get_remote_hash FTL "${FTL_BRANCH}")"
 addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_FTL_HASH" "${GITHUB_FTL_HASH}"
 
-
 # get Docker versions
 
 if [[ "${DOCKER_TAG}" ]]; then
     addOrEditKeyValPair "${VERSION_FILE}" "DOCKER_VERSION" "${DOCKER_TAG}"
 
-    GITHUB_DOCKER_VERSION="$(get_remote_version docker-pi-hole)"
+    # Remote version check only if the tag is a valid release version
+    docker_branch=""
+    if [[ "${DOCKER_TAG}" =~ $release_regex ]]; then
+        docker_branch="master"
+    fi
+
+    GITHUB_DOCKER_VERSION="$(get_remote_version docker-pi-hole "${docker_branch}")"
     addOrEditKeyValPair "${VERSION_FILE}" "GITHUB_DOCKER_VERSION" "${GITHUB_DOCKER_VERSION}"
 fi

advanced/Scripts/utils.sh

@@ -1,5 +1,4 @@
 #!/usr/bin/env sh
-# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions
 
 # Pi-hole: A black hole for Internet advertisements
 # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
@@ -31,9 +30,6 @@ addOrEditKeyValPair() {
   local key="${2}"
   local value="${3}"
 
-  # touch file to prevent grep error if file does not exist yet
-  touch "${file}"
-
   if grep -q "^${key}=" "${file}"; then
     # Key already exists in file, modify the value
     sed -i "/^${key}=/c\\${key}=${value}" "${file}"
@@ -43,103 +39,6 @@ addOrEditKeyValPair() {
   fi
 }
 
-#######################
-# Takes two arguments: file and key.
-# Adds a key to target file
-#
-# Example usage:
-# addKey "/etc/dnsmasq.d/01-pihole.conf" "log-queries"
-#######################
-addKey(){
-  local file="${1}"
-  local key="${2}"
-
-  # touch file to prevent grep error if file does not exist yet
-  touch "${file}"
-
-  # Match key against entire line, using both anchors. We assume
-  # that the file's keys never have bounding whitespace. Anchors
-  # are necessary to ensure the key is considered absent when it
-  # is a substring of another key present in the file.
-  if ! grep -q "^${key}$" "${file}"; then
-    # Key does not exist, add it.
-    echo "${key}" >> "${file}"
-  fi
-}
-
-#######################
-# Takes two arguments: file and key.
-# Deletes a key or key/value pair from target file
-#
-# Example usage:
-# removeKey "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
-#######################
-removeKey() {
-  local file="${1}"
-  local key="${2}"
-  sed -i "/^${key}/d" "${file}"
-}
-
-#######################
-# Takes two arguments: file and key.
-# Returns the value of a given key from target file
-# - ignores all commented lines
-# - only returns the first value if multiple identical keys exist
-#
-#
-# Example usage:
-# getVal "/etc/pihole/setupVars.conf" "PIHOLE_DNS_1"
-#######################
-getVal() {
-  local file="${1}"
-  local key="${2}"
-  local value
-  value=$(sed -e '/^[[:blank:]]*#/d' "${file}" | grep "${key}" | awk -F "=" 'NR==1{printf$2}')
-  printf "%s" "$value"
-}
-
-
-#######################
-# returns FTL's current telnet API port based on the setting in /etc/pihole-FTL.conf
-########################
-getFTLAPIPort(){
-    local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
-    local DEFAULT_FTL_PORT=4711
-    local ftl_api_port
-
-    if [ -s "$FTLCONFFILE" ]; then
-        # if FTLPORT is not set in pihole-FTL.conf, use the default port
-        ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
-        # Exploit prevention: set the port to the default port if there is malicious (non-numeric)
-        # content set in pihole-FTL.conf
-        expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
-    else
-        # if there is no pihole-FTL.conf, use the default port
-        ftl_api_port="${DEFAULT_FTL_PORT}"
-    fi
-
-    echo "${ftl_api_port}"
-}
-
-#######################
-# returns path of FTL's PID  file
-#######################
-getFTLPIDFile() {
-  local FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
-  local DEFAULT_PID_FILE="/run/pihole-FTL.pid"
-  local FTL_PID_FILE
-
-  if [ -s "${FTLCONFFILE}" ]; then
-    # if PIDFILE is not set in pihole-FTL.conf, use the default path
-    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
-  else
-    # if there is no pihole-FTL.conf, use the default path
-    FTL_PID_FILE="${DEFAULT_PID_FILE}"
-  fi
-
-  echo "${FTL_PID_FILE}"
-}
-
 #######################
 # returns FTL's PID based on the content of the pihole-FTL.pid file
 #
@@ -163,3 +62,40 @@ getFTLPID() {
     FTL_PID=${FTL_PID:=-1}
     echo  "${FTL_PID}"
 }
+
+#######################
+# returns value from FTLs config file using pihole-FTL --config
+#
+# Takes one argument: key
+# Example getFTLConfigValue dns.piholePTR
+#######################
+getFTLConfigValue(){
+  # Pipe to cat to avoid pihole-FTL assuming this is an interactive command
+  # returning colored output.
+  pihole-FTL --config -q "${1}" | cat
+}
+
+#######################
+# sets value in FTLs config file using pihole-FTL --config
+#
+# Takes two arguments: key and value
+# Example setFTLConfigValue dns.piholePTR PI.HOLE
+#
+# Note, for complex values such as dns.upstreams, you should wrap the value in single quotes:
+# setFTLConfigValue dns.upstreams '[ "8.8.8.8" , "8.8.4.4" ]'
+#######################
+setFTLConfigValue(){
+    local err
+    { pihole-FTL --config "${1}" "${2}" >/dev/null; err="$?"; } || true
+
+    case $err in
+    0) ;;
+    5)
+        # FTL returns 5 if the value was set by an environment variable and is therefore read-only
+        printf "  %s %s set by environment variable. Please unset it to use this function\n" "${CROSS}" "${1}";
+        exit 5;;
+    *)
+        printf "  %s Failed to set %s. Try with sudo power\n" "${CROSS}" "${1}"
+        exit 1
+    esac
+}

advanced/Scripts/version.sh

@@ -8,143 +8,56 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-# Source the setupvars config file
-# shellcheck disable=SC1091
-. /etc/pihole/setupVars.conf
-
-# Source the versions file poupulated by updatechecker.sh
+# Source the versions file populated by updatechecker.sh
 cachedVersions="/etc/pihole/versions"
 
 if [ -f ${cachedVersions} ]; then
-    # shellcheck disable=SC1090
-    . "$cachedVersions"
+    # shellcheck source=/dev/null
+    . "${cachedVersions}"
 else
     echo "Could not find /etc/pihole/versions. Running update now."
     pihole updatechecker
-    # shellcheck disable=SC1090
-    . "$cachedVersions"
+     # shellcheck source=/dev/null
+    . "${cachedVersions}"
 fi
 
-getLocalVersion() {
-    case ${1} in
-        "Pi-hole"   )  echo "${CORE_VERSION:=N/A}";;
-        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_VERSION:=N/A}";;
-        "FTL"       )  echo "${FTL_VERSION:=N/A}";;
-    esac
-}
-
-getLocalHash() {
-    case ${1} in
-        "Pi-hole"   )  echo "${CORE_HASH:=N/A}";;
-        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_HASH:=N/A}";;
-        "FTL"       )  echo "${FTL_HASH:=N/A}";;
-    esac
-}
-
-getRemoteHash(){
-    case ${1} in
-        "Pi-hole"   )  echo "${GITHUB_CORE_HASH:=N/A}";;
-        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${GITHUB_WEB_HASH:=N/A}";;
-        "FTL"       )  echo "${GITHUB_FTL_HASH:=N/A}";;
-    esac
-}
-
-getRemoteVersion(){
-    case ${1} in
-        "Pi-hole"   )  echo "${GITHUB_CORE_VERSION:=N/A}";;
-        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${GITHUB_WEB_VERSION:=N/A}";;
-        "FTL"       )  echo "${GITHUB_FTL_VERSION:=N/A}";;
-    esac
-}
-
-getLocalBranch(){
-    case ${1} in
-        "Pi-hole"   )  echo "${CORE_BRANCH:=N/A}";;
-        "AdminLTE"  )  [ "${INSTALL_WEB_INTERFACE}" = true ] && echo "${WEB_BRANCH:=N/A}";;
-        "FTL"       )  echo "${FTL_BRANCH:=N/A}";;
-    esac
-}
-
-versionOutput() {
-    if [ "$1" = "AdminLTE" ] && [ "${INSTALL_WEB_INTERFACE}" != true ]; then
-        echo "  WebAdmin not installed"
-        return 1
-    fi
-
-    [ "$2" = "-c" ] || [ "$2" = "--current" ] || [ -z "$2" ] && current=$(getLocalVersion "${1}") && branch=$(getLocalBranch "${1}")
-    [ "$2" = "-l" ] || [ "$2" = "--latest" ] || [ -z "$2" ] && latest=$(getRemoteVersion "${1}")
-    if [ "$2" = "--hash" ]; then
-        [ "$3" = "-c" ] || [ "$3" = "--current" ] || [ -z "$3" ] && curHash=$(getLocalHash "${1}") && branch=$(getLocalBranch "${1}")
-        [ "$3" = "-l" ] || [ "$3" = "--latest" ] || [ -z "$3" ] && latHash=$(getRemoteHash "${1}") && branch=$(getLocalBranch "${1}")
-    fi
-
-    # We do not want to show the branch name when we are on master,
-    # blank out the variable in this case
-    if [ "$branch" = "master" ]; then
-        branch=""
+# Convert "null" or empty values to "N/A" for display
+normalize_version() {
+    if [ -z "${1}" ] || [ "${1}" = "null" ]; then
+        echo "N/A"
     else
-        branch="$branch "
+        echo "${1}"
+    fi
+}
+
+main() {
+    local details
+    details=false
+
+    # Automatically show detailed information if
+    # at least one of the components is not on master branch
+    if [ ! "${CORE_BRANCH}" = "master" ] || [ ! "${WEB_BRANCH}" = "master" ] || [ ! "${FTL_BRANCH}" = "master" ]; then
+        details=true
     fi
 
-    if [ -n "$current" ] && [ -n "$latest" ]; then
-        output="${1} version is $branch$current (Latest: $latest)"
-    elif [ -n "$current" ] && [ -z "$latest" ]; then
-        output="Current ${1} version is $branch$current"
-    elif [ -z "$current" ] && [ -n "$latest" ]; then
-        output="Latest ${1} version is $latest"
-    elif [ -n "$curHash" ] && [ -n "$latHash" ]; then
-        output="Local ${1} hash is $curHash (Remote: $latHash)"
-    elif [ -n "$curHash" ] && [ -z "$latHash" ]; then
-        output="Current local ${1} hash is $curHash"
-    elif [ -z "$curHash" ] && [ -n "$latHash" ]; then
-        output="Latest remote ${1} hash is $latHash"
-    elif [ -z "$curHash" ] && [ -z "$latHash" ]; then
-        output="Hashes for ${1} not available"
+    if [ "${details}" = true ]; then
+        echo "Core"
+        echo "    Version is $(normalize_version "${CORE_VERSION}") (Latest: $(normalize_version "${GITHUB_CORE_VERSION}"))"
+        echo "    Branch is $(normalize_version "${CORE_BRANCH}")"
+        echo "    Hash is $(normalize_version "${CORE_HASH}") (Latest: $(normalize_version "${GITHUB_CORE_HASH}"))"
+        echo "Web"
+        echo "    Version is $(normalize_version "${WEB_VERSION}") (Latest: $(normalize_version "${GITHUB_WEB_VERSION}"))"
+        echo "    Branch is $(normalize_version "${WEB_BRANCH}")"
+        echo "    Hash is $(normalize_version "${WEB_HASH}") (Latest: $(normalize_version "${GITHUB_WEB_HASH}"))"
+        echo "FTL"
+        echo "    Version is $(normalize_version "${FTL_VERSION}") (Latest: $(normalize_version "${GITHUB_FTL_VERSION}"))"
+        echo "    Branch is $(normalize_version "${FTL_BRANCH}")"
+        echo "    Hash is $(normalize_version "${FTL_HASH}") (Latest: $(normalize_version "${GITHUB_FTL_HASH}"))"
     else
-        errorOutput
-        return 1
+        echo "Core version is $(normalize_version "${CORE_VERSION}") (Latest: $(normalize_version "${GITHUB_CORE_VERSION}"))"
+        echo "Web version is $(normalize_version "${WEB_VERSION}") (Latest: $(normalize_version "${GITHUB_WEB_VERSION}"))"
+        echo "FTL version is $(normalize_version "${FTL_VERSION}") (Latest: $(normalize_version "${GITHUB_FTL_VERSION}"))"
     fi
-
-    [ -n "$output" ] && echo "  $output"
 }
 
-errorOutput() {
-    echo "  Invalid Option! Try 'pihole -v --help' for more information."
-    exit 1
-}
-
-defaultOutput() {
-    versionOutput "Pi-hole" "$@"
-
-    if [ "${INSTALL_WEB_INTERFACE}" = true ]; then
-        versionOutput "AdminLTE" "$@"
-    fi
-
-    versionOutput "FTL" "$@"
-}
-
-helpFunc() {
-    echo "Usage: pihole -v [repo | option] [option]
-Example: 'pihole -v -p -l'
-Show Pi-hole, Admin Console & FTL versions
-
-Repositories:
-  -p, --pihole         Only retrieve info regarding Pi-hole repository
-  -a, --admin          Only retrieve info regarding AdminLTE repository
-  -f, --ftl            Only retrieve info regarding FTL repository
-
-Options:
-  -c, --current        Return the current version
-  -l, --latest         Return the latest version
-  --hash               Return the GitHub hash from your local repositories
-  -h, --help           Show this help dialog"
-  exit 0
-}
-
-case "${1}" in
-    "-p" | "--pihole"    ) shift; versionOutput "Pi-hole" "$@";;
-    "-a" | "--admin"     ) shift; versionOutput "AdminLTE" "$@";;
-    "-f" | "--ftl"       ) shift; versionOutput "FTL" "$@";;
-    "-h" | "--help"      ) helpFunc;;
-    *                    ) defaultOutput "$@";;
-esac
+main

advanced/Scripts/webpage.sh

@@ -1,848 +0,0 @@
-#!/usr/bin/env bash
-# shellcheck disable=SC1090
-# shellcheck disable=SC2154
-
-
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Web interface settings
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-readonly dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
-readonly dhcpconfig="/etc/dnsmasq.d/02-pihole-dhcp.conf"
-readonly FTLconf="/etc/pihole/pihole-FTL.conf"
-# 03 -> wildcards
-readonly dhcpstaticconfig="/etc/dnsmasq.d/04-pihole-static-dhcp.conf"
-readonly dnscustomfile="/etc/pihole/custom.list"
-readonly dnscustomcnamefile="/etc/dnsmasq.d/05-pihole-custom-cname.conf"
-
-readonly gravityDBfile="/etc/pihole/gravity.db"
-
-# Source install script for ${setupVars}, ${PI_HOLE_BIN_DIR} and valid_ip()
-readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-# shellcheck disable=SC2034  # used in basic-install to source the script without running it
-SKIP_INSTALL="true"
-source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-
-utilsfile="/opt/pihole/utils.sh"
-source "${utilsfile}"
-
-coltable="/opt/pihole/COL_TABLE"
-if [[ -f ${coltable} ]]; then
-    source ${coltable}
-fi
-
-helpFunc() {
-    echo "Usage: pihole -a [options]
-Example: pihole -a -p password
-Set options for the Admin Console
-
-Options:
-  -p, password                    Set Admin Console password
-  -c, celsius                     Set Celsius as preferred temperature unit
-  -f, fahrenheit                  Set Fahrenheit as preferred temperature unit
-  -k, kelvin                      Set Kelvin as preferred temperature unit
-  -h, --help                      Show this help dialog
-  -i, interface                   Specify dnsmasq's interface listening behavior
-  -l, privacylevel                Set privacy level (0 = lowest, 3 = highest)
-  -t, teleporter                  Backup configuration as an archive
-  -t, teleporter myname.tar.gz    Backup configuration to archive with name myname.tar.gz as specified"
-    exit 0
-}
-
-add_setting() {
-    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
-}
-
-delete_setting() {
-    removeKey "${setupVars}" "${1}"
-}
-
-change_setting() {
-    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
-}
-
-addFTLsetting() {
-    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
-}
-
-deleteFTLsetting() {
-    removeKey "${FTLconf}" "${1}"
-}
-
-changeFTLsetting() {
-    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
-}
-
-add_dnsmasq_setting() {
-    addOrEditKeyValPair "${dnsmasqconfig}" "${1}" "${2}"
-}
-
-delete_dnsmasq_setting() {
-    removeKey "${dnsmasqconfig}" "${1}"
-}
-
-SetTemperatureUnit() {
-    addOrEditKeyValPair "${setupVars}" "TEMPERATUREUNIT" "${unit}"
-    echo -e "  ${TICK} Set temperature unit to ${unit}"
-}
-
-HashPassword() {
-    # Compute password hash twice to avoid rainbow table vulnerability
-    return=$(echo -n "${1}" | sha256sum | sed 's/\s.*$//')
-    return=$(echo -n "${return}" | sha256sum | sed 's/\s.*$//')
-    echo "${return}"
-}
-
-SetWebPassword() {
-    if [ "${SUDO_USER}" == "www-data" ]; then
-        echo "Security measure: user www-data is not allowed to change webUI password!"
-        echo "Exiting"
-        exit 1
-    fi
-
-    if [ "${SUDO_USER}" == "lighttpd" ]; then
-        echo "Security measure: user lighttpd is not allowed to change webUI password!"
-        echo "Exiting"
-        exit 1
-    fi
-
-    if (( ${#args[2]} > 0 )) ; then
-        readonly PASSWORD="${args[2]}"
-        readonly CONFIRM="${PASSWORD}"
-    else
-        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
-        # So we reset the terminal via stty if the user does press Ctrl+C
-        trap '{ echo -e "\nNo password will be set" ; stty sane ; exit 1; }' INT
-        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
-        echo ""
-
-        if [ "${PASSWORD}" == "" ]; then
-            addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" ""
-            echo -e "  ${TICK} Password Removed"
-            exit 0
-        fi
-
-        read -s -r -p "Confirm Password: " CONFIRM
-        echo ""
-    fi
-
-    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
-        # We do not wrap this in brackets, otherwise BASH will expand any appropriate syntax
-        hash=$(HashPassword "$PASSWORD")
-        # Save hash to file
-        addOrEditKeyValPair "${setupVars}" "WEBPASSWORD" "${hash}"
-        echo -e "  ${TICK} New password set"
-    else
-        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
-        exit 1
-    fi
-}
-
-ProcessDNSSettings() {
-    source "${setupVars}"
-
-    removeKey "${dnsmasqconfig}" "server"
-
-    COUNTER=1
-    while true ; do
-        var=PIHOLE_DNS_${COUNTER}
-        if [ -z "${!var}" ]; then
-            break;
-        fi
-        addKey "${dnsmasqconfig}" "server=${!var}"
-        (( COUNTER++ ))
-    done
-
-    # The option LOCAL_DNS_PORT is deprecated
-    # We apply it once more, and then convert it into the current format
-    if [ -n "${LOCAL_DNS_PORT}" ]; then
-        addOrEditKeyValPair "${dnsmasqconfig}" "server" "127.0.0.1#${LOCAL_DNS_PORT}"
-        addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_${COUNTER}" "127.0.0.1#${LOCAL_DNS_PORT}"
-        removeKey "${setupVars}" "LOCAL_DNS_PORT"
-    fi
-
-    removeKey "${dnsmasqconfig}" "domain-needed"
-    removeKey "${dnsmasqconfig}" "expand-hosts"
-
-    if [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-        addKey "${dnsmasqconfig}" "domain-needed"
-        addKey "${dnsmasqconfig}" "expand-hosts"
-    fi
-
-    removeKey "${dnsmasqconfig}" "bogus-priv"
-
-    if [[ "${DNS_BOGUS_PRIV}" == true ]]; then
-        addKey "${dnsmasqconfig}" "bogus-priv"
-    fi
-
-    removeKey "${dnsmasqconfig}" "dnssec"
-    removeKey "${dnsmasqconfig}" "trust-anchor"
-
-    if [[ "${DNSSEC}" == true ]]; then
-        echo "dnssec
-trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
-" >> "${dnsmasqconfig}"
-    fi
-
-    removeKey "${dnsmasqconfig}" "host-record"
-
-    if [ -n "${HOSTRECORD}" ]; then
-        addOrEditKeyValPair "${dnsmasqconfig}" "host-record" "${HOSTRECORD}"
-    fi
-
-    # Setup interface listening behavior of dnsmasq
-    removeKey "${dnsmasqconfig}" "interface"
-    removeKey "${dnsmasqconfig}" "local-service"
-    removeKey "${dnsmasqconfig}" "except-interface"
-    removeKey "${dnsmasqconfig}" "bind-interfaces"
-
-    if [[ "${DNSMASQ_LISTENING}" == "all" ]]; then
-        # Listen on all interfaces, permit all origins
-        addOrEditKeyValPair "${dnsmasqconfig}" "except-interface" "nonexisting"
-    elif [[ "${DNSMASQ_LISTENING}" == "local" ]]; then
-        # Listen only on all interfaces, but only local subnets
-        addKey "${dnsmasqconfig}" "local-service"
-    else
-        # Options "bind" and "single"
-        # Listen only on one interface
-        # Use eth0 as fallback interface if interface is missing in setupVars.conf
-        if [ -z "${PIHOLE_INTERFACE}" ]; then
-            PIHOLE_INTERFACE="eth0"
-        fi
-
-        addOrEditKeyValPair "${dnsmasqconfig}" "interface" "${PIHOLE_INTERFACE}"
-
-        if [[ "${DNSMASQ_LISTENING}" == "bind" ]]; then
-            # Really bind to interface
-            addKey "${dnsmasqconfig}" "bind-interfaces"
-        fi
-    fi
-
-    if [[ "${CONDITIONAL_FORWARDING}" == true ]]; then
-        # Convert legacy "conditional forwarding" to rev-server configuration
-        # Remove any existing REV_SERVER settings
-        removeKey "${setupVars}" "REV_SERVER"
-        removeKey "${setupVars}" "REV_SERVER_DOMAIN"
-        removeKey "${setupVars}" "REV_SERVER_TARGET"
-        removeKey "${setupVars}" "REV_SERVER_CIDR"
-
-        REV_SERVER=true
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
-
-        REV_SERVER_DOMAIN="${CONDITIONAL_FORWARDING_DOMAIN}"
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${REV_SERVER_DOMAIN}"
-
-        REV_SERVER_TARGET="${CONDITIONAL_FORWARDING_IP}"
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${REV_SERVER_TARGET}"
-
-        #Convert CONDITIONAL_FORWARDING_REVERSE if necessary e.g:
-        #          1.1.168.192.in-addr.arpa to 192.168.1.1/32
-        #          1.168.192.in-addr.arpa to 192.168.1.0/24
-        #          168.192.in-addr.arpa to 192.168.0.0/16
-        #          192.in-addr.arpa to 192.0.0.0/8
-        if [[ "${CONDITIONAL_FORWARDING_REVERSE}" == *"in-addr.arpa" ]];then
-            arrRev=("${CONDITIONAL_FORWARDING_REVERSE//./ }")
-            case ${#arrRev[@]} in
-                6   )   REV_SERVER_CIDR="${arrRev[3]}.${arrRev[2]}.${arrRev[1]}.${arrRev[0]}/32";;
-                5   )   REV_SERVER_CIDR="${arrRev[2]}.${arrRev[1]}.${arrRev[0]}.0/24";;
-                4   )   REV_SERVER_CIDR="${arrRev[1]}.${arrRev[0]}.0.0/16";;
-                3   )   REV_SERVER_CIDR="${arrRev[0]}.0.0.0/8";;
-            esac
-        else
-            # Set REV_SERVER_CIDR to whatever value it was set to
-            REV_SERVER_CIDR="${CONDITIONAL_FORWARDING_REVERSE}"
-        fi
-
-        # If REV_SERVER_CIDR is not converted by the above, then use the REV_SERVER_TARGET variable to derive it
-        if [ -z "${REV_SERVER_CIDR}" ]; then
-            # Convert existing input to /24 subnet (preserves legacy behavior)
-            # This sed converts "192.168.1.2" to "192.168.1.0/24"
-            # shellcheck disable=2001
-            REV_SERVER_CIDR="$(sed "s+\\.[0-9]*$+\\.0/24+" <<< "${REV_SERVER_TARGET}")"
-        fi
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${REV_SERVER_CIDR}"
-
-        # Remove obsolete settings from setupVars.conf
-        removeKey "${setupVars}" "CONDITIONAL_FORWARDING"
-        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_REVERSE"
-        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_DOMAIN"
-        removeKey "${setupVars}" "CONDITIONAL_FORWARDING_IP"
-    fi
-
-    removeKey "${dnsmasqconfig}" "rev-server"
-
-    if [[ "${REV_SERVER}" == true ]]; then
-        addKey "${dnsmasqconfig}" "rev-server=${REV_SERVER_CIDR},${REV_SERVER_TARGET}"
-        if [ -n "${REV_SERVER_DOMAIN}" ]; then
-            # Forward local domain names to the CF target, too
-            addKey "${dnsmasqconfig}" "server=/${REV_SERVER_DOMAIN}/${REV_SERVER_TARGET}"
-        fi
-
-        if [[ "${DNS_FQDN_REQUIRED}" != true ]]; then
-            # Forward unqualified names to the CF target only when the "never
-            # forward non-FQDN" option is unticked
-            addKey "${dnsmasqconfig}" "server=//${REV_SERVER_TARGET}"
-        fi
-
-    fi
-
-    # We need to process DHCP settings here as well to account for possible
-    # changes in the non-FQDN forwarding. This cannot be done in 01-pihole.conf
-    # as we don't want to delete all local=/.../ lines so it's much safer to
-    # simply rewrite the entire corresponding config file (which is what the
-    # DHCP settings subroutine is doing)
-    ProcessDHCPSettings
-}
-
-SetDNSServers() {
-    # Save setting to file
-    removeKey "${setupVars}" "PIHOLE_DNS"
-    IFS=',' read -r -a array <<< "${args[2]}"
-    for index in "${!array[@]}"
-    do
-        # Replace possible "\#" by "#". This fixes AdminLTE#1427
-        local ip
-        ip="${array[index]//\\#/#}"
-
-        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            addOrEditKeyValPair "${setupVars}" "PIHOLE_DNS_$((index+1))" "${ip}"
-        else
-            echo -e "  ${CROSS} Invalid IP has been passed"
-            exit 1
-        fi
-    done
-
-    if [[ "${args[3]}" == "domain-needed" ]]; then
-        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "true"
-    else
-        addOrEditKeyValPair "${setupVars}" "DNS_FQDN_REQUIRED" "false"
-    fi
-
-    if [[ "${args[4]}" == "bogus-priv" ]]; then
-        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "true"
-    else
-        addOrEditKeyValPair "${setupVars}" "DNS_BOGUS_PRIV" "false"
-    fi
-
-    if [[ "${args[5]}" == "dnssec" ]]; then
-        addOrEditKeyValPair "${setupVars}" "DNSSEC" "true"
-    else
-        addOrEditKeyValPair "${setupVars}" "DNSSEC" "false"
-    fi
-
-    if [[ "${args[6]}" == "rev-server" ]]; then
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "true"
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_CIDR" "${args[7]}"
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_TARGET" "${args[8]}"
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER_DOMAIN" "${args[9]}"
-    else
-        addOrEditKeyValPair "${setupVars}" "REV_SERVER" "false"
-    fi
-
-    ProcessDNSSettings
-
-    # Restart dnsmasq to load new configuration
-    RestartDNS
-}
-
-SetExcludeDomains() {
-    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_DOMAINS" "${args[2]}"
-}
-
-SetExcludeClients() {
-    addOrEditKeyValPair "${setupVars}" "API_EXCLUDE_CLIENTS" "${args[2]}"
-}
-
-Poweroff(){
-    nohup bash -c "sleep 5; poweroff" &> /dev/null </dev/null &
-}
-
-Reboot() {
-    nohup bash -c "sleep 5; reboot" &> /dev/null </dev/null &
-}
-
-RestartDNS() {
-    "${PI_HOLE_BIN_DIR}"/pihole restartdns
-}
-
-SetQueryLogOptions() {
-    addOrEditKeyValPair "${setupVars}" "API_QUERY_LOG_SHOW" "${args[2]}"
-}
-
-ProcessDHCPSettings() {
-    source "${setupVars}"
-
-    if [[ "${DHCP_ACTIVE}" == "true" ]]; then
-        interface="${PIHOLE_INTERFACE}"
-
-        # Use eth0 as fallback interface
-        if [ -z ${interface} ]; then
-            interface="eth0"
-        fi
-
-        if [[ "${PIHOLE_DOMAIN}" == "" ]]; then
-            PIHOLE_DOMAIN="lan"
-            addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
-        fi
-
-        if [[ "${DHCP_LEASETIME}" == "0" ]]; then
-            leasetime="infinite"
-        elif [[ "${DHCP_LEASETIME}" == "" ]]; then
-            leasetime="24h"
-            addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "24"
-        else
-            leasetime="${DHCP_LEASETIME}h"
-        fi
-
-        # Write settings to file
-        echo "###############################################################################
-#  DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE.  #
-#            ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE             #
-###############################################################################
-dhcp-authoritative
-dhcp-range=${DHCP_START},${DHCP_END},${leasetime}
-dhcp-option=option:router,${DHCP_ROUTER}
-dhcp-leasefile=/etc/pihole/dhcp.leases
-#quiet-dhcp
-" > "${dhcpconfig}"
-        chmod 644 "${dhcpconfig}"
-
-        if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
-            echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
-
-            # When there is a Pi-hole domain set and "Never forward non-FQDNs" is
-            # ticked, we add `local=/domain/` to tell FTL that this domain is purely
-            # local and FTL may answer queries from /etc/hosts or DHCP but should
-            # never forward queries on that domain to any upstream servers
-            if  [[ "${DNS_FQDN_REQUIRED}" == true ]]; then
-                echo "local=/${PIHOLE_DOMAIN}/" >> "${dhcpconfig}"
-            fi
-        fi
-
-        # Sourced from setupVars
-        # shellcheck disable=SC2154
-        if [[ "${DHCP_rapid_commit}" == "true" ]]; then
-            echo "dhcp-rapid-commit" >> "${dhcpconfig}"
-        fi
-
-        if [[ "${DHCP_IPv6}" == "true" ]]; then
-            echo "#quiet-dhcp6
-#enable-ra
-dhcp-option=option6:dns-server,[::]
-dhcp-range=::,constructor:${interface},ra-names,ra-stateless,64
-
-" >> "${dhcpconfig}"
-        fi
-
-    else
-        if [[ -f "${dhcpconfig}" ]]; then
-            rm "${dhcpconfig}" &> /dev/null
-        fi
-    fi
-}
-
-EnableDHCP() {
-    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "true"
-    addOrEditKeyValPair "${setupVars}" "DHCP_START" "${args[2]}"
-    addOrEditKeyValPair "${setupVars}" "DHCP_END" "${args[3]}"
-    addOrEditKeyValPair "${setupVars}" "DHCP_ROUTER" "${args[4]}"
-    addOrEditKeyValPair "${setupVars}" "DHCP_LEASETIME" "${args[5]}"
-    addOrEditKeyValPair "${setupVars}" "PIHOLE_DOMAIN" "${args[6]}"
-    addOrEditKeyValPair "${setupVars}" "DHCP_IPv6" "${args[7]}"
-    addOrEditKeyValPair "${setupVars}" "DHCP_rapid_commit" "${args[8]}"
-
-    # Remove possible old setting from file
-    removeKey "${dnsmasqconfig}" "dhcp-"
-    removeKey "${dnsmasqconfig}" "quiet-dhcp"
-
-    # If a DHCP client claims that its name is "wpad", ignore that.
-    # This fixes a security hole. see CERT Vulnerability VU#598349
-    # We also ignore "localhost" as Windows behaves strangely if a
-    # device claims this host name
-    addKey "${dnsmasqconfig}" "dhcp-name-match=set:hostname-ignore,wpad
-dhcp-name-match=set:hostname-ignore,localhost
-dhcp-ignore-names=tag:hostname-ignore"
-
-    ProcessDHCPSettings
-
-    RestartDNS
-}
-
-DisableDHCP() {
-    addOrEditKeyValPair "${setupVars}" "DHCP_ACTIVE" "false"
-
-    # Remove possible old setting from file
-    removeKey "${dnsmasqconfig}" "dhcp-"
-    removeKey "${dnsmasqconfig}" "quiet-dhcp"
-
-    ProcessDHCPSettings
-
-    RestartDNS
-}
-
-SetWebUILayout() {
-    addOrEditKeyValPair "${setupVars}" "WEBUIBOXEDLAYOUT" "${args[2]}"
-}
-
-SetWebUITheme() {
-    addOrEditKeyValPair "${setupVars}" "WEBTHEME" "${args[2]}"
-}
-
-CheckUrl(){
-    local regex check_url
-    # Check for characters NOT allowed in URLs
-    regex="[^a-zA-Z0-9:/?&%=~._()-;]"
-
-    # this will remove first @ that is after schema and before domain
-    # \1 is optional schema, \2 is userinfo
-    check_url="$( sed -re 's#([^:/]*://)?([^/]+)@#\1\2#' <<< "$1" )"
-
-    if [[ "${check_url}" =~ ${regex} ]]; then
-        return 1
-    else
-        return 0
-    fi
-}
-
-CustomizeAdLists() {
-    local address
-    address="${args[3]}"
-    local comment
-    comment="${args[4]}"
-
-    if CheckUrl "${address}"; then
-        if [[ "${args[2]}" == "enable" ]]; then
-            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 1 WHERE address = '${address}'"
-        elif [[ "${args[2]}" == "disable" ]]; then
-            pihole-FTL sqlite3 "${gravityDBfile}" "UPDATE adlist SET enabled = 0 WHERE address = '${address}'"
-        elif [[ "${args[2]}" == "add" ]]; then
-            pihole-FTL sqlite3 "${gravityDBfile}" "INSERT OR IGNORE INTO adlist (address, comment) VALUES ('${address}', '${comment}')"
-        elif [[ "${args[2]}" == "del" ]]; then
-            pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM adlist WHERE address = '${address}'"
-        else
-            echo "Not permitted"
-            return 1
-        fi
-    else
-        echo "Invalid Url"
-        return 1
-    fi
-}
-
-AddDHCPStaticAddress() {
-    mac="${args[2]}"
-    ip="${args[3]}"
-    host="${args[4]}"
-
-    if [[ "${ip}" == "noip" ]]; then
-        # Static host name
-        echo "dhcp-host=${mac},${host}" >> "${dhcpstaticconfig}"
-    elif [[ "${host}" == "nohost" ]]; then
-        # Static IP
-        echo "dhcp-host=${mac},${ip}" >> "${dhcpstaticconfig}"
-    else
-        # Full info given
-        echo "dhcp-host=${mac},${ip},${host}" >> "${dhcpstaticconfig}"
-    fi
-}
-
-RemoveDHCPStaticAddress() {
-    mac="${args[2]}"
-    if [[ "$mac" =~ ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ ]]; then
-        sed -i "/dhcp-host=${mac}.*/d" "${dhcpstaticconfig}"
-    else
-        echo "  ${CROSS} Invalid Mac Passed!"
-        exit 1
-    fi
-
-}
-
-SetListeningMode() {
-    source "${setupVars}"
-
-    if [[ "$3" == "-h" ]] || [[ "$3" == "--help" ]]; then
-        echo "Usage: pihole -a -i [interface]
-Example: 'pihole -a -i local'
-Specify dnsmasq's network interface listening behavior
-
-Interfaces:
-  local               Only respond to queries from devices that
-                      are at most one hop away (local devices)
-  single              Respond only on interface ${PIHOLE_INTERFACE}
-  bind                Bind only on interface ${PIHOLE_INTERFACE}
-  all                 Listen on all interfaces, permit all origins"
-        exit 0
-    fi
-
-    if [[ "${args[2]}" == "all" ]]; then
-        echo -e "  ${INFO} Listening on all interfaces, permitting all origins. Please use a firewall!"
-        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "all"
-    elif [[ "${args[2]}" == "local" ]]; then
-        echo -e "  ${INFO} Listening on all interfaces, permitting origins from one hop away (LAN)"
-        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "local"
-    elif [[ "${args[2]}" == "bind" ]]; then
-        echo -e "  ${INFO} Binding on interface ${PIHOLE_INTERFACE}"
-        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "bind"
-    else
-        echo -e "  ${INFO} Listening only on interface ${PIHOLE_INTERFACE}"
-        addOrEditKeyValPair "${setupVars}" "DNSMASQ_LISTENING" "single"
-    fi
-
-    # Don't restart DNS server yet because other settings
-    # will be applied afterwards if "-web" is set
-    if [[ "${args[3]}" != "-web" ]]; then
-        ProcessDNSSettings
-        # Restart dnsmasq to load new configuration
-        RestartDNS
-    fi
-}
-
-Teleporter() {
-    local filename
-    filename="${args[2]}"
-    if [[ -z "${filename}" ]]; then
-        local datetimestamp
-        local host
-        datetimestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-        host=$(hostname)
-        host="${host//./_}"
-        filename="pi-hole-${host:-noname}-teleporter_${datetimestamp}.tar.gz"
-    fi
-    # webroot is sourced from basic-install above
-    php "${webroot}/admin/scripts/pi-hole/php/teleporter.php" > "${filename}"
-}
-
-checkDomain()
-{
-    local domain validDomain
-    # Convert to lowercase
-    domain="${1,,}"
-    validDomain=$(grep -P "^((-|_)*[a-z\\d]((-|_)*[a-z\\d])*(-|_)*)(\\.(-|_)*([a-z\\d]((-|_)*[a-z\\d])*))*$" <<< "${domain}") # Valid chars check
-    validDomain=$(grep -P "^[^\\.]{1,63}(\\.[^\\.]{1,63})*$" <<< "${validDomain}") # Length of each label
-    echo "${validDomain}"
-}
-
-escapeDots()
-{
-    # SC suggest bashism ${variable//search/replace}
-    # shellcheck disable=SC2001
-    escaped=$(echo "$1" | sed 's/\./\\./g')
-    echo "${escaped}"
-}
-
-addAudit()
-{
-    shift # skip "-a"
-    shift # skip "audit"
-    local domains validDomain
-    domains=""
-    for domain in "$@"
-    do
-        # Check domain to be added. Only continue if it is valid
-        validDomain="$(checkDomain "${domain}")"
-        if [[ -n "${validDomain}" ]]; then
-            # Put comma in between domains when there is
-            # more than one domains to be added
-            # SQL INSERT allows adding multiple rows at once using the format
-            ## INSERT INTO table (domain) VALUES ('abc.de'),('fgh.ij'),('klm.no'),('pqr.st');
-            if [[ -n "${domains}" ]]; then
-                domains="${domains},"
-            fi
-            domains="${domains}('${domain}')"
-        fi
-    done
-    # Insert only the domain here. The date_added field will be
-    # filled with its default value (date_added = current timestamp)
-    pihole-FTL sqlite3 "${gravityDBfile}" "INSERT INTO domain_audit (domain) VALUES ${domains};"
-}
-
-clearAudit()
-{
-    pihole-FTL sqlite3 "${gravityDBfile}" "DELETE FROM domain_audit;"
-}
-
-SetPrivacyLevel() {
-    # Set privacy level. Minimum is 0, maximum is 3
-    if [ "${args[2]}" -ge 0 ] && [ "${args[2]}" -le 3 ]; then
-        addOrEditKeyValPair "${FTLconf}" "PRIVACYLEVEL" "${args[2]}"
-        pihole restartdns reload-lists
-    fi
-}
-
-AddCustomDNSAddress() {
-    echo -e "  ${TICK} Adding custom DNS entry..."
-
-    ip="${args[2]}"
-    host="${args[3]}"
-    reload="${args[4]}"
-
-    validHost="$(checkDomain "${host}")"
-    if [[ -n "${validHost}" ]]; then
-        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            echo "${ip} ${validHost}" >> "${dnscustomfile}"
-        else
-            echo -e "  ${CROSS} Invalid IP has been passed"
-            exit 1
-        fi
-    else
-        echo "  ${CROSS} Invalid Domain passed!"
-        exit 1
-    fi
-
-    # Restart dnsmasq to load new custom DNS entries only if $reload not false
-    if [[ ! $reload == "false" ]]; then
-        RestartDNS
-    fi
-}
-
-RemoveCustomDNSAddress() {
-    echo -e "  ${TICK} Removing custom DNS entry..."
-
-    ip="${args[2]}"
-    host="${args[3]}"
-    reload="${args[4]}"
-
-    validHost="$(checkDomain "${host}")"
-    if [[ -n "${validHost}" ]]; then
-        if valid_ip "${ip}" || valid_ip6 "${ip}" ; then
-            validHost=$(escapeDots "${validHost}")
-            sed -i "/^${ip} ${validHost}$/Id" "${dnscustomfile}"
-        else
-            echo -e "  ${CROSS} Invalid IP has been passed"
-            exit 1
-        fi
-    else
-        echo "  ${CROSS} Invalid Domain passed!"
-        exit 1
-    fi
-
-    # Restart dnsmasq to load new custom DNS entries only if reload is not false
-    if [[ ! $reload == "false" ]]; then
-        RestartDNS
-    fi
-}
-
-AddCustomCNAMERecord() {
-    echo -e "  ${TICK} Adding custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-    reload="${args[4]}"
-
-    validDomain="$(checkDomain "${domain}")"
-    if [[ -n "${validDomain}" ]]; then
-        validTarget="$(checkDomain "${target}")"
-        if [[ -n "${validTarget}" ]]; then
-            if [ "${validDomain}" = "${validTarget}" ]; then
-                echo "  ${CROSS} Domain and target are the same. This would cause a DNS loop."
-                exit 1
-            else
-                echo "cname=${validDomain},${validTarget}" >> "${dnscustomcnamefile}"
-            fi
-        else
-            echo "  ${CROSS} Invalid Target Passed!"
-            exit 1
-        fi
-    else
-        echo "  ${CROSS} Invalid Domain passed!"
-        exit 1
-    fi
-    # Restart dnsmasq to load new custom CNAME records only if reload is not false
-    if [[ ! $reload == "false" ]]; then
-        RestartDNS
-    fi
-}
-
-RemoveCustomCNAMERecord() {
-    echo -e "  ${TICK} Removing custom CNAME record..."
-
-    domain="${args[2]}"
-    target="${args[3]}"
-    reload="${args[4]}"
-
-    validDomain="$(checkDomain "${domain}")"
-    if [[ -n "${validDomain}" ]]; then
-        validTarget="$(checkDomain "${target}")"
-        if [[ -n "${validTarget}" ]]; then
-            validDomain=$(escapeDots "${validDomain}")
-            validTarget=$(escapeDots "${validTarget}")
-            sed -i "/^cname=${validDomain},${validTarget}$/Id" "${dnscustomcnamefile}"
-        else
-            echo "  ${CROSS} Invalid Target Passed!"
-            exit 1
-        fi
-    else
-        echo "  ${CROSS} Invalid Domain passed!"
-        exit 1
-    fi
-
-    # Restart dnsmasq to update removed custom CNAME records only if $reload not false
-    if [[ ! $reload == "false" ]]; then
-        RestartDNS
-    fi
-}
-
-SetRateLimit() {
-    local rate_limit_count rate_limit_interval reload
-    rate_limit_count="${args[2]}"
-    rate_limit_interval="${args[3]}"
-    reload="${args[4]}"
-
-    # Set rate-limit setting inf valid
-    if [ "${rate_limit_count}" -ge 0 ] && [ "${rate_limit_interval}" -ge 0 ]; then
-        addOrEditKeyValPair "${FTLconf}" "RATE_LIMIT" "${rate_limit_count}/${rate_limit_interval}"
-    fi
-
-    # Restart FTL to update rate-limit settings only if $reload not false
-    if [[ ! $reload == "false" ]]; then
-        RestartDNS
-    fi
-}
-
-main() {
-    args=("$@")
-
-    case "${args[1]}" in
-        "-p" | "password"     ) SetWebPassword;;
-        "-c" | "celsius"      ) unit="C"; SetTemperatureUnit;;
-        "-f" | "fahrenheit"   ) unit="F"; SetTemperatureUnit;;
-        "-k" | "kelvin"       ) unit="K"; SetTemperatureUnit;;
-        "setdns"              ) SetDNSServers;;
-        "setexcludedomains"   ) SetExcludeDomains;;
-        "setexcludeclients"   ) SetExcludeClients;;
-        "poweroff"            ) Poweroff;;
-        "reboot"              ) Reboot;;
-        "restartdns"          ) RestartDNS;;
-        "setquerylog"         ) SetQueryLogOptions;;
-        "enabledhcp"          ) EnableDHCP;;
-        "disabledhcp"         ) DisableDHCP;;
-        "layout"              ) SetWebUILayout;;
-        "theme"               ) SetWebUITheme;;
-        "-h" | "--help"       ) helpFunc;;
-        "addstaticdhcp"       ) AddDHCPStaticAddress;;
-        "removestaticdhcp"    ) RemoveDHCPStaticAddress;;
-        "-i" | "interface"    ) SetListeningMode "$@";;
-        "-t" | "teleporter"   ) Teleporter;;
-        "adlist"              ) CustomizeAdLists;;
-        "audit"               ) addAudit "$@";;
-        "clearaudit"          ) clearAudit;;
-        "-l" | "privacylevel" ) SetPrivacyLevel;;
-        "addcustomdns"        ) AddCustomDNSAddress;;
-        "removecustomdns"     ) RemoveCustomDNSAddress;;
-        "addcustomcname"      ) AddCustomCNAMERecord;;
-        "removecustomcname"   ) RemoveCustomCNAMERecord;;
-        "ratelimit"           ) SetRateLimit;;
-        *                     ) helpFunc;;
-    esac
-
-    shift
-
-    if [[ $# = 0 ]]; then
-        helpFunc
-    fi
-}

advanced/Templates/gravity.db.sql

@@ -3,90 +3,97 @@ BEGIN TRANSACTION;
 
 CREATE TABLE "group"
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	name TEXT UNIQUE NOT NULL,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	description TEXT
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    name TEXT UNIQUE NOT NULL,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    description TEXT
 );
 INSERT INTO "group" (id,enabled,name,description) VALUES (0,1,'Default','The default group');
 
 CREATE TABLE domainlist
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	type INTEGER NOT NULL DEFAULT 0,
-	domain TEXT NOT NULL,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT,
-	UNIQUE(domain, type)
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    type INTEGER NOT NULL DEFAULT 0,
+    domain TEXT NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    comment TEXT,
+    UNIQUE(domain, type)
 );
 
 CREATE TABLE adlist
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	address TEXT UNIQUE NOT NULL,
-	enabled BOOLEAN NOT NULL DEFAULT 1,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT,
-	date_updated INTEGER,
-	number INTEGER NOT NULL DEFAULT 0,
-	invalid_domains INTEGER NOT NULL DEFAULT 0,
-	status INTEGER NOT NULL DEFAULT 0
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    address TEXT NOT NULL,
+    enabled BOOLEAN NOT NULL DEFAULT 1,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    comment TEXT,
+    date_updated INTEGER,
+    number INTEGER NOT NULL DEFAULT 0,
+    invalid_domains INTEGER NOT NULL DEFAULT 0,
+    status INTEGER NOT NULL DEFAULT 0,
+    abp_entries INTEGER NOT NULL DEFAULT 0,
+    type INTEGER NOT NULL DEFAULT 0,
+    UNIQUE(address, type)
 );
 
 CREATE TABLE adlist_by_group
 (
-	adlist_id INTEGER NOT NULL REFERENCES adlist (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (adlist_id, group_id)
+    adlist_id INTEGER NOT NULL REFERENCES adlist (id) ON DELETE CASCADE,
+    group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
+    PRIMARY KEY (adlist_id, group_id)
 );
 
 CREATE TABLE gravity
 (
-	domain TEXT NOT NULL,
-	adlist_id INTEGER NOT NULL REFERENCES adlist (id)
+    domain TEXT NOT NULL,
+    adlist_id INTEGER NOT NULL REFERENCES adlist (id)
+);
+
+CREATE TABLE antigravity
+(
+    domain TEXT NOT NULL,
+    adlist_id INTEGER NOT NULL REFERENCES adlist (id)
 );
 
 CREATE TABLE info
 (
-	property TEXT PRIMARY KEY,
-	value TEXT NOT NULL
+    property TEXT PRIMARY KEY,
+    value TEXT NOT NULL
 );
 
-INSERT INTO "info" VALUES('version','15');
-
-CREATE TABLE domain_audit
-(
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	domain TEXT UNIQUE NOT NULL,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int))
-);
+INSERT INTO "info" VALUES('version','20');
+/* This is a flag to indicate if gravity was restored from a backup
+    false = not restored,
+    failed = restoration failed due to no backup
+    other string = restoration successful with the string being the backup file used */
+INSERT INTO "info" VALUES('gravity_restored','false');
 
 CREATE TABLE domainlist_by_group
 (
-	domainlist_id INTEGER NOT NULL REFERENCES domainlist (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (domainlist_id, group_id)
+    domainlist_id INTEGER NOT NULL REFERENCES domainlist (id) ON DELETE CASCADE,
+    group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
+    PRIMARY KEY (domainlist_id, group_id)
 );
 
 CREATE TABLE client
 (
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	ip TEXT NOT NULL UNIQUE,
-	date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
-	comment TEXT
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    ip TEXT NOT NULL UNIQUE,
+    date_added INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    date_modified INTEGER NOT NULL DEFAULT (cast(strftime('%s', 'now') as int)),
+    comment TEXT
 );
 
 CREATE TABLE client_by_group
 (
-	client_id INTEGER NOT NULL REFERENCES client (id),
-	group_id INTEGER NOT NULL REFERENCES "group" (id),
-	PRIMARY KEY (client_id, group_id)
+    client_id INTEGER NOT NULL REFERENCES client (id) ON DELETE CASCADE,
+    group_id INTEGER NOT NULL REFERENCES "group" (id) ON DELETE CASCADE,
+    PRIMARY KEY (client_id, group_id)
 );
 
 CREATE TRIGGER tr_adlist_update AFTER UPDATE OF address,enabled,comment ON adlist
@@ -104,7 +111,7 @@ CREATE TRIGGER tr_domainlist_update AFTER UPDATE ON domainlist
       UPDATE domainlist SET date_modified = (cast(strftime('%s', 'now') as int)) WHERE domain = NEW.domain;
     END;
 
-CREATE VIEW vw_whitelist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+CREATE VIEW vw_allowlist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
     FROM domainlist
     LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
     LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
@@ -112,7 +119,7 @@ CREATE VIEW vw_whitelist AS SELECT domain, domainlist.id AS id, domainlist_by_gr
     AND domainlist.type = 0
     ORDER BY domainlist.id;
 
-CREATE VIEW vw_blacklist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+CREATE VIEW vw_denylist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
     FROM domainlist
     LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
     LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
@@ -120,7 +127,7 @@ CREATE VIEW vw_blacklist AS SELECT domain, domainlist.id AS id, domainlist_by_gr
     AND domainlist.type = 1
     ORDER BY domainlist.id;
 
-CREATE VIEW vw_regex_whitelist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+CREATE VIEW vw_regex_allowlist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
     FROM domainlist
     LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
     LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
@@ -128,7 +135,7 @@ CREATE VIEW vw_regex_whitelist AS SELECT domain, domainlist.id AS id, domainlist
     AND domainlist.type = 2
     ORDER BY domainlist.id;
 
-CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
+CREATE VIEW vw_regex_denylist AS SELECT domain, domainlist.id AS id, domainlist_by_group.group_id AS group_id
     FROM domainlist
     LEFT JOIN domainlist_by_group ON domainlist_by_group.domainlist_id = domainlist.id
     LEFT JOIN "group" ON "group".id = domainlist_by_group.group_id
@@ -136,14 +143,21 @@ CREATE VIEW vw_regex_blacklist AS SELECT domain, domainlist.id AS id, domainlist
     AND domainlist.type = 3
     ORDER BY domainlist.id;
 
-CREATE VIEW vw_gravity AS SELECT domain, adlist_by_group.group_id AS group_id
+CREATE VIEW vw_gravity AS SELECT domain, adlist.id AS adlist_id, adlist_by_group.group_id AS group_id
     FROM gravity
     LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = gravity.adlist_id
     LEFT JOIN adlist ON adlist.id = gravity.adlist_id
     LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
     WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1);
 
-CREATE VIEW vw_adlist AS SELECT DISTINCT address, id
+CREATE VIEW vw_antigravity AS SELECT domain, adlist.id AS adlist_id, adlist_by_group.group_id AS group_id
+    FROM antigravity
+    LEFT JOIN adlist_by_group ON adlist_by_group.adlist_id = antigravity.adlist_id
+    LEFT JOIN adlist ON adlist.id = antigravity.adlist_id
+    LEFT JOIN "group" ON "group".id = adlist_by_group.group_id
+    WHERE adlist.enabled = 1 AND (adlist_by_group.group_id IS NULL OR "group".enabled = 1) AND adlist.type = 1;
+
+CREATE VIEW vw_adlist AS SELECT DISTINCT address, id, type
     FROM adlist
     WHERE enabled = 1
     ORDER BY id;

advanced/Templates/gravity_copy.sql

@@ -9,7 +9,6 @@ DROP TRIGGER tr_client_add;
 DROP TRIGGER tr_adlist_add;
 
 INSERT OR REPLACE INTO "group" SELECT * FROM OLD."group";
-INSERT OR REPLACE INTO domain_audit SELECT * FROM OLD.domain_audit;
 
 INSERT OR REPLACE INTO domainlist SELECT * FROM OLD.domainlist;
 DELETE FROM OLD.domainlist_by_group WHERE domainlist_id NOT IN (SELECT id FROM OLD.domainlist);
@@ -19,8 +18,6 @@ INSERT OR REPLACE INTO adlist SELECT * FROM OLD.adlist;
 DELETE FROM OLD.adlist_by_group WHERE adlist_id NOT IN (SELECT id FROM OLD.adlist);
 INSERT OR REPLACE INTO adlist_by_group SELECT * FROM OLD.adlist_by_group;
 
-INSERT OR REPLACE INTO info SELECT * FROM OLD.info;
-
 INSERT OR REPLACE INTO client SELECT * FROM OLD.client;
 DELETE FROM OLD.client_by_group WHERE client_id NOT IN (SELECT id FROM OLD.client);
 INSERT OR REPLACE INTO client_by_group SELECT * FROM OLD.client_by_group;

advanced/Templates/logrotate

@@ -1,21 +1,32 @@
 /var/log/pihole/pihole.log {
-	# su #
-	daily
-	copytruncate
-	rotate 5
-	compress
-	delaycompress
-	notifempty
-	nomail
+    # su #
+    daily
+    copytruncate
+    rotate 5
+    compress
+    delaycompress
+    notifempty
+    nomail
 }
 
 /var/log/pihole/FTL.log {
-	# su #
-	weekly
-	copytruncate
-	rotate 3
-	compress
-	delaycompress
-	notifempty
-	nomail
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
+}
+
+/var/log/pihole/webserver.log {
+    # su #
+    weekly
+    copytruncate
+    rotate 3
+    compress
+    delaycompress
+    notifempty
+    nomail
 }

advanced/Templates/pihole-FTL-poststop.sh

@@ -1,13 +1,13 @@
 #!/usr/bin/env sh
 
-# Source utils.sh for getFTLPIDFile()
+# Source utils.sh for getFTLConfigValue()
 PI_HOLE_SCRIPT_DIR='/opt/pihole'
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
-# shellcheck disable=SC1090
+# shellcheck source="./advanced/Scripts/utils.sh"
 . "${utilsfile}"
 
 # Get file paths
-FTL_PID_FILE="$(getFTLPIDFile)"
+FTL_PID_FILE="$(getFTLConfigValue files.pid)"
 
 # Cleanup
 rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}"

advanced/Templates/pihole-FTL-prestart.sh

@@ -1,38 +1,42 @@
 #!/usr/bin/env sh
 
-# Source utils.sh for getFTLPIDFile()
+# Source utils.sh for getFTLConfigValue()
 PI_HOLE_SCRIPT_DIR='/opt/pihole'
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
-# shellcheck disable=SC1090
+# shellcheck source="./advanced/Scripts/utils.sh"
 . "${utilsfile}"
 
 # Get file paths
-FTL_PID_FILE="$(getFTLPIDFile)"
+FTL_PID_FILE="$(getFTLConfigValue files.pid)"
+FTL_LOG_FILE="$(getFTLConfigValue files.log.ftl)"
+PIHOLE_LOG_FILE="$(getFTLConfigValue files.log.dnsmasq)"
+WEBSERVER_LOG_FILE="$(getFTLConfigValue files.log.webserver)"
+FTL_PID_FILE="${FTL_PID_FILE:-/run/pihole-FTL.pid}"
+FTL_LOG_FILE="${FTL_LOG_FILE:-/var/log/pihole/FTL.log}"
+PIHOLE_LOG_FILE="${PIHOLE_LOG_FILE:-/var/log/pihole/pihole.log}"
+WEBSERVER_LOG_FILE="${WEBSERVER_LOG_FILE:-/var/log/pihole/webserver.log}"
+
+# Ensure that permissions are set so that pihole-FTL can edit all necessary files
+mkdir -p /var/log/pihole
+chown -R pihole:pihole /etc/pihole/ /var/log/pihole/
+
+# allow all users read version file (and use pihole -v)
+touch /etc/pihole/versions
+chmod 0644 /etc/pihole/versions
+
+# allow pihole to access subdirs in /etc/pihole (sets execution bit on dirs)
+find /etc/pihole/ /var/log/pihole/ -type d -exec chmod 0755 {} +
+# Set all files (except TLS-related ones) to u+rw g+r
+find /etc/pihole/ /var/log/pihole/ -type f ! \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0640 {} +
+# Set TLS-related files to a more restrictive u+rw *only* (they may contain private keys)
+find /etc/pihole/ -type f \( -name '*.pem' -o -name '*.crt' \) -exec chmod 0600 {} +
+
+# Logrotate config file need to be owned by root
+chown root:root /etc/pihole/logrotate
 
 # Touch files to ensure they exist (create if non-existing, preserve if existing)
-# shellcheck disable=SC2174
-mkdir -pm 0755 /run/pihole /var/log/pihole
 [ -f "${FTL_PID_FILE}" ] || install -D -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
-[ -f /var/log/pihole/FTL.log ] || install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
-[ -f /var/log/pihole/pihole.log ] || install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
+[ -f "${FTL_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${FTL_LOG_FILE}"
+[ -f "${PIHOLE_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${PIHOLE_LOG_FILE}"
+[ -f "${WEBSERVER_LOG_FILE}" ] || install -m 640 -o pihole -g pihole /dev/null "${WEBSERVER_LOG_FILE}"
 [ -f /etc/pihole/dhcp.leases ] || install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
-# Ensure that permissions are set so that pihole-FTL can edit all necessary files
-chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
-# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
-chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
-chmod -f 0640 /var/log/pihole/pihole.log
-# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
-chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
-# Chmod database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
-chmod -f 0664 /etc/pihole/pihole-FTL.db
-
-# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole
-# Should be removed with Pi-hole v6.0
-if [ ! -f /var/log/pihole.log ]; then
-    ln -sf /var/log/pihole/pihole.log /var/log/pihole.log
-    chown -h pihole:pihole /var/log/pihole.log
-fi
-if [ ! -f /var/log/pihole-FTL.log ]; then
-    ln -sf /var/log/pihole/FTL.log /var/log/pihole-FTL.log
-    chown -h pihole:pihole /var/log/pihole-FTL.log
-fi

advanced/Templates/pihole-FTL.conf

@@ -1,2 +0,0 @@
-#; Pi-hole FTL config file
-#; Comments should start with #; to avoid issues with PHP and bash reading this file

advanced/Templates/pihole-FTL.openrc

@@ -0,0 +1,40 @@
+#!/sbin/openrc-run
+# shellcheck shell=sh disable=SC2034
+
+: "${PI_HOLE_SCRIPT_DIR:=/opt/pihole}"
+
+command="/usr/bin/pihole-FTL"
+command_user="pihole:pihole"
+supervisor=supervise-daemon
+command_args_foreground="-f"
+command_background=true
+pidfile="/run/${RC_SVCNAME}_openrc.pid"
+extra_started_commands="reload"
+
+respawn_max=5
+respawn_period=60
+capabilities="^CAP_NET_BIND_SERVICE,^CAP_NET_RAW,^CAP_NET_ADMIN,^CAP_SYS_NICE,^CAP_IPC_LOCK,^CAP_CHOWN,^CAP_SYS_TIME"
+
+depend() {
+    want net
+    provide dns
+}
+
+checkconfig() {
+    $command -f test
+}
+
+start_pre() {
+    sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh"
+}
+
+stop_post() {
+    sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-poststop.sh"
+}
+
+reload() {
+    checkconfig || return $?
+    ebegin "Reloading ${RC_SVCNAME}"
+    start-stop-daemon --signal HUP --pidfile "${pidfile}"
+    eend $?
+}

advanced/Templates/pihole-FTL.service

@@ -9,10 +9,10 @@
 # Description:       Enable service provided by pihole-FTL daemon
 ### END INIT INFO
 
-# Source utils.sh for getFTLPIDFile(), getFTLPID()
+# Source utils.sh for getFTLConfigValue(), getFTLPID()
 PI_HOLE_SCRIPT_DIR="/opt/pihole"
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
-# shellcheck disable=SC1090
+# shellcheck source="./advanced/Scripts/utils.sh"
 . "${utilsfile}"
 
 
@@ -37,7 +37,7 @@ start() {
     # Run pre-start script, which pre-creates all expected files with correct permissions
     sh "${PI_HOLE_SCRIPT_DIR}/pihole-FTL-prestart.sh"
 
-    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
+    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN,CAP_SYS_TIME+eip "/usr/bin/pihole-FTL"; then
       su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
     else
       echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
@@ -57,13 +57,16 @@ start() {
 stop() {
   if is_running; then
     kill "${FTL_PID}"
-    for i in 1 2 3 4 5; do
+    # Give FTL 120 seconds to gracefully stop
+    i=1
+    while [ "${i}" -le 120 ]; do
       if ! is_running; then
         break
       fi
 
       printf "."
       sleep 1
+      i=$((i + 1))
     done
     echo
 
@@ -98,7 +101,7 @@ status() {
 trap 'cleanup; exit 1' INT HUP TERM ABRT
 
 # Get FTL's PID file path
-FTL_PID_FILE="$(getFTLPIDFile)"
+FTL_PID_FILE="$(getFTLConfigValue files.pid)"
 
 # Get FTL's current PID
 FTL_PID="$(getFTLPID "${FTL_PID_FILE}")"

advanced/Templates/pihole-FTL.systemd

@@ -17,18 +17,18 @@ StartLimitIntervalSec=60s
 
 [Service]
 User=pihole
-PermissionsStartOnly=true
-AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_NICE CAP_IPC_LOCK CAP_CHOWN CAP_SYS_TIME
 
-ExecStartPre=/opt/pihole/pihole-FTL-prestart.sh
+# Run prestart with elevated permissions
+ExecStartPre=+/opt/pihole/pihole-FTL-prestart.sh
 ExecStart=/usr/bin/pihole-FTL -f
 Restart=on-failure
 RestartSec=5s
 ExecReload=/bin/kill -HUP $MAINPID
-ExecStopPost=/opt/pihole/pihole-FTL-poststop.sh
+ExecStopPost=+/opt/pihole/pihole-FTL-poststop.sh
 
 # Use graceful shutdown with a reasonable timeout
-TimeoutStopSec=10s
+TimeoutStopSec=120s
 
 # Make /usr, /boot, /etc and possibly some more folders read-only...
 ProtectSystem=full

advanced/Templates/pihole.cron

@@ -24,7 +24,7 @@
 #          The flush script will use logrotate if available
 #          parameter "once": logrotate only once (default is twice)
 #          parameter "quiet": don't print messages
-00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
+00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole logrotate quiet
 
 @reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
 

advanced/Templates/pihole.sudo

@@ -1,9 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Allows the WebUI to use Pi-hole commands
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-#

advanced/bash-completion/pihole

@@ -1,79 +0,0 @@
-_pihole() {
-	local cur prev opts opts_admin opts_checkout opts_chronometer opts_debug opts_interface  opts_logging opts_privacy opts_query opts_update opts_version
-	COMPREPLY=()
-	cur="${COMP_WORDS[COMP_CWORD]}"
-	prev="${COMP_WORDS[COMP_CWORD-1]}"
-	prev2="${COMP_WORDS[COMP_CWORD-2]}"
-
-	case "${prev}" in
-		"pihole")
-			opts="admin blacklist checkout chronometer debug disable enable flush help logging query reconfigure regex restartdns status tail uninstall updateGravity updatePihole version wildcard whitelist arpflush"
-			COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-		;;
-		"whitelist"|"blacklist"|"wildcard"|"regex")
-			opts_lists="\--delmode \--noreload \--quiet \--list \--nuke"
-			COMPREPLY=( $(compgen -W "${opts_lists}" -- ${cur}) )
-		;;
-		"admin")
-			opts_admin="celsius fahrenheit interface kelvin password privacylevel"
-			COMPREPLY=( $(compgen -W "${opts_admin}" -- ${cur}) )
-		;;
-		"checkout")
-			opts_checkout="core ftl web master dev"
-			COMPREPLY=( $(compgen -W "${opts_checkout}" -- ${cur}) )
-		;;
-		"chronometer")
-			opts_chronometer="\--exit \--json \--refresh"
-			COMPREPLY=( $(compgen -W "${opts_chronometer}" -- ${cur}) )
-		;;
-		"debug")
-			opts_debug="-a"
-			COMPREPLY=( $(compgen -W "${opts_debug}" -- ${cur}) )
-		;;
-		"logging")
-			opts_logging="on off 'off noflush'"
-			COMPREPLY=( $(compgen -W "${opts_logging}" -- ${cur}) )
-		;;
-		"query")
-			opts_query="-adlist -all -exact"
-			COMPREPLY=( $(compgen -W "${opts_query}" -- ${cur}) )
-		;;
-		"updatePihole"|"-up")
-			opts_update="--check-only"
-			COMPREPLY=( $(compgen -W "${opts_update}" -- ${cur}) )
-		;;
-		"version")
-			opts_version="\--admin \--current \--ftl \--hash \--latest \--pihole"
-			COMPREPLY=( $(compgen -W "${opts_version}" -- ${cur}) )
-		;;
-		"interface")
-			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_interface="$(cat /proc/net/dev | cut -d: -s -f1)"
-				COMPREPLY=( $(compgen -W "${opts_interface}" -- ${cur}) )
-			else
-				return 1
-			fi
-		;;
-		"privacylevel")
-			if ( [[ "$prev2" == "admin" ]] || [[ "$prev2" == "-a" ]] ); then
-				opts_privacy="0 1 2 3"
-				COMPREPLY=( $(compgen -W "${opts_privacy}" -- ${cur}) )
-			else
-				return 1
-			fi
-		;;
-		"core"|"admin"|"ftl")
-			if [[ "$prev2" == "checkout" ]]; then
-				opts_checkout="master dev"
-				COMPREPLY=( $(compgen -W "${opts_checkout}" -- ${cur}) )
-			else
-				return 1
-			fi
-		;;
-		*)
-		return 1
-		;;
-	esac
-	return 0
-}
-complete -F _pihole pihole

advanced/bash-completion/pihole-ftl.bash

@@ -0,0 +1,9 @@
+#!/bin/bash
+#
+# Bash completion script for pihole-FTL
+#
+# This completion script provides tab completion for pihole-FTL CLI flags and commands.
+# It uses the `pihole-FTL --complete` command to generate the completion options.
+_complete_FTL() { mapfile -t COMPREPLY < <(pihole-FTL --complete "${COMP_WORDS[@]}"); }
+
+complete -F _complete_FTL pihole-FTL

advanced/bash-completion/pihole.bash

@@ -0,0 +1,59 @@
+#!/bin/bash
+#
+# Bash completion script for pihole
+#
+_pihole() {
+    local cur prev prev2 opts opts_lists opts_checkout opts_debug opts_logging opts_query opts_update opts_networkflush
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+    prev2="${COMP_WORDS[COMP_CWORD-2]}"
+
+    case "${prev}" in
+        "pihole")
+            opts="allow allow-regex allow-wild deny checkout debug disable enable flush help logging query repair regex reloaddns reloadlists setpassword status tail uninstall updateGravity updatePihole version wildcard networkflush api"
+            mapfile -t COMPREPLY < <(compgen -W "${opts}" -- "${cur}")
+        ;;
+        "allow"|"deny"|"wildcard"|"regex"|"allow-regex"|"allow-wild")
+            opts_lists="\not \--delmode \--quiet \--list \--help"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_lists}" -- "${cur}")
+        ;;
+        "checkout")
+            opts_checkout="core ftl web master dev"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_checkout}" -- "${cur}")
+        ;;
+        "debug")
+            opts_debug="-a"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_debug}" -- "${cur}")
+        ;;
+        "logging")
+            opts_logging="on off 'off noflush'"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_logging}" -- "${cur}")
+        ;;
+        "query")
+            opts_query="--partial --all"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_query}" -- "${cur}")
+        ;;
+        "updatePihole"|"-up")
+            opts_update="--check-only"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_update}" -- "${cur}")
+        ;;
+        "networkflush")
+            opts_networkflush="--arp"
+            mapfile -t COMPREPLY < <(compgen -W "${opts_networkflush}" -- "${cur}")
+        ;;
+        "core"|"web"|"ftl")
+            if [[ "$prev2" == "checkout" ]]; then
+                opts_checkout="master development"
+                mapfile -t COMPREPLY < <(compgen -W "${opts_checkout}" -- "${cur}")
+            else
+                return 1
+            fi
+        ;;
+        *)
+        return 1
+        ;;
+    esac
+    return 0
+}
+complete -F _pihole pihole

advanced/dnsmasq.conf.original

@@ -1,648 +0,0 @@
-# Configuration file for dnsmasq.
-#
-# Format is one option per line, legal options are the same
-# as the long options legal on the command line. See
-# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
-
-# Listen on this specific port instead of the standard DNS port
-# (53). Setting this to zero completely disables DNS function,
-# leaving only DHCP and/or TFTP.
-#port=5353
-
-# The following two options make you a better netizen, since they
-# tell dnsmasq to filter out queries which the public DNS cannot
-# answer, and which load the servers (especially the root servers)
-# unnecessarily. If you have a dial-on-demand link they also stop
-# these requests from bringing up the link unnecessarily.
-
-# Never forward plain names (without a dot or domain part)
-#domain-needed
-# Never forward addresses in the non-routed address spaces.
-#bogus-priv
-
-# Uncomment these to enable DNSSEC validation and caching:
-# (Requires dnsmasq to be built with DNSSEC option.)
-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
-#dnssec
-
-# Replies which are not DNSSEC signed may be legitimate, because the domain
-# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
-# check that an unsigned reply is OK, by finding a secure proof that a DS
-# record somewhere between the root and the domain does not exist.
-# The cost of setting this is that even queries in unsigned domains will need
-# one or more extra DNS queries to verify.
-#dnssec-check-unsigned
-
-# Uncomment this to filter useless windows-originated DNS requests
-# which can trigger dial-on-demand links needlessly.
-# Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
-# This option only affects forwarding, SRV records originating for
-# dnsmasq (via srv-host= lines) are not suppressed by it.
-#filterwin2k
-
-# Change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf
-#resolv-file=
-
-# By  default,  dnsmasq  will  send queries to any of the upstream
-# servers it knows about and tries to favor servers to are  known
-# to  be  up.  Uncommenting this forces dnsmasq to try each query
-# with  each  server  strictly  in  the  order  they   appear   in
-# /etc/resolv.conf
-#strict-order
-
-# If you don't want dnsmasq to read /etc/resolv.conf or any other
-# file, getting its servers from this file instead (see below), then
-# uncomment this.
-#no-resolv
-
-# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
-# files for changes and re-read them then uncomment this.
-#no-poll
-
-# Add other name servers here, with domain specs if they are for
-# non-public domains.
-#server=/localnet/192.168.0.1
-
-# Example of routing PTR queries to nameservers: this will send all
-# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
-#server=/3.168.192.in-addr.arpa/10.1.2.3
-
-# Add local-only domains here, queries in these domains are answered
-# from /etc/hosts or DHCP only.
-#local=/localnet/
-
-# Add domains which you want to force to an IP address here.
-# The example below send any host in double-click.net to a local
-# web-server.
-#address=/double-click.net/127.0.0.1
-
-# --address (and --server) work with IPv6 addresses too.
-#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
-
-# Add the IPs of all queries to yahoo.com, google.com, and their
-# subdomains to the vpn and search ipsets:
-#ipset=/yahoo.com/google.com/vpn,search
-
-# You can control how dnsmasq talks to a server: this forces
-# queries to 10.1.2.3 to be routed via eth1
-# server=10.1.2.3@eth1
-
-# and this sets the source (ie local) address used to talk to
-# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
-# IP on the machine, obviously).
-# server=10.1.2.3@192.168.1.1#55
-
-# If you want dnsmasq to change uid and gid to something other
-# than the default, edit the following lines.
-#user=
-#group=
-
-# If you want dnsmasq to listen for DHCP and DNS requests only on
-# specified interfaces (and the loopback) give the name of the
-# interface (eg eth0) here.
-# Repeat the line for more than one interface.
-#interface=
-# Or you can specify which interface _not_ to listen on
-#except-interface=
-# Or which to listen on by address (remember to include 127.0.0.1 if
-# you use this.)
-#listen-address=
-# If you want dnsmasq to provide only DNS service on an interface,
-# configure it as shown above, and then use the following line to
-# disable DHCP and TFTP on it.
-#no-dhcp-interface=
-
-# On systems which support it, dnsmasq binds the wildcard address,
-# even when it is listening on only some interfaces. It then discards
-# requests that it shouldn't reply to. This has the advantage of
-# working even when interfaces come and go and change address. If you
-# want dnsmasq to really bind only the interfaces it is listening on,
-# uncomment this option. About the only time you may need this is when
-# running another nameserver on the same machine.
-#bind-interfaces
-
-# If you don't want dnsmasq to read /etc/hosts, uncomment the
-# following line.
-#no-hosts
-# or if you want it to read another file, as well as /etc/hosts, use
-# this.
-#addn-hosts=/etc/banner_add_hosts
-
-# Set this (and domain: see below) if you want to have a domain
-# automatically added to simple names in a hosts-file.
-#expand-hosts
-
-# Set the domain for dnsmasq. this is optional, but if it is set, it
-# does the following things.
-# 1) Allows DHCP hosts to have fully qualified domain names, as long
-#     as the domain part matches this setting.
-# 2) Sets the "domain" DHCP option thereby potentially setting the
-#    domain of all systems configured by DHCP
-# 3) Provides the domain part for "expand-hosts"
-#domain=thekelleys.org.uk
-
-# Set a different domain for a particular subnet
-#domain=wireless.thekelleys.org.uk,192.168.2.0/24
-
-# Same idea, but range rather then subnet
-#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
-
-# Uncomment this to enable the integrated DHCP server, you need
-# to supply the range of addresses available for lease and optionally
-# a lease time. If you have more than one network, you will need to
-# repeat this for each network on which you want to supply DHCP
-# service.
-#dhcp-range=192.168.0.50,192.168.0.150,12h
-
-# This is an example of a DHCP range where the netmask is given. This
-# is needed for networks we reach the dnsmasq DHCP server via a relay
-# agent. If you don't know what a DHCP relay agent is, you probably
-# don't need to worry about this.
-#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
-
-# This is an example of a DHCP range which sets a tag, so that
-# some DHCP options may be set only for this network.
-#dhcp-range=set:red,192.168.0.50,192.168.0.150
-
-# Use this DHCP range only when the tag "green" is set.
-#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
-
-# Specify a subnet which can't be used for dynamic address allocation,
-# is available for hosts with matching --dhcp-host lines. Note that
-# dhcp-host declarations will be ignored unless there is a dhcp-range
-# of some type for the subnet in question.
-# In this case the netmask is implied (it comes from the network
-# configuration on the machine running dnsmasq) it is possible to give
-# an explicit netmask instead.
-#dhcp-range=192.168.0.0,static
-
-# Enable DHCPv6. Note that the prefix-length does not need to be specified
-# and defaults to 64 if missing/
-#dhcp-range=1234::2, 1234::500, 64, 12h
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet.
-#dhcp-range=1234::, ra-only
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
-# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
-# hosts. Use the DHCPv4 lease to derive the name, network segment and
-# MAC address and assume that the host will also have an
-# IPv6 address calculated using the SLAAC algorithm.
-#dhcp-range=1234::, ra-names
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet.
-# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
-#dhcp-range=1234::, ra-only, 48h
-
-# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
-# so that clients can use SLAAC addresses as well as DHCP ones.
-#dhcp-range=1234::2, 1234::500, slaac
-
-# Do Router Advertisements and stateless DHCP for this subnet. Clients will
-# not get addresses from DHCP, but they will get other configuration information.
-# They will use SLAAC for addresses.
-#dhcp-range=1234::, ra-stateless
-
-# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
-# from DHCPv4 leases.
-#dhcp-range=1234::, ra-stateless, ra-names
-
-# Do router advertisements for all subnets where we're doing DHCPv6
-# Unless overridden by ra-stateless, ra-names, et al, the router
-# advertisements will have the M and O bits set, so that the clients
-# get addresses and configuration from DHCPv6, and the A bit reset, so the
-# clients don't use SLAAC addresses.
-#enable-ra
-
-# Supply parameters for specified hosts using DHCP. There are lots
-# of valid alternatives, so we will give examples of each. Note that
-# IP addresses DO NOT have to be in the range given above, they just
-# need to be on the same network. The order of the parameters in these
-# do not matter, it's permissible to give name, address and MAC in any
-# order.
-
-# Always allocate the host with Ethernet address 11:22:33:44:55:66
-# The IP address 192.168.0.60
-#dhcp-host=11:22:33:44:55:66,192.168.0.60
-
-# Always set the name of the host with hardware address
-# 11:22:33:44:55:66 to be "fred"
-#dhcp-host=11:22:33:44:55:66,fred
-
-# Always give the host with Ethernet address 11:22:33:44:55:66
-# the name fred and IP address 192.168.0.60 and lease time 45 minutes
-#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
-
-# Give a host with Ethernet address 11:22:33:44:55:66 or
-# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
-# that these two Ethernet interfaces will never be in use at the same
-# time, and give the IP address to the second, even if it is already
-# in use by the first. Useful for laptops with wired and wireless
-# addresses.
-#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
-
-# Give the machine which says its name is "bert" IP address
-# 192.168.0.70 and an infinite lease
-#dhcp-host=bert,192.168.0.70,infinite
-
-# Always give the host with client identifier 01:02:02:04
-# the IP address 192.168.0.60
-#dhcp-host=id:01:02:02:04,192.168.0.60
-
-# Always give the host with client identifier "marjorie"
-# the IP address 192.168.0.60
-#dhcp-host=id:marjorie,192.168.0.60
-
-# Enable the address given for "judge" in /etc/hosts
-# to be given to a machine presenting the name "judge" when
-# it asks for a DHCP lease.
-#dhcp-host=judge
-
-# Never offer DHCP service to a machine whose Ethernet
-# address is 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,ignore
-
-# Ignore any client-id presented by the machine with Ethernet
-# address 11:22:33:44:55:66. This is useful to prevent a machine
-# being treated differently when running under different OS's or
-# between PXE boot and OS boot.
-#dhcp-host=11:22:33:44:55:66,id:*
-
-# Send extra options which are tagged as "red" to
-# the machine with Ethernet address 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,set:red
-
-# Send extra options which are tagged as "red" to
-# any machine with Ethernet address starting 11:22:33:
-#dhcp-host=11:22:33:*:*:*,set:red
-
-# Give a fixed IPv6 address and name to client with
-# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
-# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
-# Note also the they [] around the IPv6 address are obligatory.
-#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
-
-# Ignore any clients which are not specified in dhcp-host lines
-# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
-# This relies on the special "known" tag which is set when
-# a host is matched.
-#dhcp-ignore=tag:!known
-
-# Send extra options which are tagged as "red" to any machine whose
-# DHCP vendorclass string includes the substring "Linux"
-#dhcp-vendorclass=set:red,Linux
-
-# Send extra options which are tagged as "red" to any machine one
-# of whose DHCP userclass strings includes the substring "accounts"
-#dhcp-userclass=set:red,accounts
-
-# Send extra options which are tagged as "red" to any machine whose
-# MAC address matches the pattern.
-#dhcp-mac=set:red,00:60:8C:*:*:*
-
-# If this line is uncommented, dnsmasq will read /etc/ethers and act
-# on the ethernet-address/IP pairs found there just as if they had
-# been given as --dhcp-host options. Useful if you keep
-# MAC-address/host mappings there for other purposes.
-#read-ethers
-
-# Send options to hosts which ask for a DHCP lease.
-# See RFC 2132 for details of available options.
-# Common options can be given to dnsmasq by name:
-# run "dnsmasq --help dhcp" to get a list.
-# Note that all the common settings, such as netmask and
-# broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need
-# any dhcp-options. If you use Windows clients and Samba, there
-# are some options which are recommended, they are detailed at the
-# end of this section.
-
-# Override the default route supplied by dnsmasq, which assumes the
-# router is the same machine as the one running dnsmasq.
-#dhcp-option=3,1.2.3.4
-
-# Do the same thing, but using the option name
-#dhcp-option=option:router,1.2.3.4
-
-# Override the default route supplied by dnsmasq and send no default
-# route at all. Note that this only works for the options sent by
-# default (1, 3, 6, 12, 28) the same line will send a zero-length option
-# for all other option numbers.
-#dhcp-option=3
-
-# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
-
-# Send DHCPv6 option. Note [] around IPv6 addresses.
-#dhcp-option=option6:dns-server,[1234::77],[1234::88]
-
-# Send DHCPv6 option for namservers as the machine running
-# dnsmasq and another.
-#dhcp-option=option6:dns-server,[::],[1234::88]
-
-# Ask client to poll for option changes every six hours. (RFC4242)
-#dhcp-option=option6:information-refresh-time,6h
-
-# Set the NTP time server address to be the same machine as
-# is running dnsmasq
-#dhcp-option=42,0.0.0.0
-
-# Set the NIS domain name to "welly"
-#dhcp-option=40,welly
-
-# Set the default time-to-live to 50
-#dhcp-option=23,50
-
-# Set the "all subnets are local" flag
-#dhcp-option=27,1
-
-# Send the etherboot magic flag and then etherboot options (a string).
-#dhcp-option=128,e4:45:74:68:00:00
-#dhcp-option=129,NIC=eepro100
-
-# Specify an option which will only be sent to the "red" network
-# (see dhcp-range for the declaration of the "red" network)
-# Note that the tag: part must precede the option: part.
-#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
-
-# The following DHCP options set up dnsmasq in the same way as is specified
-# for the ISC dhcpcd in
-# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
-# adapted for a typical dnsmasq installation where the host running
-# dnsmasq is also the host running samba.
-# you may want to uncomment some or all of them if you use
-# Windows clients and Samba.
-#dhcp-option=19,0           # option ip-forwarding off
-#dhcp-option=44,0.0.0.0     # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
-#dhcp-option=45,0.0.0.0     # netbios datagram distribution server
-#dhcp-option=46,8           # netbios node type
-
-# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
-#dhcp-option=252,"\n"
-
-# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
-# probably doesn't support this......
-#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
-
-# Send RFC-3442 classless static routes (note the netmask encoding)
-#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
-
-# Send vendor-class specific options encapsulated in DHCP option 43.
-# The meaning of the options is defined by the vendor-class so
-# options are sent only when the client supplied vendor class
-# matches the class given here. (A substring match is OK, so "MSFT"
-# matches "MSFT" and "MSFT 5.0"). This example sets the
-# mtftp address to 0.0.0.0 for PXEClients.
-#dhcp-option=vendor:PXEClient,1,0.0.0.0
-
-# Send microsoft-specific option to tell windows to release the DHCP lease
-# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
-# value as a four-byte integer - that's what microsoft wants. See
-# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
-#dhcp-option=vendor:MSFT,2,1i
-
-# Send the Encapsulated-vendor-class ID needed by some configurations of
-# Etherboot to allow is to recognize the DHCP server.
-#dhcp-option=vendor:Etherboot,60,"Etherboot"
-
-# Send options to PXELinux. Note that we need to send the options even
-# though they don't appear in the parameter request list, so we need
-# to use dhcp-option-force here.
-# See http://syslinux.zytor.com/pxe.php#special for details.
-# Magic number - needed before anything else is recognized
-#dhcp-option-force=208,f1:00:74:7e
-# Configuration file name
-#dhcp-option-force=209,configs/common
-# Path prefix
-#dhcp-option-force=210,/tftpboot/pxelinux/files/
-# Reboot time. (Note 'i' to send 32-bit value)
-#dhcp-option-force=211,30i
-
-# Set the boot filename for netboot/PXE. You will only need
-# this is you want to boot machines over the network and you will need
-# a TFTP server; either dnsmasq's built in TFTP server or an
-# external one. (See below for how to enable the TFTP server.)
-#dhcp-boot=pxelinux.0
-
-# The same as above, but use custom tftp-server instead machine running dnsmasq
-#dhcp-boot=pxelinux,server.name,192.168.1.100
-
-# Boot for Etherboot gPXE. The idea is to send two different
-# filenames, the first loads gPXE, and the second tells gPXE what to
-# load. The dhcp-match sets the gpxe tag for requests from gPXE.
-#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
-#dhcp-boot=tag:!gpxe,undionly.kpxe
-#dhcp-boot=mybootimage
-
-# Encapsulated options for Etherboot gPXE. All the options are
-# encapsulated within option 175
-#dhcp-option=encap:175, 1, 5b         # priority code
-#dhcp-option=encap:175, 176, 1b       # no-proxydhcp
-#dhcp-option=encap:175, 177, string   # bus-id
-#dhcp-option=encap:175, 189, 1b       # BIOS drive code
-#dhcp-option=encap:175, 190, user     # iSCSI username
-#dhcp-option=encap:175, 191, pass     # iSCSI password
-
-# Test for the architecture of a netboot client. PXE clients are
-# supposed to send their architecture as option 93. (See RFC 4578)
-#dhcp-match=peecees, option:client-arch, 0 #x86-32
-#dhcp-match=itanics, option:client-arch, 2 #IA64
-#dhcp-match=hammers, option:client-arch, 6 #x86-64
-#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
-
-# Do real PXE, rather than just booting a single file, this is an
-# alternative to dhcp-boot.
-#pxe-prompt="What system shall I netboot?"
-# or with timeout before first available action is taken:
-#pxe-prompt="Press F8 for menu.", 60
-
-# Available boot services. for PXE.
-#pxe-service=x86PC, "Boot from local disk"
-
-# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
-#pxe-service=x86PC, "Install Linux", pxelinux
-
-# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
-# Beware this fails on old PXE ROMS.
-#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
-
-# Use bootserver on network, found my multicast or broadcast.
-#pxe-service=x86PC, "Install windows from RIS server", 1
-
-# Use bootserver at a known IP address.
-#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
-
-# If you have multicast-FTP available,
-# information for that can be passed in a similar way using options 1
-# to 5. See page 19 of
-# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
-
-
-# Enable dnsmasq's built-in TFTP server
-#enable-tftp
-
-# Set the root directory for files available via FTP.
-#tftp-root=/var/ftpd
-
-# Make the TFTP server more secure: with this set, only files owned by
-# the user dnsmasq is running as will be send over the net.
-#tftp-secure
-
-# This option stops dnsmasq from negotiating a larger blocksize for TFTP
-# transfers. It will slow things down, but may rescue some broken TFTP
-# clients.
-#tftp-no-blocksize
-
-# Set the boot file name only when the "red" tag is set.
-#dhcp-boot=tag:red,pxelinux.red-net
-
-# An example of dhcp-boot with an external TFTP server: the name and IP
-# address of the server are given after the filename.
-# Can fail with old PXE ROMS. Overridden by --pxe-service.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
-
-# If there are multiple external tftp servers having a same name
-# (using /etc/hosts) then that name can be specified as the
-# tftp_servername (the third option to dhcp-boot) and in that
-# case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fashion. This facility can be used to
-# load balance the tftp load among a set of servers.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
-
-# Set the limit on DHCP leases, the default is 150
-#dhcp-lease-max=150
-
-# The DHCP server needs somewhere on disk to keep its lease database.
-# This defaults to a sane location, but if you want to change it, use
-# the line below.
-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
-
-# Set the DHCP server to authoritative mode. In this mode it will barge in
-# and take over the lease for any client which broadcasts on the network,
-# whether it has a record of the lease or not. This avoids long timeouts
-# when a machine wakes up on a new network. DO NOT enable this if there's
-# the slightest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses
-# the same option, and this URL provides more information:
-# http://www.isc.org/files/auth.html
-#dhcp-authoritative
-
-# Run an executable when a DHCP lease is created or destroyed.
-# The arguments sent to the script are "add" or "del",
-# then the MAC address, the IP address and finally the hostname
-# if there is one.
-#dhcp-script=/bin/echo
-
-# Set the cachesize here.
-#cache-size=150
-
-# If you want to disable negative caching, uncomment this.
-#no-negcache
-
-# Normally responses which come from /etc/hosts and the DHCP lease
-# file have Time-To-Live set as zero, which conventionally means
-# do not cache further. If you are happy to trade lower load on the
-# server for potentially stale date, you can set a time-to-live (in
-# seconds) here.
-#local-ttl=
-
-# If you want dnsmasq to detect attempts by Verisign to send queries
-# to unregistered .com and .net hosts to its sitefinder service and
-# have dnsmasq instead return the correct NXDOMAIN response, uncomment
-# this line. You can add similar lines to do the same for other
-# registries which have implemented wildcard A records.
-#bogus-nxdomain=64.94.110.11
-
-# If you want to fix up DNS results from upstream servers, use the
-# alias option. This only works for IPv4.
-# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
-#alias=1.2.3.4,5.6.7.8
-# and this maps 1.2.3.x to 5.6.7.x
-#alias=1.2.3.0,5.6.7.0,255.255.255.0
-# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
-#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
-
-# Change these lines if you want dnsmasq to serve MX records.
-
-# Return an MX record named "maildomain.com" with target
-# servermachine.com and preference 50
-#mx-host=maildomain.com,servermachine.com,50
-
-# Set the default target for MX records created using the localmx option.
-#mx-target=servermachine.com
-
-# Return an MX record pointing to the mx-target for all local
-# machines.
-#localmx
-
-# Return an MX record pointing to itself for all local machines.
-#selfmx
-
-# Change the following lines if you want dnsmasq to serve SRV
-# records.  These are useful if you want to serve ldap requests for
-# Active Directory and other windows-originated DNS requests.
-# See RFC 2782.
-# You may add multiple srv-host lines.
-# The fields are <name>,<target>,<port>,<priority>,<weight>
-# If the domain part if missing from the name (so that is just has the
-# service and protocol sections) then the domain given by the domain=
-# config option is used. (Note that expand-hosts does not need to be
-# set for this to work.)
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 389
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 389 (using domain=)
-#domain=example.com
-#srv-host=_ldap._tcp,ldapserver.example.com,389
-
-# Two SRV records for LDAP, each with different priorities
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
-
-# A SRV record indicating that there is no LDAP server for the domain
-# example.com
-#srv-host=_ldap._tcp.example.com
-
-# The following line shows how to make dnsmasq serve an arbitrary PTR
-# record. This is useful for DNS-SD. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for PTR records.)
-#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
-
-# Change the following lines to enable dnsmasq to serve TXT records.
-# These are used for things like SPF and zeroconf. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for TXT records.)
-
-#Example SPF.
-#txt-record=example.com,"v=spf1 a -all"
-
-#Example zeroconf
-#txt-record=_http._tcp.example.com,name=value,paper=A4
-
-# Provide an alias for a "local" DNS name. Note that this _only_ works
-# for targets which are names from DHCP or /etc/hosts. Give host
-# "bert" another name, bertrand
-#cname=bertand,bert
-
-# For debugging purposes, log each DNS query as it passes through
-# dnsmasq.
-#log-queries
-
-# Log lots of extra information about DHCP transactions.
-#log-dhcp
-
-# Include another lot of configuration options.
-#conf-file=/etc/dnsmasq.more.conf
-#conf-dir=/etc/dnsmasq.d
-
-# Include all the files in a directory except those ending in .bak
-#conf-dir=/etc/dnsmasq.d,.bak
-
-# Include all files in a directory which end in .conf
-#conf-dir=/etc/dnsmasq.d/*.conf

advanced/lighttpd.conf.debian

@@ -1,73 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Lighttpd config for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###################################################################################################
-#   IF THIS HEADER EXISTS, THE FILE WILL BE OVERWRITTEN BY PI-HOLE'S UPDATE PROCEDURE.            #
-#   ANY CHANGES MADE TO THIS FILE WILL BE LOST ON THE NEXT UPDATE UNLESS YOU REMOVE THIS HEADER   #
-#                                                                                                 #
-#   ENSURE THAT YOU DO NOT REMOVE THE REQUIRED LINE:                                              #
-#                                                                                                 #
-#   include "/etc/lighttpd/conf-enabled/*.conf"                                                   #
-#                                                                                                 #
-###################################################################################################
-
-server.modules = (
-    "mod_access",
-    "mod_auth",
-    "mod_expire",
-    "mod_redirect",
-    "mod_setenv",
-    "mod_rewrite"
-)
-
-server.document-root        = "/var/www/html"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error-pihole.log"
-server.pid-file             = "/run/lighttpd.pid"
-server.username             = "www-data"
-server.groupname            = "www-data"
-# For lighttpd version 1.4.46 or above, the port can be overwritten in `/etc/lighttpd/external.conf` using the := operator
-# e.g. server.port := 8000
-server.port                 = 80
-
-# Allow streaming response
-# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
-server.stream-response-body = 1
-#ssl.read-ahead              = "disable"
-
-index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-mimetype.assign = (
-    ".ico"   => "image/x-icon",
-    ".jpeg"  => "image/jpeg",
-    ".jpg"   => "image/jpeg",
-    ".png"   => "image/png",
-    ".svg"   => "image/svg+xml",
-    ".css"   => "text/css; charset=utf-8",
-    ".html"  => "text/html; charset=utf-8",
-    ".js"    => "text/javascript; charset=utf-8",
-    ".json"  => "application/json; charset=utf-8",
-    ".map"   => "application/json; charset=utf-8",
-    ".txt"   => "text/plain; charset=utf-8",
-    ".eot"   => "application/vnd.ms-fontobject",
-    ".otf"   => "font/otf",
-    ".ttc"   => "font/collection",
-    ".ttf"   => "font/ttf",
-    ".woff"  => "font/woff",
-    ".woff2" => "font/woff2"
-)
-
-# Add user chosen options held in (optional) external file
-include "external*.conf"
-
-# default listening port for IPv6 falls back to the IPv4 port
-include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-include "/etc/lighttpd/conf-enabled/*.conf"

advanced/lighttpd.conf.fedora

@@ -1,87 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Lighttpd config for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###################################################################################################
-#   IF THIS HEADER EXISTS, THE FILE WILL BE OVERWRITTEN BY PI-HOLE'S UPDATE PROCEDURE.            #
-#   ANY CHANGES MADE TO THIS FILE WILL BE LOST ON THE NEXT UPDATE UNLESS YOU REMOVE THIS HEADER   #
-#                                                                                                 #
-#   ENSURE THAT YOU DO NOT REMOVE THE REQUIRED LINE:                                              #
-#                                                                                                 #
-#   include "/etc/lighttpd/conf.d/pihole-admin.conf"                                              #
-#                                                                                                 #
-###################################################################################################
-
-server.modules = (
-    "mod_access",
-    "mod_auth",
-    "mod_expire",
-    "mod_fastcgi",
-    "mod_accesslog",
-    "mod_redirect",
-    "mod_setenv",
-    "mod_rewrite"
-)
-
-server.document-root        = "/var/www/html"
-server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
-server.errorlog             = "/var/log/lighttpd/error-pihole.log"
-server.pid-file             = "/run/lighttpd.pid"
-server.username             = "lighttpd"
-server.groupname            = "lighttpd"
-# For lighttpd version 1.4.46 or above, the port can be overwritten in `/etc/lighttpd/external.conf` using the := operator
-# e.g. server.port := 8000
-server.port                 = 80
-
-# Allow streaming response
-# reference: https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_stream-response-bodyDetails
-server.stream-response-body = 1
-#ssl.read-ahead              = "disable"
-
-index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
-url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
-
-mimetype.assign = (
-    ".ico"   => "image/x-icon",
-    ".jpeg"  => "image/jpeg",
-    ".jpg"   => "image/jpeg",
-    ".png"   => "image/png",
-    ".svg"   => "image/svg+xml",
-    ".css"   => "text/css; charset=utf-8",
-    ".html"  => "text/html; charset=utf-8",
-    ".js"    => "text/javascript; charset=utf-8",
-    ".json"  => "application/json; charset=utf-8",
-    ".map"   => "application/json; charset=utf-8",
-    ".txt"   => "text/plain; charset=utf-8",
-    ".eot"   => "application/vnd.ms-fontobject",
-    ".otf"   => "font/otf",
-    ".ttc"   => "font/collection",
-    ".ttf"   => "font/ttf",
-    ".woff"  => "font/woff",
-    ".woff2" => "font/woff2"
-)
-
-# Add user chosen options held in (optional) external file
-include "external*.conf"
-
-# default listening port for IPv6 falls back to the IPv4 port
-#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
-
-fastcgi.server = (
-    ".php" => (
-        "localhost" => (
-            "socket" => "/tmp/php-fastcgi.socket",
-            "bin-path" => "/usr/bin/php-cgi"
-        )
-    )
-)
-
-include "/etc/lighttpd/conf.d/pihole-admin.conf"

advanced/pihole-admin.conf

@@ -1,82 +0,0 @@
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
-# Network-wide ad blocking via your own hardware.
-#
-# Lighttpd config for Pi-hole
-#
-# This file is copyright under the latest version of the EUPL.
-# Please see LICENSE file for your rights under this license.
-
-###############################################################################
-#     FILE AUTOMATICALLY OVERWRITTEN BY PI-HOLE INSTALL/UPDATE PROCEDURE.     #
-# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
-###############################################################################
-
-server.errorlog := "/var/log/lighttpd/error-pihole.log"
-
-$HTTP["url"] =~ "^/admin/" {
-    server.document-root = "/var/www/html"
-    server.stream-response-body = 1
-    accesslog.filename = "/var/log/lighttpd/access-pihole.log"
-    accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
-
-    fastcgi.server = (
-        ".php" => (
-            "localhost" => (
-                "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
-                "bin-path" => "/usr/bin/php-cgi",
-                "min-procs" => 1,
-                "max-procs" => 1,
-                "bin-environment" => (
-                    "PHP_FCGI_CHILDREN" => "4",
-                    "PHP_FCGI_MAX_REQUESTS" => "10000",
-                ),
-                "bin-copy-environment" => (
-                    "PATH", "SHELL", "USER"
-                ),
-                "broken-scriptfilename" => "enable",
-            )
-        )
-    )
-
-    # X-Pi-hole is a response header for debugging using curl -I
-    # X-Frame-Options prevents clickjacking attacks and helps ensure your content is not embedded into other sites via < frame >, < iframe > or < object >.
-    # X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. This is important because it tells the browser to block the response if a malicious script has been inserted from a user input. (deprecated; disabled)
-    # X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. This is important because the browser will only load external resources if their content-type matches what is expected, and not malicious hidden code.
-    # Content-Security-Policy tells the browser where resources are allowed to be loaded and if it’s allowed to parse/run inline styles or Javascript. This is important because it prevents content injection attacks, such as Cross Site Scripting (XSS).
-    # X-Permitted-Cross-Domain-Policies is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
-    # Referrer-Policy allows control/restriction of the amount of information present in the referral header for links away from your page—the URL path or even if the header is sent at all.
-    setenv.add-response-header = (
-        "X-Pi-hole" => "The Pi-hole Web interface is working!",
-        "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "0",
-        "X-Content-Type-Options" => "nosniff",
-        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
-        "X-Permitted-Cross-Domain-Policies" => "none",
-        "Referrer-Policy" => "same-origin"
-    )
-
-    # Block . files from being served, such as .git, .github, .gitignore
-    $HTTP["url"] =~ "^/admin/\." {
-        url.access-deny = ("")
-    }
-
-    # allow teleporter and API qr code iframe on settings page
-    $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
-        $HTTP["referer"] =~ "/admin/settings\.php" {
-            setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
-        }
-    }
-}
-else $HTTP["url"] == "/admin" {
-    url.redirect = ("" => "/admin/")
-}
-
-$HTTP["host"] == "pi.hole" {
-    $HTTP["url"] == "/" {
-        url.redirect = ("" => "/admin/")
-    }
-}
-
-# (keep this on one line for basic-install.sh filtering during install)
-server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )

automated install/uninstall.sh

@@ -8,13 +8,17 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
+# shellcheck source="./advanced/Scripts/COL_TABLE"
 source "/opt/pihole/COL_TABLE"
+# shellcheck source="./advanced/Scripts/utils.sh"
+source "/opt/pihole/utils.sh"
+# getFTLConfigValue() from utils.sh
 
 while true; do
-    read -rp "  ${QST} Are you sure you would like to remove ${COL_WHITE}Pi-hole${COL_NC}? [y/N] " answer
+    read -rp "  ${QST} Are you sure you would like to remove ${COL_BOLD}Pi-hole${COL_NC}? [y/N] " answer
     case ${answer} in
         [Yy]* ) break;;
-        * ) echo -e "${OVER}  ${COL_LIGHT_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
+        * ) echo -e "${OVER}  ${COL_GREEN}Uninstall has been canceled${COL_NC}"; exit 0;;
     esac
 done
 
@@ -23,238 +27,200 @@ str="Root user check"
 if [[ ${EUID} -eq 0 ]]; then
     echo -e "  ${TICK} ${str}"
 else
-    # Check if sudo is actually installed
-    # If it isn't, exit because the uninstall can not complete
-    if [ -x "$(command -v sudo)" ]; then
-        export SUDO="sudo"
-    else
-        echo -e "  ${CROSS} ${str}
-            Script called with non-root privileges
-            The Pi-hole requires elevated privileges to uninstall"
-        exit 1
-    fi
-fi
-
-readonly PI_HOLE_FILES_DIR="/etc/.pihole"
-SKIP_INSTALL="true"
-source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh"
-# setupVars set in basic-install.sh
-source "${setupVars}"
-
-# package_manager_detect() sourced from basic-install.sh
-package_manager_detect
-
-# Uninstall packages used by the Pi-hole
-DEPS=("${INSTALLER_DEPS[@]}" "${PIHOLE_DEPS[@]}" "${OS_CHECK_DEPS[@]}")
-if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
-    # Install the Web dependencies
-    DEPS+=("${PIHOLE_WEB_DEPS[@]}")
-fi
-
-# Compatibility
-if [ -x "$(command -v apt-get)" ]; then
-    # Debian Family
-    PKG_REMOVE=("${PKG_MANAGER}" -y remove --purge)
-    package_check() {
-        dpkg-query -W -f='${Status}' "$1" 2>/dev/null | grep -c "ok installed"
-    }
-elif [ -x "$(command -v rpm)" ]; then
-    # Fedora Family
-    PKG_REMOVE=("${PKG_MANAGER}" remove -y)
-    package_check() {
-        rpm -qa | grep "^$1-" > /dev/null
-    }
-else
-    echo -e "  ${CROSS} OS distribution not supported"
+    echo -e "  ${CROSS} ${str}
+        Script called with non-root privileges
+        The Pi-hole requires elevated privileges to uninstall"
     exit 1
 fi
 
-removeAndPurge() {
-    # Purge dependencies
+# Get paths for admin interface, log files and database files,
+# to allow deletion where user has specified a non-default location
+ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome")
+FTL_LOG=$(getFTLConfigValue "files.log.ftl")
+DNSMASQ_LOG=$(getFTLConfigValue "files.log.dnsmasq")
+WEBSERVER_LOG=$(getFTLConfigValue "files.log.webserver")
+PIHOLE_DB=$(getFTLConfigValue "files.database")
+GRAVITY_DB=$(getFTLConfigValue "files.gravity")
+MACVENDOR_DB=$(getFTLConfigValue "files.macvendor")
+
+PI_HOLE_LOCAL_REPO="/etc/.pihole"
+# Setting SKIP_INSTALL="true" to source the installer functions without running them
+SKIP_INSTALL="true"
+# shellcheck source="./automated install/basic-install.sh"
+source "${PI_HOLE_LOCAL_REPO}/automated install/basic-install.sh"
+# Functions and Variables sources from basic-install:
+# package_manager_detect(), disable_service(), stop_service(),
+# restart service() and is_command()
+# PI_HOLE_CONFIG_DIR PI_HOLE_INSTALL_DIR PI_HOLE_LOCAL_REPO
+
+removeMetaPackage() {
+    # Purge Pi-hole meta package
     echo ""
-    for i in "${DEPS[@]}"; do
-        if package_check "${i}" > /dev/null; then
-            while true; do
-                read -rp "  ${QST} Do you wish to remove ${COL_WHITE}${i}${COL_NC} from your system? [Y/N] " answer
-                case ${answer} in
-                    [Yy]* )
-                        echo -ne "  ${INFO} Removing ${i}...";
-                        ${SUDO} "${PKG_REMOVE[@]}" "${i}" &> /dev/null;
-                        echo -e "${OVER}  ${INFO} Removed ${i}";
-                        break;;
-                    [Nn]* ) echo -e "  ${INFO} Skipped ${i}"; break;;
-                esac
-            done
-        else
-            echo -e "  ${INFO} Package ${i} not installed"
-        fi
-    done
-
-    # Remove dnsmasq config files
-    ${SUDO} rm -f /etc/dnsmasq.conf /etc/dnsmasq.conf.orig /etc/dnsmasq.d/*-pihole*.conf &> /dev/null
-    echo -e "  ${TICK} Removing dnsmasq config files"
-
-    # Call removeNoPurge to remove Pi-hole specific files
-    removeNoPurge
+    echo -ne "  ${INFO} Removing Pi-hole meta package...";
+    eval "${PKG_REMOVE}" "pihole-meta" &> /dev/null;
+    echo -e "${OVER}  ${INFO} Removed Pi-hole meta package";
 }
 
-removeNoPurge() {
-    # Only web directories/files that are created by Pi-hole should be removed
+removeWebInterface() {
+    # Remove the web interface of Pi-hole
     echo -ne "  ${INFO} Removing Web Interface..."
-    ${SUDO} rm -rf /var/www/html/admin &> /dev/null
-    ${SUDO} rm -rf /var/www/html/pihole &> /dev/null
-    ${SUDO} rm -f /var/www/html/index.lighttpd.orig &> /dev/null
-
-    # If the web directory is empty after removing these files, then the parent html directory can be removed.
-    if [ -d "/var/www/html" ]; then
-        if [[ ! "$(ls -A /var/www/html)" ]]; then
-            ${SUDO} rm -rf /var/www/html &> /dev/null
-        fi
-    fi
+    rm -rf "${ADMIN_INTERFACE_DIR:-/var/www/html/admin/}" &> /dev/null
     echo -e "${OVER}  ${TICK} Removed Web Interface"
+}
 
-    # Attempt to preserve backwards compatibility with older versions
-    # to guarantee no additional changes were made to /etc/crontab after
-    # the installation of pihole, /etc/crontab.pihole should be permanently
-    # preserved.
-    if [[ -f /etc/crontab.orig ]]; then
-        ${SUDO} mv /etc/crontab /etc/crontab.pihole
-        ${SUDO} mv /etc/crontab.orig /etc/crontab
-        ${SUDO} service cron restart
-        echo -e "  ${TICK} Restored the default system cron"
-    fi
+removeFTL() {
+    # Remove FTL and stop any running FTL service
+    if is_command "pihole-FTL"; then
+        # service stop & disable from basic_install.sh
+        stop_service pihole-FTL
+        disable_service pihole-FTL
 
-    # Attempt to preserve backwards compatibility with older versions
-    if [[ -f /etc/cron.d/pihole ]];then
-        ${SUDO} rm -f /etc/cron.d/pihole &> /dev/null
-        echo -e "  ${TICK} Removed /etc/cron.d/pihole"
-    fi
-
-    if package_check lighttpd > /dev/null; then
-        # Attempt to preserve backwards compatibility with older versions
-        if [[ -f /etc/lighttpd/lighttpd.conf.orig ]]; then
-            ${SUDO} mv /etc/lighttpd/lighttpd.conf.orig /etc/lighttpd/lighttpd.conf
-        fi
-
-        if [[ -f /etc/lighttpd/external.conf ]]; then
-            ${SUDO} rm /etc/lighttpd/external.conf
-        fi
-
-        # Fedora-based
-        if [[ -f /etc/lighttpd/conf.d/pihole-admin.conf ]]; then
-            ${SUDO} rm /etc/lighttpd/conf.d/pihole-admin.conf
-            conf=/etc/lighttpd/lighttpd.conf
-            tconf=/tmp/lighttpd.conf.$$
-            if awk '!/^include "\/etc\/lighttpd\/conf\.d\/pihole-admin\.conf"$/{print}' \
-              $conf > $tconf && mv $tconf $conf; then
-                :
-            else
-                rm $tconf
-            fi
-            ${SUDO} chown root:root $conf
-            ${SUDO} chmod 644 $conf
-        fi
-
-        # Debian-based
-        if [[ -f /etc/lighttpd/conf-available/pihole-admin.conf ]]; then
-            if is_command lighty-disable-mod ; then
-                ${SUDO} lighty-disable-mod pihole-admin > /dev/null || true
-            fi
-            ${SUDO} rm /etc/lighttpd/conf-available/15-pihole-admin.conf
-        fi
-
-        echo -e "  ${TICK} Removed lighttpd configs"
-    fi
-
-    ${SUDO} rm -f /etc/dnsmasq.d/adList.conf &> /dev/null
-    ${SUDO} rm -f /etc/dnsmasq.d/01-pihole.conf &> /dev/null
-    ${SUDO} rm -f /etc/dnsmasq.d/06-rfc6761.conf &> /dev/null
-    ${SUDO} rm -rf /var/log/*pihole* &> /dev/null
-    ${SUDO} rm -rf /var/log/pihole/*pihole* &> /dev/null
-    ${SUDO} rm -rf /etc/pihole/ &> /dev/null
-    ${SUDO} rm -rf /etc/.pihole/ &> /dev/null
-    ${SUDO} rm -rf /opt/pihole/ &> /dev/null
-    ${SUDO} rm -f /usr/local/bin/pihole &> /dev/null
-    ${SUDO} rm -f /etc/bash_completion.d/pihole &> /dev/null
-    ${SUDO} rm -f /etc/sudoers.d/pihole &> /dev/null
-    echo -e "  ${TICK} Removed config files"
-
-    # Restore Resolved
-    if [[ -e /etc/systemd/resolved.conf.orig ]]; then
-        ${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
-        systemctl reload-or-restart systemd-resolved
-    fi
-
-    # Remove FTL
-    if command -v pihole-FTL &> /dev/null; then
         echo -ne "  ${INFO} Removing pihole-FTL..."
-        if [[ -x "$(command -v systemctl)" ]]; then
-            systemctl stop pihole-FTL
-        else
-            service pihole-FTL stop
-        fi
-        ${SUDO} rm -f /etc/systemd/system/pihole-FTL.service
+        rm -f /etc/systemd/system/pihole-FTL.service &> /dev/null
         if [[ -d '/etc/systemd/system/pihole-FTL.service.d' ]]; then
             read -rp "  ${QST} FTL service override directory /etc/systemd/system/pihole-FTL.service.d detected. Do you wish to remove this from your system? [y/N] " answer
             case $answer in
                 [yY]*)
                     echo -ne "  ${INFO} Removing /etc/systemd/system/pihole-FTL.service.d..."
-                    ${SUDO} rm -R /etc/systemd/system/pihole-FTL.service.d
+                    rm -R /etc/systemd/system/pihole-FTL.service.d &> /dev/null
                     echo -e "${OVER}  ${INFO} Removed /etc/systemd/system/pihole-FTL.service.d"
                 ;;
                 *) echo -e "  ${INFO} Leaving /etc/systemd/system/pihole-FTL.service.d in place.";;
             esac
         fi
-        ${SUDO} rm -f /etc/init.d/pihole-FTL
-        ${SUDO} rm -f /usr/bin/pihole-FTL
+        rm -f /etc/init.d/pihole-FTL &> /dev/null
+        rm -f /usr/bin/pihole-FTL &> /dev/null
         echo -e "${OVER}  ${TICK} Removed pihole-FTL"
+
+        # Force systemd reload after service files are removed
+        if is_command "systemctl"; then
+            echo -ne "  ${INFO} Restarting systemd..."
+            systemctl daemon-reload
+            echo -e "${OVER}  ${TICK} Restarted systemd..."
+        fi
+    fi
+}
+
+removeCronFiles() {
+    # Attempt to preserve backwards compatibility with older versions
+    # to guarantee no additional changes were made to /etc/crontab after
+    # the installation of pihole, /etc/crontab.pihole should be permanently
+    # preserved.
+    if [[ -f /etc/crontab.orig ]]; then
+        mv /etc/crontab /etc/crontab.pihole
+        mv /etc/crontab.orig /etc/crontab
+        restart_service cron
+        echo -e "  ${TICK} Restored the default system cron"
+        echo -e "  ${INFO} A backup of the most recent crontab is saved at /etc/crontab.pihole"
     fi
 
-    # If the pihole manpage exists, then delete and rebuild man-db
+    # Attempt to preserve backwards compatibility with older versions
+    if [[ -f /etc/cron.d/pihole ]];then
+        rm -f /etc/cron.d/pihole &> /dev/null
+        echo -e "  ${TICK} Removed /etc/cron.d/pihole"
+    fi
+}
+
+removePiholeFiles() {
+    # Remove databases (including user specified non-default paths)
+    rm -f "${PIHOLE_DB:-/etc/pihole/pihole-FTL.db}" &> /dev/null
+    rm -f "${GRAVITY_DB:-/etc/pihole/gravity.db}" &> /dev/null
+    rm -f "${MACVENDOR_DB:-/etc/pihole/macvendor.db}" &> /dev/null
+
+    # Remove pihole config, repo and local files
+    rm -rf "${PI_HOLE_CONFIG_DIR:-/etc/pihole}" &> /dev/null
+    rm -rf "${PI_HOLE_LOCAL_REPO:-/etc/.pihole}" &> /dev/null
+    rm -rf "${PI_HOLE_INSTALL_DIR:-/opt/pihole}" &> /dev/null
+
+    # Remove log files (including user specified non-default paths)
+    # and rotated logs
+    # Explicitly escape spaces, in case of trailing space in path before wildcard
+    rm -f "$(printf '%q' "${FTL_LOG:-/var/log/pihole/FTL.log}")*" &> /dev/null
+    rm -f "$(printf '%q' "${DNSMASQ_LOG:-/var/log/pihole/pihole.log}")*" &> /dev/null
+    rm -f "$(printf '%q' "${WEBSERVER_LOG:-/var/log/pihole/webserver.log}")*" &> /dev/null
+
+    # remove any remnant log-files from old versions
+    rm -rf /var/log/*pihole* &> /dev/null
+
+    # remove log directory
+    rm -rf /var/log/pihole &> /dev/null
+
+    # remove the pihole command
+    rm -f /usr/local/bin/pihole &> /dev/null
+
+    # remove Pi-hole's bash completion
+    rm -f /etc/bash_completion.d/pihole &> /dev/null
+    rm -f /etc/bash_completion.d/pihole-FTL &> /dev/null
+
+    # Remove pihole from sudoers for compatibility with old versions
+    rm -f /etc/sudoers.d/pihole &> /dev/null
+
+    echo -e "  ${TICK} Removed config files"
+}
+
+removeManPage() {
+    # If the pihole manpage exists, then delete
     if [[ -f /usr/local/share/man/man8/pihole.8 ]]; then
-        ${SUDO} rm -f /usr/local/share/man/man8/pihole.8 /usr/local/share/man/man8/pihole-FTL.8 /usr/local/share/man/man5/pihole-FTL.conf.5
-        ${SUDO} mandb -q &>/dev/null
+        rm -f /usr/local/share/man/man8/pihole.8 /usr/local/share/man/man8/pihole-FTL.8 /usr/local/share/man/man5/pihole-FTL.conf.5
+        # Rebuild man-db if present
+        if is_command "mandb"; then
+            mandb -q &>/dev/null
+        fi
         echo -e "  ${TICK} Removed pihole man page"
     fi
+}
 
+removeUser() {
     # If the pihole user exists, then remove
     if id "pihole" &> /dev/null; then
-        if ${SUDO} userdel -r pihole 2> /dev/null; then
+        if userdel -r pihole 2> /dev/null; then
             echo -e "  ${TICK} Removed 'pihole' user"
         else
             echo -e "  ${CROSS} Unable to remove 'pihole' user"
         fi
     fi
+
     # If the pihole group exists, then remove
     if getent group "pihole" &> /dev/null; then
-        if ${SUDO} groupdel pihole 2> /dev/null; then
+        if groupdel pihole 2> /dev/null; then
             echo -e "  ${TICK} Removed 'pihole' group"
         else
             echo -e "  ${CROSS} Unable to remove 'pihole' group"
         fi
     fi
+}
 
+restoreResolved() {
+    # Restore Resolved from saved configuration, if present
+    if [[ -e /etc/systemd/resolved.conf.orig ]] || [[ -e /etc/systemd/resolved.conf.d/90-pi-hole-disable-stub-listener.conf ]]; then
+        cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf &> /dev/null || true
+        rm -f /etc/systemd/resolved.conf.d/90-pi-hole-disable-stub-listener.conf &> /dev/null
+        systemctl reload-or-restart systemd-resolved
+    fi
+}
+
+completionMessage() {
     echo -e "\\n   We're sorry to see you go, but thanks for checking out Pi-hole!
        If you need help, reach out to us on GitHub, Discourse, Reddit or Twitter
-       Reinstall at any time: ${COL_WHITE}curl -sSL https://install.pi-hole.net | bash${COL_NC}
+       Reinstall at any time: ${COL_BOLD}curl -sSL https://install.pi-hole.net | bash${COL_NC}
 
-      ${COL_LIGHT_RED}Please reset the DNS on your router/clients to restore internet connectivity
-      ${COL_LIGHT_GREEN}Uninstallation Complete! ${COL_NC}"
+      ${COL_RED}Please reset the DNS on your router/clients to restore internet connectivity${COL_NC}
+      ${INFO} Pi-hole's meta package has been removed, use the 'autoremove' function from your package manager to remove unused dependencies${COL_NC}
+      ${COL_GREEN}Uninstallation Complete! ${COL_NC}"
 }
 
 ######### SCRIPT ###########
-echo -e "  ${INFO} Be sure to confirm if any dependencies should not be removed"
-while true; do
-    echo -e "  ${INFO} ${COL_YELLOW}The following dependencies may have been added by the Pi-hole install:"
-    echo -n "    "
-    for i in "${DEPS[@]}"; do
-        echo -n "${i} "
-    done
-    echo "${COL_NC}"
-    read -rp "  ${QST} Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] " answer
-    case ${answer} in
-        [Yy]* ) removeAndPurge; break;;
-        [Nn]* ) removeNoPurge; break;;
-        * ) removeAndPurge; break;;
-    esac
-done
+# The ordering here allows clean uninstallation with nothing
+# removed before anything that depends upon it.
+# eg removeFTL relies on scripts removed by removePiholeFiles
+# removeUser relies on commands removed by removeMetaPackage
+package_manager_detect
+removeWebInterface
+removeCronFiles
+restoreResolved
+removeManPage
+removeFTL
+removeUser
+removeMetaPackage
+removePiholeFiles
+completionMessage

manpages/pihole-FTL.8

@@ -1,154 +0,0 @@
-.TH "Pihole-FTL" "8" "pihole-FTL" "Pi-hole" "November 2020"
-.SH "NAME"
-pihole-FTL - Pi-hole : The Faster-Than-Light (FTL) Engine
-.br
-.SH "SYNOPSIS"
-\fBservice pihole-FTL \fR(\fBstart\fR|\fBstop\fR|\fBrestart\fR)
-.br
-
-\fBpihole-FTL debug\fR
-.br
-\fBpihole-FTL test\fR
-.br
-\fBpihole-FTL -v|-vv\fR
-.br
-\fBpihole-FTL -t\fR
-.br
-\fBpihole-FTL -b\fR
-.br
-\fBpihole-FTL -f\fR
-.br
-\fBpihole-FTL -h\fR
-.br
-\fBpihole-FTL dnsmasq-test\fR
-.br
-\fBpihole-FTL regex-test str\fR
-.br
-\fBpihole-FTL regex-test str rgx\fR
-.br
-\fBpihole-FTL lua\fR
-.br
-\fBpihole-FTL luac\fR
-.br
-\fBpihole-FTL dhcp-discover\fR
-.br
-\fBpihole-FTL --\fR (\fBoptions\fR)
-.br
-
-.SH "DESCRIPTION"
-Pi-hole : The Faster-Than-Light (FTL) Engine is a lightweight, purpose-built daemon used to provide statistics needed for the Pi-hole Web Interface, and its API can be easily integrated into your own projects. Although it is an optional component of the Pi-hole ecosystem, it will be installed by default to provide statistics. As the name implies, FTL does its work \fIvery\fR \fIquickly\fR!
-.br
-
-Usage
-.br
-
-\fBservice pihole-FTL start\fR
-.br
-    Start the pihole-FTL daemon
-.br
-
-\fBservice pihole-FTL stop\fR
-.br
-    Stop the pihole-FTL daemon
-.br
-
-\fBservice pihole-FTL restart\fR
-.br
-    If the pihole-FTP daemon is running, stop and then start, otherwise start.
-.br
-
-Command line arguments
-.br
-
-\fBdebug\fR
-.br
-    Don't go into daemon mode (stay in foreground) + more verbose logging
-.br
-
-\fBtest\fR
-.br
-    Start FTL and process everything, but shut down immediately afterwards
-.br
-
-\fB-v, version\fR
-.br
-    Don't start FTL, show only version
-.br
-
-\fB-vv\fR
-.br
-    Don't start FTL, show verbose version information of embedded applications
-.br
-
-\fB-t, tag\fR
-.br
-    Don't start FTL, show only git tag
-.br
-
-\fB-b, branch\fR
-.br
-    Don't start FTL, show only git branch FTL was compiled from
-.br
-
-\fB-f, no-daemon\fR
-.br
-    Don't go into background (daemon mode)
-.br
-
-\fB-h, help\fR
-.br
-    Don't start FTL, show help
-.br
-
-\fBdnsmasq-test\fR
-.br
-    Test resolver config file syntax
-.br
-
-\fBregex-test str\fR
-.br
-    Test str against all regular expressions in the database
-.br
-
-\fBregex-test str rgx\fR
-.br
-    Test str against regular expression given by rgx
-.br
-
-\fBlua\fR
-.br
-    Start the embedded Lua interpreter
-.br
-
-\fBluac\fR
-.br
-    Execute the embedded Lua compiler
-.br
-
-\fBdhcp-discover\fR
-.br
-    Discover DHCP servers in the local network
-.br
-
-\fB--\fR  (options)
-.br
-    Pass options to internal dnsmasq resolver
-.br
-.SH "EXAMPLE"
-Command line arguments can be arbitrarily combined, e.g:
-.br
-
-\fBpihole-FTL debug test\fR
-.br
-
-Start ftl in foreground with more verbose logging, process everything and shutdown immediately
-.br
-.SH "SEE ALSO"
-\fBpihole\fR(8)
-.br
-\fBFor FTL's config options please see https://docs.pi-hole.net/ftldns/configfile/\fR
-.br
-.SH "COLOPHON"
-
-Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net
-.br

manpages/pihole.8

@@ -5,19 +5,15 @@ Pi-hole : A black-hole for internet advertisements
 .br
 .SH "SYNOPSIS"
 
-\fBpihole\fR (\fB-w\fR|\fB-b\fR|\fB--wild\fR|\fB--regex\fR) [options] domain(s)
+\fBpihole\fR (\fB-allow\fR|\fB-deny\fR) [options] domain(s)
 .br
-\fBpihole -a\fR \fB-p\fR password
+\fBpihole\fR (\fB--allow-regex\fR|\fB--regex\fR) [options] domain(s)
 .br
-\fBpihole -a\fR (\fB-c|-f|-k\fR)
+\fBpihole\fR (\fB--allow-wild\fR|\fB--wild\fR) [options] domain(s)
 .br
-\fBpihole -a -i\fR interface
+\fBpihole setpassword\fR password
 .br
-\fBpihole -a -l\fR privacylevel
-.br
-\fBpihole -c\fR [-j|-r|-e]
-.br
-\fBpihole\fR \fB-d\fR [-a]
+\fBpihole\fR \fB-d\fR [-a] [-c]
 .br
 \fBpihole -f
 .br
@@ -25,26 +21,30 @@ pihole -r
 .br
 \fBpihole\fR \fB-t\fR [arg]
 .br
-pihole -g\fR
+\fBpihole -g\fR
 .br
-\fBpihole\fR -\fBq\fR [options]
+\fBpihole\fR \fB-q\fR [options]
 .br
 \fBpihole\fR \fB-l\fR (\fBon|off|off noflush\fR)
 .br
 \fBpihole -up \fR[--check-only]
 .br
-\fBpihole -v\fR [-p|-a|-f] [-c|-l|-hash]
+\fBpihole -v\fR
 .br
-\fBpihole uninstall
+\fBpihole uninstall\fR
 .br
-pihole status
+\fBpihole status\fR
 .br
-pihole restartdns\fR [options]
+\fBpihole reloaddns\fR
+.br
+\fBpihole reloadlists\fR
 .br
 \fBpihole\fR (\fBenable\fR|\fBdisable\fR [time])
 .br
 \fBpihole\fR \fBcheckout\fR repo [branch]
 .br
+\fBpihole\fR \fBapi\fR [verbose] endpoint
+.br
 \fBpihole\fR \fBhelp\fR
 .br
 .SH "DESCRIPTION"
@@ -52,47 +52,43 @@ pihole restartdns\fR [options]
 Available commands and options:
 .br
 
-\fB-w, whitelist\fR [options] [<domain1> <domain2 ...>]
+\fBallow, allowlist\fR [options] [<domain1> <domain2 ...>]
 .br
-    Adds or removes specified domain or domains to the Whitelist
+    Adds or removes specified domain or domains to the Allowlist
 .br
 
-\fB-b, blacklist\fR [options] [<domain1> <domain2 ...>]
+\fBdeny, denylist\fR [options] [<domain1> <domain2 ...>]
 .br
-    Adds or removes specified domain or domains to the blacklist
+    Adds or removes specified domain or domains to the denylist
 .br
 
 \fB--regex, regex\fR [options] [<regex1> <regex2 ...>]
 .br
-    Add or removes specified regex filter to the regex blacklist
+    Add or removes specified regex filter to the regex denylist
 .br
 
-\fB--white-regex\fR [options] [<regex1> <regex2 ...>]
+\fB--allow-regex\fR [options] [<regex1> <regex2 ...>]
 .br
-    Add or removes specified regex filter to the regex whitelist
+    Add or removes specified regex filter to the regex allowlist
 .br
 
 \fB--wild, wildcard\fR [options] [<domain1> <domain2 ...>]
 .br
-    Add or removes specified domain to the wildcard blacklist
+    Add or removes specified domain to the wildcard denylist
 .br
 
-\fB--white-wild\fR [options] [<domain1> <domain2 ...>]
+\fB--allow-wild\fR [options] [<domain1> <domain2 ...>]
 .br
-    Add or removes specified domain to the wildcard whitelist
+    Add or removes specified domain to the wildcard allowlist
 .br
 
-    (Whitelist/Blacklist manipulation options):
+    (Allow-/denylist manipulation options):
 .br
-      -d, --delmode     Remove domain(s) from the list
+      not, -d, --delmode  Remove domain(s) from the list
 .br
-      -nr, --noreload   Update list without refreshing dnsmasq
+      -q, --quiet         Make output less verbose
 .br
-      -q, --quiet       Make output less verbose
-.br
-      -l, --list        Display all your listed domains
-.br
-      --nuke            Removes all entries in a list
+      -l, --list          Display all your listed domains
 .br
 
 \fB-d, debug\fR [-a]
@@ -101,16 +97,20 @@ Available commands and options:
 .br
 
       -a                Enable automated debugging
+      -c                Include a Pi-hole database integrity check
 .br
 
-\fB-f, flush\fR
+\fB-f, flush\fR [quite]
 .br
-    Flush the Pi-hole log
+    Flush the Pi-hole log and last 24h from the query database
 .br
 
-\fB-r, reconfigure\fR
+      quite           Suppress output
 .br
-    Reconfigure or Repair Pi-hole subsystems
+
+\fB-r, repair\fR
+.br
+    Repair Pi-hole subsystems
 .br
 
 \fB-t, tail\fR [arg]
@@ -122,39 +122,6 @@ Available commands and options:
                         (regular expressions are supported)
 .br
 
-\fB-a, admin\fR [options]
-.br
-
-    (Admin options):
-.br
-      -p, password      Set Web Interface password
-.br
-      -c, celsius       Set Celsius as preferred temperature unit
-.br
-      -f, fahrenheit    Set Fahrenheit as preferred temperature unit
-.br
-      -k, kelvin        Set Kelvin as preferred temperature unit
-.br
-      -i, interface     Specify dnsmasq's interface listening behavior
-.br
-      -l, privacylevel  <level> Set privacy level
-                        (0 = lowest, 3 = highest)
-.br
-
-\fB-c, chronometer\fR	[options]
-.br
-    Calculates stats and displays to an LCD
-.br
-
-    (Chronometer Options):
-.br
-      -j, --json        Output stats as JSON formatted string
-.br
-      -r, --refresh     Set update frequency (in seconds)
-.br
-      -e, --exit        Output stats and exit without refreshing
-.br
-
 \fB-g, updateGravity\fR
 .br
     Update the list of ad-serving domains
@@ -167,11 +134,9 @@ Available commands and options:
 
     (Query options):
 .br
-      -adlist           Print the name of the block list URL
+      -partial          Search the adlists for partially matching domains
 .br
-      -exact            Search the block lists for exact domain matches
-.br
-      -all              Return all query matches within a block list
+      -all              Return all query matches within a adlists
 .br
 
 \fB-h, --help, help\fR
@@ -184,7 +149,7 @@ Available commands and options:
     Specify whether the Pi-hole log should be used
 .br
 
-	(Logging options):
+    (Logging options):
 .br
       on                Enable the Pi-hole log at /var/log/pihole/pihole.log
 .br
@@ -202,29 +167,14 @@ Available commands and options:
       --check-only      Exit script before update is performed.
 .br
 
-\fB-v, version\fR [repo] [options]
+\fB-v, version\fR
 .br
     Show installed versions of Pi-hole, Web Interface &amp; FTL
 .br
 
+\fBsetpassword\fR
 .br
-    (repo options):
-.br
-      -p, --pihole      Only retrieve info regarding Pi-hole repository
-.br
-      -a, --admin       Only retrieve info regarding AdminLTE
-                        repository
-.br
-      -f, --ftl         Only retrieve info regarding FTL repository
-.br
-    (version options):
-.br
-      -c, --current     Return the current version
-.br
-      -l, --latest      Return the latest version
-.br
-      --hash            Return the GitHub hash from your local
-                        repositories
+    Set Web Interface password
 .br
 
 \fBuninstall\fR
@@ -237,14 +187,14 @@ Available commands and options:
     Display the running status of Pi-hole subsystems
 .br
 
-\fBenable\fR
+\fBenable\fR [time]
 .br
-    Enable Pi-hole subsystems
+    Enable Pi-hole blocking, optionally for a set duration
 .br
 
 \fBdisable\fR [time]
 .br
-    Disable Pi-hole subsystems, optionally for a set duration
+    Disable Pi-hole blocking, optionally for a set duration
 .br
 
     (time options):
@@ -254,16 +204,14 @@ Available commands and options:
       #m                Disable Pi-hole functionality for # minute(s)
 .br
 
-\fBrestartdns\fR [options]
+\fBreloaddns\fR
 .br
-    Full restart Pi-hole subsystems. Without any options (see below) a full restart causes config file parsing and history re-reading
+    Update the lists and flush the cache without restarting the DNS server
 .br
 
-    (restart options):
+\fBreloadlists\fR
 .br
-      reload            Updates the lists (incl. HOSTS files) and flushes DNS cache. Does not reparse config files
-.br
-      reload-lists      Updates the lists (excl. HOSTS files) WITHOUT flushing the DNS cache. Does not reparse config files
+    Update the lists WITHOUT flushing the cache or restarting the DNS server
 .br
 
 \fBcheckout\fR [repo] [branch]
@@ -288,22 +236,39 @@ Available commands and options:
 .br
       branchname        Update subsystems to the specified branchname
 .br
+
+\fBapi\fR [verbose] endpoint
+.br
+    Query the Pi-hole API at <endpoint>
+.br
+
+      verbose           Show authentication and status messages
+.br
+
+\fBlogrotate\fR [quite]
+.br
+    Rotate Pi-hole's log files
+.br
+
+      quite           Suppress output
+.br
+
 .SH "EXAMPLE"
 
 Some usage examples
 .br
 
-Whitelist/blacklist manipulation
+Allow-/denylist manipulation
 .br
 
-\fBpihole -w iloveads.example.com\fR
+\fBpihole allow iloveads.example.com\fR
 .br
-    Adds "iloveads.example.com" to whitelist
+    Allow "iloveads.example.com"
 .br
 
-\fBpihole -b -d noads.example.com\fR
+\fBpihole deny remove noads.example.com\fR
 .br
-    Removes "noads.example.com" from blacklist
+    Removes "noads.example.com" from denylist
 .br
 
 \fBpihole --wild example.com\fR
@@ -314,14 +279,14 @@ Whitelist/blacklist manipulation
 
 \fBpihole --regex "ad.*\\.example\\.com$"\fR
 .br
-    Adds "ad.*\\.example\\.com$" to the regex blacklist.
+    Adds "ad.*\\.example\\.com$" to the regex denylist.
     Would block all subdomains of example.com which start with "ad"
 .br
 
 Changing the Web Interface password
 .br
 
-\fBpihole -a -p ExamplePassword\fR
+\fBpihole setpassword ExamplePassword\fR
 .br
     Change the password to "ExamplePassword"
 .br
@@ -337,9 +302,9 @@ Updating lists from internet sources
 Displaying version information
 .br
 
-\fBpihole -v -a -c\fR
+\fBpihole -v\fR
 .br
-    Display the current version of AdminLTE
+    Display the current version of Pi-hole
 .br
 
 Temporarily disabling Pi-hole
@@ -363,15 +328,22 @@ Switching Pi-hole subsystem branches
     Switch to core development branch
 .br
 
-\fBpihole arpflush\fR
+\fBpihole networkflush\fR
 .br
-    Flush information stored in Pi-hole's network tables
+    Flush information stored in Pi-hole's network table
+    Add '--arp' to additionally flush the ARP table
 .br
 
-.SH "SEE ALSO"
-
-\fBlighttpd\fR(8), \fBpihole-FTL\fR(8)
+\fBpihole api stats/summary\fR
 .br
+    Queries FTL for the stats/summary endpoint
+.br
+
+\fBpihole api verbose stats/summary\fR
+.br
+    Same as above, but shows authentication and status messages
+.br
+
 .SH "COLOPHON"
 
 Get sucked into the latest news and community activity by entering Pi-hole's orbit. Information about Pi-hole, and the latest version of the software can be found at https://pi-hole.net.

pihole

@@ -9,32 +9,65 @@
 # This file is copyright under the latest version of the EUPL.
 # Please see LICENSE file for your rights under this license.
 
-readonly PI_HOLE_SCRIPT_DIR="/opt/pihole"
+PI_HOLE_SCRIPT_DIR="/opt/pihole"
 
-# setupVars and PI_HOLE_BIN_DIR are not readonly here because in some functions (checkout),
+# PI_HOLE_BIN_DIR is not readonly here because in some functions (checkout),
 # they might get set again when the installer is sourced. This causes an
 # error due to modifying a readonly variable.
-setupVars="/etc/pihole/setupVars.conf"
 PI_HOLE_BIN_DIR="/usr/local/bin"
 
 readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE"
+# shellcheck source=./advanced/Scripts/COL_TABLE
 source "${colfile}"
 
 utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh"
+# shellcheck source=./advanced/Scripts/utils.sh
 source "${utilsfile}"
 
+# Source api functions
+readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh"
+# shellcheck source=./advanced/Scripts/api.sh
+source "${apifile}"
+
 versionsfile="/etc/pihole/versions"
 if [ -f "${versionsfile}" ]; then
     # Only source versionsfile if the file exits
     # fixes a warning during installation where versionsfile does not exist yet
     # but gravity calls `pihole -status` and thereby sourcing the file
+    # shellcheck source=/dev/null
     source "${versionsfile}"
 fi
 
-webpageFunc() {
-  source "${PI_HOLE_SCRIPT_DIR}/webpage.sh"
-  main "$@"
-  exit 0
+# TODO: We can probably remove the reliance on this function too, just tell people to pihole-FTL --config webserver.api.password "password"
+SetWebPassword() {
+    if [ -n "$2" ] ; then
+        readonly PASSWORD="$2"
+        readonly CONFIRM="${PASSWORD}"
+    else
+        # Prevents a bug if the user presses Ctrl+C and it continues to hide the text typed.
+        # So we reset the terminal via stty if the user does press Ctrl+C
+        trap '{ echo -e "\nNot changed" ; stty sane ; exit 1; }' INT
+        read -s -r -p "Enter New Password (Blank for no password): " PASSWORD
+        echo ""
+
+        if [ "${PASSWORD}" == "" ]; then
+            setFTLConfigValue "webserver.api.password" ""
+            echo -e "  ${TICK} Password Removed"
+            exit 0
+        fi
+
+        read -s -r -p "Confirm Password: " CONFIRM
+        echo ""
+    fi
+
+    if [ "${PASSWORD}" == "${CONFIRM}" ] ; then
+        # pihole-FTL will automatically hash the password
+        setFTLConfigValue "webserver.api.password" "${PASSWORD}"
+        echo -e "  ${TICK} New password set"
+    else
+        echo -e "  ${CROSS} Passwords don't match. Your password has not been changed"
+        exit 1
+    fi
 }
 
 listFunc() {
@@ -44,29 +77,47 @@ listFunc() {
 
 debugFunc() {
     local automated
-    local web
     local check_database_integrity
     # Pull off the `debug` leaving passed call augmentation flags in $1
     shift
 
     for value in "$@"; do
         [[ "$value"  == *"-a"* ]] && automated="true"
-        [[ "$value"  == *"-w"* ]] && web="true"
         [[ "$value"  == *"-c"* ]] && check_database_integrity="true"
         [[ "$value" == *"--check_database"* ]] && check_database_integrity="true"
     done
 
-  AUTOMATED=${automated:-} WEBCALL=${web:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
+  AUTOMATED=${automated:-} CHECK_DATABASE=${check_database_integrity:-} "${PI_HOLE_SCRIPT_DIR}"/piholeDebug.sh
   exit 0
 }
 
 flushFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
+    # unsupported in docker because it requires restarting FTL
+    if [ -n "${DOCKER_VERSION}" ]; then
+        unsupportedFunc
+    else
+        "${PI_HOLE_SCRIPT_DIR}"/piholeLogFlush.sh "$@"
+        exit 0
+    fi
+}
+
+# Deprecated function, should be removed in the future
+# use networkFlush instead
+arpFunc() {
+  shift
+  echo -e "  ${INFO} The 'arpflush' command is deprecated, use 'networkflush' instead"
+  "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
   exit 0
 }
 
-arpFunc() {
-  "${PI_HOLE_SCRIPT_DIR}"/piholeARPTable.sh "$@"
+logrotateFunc() {
+   "${PI_HOLE_SCRIPT_DIR}"/piholeLogRotate.sh "$@"
+    exit 0
+}
+
+networkFlush() {
+  shift
+  "${PI_HOLE_SCRIPT_DIR}"/piholeNetworkFlush.sh "$@"
   exit 0
 }
 
@@ -80,11 +131,26 @@ updatePiholeFunc() {
   fi
 }
 
-reconfigurePiholeFunc() {
+repairPiholeFunc() {
   if [ -n "${DOCKER_VERSION}" ]; then
     unsupportedFunc
   else
-    /etc/.pihole/automated\ install/basic-install.sh --reconfigure
+    local skipFTL additionalFlag
+    skipFTL=false
+    # Check arguments
+    for var in "$@"; do
+        case "$var" in
+            "--skipFTL") skipFTL=true ;;
+        esac
+    done
+
+    if [ "${skipFTL}" == true ]; then
+        additionalFlag="--skipFTL"
+    else
+        additionalFlag=""
+    fi
+
+    /etc/.pihole/automated\ install/basic-install.sh --repair ${additionalFlag}
     exit 0;
   fi
 }
@@ -100,8 +166,7 @@ queryFunc() {
 }
 
 chronometerFunc() {
-  shift
-  "${PI_HOLE_SCRIPT_DIR}"/chronometer.sh "$@"
+  echo "Chronometer is gone, use PADD (https://github.com/pi-hole/PADD)"
   exit 0
 }
 
@@ -116,16 +181,16 @@ uninstallFunc() {
 }
 
 versionFunc() {
-  shift
-  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh "$@"
+  exec "${PI_HOLE_SCRIPT_DIR}"/version.sh
+  exit 0
 }
 
-restartDNS() {
-  local svcOption svc str output status pid icon FTL_PID_FILE
-  svcOption="${1:-restart}"
+reloadDNS() {
+  local svcOption svc str output status pid icon FTL_PID_FILE sigrtmin
+  svcOption="${1:-reload}"
 
   # get the current path to the pihole-FTL.pid
-  FTL_PID_FILE="$(getFTLPIDFile)"
+  FTL_PID_FILE="$(getFTLConfigValue files.pid)"
 
   # Determine if we should reload or restart
   if [[ "${svcOption}" =~ "reload-lists" ]]; then
@@ -140,7 +205,10 @@ restartDNS() {
       str="FTL is not running"
       icon="${INFO}"
     else
-      svc="kill -RTMIN ${pid}"
+      sigrtmin="$(pihole-FTL sigrtmin 2>/dev/null)"
+      # Make sure sigrtmin is a number, otherwise fallback to RTMIN
+      [[ "${sigrtmin}" =~ ^[0-9]+$ ]] || unset sigrtmin
+      svc="kill -${sigrtmin:-RTMIN} ${pid}"
       str="Reloading DNS lists"
       icon="${TICK}"
     fi
@@ -157,11 +225,6 @@ restartDNS() {
       str="Flushing DNS cache"
       icon="${TICK}"
     fi
-  else
-    # A full restart has been requested
-    svc="service pihole-FTL restart"
-    str="Restarting DNS server"
-    icon="${TICK}"
   fi
 
   # Print output to Terminal, but not to Web Admin
@@ -182,75 +245,65 @@ restartDNS() {
 
 piholeEnable() {
   if [[ "${2}" == "-h" ]] || [[ "${2}" == "--help" ]]; then
-    echo "Usage: pihole disable [time]
-Example: 'pihole disable', or 'pihole disable 5m'
-Disable Pi-hole subsystems
+    echo "Usage: pihole enable/disable [time]
+Example: 'pihole enable', or 'pihole disable 5m'
+En- or disable Pi-hole subsystems
 
 Time:
-  #s                  Disable Pi-hole functionality for # second(s)
-  #m                  Disable Pi-hole functionality for # minute(s)"
+  #s               En-/disable Pi-hole functionality for # second(s)
+  #m               En-/disable Pi-hole functionality for # minute(s)"
     exit 0
 
-  elif [[ "${1}" == "0" ]]; then
-    # Disable Pi-hole
-    if grep -cq "BLOCKING_ENABLED=false" "${setupVars}"; then
-      echo -e "  ${INFO} Blocking already disabled, nothing to do"
-      exit 0
-    fi
-    if [[ $# > 1 ]]; then
-      local error=false
-      if [[ "${2}" == *"s" ]]; then
-        tt=${2%"s"}
-        if [[ "${tt}" =~ ^-?[0-9]+$ ]];then
-          local str="Disabling blocking for ${tt} seconds"
-          echo -e "  ${INFO} ${str}..."
-          local str="Blocking will be re-enabled in ${tt} seconds"
-          nohup "${PI_HOLE_SCRIPT_DIR}"/pihole-reenable.sh ${tt} </dev/null &>/dev/null &
-        else
-          local error=true
-        fi
-      elif [[ "${2}" == *"m" ]]; then
-        tt=${2%"m"}
-          if [[ "${tt}" =~ ^-?[0-9]+$ ]];then
-          local str="Disabling blocking for ${tt} minutes"
-          echo -e "  ${INFO} ${str}..."
-          local str="Blocking will be re-enabled in ${tt} minutes"
-          tt=$((${tt}*60))
-          nohup "${PI_HOLE_SCRIPT_DIR}"/pihole-reenable.sh ${tt} </dev/null &>/dev/null &
-        else
-          local error=true
-        fi
-      elif [[ -n "${2}" ]]; then
-        local error=true
-      else
-        echo -e "  ${INFO} Disabling blocking"
-      fi
-
-      if [[ ${error} == true ]];then
-        echo -e "  ${COL_LIGHT_RED}Unknown format for delayed reactivation of the blocking!${COL_NC}"
-        echo -e "  Try 'pihole disable --help' for more information."
-        exit 1
-      fi
-
-      local str="Pi-hole Disabled"
-      addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "false"
-    fi
-  else
-    # Enable Pi-hole
-    killall -q pihole-reenable
-    if grep -cq "BLOCKING_ENABLED=true" "${setupVars}"; then
-      echo -e "  ${INFO} Blocking already enabled, nothing to do"
-      exit 0
-    fi
-    echo -e "  ${INFO} Enabling blocking"
-    local str="Pi-hole Enabled"
-
-    addOrEditKeyValPair "${setupVars}" "BLOCKING_ENABLED" "true"
   fi
 
-  restartDNS reload-lists
+  # Get timer
+  local tt="null"
+  if [[ $# -gt 1 ]]; then
+    local error=false
+    if [[ "${2}" == *"s" ]]; then
+      tt=${2%"s"}
+      if [[ ! "${tt}" =~ ^-?[0-9]+$ ]];then
+        local error=true
+      fi
+    elif [[ "${2}" == *"m" ]]; then
+      tt=${2%"m"}
+      if [[ "${tt}" =~ ^-?[0-9]+$ ]];then
+        tt=$((${tt}*60))
+      else
+        local error=true
+      fi
+    elif [[ -n "${2}" ]]; then
+      local error=true
+    fi
+
+    if [[ ${error} == true ]];then
+      echo -e "  ${COL_RED}Unknown format for blocking timer!${COL_NC}"
+      echo -e "  Try 'pihole disable --help' for more information."
+      exit 1
+    fi
+  fi
+
+  # Authenticate with the API
+  LoginAPI
+
+  # Send the request
+  data=$(PostFTLData "dns/blocking" "{ \"blocking\": ${1}, \"timer\": ${tt} }")
+
+  # Check the response
+  local extra timer
+  extra=" forever"
+  timer="$(echo "${data}"| jq --raw-output '.timer' )"
+  if [[ "${timer}" != "null" ]]; then
+    extra=" for ${timer}s"
+  fi
+  local str
+  str="Pi-hole $(echo "${data}" | jq --raw-output '.blocking')${extra}"
+
+  # Logout from the API
+  LogoutAPI
 
   echo -e "${OVER}  ${TICK} ${str}"
+  exit 0
 }
 
 piholeLogging() {
@@ -267,8 +320,7 @@ Options:
     exit 0
   elif [[ "${1}" == "off" ]]; then
     # Disable logging
-    removeKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
-    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "false"
+    setFTLConfigValue dns.queryLogging false
     if [[ "${2}" != "noflush" ]]; then
       # Flush logs
       "${PI_HOLE_BIN_DIR}"/pihole -f
@@ -277,16 +329,14 @@ Options:
     local str="Logging has been disabled!"
   elif [[ "${1}" == "on" ]]; then
     # Enable logging
-    addKey /etc/dnsmasq.d/01-pihole.conf "log-queries"
-    addOrEditKeyValPair "${setupVars}" "QUERY_LOGGING" "true"
+    setFTLConfigValue dns.queryLogging true
     echo -e "  ${INFO} Enabling logging..."
     local str="Logging has been enabled!"
   else
-    echo -e "  ${COL_LIGHT_RED}Invalid option${COL_NC}
+    echo -e "  ${COL_RED}Invalid option${COL_NC}
   Try 'pihole logging --help' for more information."
     exit 1
   fi
-  restartDNS
   echo -e "${OVER}  ${TICK} ${str}"
 }
 
@@ -323,28 +373,27 @@ analyze_ports() {
 
 statusFunc() {
     # Determine if there is pihole-FTL service is listening
-    local pid port ftl_api_port ftl_pid_file
+    local pid port ftl_pid_file block_status
 
-    ftl_pid_file="$(getFTLPIDFile)"
+    ftl_pid_file="$(getFTLConfigValue files.pid)"
 
     pid="$(getFTLPID ${ftl_pid_file})"
 
-    ftl_api_port="$(getFTLAPIPort)"
     if [[ "$pid" -eq "-1" ]]; then
         case "${1}" in
             "web") echo "-1";;
             *) echo -e "  ${CROSS} DNS service is NOT running";;
         esac
-        return 0
+        exit 0
     else
-        #get the DNS port pihole-FTL is listening on by using FTL's telnet API
-        port="$(echo ">dns-port >quit" | nc 127.0.0.1 "$ftl_api_port")"
+        # get the DNS port pihole-FTL is listening on
+        port="$(getFTLConfigValue dns.port)"
         if [[ "${port}" == "0" ]]; then
             case "${1}" in
                 "web") echo "-1";;
                 *) echo -e "  ${CROSS} DNS service is NOT listening";;
             esac
-            return 0
+            exit 0
         else
             if [[ "${1}" != "web" ]]; then
                 echo -e "  ${TICK} FTL is listening on port ${port}"
@@ -354,73 +403,79 @@ statusFunc() {
     fi
 
   # Determine if Pi-hole's blocking is enabled
-  if grep -q "BLOCKING_ENABLED=false" /etc/pihole/setupVars.conf; then
-    # A config is commented out
-    case "${1}" in
-      "web") echo 0;;
-      *) echo -e "  ${CROSS} Pi-hole blocking is disabled";;
-    esac
-  elif grep -q "BLOCKING_ENABLED=true" /etc/pihole/setupVars.conf;  then
-    # Configs are set
+  block_status=$(getFTLConfigValue dns.blocking.active)
+  if [ ${block_status} == "true" ]; then
     case "${1}" in
       "web") echo "$port";;
       *) echo -e "  ${TICK} Pi-hole blocking is enabled";;
     esac
   else
-    # No configs were found
     case "${1}" in
-      "web") echo -2;;
-      *) echo -e "  ${INFO} Pi-hole blocking will be enabled";;
+      "web") echo 0;;
+      *) echo -e "  ${CROSS} Pi-hole blocking is disabled";;
     esac
-    # Enable blocking
-    "${PI_HOLE_BIN_DIR}"/pihole enable
   fi
-exit 0
+
+  exit 0
 }
 
 tailFunc() {
   # Warn user if Pi-hole's logging is disabled
-  local logging_enabled=$(grep -c "^log-queries" /etc/dnsmasq.d/01-pihole.conf)
-  if [[ "${logging_enabled}" == "0" ]]; then
-    # No "log-queries" lines are found.
-    # Commented out lines (such as "#log-queries") are ignored
+  local logging_enabled
+  logging_enabled=$(getFTLConfigValue dns.queryLogging)
+  if [[ "${logging_enabled}" != "true" ]]; then
     echo "  ${CROSS} Warning: Query logging is disabled"
   fi
   echo -e "  ${INFO} Press Ctrl-C to exit"
 
+  # Get logfile path
+  LOGFILE=$(getFTLConfigValue files.log.dnsmasq)
+  readonly LOGFILE
+
   # Strip date from each line
-  # Color blocklist/blacklist/wildcard entries as red
+  # Color blocklist/denylist/wildcard entries as red
   # Color A/AAAA/DHCP strings as white
   # Color everything else as gray
-  tail -f /var/log/pihole/pihole.log | grep --line-buffered "${1}" | sed -E \
+  tail -f $LOGFILE | grep --line-buffered -- "${1}" | sed -E \
     -e "s,($(date +'%b %d ')| dnsmasq\[[0-9]*\]),,g" \
-    -e "s,(.*(blacklisted |gravity blocked ).*),${COL_RED}&${COL_NC}," \
+    -e "s,(.*(denied |gravity blocked ).*),${COL_RED}&${COL_NC}," \
     -e "s,.*(query\\[A|DHCP).*,${COL_NC}&${COL_NC}," \
     -e "s,.*,${COL_GRAY}&${COL_NC},"
   exit 0
 }
 
 piholeCheckoutFunc() {
-  if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then
-    echo "Usage: pihole checkout [repo] [branch]
-Example: 'pihole checkout master' or 'pihole checkout core dev'
-Switch Pi-hole subsystems to a different GitHub branch
-
-Repositories:
-  core [branch]       Change the branch of Pi-hole's core subsystem
-  web [branch]        Change the branch of Web Interface subsystem
-  ftl [branch]        Change the branch of Pi-hole's FTL subsystem
-
-Branches:
-  master              Update subsystems to the latest stable release
-  dev                 Update subsystems to the latest development release
-  branchname          Update subsystems to the specified branchname"
+  if [ -n "${DOCKER_VERSION}" ]; then
+    echo -e "${CROSS} Function not supported in Docker images"
+    echo "Please build a custom image following the steps at"
+    echo "https://github.com/pi-hole/docker-pi-hole?tab=readme-ov-file#building-the-image-locally"
     exit 0
-  fi
+  else
+    if [[ "$2" == "-h" ]] || [[ "$2" == "--help" ]]; then
+      echo "Switch Pi-hole subsystems to a different GitHub branch
+    Usage: ${COL_GREEN}pihole checkout${COL_NC} ${COL_YELLOW}shortcut${COL_NC}
+        or ${COL_GREEN}pihole checkout${COL_NC} ${COL_PURPLE}repo${COL_NC} ${COL_CYAN}branch${COL_NC}
 
-  source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh
-  shift
-  checkout "$@"
+  Example: ${COL_GREEN}pihole checkout${COL_NC} ${COL_YELLOW}master${COL_NC}
+       or  ${COL_GREEN}pihole checkout${COL_NC} ${COL_PURPLE}ftl ${COL_CYAN}development${COL_NC}
+
+  Shortcuts:
+    ${COL_YELLOW}master${COL_NC}            Update all subsystems to the latest stable release
+    ${COL_YELLOW}dev${COL_NC}               Update all subsystems to the latest development release
+
+  Individual components:
+    ${COL_PURPLE}core${COL_NC} ${COL_CYAN}branch${COL_NC}       Change the branch of Pi-hole's core subsystem
+    ${COL_PURPLE}web${COL_NC} ${COL_CYAN}branch${COL_NC}        Change the branch of the web interface subsystem
+    ${COL_PURPLE}ftl${COL_NC} ${COL_CYAN}branch${COL_NC}        Change the branch of Pi-hole's FTL subsystem"
+
+      exit 0
+    fi
+
+    #shellcheck source=./advanced/Scripts/piholeCheckout.sh
+    source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh
+    shift
+    checkout "$@"
+  fi
 }
 
 tricorderFunc() {
@@ -456,34 +511,36 @@ unsupportedFunc(){
 
 helpFunc() {
   echo "Usage: pihole [options]
-Example: 'pihole -w -h'
+Example: 'pihole allow -h'
 Add '-h' after specific commands for more information on usage
 
-Whitelist/Blacklist Options:
-  -w, whitelist       Whitelist domain(s)
-  -b, blacklist       Blacklist domain(s)
-  --regex, regex      Regex blacklist domains(s)
-  --white-regex       Regex whitelist domains(s)
-  --wild, wildcard    Wildcard blacklist domain(s)
-  --white-wild        Wildcard whitelist domain(s)
-                        Add '-h' for more info on whitelist/blacklist usage
+Domain Options:
+  allow, allowlist    Allow domain(s)
+  deny, denylist      Deny domain(s)
+  --regex, regex      Regex deny domains(s)
+  --allow-regex       Regex allow domains(s)
+  --wild, wildcard    Wildcard deny domain(s)
+  --allow-wild        Wildcard allow domain(s)
+                        Add '-h' for more info on allow/deny usage
 
 Debugging Options:
   -d, debug           Start a debugging session
                         Add '-c' or '--check-database' to include a Pi-hole database integrity check
                         Add '-a' to automatically upload the log to tricorder.pi-hole.net
-  -f, flush           Flush the Pi-hole log
-  -r, reconfigure     Reconfigure or Repair Pi-hole subsystems
+  -f, flush           Flush the Pi-hole logs and last 24h from the query database
+                        Add 'quiet' to suppress output messages
+  -r, repair          Repair Pi-hole subsystems
   -t, tail [arg]      View the live output of the Pi-hole log.
                       Add an optional argument to filter the log
                       (regular expressions are supported)
+  api <endpoint>      Query the Pi-hole API at <endpoint>
+                        Precede <endpoint> with 'verbose' option to show authentication and status messages
 
 
 Options:
-  -a, admin           Web interface options
-                        Add '-h' for more info on Web Interface usage
-  -c, chronometer     Calculates stats and displays to an LCD
-                        Add '-h' for more info on chronometer usage
+  setpassword [pwd]   Set the password for the web interface
+                        Without optional argument, password is read interactively.
+                        When specifying a password directly, enclose it in single quotes.
   -g, updateGravity   Update the list of ad-serving domains
   -h, --help, help    Show this help dialog
   -l, logging         Specify whether the Pi-hole log should be used
@@ -493,18 +550,20 @@ Options:
   -up, updatePihole   Update Pi-hole subsystems
                         Add '--check-only' to exit script before update is performed.
   -v, version         Show installed versions of Pi-hole, Web Interface & FTL
-                        Add '-h' for more info on version usage
   uninstall           Uninstall Pi-hole from your system
   status              Display the running status of Pi-hole subsystems
   enable              Enable Pi-hole subsystems
+                        Add '-h' for more info on enable usage
   disable             Disable Pi-hole subsystems
                         Add '-h' for more info on disable usage
-  restartdns          Full restart Pi-hole subsystems
-                        Add 'reload' to update the lists and flush the cache without restarting the DNS server
-                        Add 'reload-lists' to only update the lists WITHOUT flushing the cache or restarting the DNS server
+  reloaddns           Update the lists and flush the cache without restarting the DNS server
+  reloadlists         Update the lists WITHOUT flushing the cache or restarting the DNS server
   checkout            Switch Pi-hole subsystems to a different GitHub branch
                         Add '-h' for more info on checkout usage
-  arpflush            Flush information stored in Pi-hole's network tables";
+  networkflush        Flush information stored in Pi-hole's network tables
+                        Add '--arp' to additionally flush the ARP table
+  logrotate          Rotate Pi-hole's log files
+                        Add 'quiet' to suppress output messages";
   exit 0
 }
 
@@ -513,72 +572,76 @@ if [[ $# = 0 ]]; then
 fi
 
 # functions that do not require sudo power
+need_root=
 case "${1}" in
-  "-h" | "help" | "--help"      ) helpFunc;;
-  "-v" | "version"              ) versionFunc "$@";;
-  "-c" | "chronometer"          ) chronometerFunc "$@";;
-  "-q" | "query"                ) queryFunc "$@";;
-  "status"                      ) statusFunc "$2";;
-
-  "tricorder"                   ) tricorderFunc;;
+  "-h" | "help" | "--help"        ) helpFunc;;
+  "-v" | "version"                ) versionFunc;;
+  "-c" | "chronometer"            ) chronometerFunc "$@";;
+  "-q" | "query"                  ) queryFunc "$@";;
+  "status"                        ) statusFunc "$2";;
+  "tricorder"                     ) tricorderFunc;;
+  "allow" | "allowlist"           ) listFunc "$@";;
+  "deny" | "denylist"             ) listFunc "$@";;
+  "--wild" | "wildcard"           ) listFunc "$@";;
+  "--regex" | "regex"             ) listFunc "$@";;
+  "--allow-regex" | "allow-regex" ) listFunc "$@";;
+  "--allow-wild" | "allow-wild"   ) listFunc "$@";;
+  "enable"                        ) piholeEnable true "$2";;
+  "disable"                       ) piholeEnable false "$2";;
+  "api"                           ) shift; apiFunc "$@"; exit 0;;
 
   # we need to add all arguments that require sudo power to not trigger the * argument
-  "-w" | "whitelist"            ) ;;
-  "-b" | "blacklist"            ) ;;
-  "--wild" | "wildcard"         ) ;;
-  "--regex" | "regex"           ) ;;
-  "--white-regex" | "white-regex" ) ;;
-  "--white-wild" | "white-wild"   ) ;;
-  "-f" | "flush"                ) ;;
-  "-up" | "updatePihole"        ) ;;
-  "-r"  | "reconfigure"         ) ;;
-  "-g" | "updateGravity"        ) ;;
-  "-l" | "logging"              ) ;;
-  "uninstall"                   ) ;;
-  "enable"                      ) ;;
-  "disable"                     ) ;;
-  "-d" | "debug"                ) ;;
-  "restartdns"                  ) ;;
-  "-a" | "admin"                ) ;;
-  "checkout"                    ) ;;
-  "updatechecker"               ) ;;
-  "arpflush"                    ) ;;
-  "-t" | "tail"                 ) ;;
-  *                             ) helpFunc;;
+  "-f" | "flush"                  ) need_root=true;;
+  "-up" | "updatePihole"          ) need_root=true;;
+  "-r"  | "repair"                ) need_root=true;;
+  "-l" | "logging"                ) need_root=true;;
+  "uninstall"                     ) need_root=true;;
+  "-d" | "debug"                  ) need_root=true;;
+  "-g" | "updateGravity"          ) need_root=true;;
+  "reloaddns"                     ) need_root=true;;
+  "reloadlists"                   ) need_root=true;;
+  "setpassword"                   ) need_root=true;;
+  "checkout"                      ) need_root=true;;
+  "updatechecker"                 ) need_root=true;;
+  "arpflush"                      ) need_root=true;; # Deprecated, use networkflush instead
+  "networkflush"                  ) need_root=true;;
+  "-t" | "tail"                   ) need_root=true;;
+  "logrotate"                    ) need_root=true;;
+  *                               ) helpFunc;;
 esac
 
-# Must be root to use this tool
-if [[ ! $EUID -eq 0 ]];then
-  if [[ -x "$(command -v sudo)" ]]; then
-    exec sudo bash "$0" "$@"
-    exit $?
-  else
-    echo -e "  ${CROSS} sudo is needed to run pihole commands.  Please run this script as root or install sudo."
-    exit 1
-  fi
+# In the case of alpine running in a container, the USER variable appears to be blank
+# which prevents the next trap from working correctly. Set it by running whoami
+if [[ -z ${USER} ]]; then
+  USER=$(whoami)
+fi
+
+# Check if the current user is not root and if the command
+# requires root. If so, exit with an error message.
+# Add an exception for the user "pihole" to allow the webserver running gravity
+if [[ ( $EUID -ne 0 && ${USER} != "pihole" ) && -n "${need_root}" ]]; then
+  echo -e "  ${CROSS} This Pi-hole command requires root privileges, try:"
+  echo -e "      ${COL_GREEN}sudo pihole $*${COL_NC}"
+  exit 1
 fi
 
 # Handle redirecting to specific functions based on arguments
 case "${1}" in
-  "-w" | "whitelist"            ) listFunc "$@";;
-  "-b" | "blacklist"            ) listFunc "$@";;
-  "--wild" | "wildcard"         ) listFunc "$@";;
-  "--regex" | "regex"           ) listFunc "$@";;
-  "--white-regex" | "white-regex" ) listFunc "$@";;
-  "--white-wild" | "white-wild"   ) listFunc "$@";;
-  "-d" | "debug"                ) debugFunc "$@";;
-  "-f" | "flush"                ) flushFunc "$@";;
-  "-up" | "updatePihole"        ) updatePiholeFunc "$@";;
-  "-r"  | "reconfigure"         ) reconfigurePiholeFunc;;
-  "-g" | "updateGravity"        ) updateGravityFunc "$@";;
-  "-l" | "logging"              ) piholeLogging "$@";;
-  "uninstall"                   ) uninstallFunc;;
-  "enable"                      ) piholeEnable 1;;
-  "disable"                     ) piholeEnable 0 "$2";;
-  "restartdns"                  ) restartDNS "$2";;
-  "-a" | "admin"                ) webpageFunc "$@";;
-  "checkout"                    ) piholeCheckoutFunc "$@";;
-  "updatechecker"               ) shift; updateCheckFunc "$@";;
-  "arpflush"                    ) arpFunc "$@";;
-  "-t" | "tail"                 ) tailFunc "$2";;
+  "-d" | "debug"                  ) debugFunc "$@";;
+  "-f" | "flush"                  ) flushFunc "$@";;
+  "-up" | "updatePihole"          ) updatePiholeFunc "$@";;
+  "-r"  | "repair"                ) repairPiholeFunc "$@";;
+  "-g" | "updateGravity"          ) updateGravityFunc "$@";;
+  "-l" | "logging"                ) piholeLogging "$@";;
+  "uninstall"                     ) uninstallFunc;;
+  "reloaddns"                     ) reloadDNS "reload";;
+  "reloadlists"                   ) reloadDNS "reload-lists";;
+  "setpassword"                   ) SetWebPassword "$@";;
+  "checkout"                      ) piholeCheckoutFunc "$@";;
+  "updatechecker"                 ) shift; updateCheckFunc "$@";;
+  "arpflush"                      ) arpFunc "$@";; # Deprecated, use networkflush instead
+  "networkflush"                  ) networkFlush "$@";;
+  "-t" | "tail"                   ) tailFunc "$2";;
+  "logrotate"                     ) logrotateFunc "$@";;
+  *                               ) helpFunc;;
 esac

test/_alpine_3_21.Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:3.21
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+RUN sed -i 's/#\(.*\/community\)/\1/' /etc/apk/repositories
+RUN apk --no-cache add bash coreutils curl git jq openrc shadow
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_alpine_3_22.Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:3.22
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+RUN sed -i 's/#\(.*\/community\)/\1/' /etc/apk/repositories
+RUN apk --no-cache add bash coreutils curl git jq openrc shadow
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_alpine_3_23.Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:3.23
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+RUN sed -i 's/#\(.*\/community\)/\1/' /etc/apk/repositories
+RUN apk --no-cache add bash coreutils curl git jq openrc shadow
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_centos_10.Dockerfile

@@ -0,0 +1,19 @@
+FROM quay.io/centos/centos:stream10
+# Disable SELinux
+RUN echo "SELINUX=disabled" > /etc/selinux/config
+RUN yum install -y --allowerasing curl git initscripts
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_centos_8.Dockerfile

@@ -1,18 +0,0 @@
-FROM quay.io/centos/centos:stream8
-RUN yum install -y git initscripts
-
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
-
-RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
-ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-
-RUN true && \
-    chmod +x $SCRIPTDIR/*
-
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
-
-#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_centos_9.Dockerfile

@@ -1,18 +1,19 @@
 FROM quay.io/centos/centos:stream9
+# Disable SELinux
+RUN echo "SELINUX=disabled" > /etc/selinux/config
 RUN yum install -y --allowerasing curl git initscripts
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_11.Dockerfile

@@ -1,17 +1,16 @@
 FROM buildpack-deps:bullseye-scm
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_12.Dockerfile

@@ -1,17 +1,16 @@
-FROM buildpack-deps:buster-scm
+FROM buildpack-deps:bookworm-scm
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_debian_13.Dockerfile

@@ -0,0 +1,16 @@
+FROM buildpack-deps:trixie-scm
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_40.Dockerfile

@@ -1,18 +1,17 @@
-FROM fedora:37
+FROM fedora:40
 RUN dnf install -y git initscripts
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_41.Dockerfile

@@ -1,18 +1,17 @@
-FROM fedora:36
+FROM fedora:41
 RUN dnf install -y git initscripts
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_42.Dockerfile

@@ -0,0 +1,17 @@
+FROM fedora:42
+RUN dnf install -y git initscripts
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_fedora_43.Dockerfile

@@ -0,0 +1,17 @@
+FROM fedora:43
+RUN dnf install -y git initscripts
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_20.Dockerfile

@@ -1,18 +1,16 @@
 FROM buildpack-deps:focal-scm
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
-ENV DEBIAN_FRONTEND=noninteractive
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_22.Dockerfile

@@ -1,18 +1,17 @@
 FROM buildpack-deps:jammy-scm
 
-ENV GITDIR /etc/.pihole
-ENV SCRIPTDIR /opt/pihole
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
 
 RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
 ADD . $GITDIR
-RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $SCRIPTDIR/
-ENV PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN true && \
     chmod +x $SCRIPTDIR/*
 
-ENV SKIP_INSTALL true
-ENV OS_CHECK_DOMAIN_NAME dev-supportedos.pi-hole.net
+ENV SKIP_INSTALL=true
 
 #sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/_ubuntu_24.Dockerfile

@@ -0,0 +1,17 @@
+FROM buildpack-deps:24.04-scm
+
+ENV GITDIR=/etc/.pihole
+ENV SCRIPTDIR=/opt/pihole
+
+RUN mkdir -p $GITDIR $SCRIPTDIR /etc/pihole
+ADD . $GITDIR
+RUN cp $GITDIR/advanced/Scripts/*.sh $GITDIR/gravity.sh $GITDIR/pihole $GITDIR/automated\ install/*.sh $GITDIR/advanced/Scripts/COL_TABLE $SCRIPTDIR/
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$SCRIPTDIR
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN true && \
+    chmod +x $SCRIPTDIR/*
+
+ENV SKIP_INSTALL=true
+
+#sed '/# Start the installer/Q' /opt/pihole/basic-install.sh > /opt/pihole/stub_basic-install.sh && \

test/conftest.py

@@ -4,17 +4,9 @@ import testinfra.backend.docker
 import subprocess
 from textwrap import dedent
 
-
-SETUPVARS = {
-    "PIHOLE_INTERFACE": "eth99",
-    "PIHOLE_DNS_1": "4.2.2.1",
-    "PIHOLE_DNS_2": "4.2.2.2",
-}
-
 IMAGE = "pytest_pihole:test_container"
-
-tick_box = "[\x1b[1;32m\u2713\x1b[0m]"
-cross_box = "[\x1b[1;31m\u2717\x1b[0m]"
+tick_box = "[✓]"
+cross_box = "[✗]"
 info_box = "[i]"
 
 
@@ -59,29 +51,19 @@ def mock_command(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(
-        r"""\
+    mock_script = dedent(r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1" in""".format(
-            script=script
-        )
-    )
+    case "\$1" in""".format(script=script))
     for k, v in args.items():
-        case = dedent(
-            """
+        case = dedent("""
         {arg})
         echo {res}
         exit {retcode}
-        ;;""".format(
-                arg=k, res=v[0], retcode=v[1]
-            )
-        )
+        ;;""".format(arg=k, res=v[0], retcode=v[1]))
         mock_script += case
-    mock_script += dedent(
-        """
-    esac"""
-    )
+    mock_script += dedent("""
+    esac""")
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -102,37 +84,23 @@ def mock_command_passthrough(script, args, container):
     """
     orig_script_path = container.check_output("command -v {}".format(script))
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(
-        r"""\
+    mock_script = dedent(r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1" in""".format(
-            script=script
-        )
-    )
+    case "\$1" in""".format(script=script))
     for k, v in args.items():
-        case = dedent(
-            """
+        case = dedent("""
         {arg})
         echo {res}
         exit {retcode}
-        ;;""".format(
-                arg=k, res=v[0], retcode=v[1]
-            )
-        )
+        ;;""".format(arg=k, res=v[0], retcode=v[1]))
         mock_script += case
-    mock_script += dedent(
-        r"""
+    mock_script += dedent(r"""
     *)
     {orig_script_path} "\$@"
-    ;;""".format(
-            orig_script_path=orig_script_path
-        )
-    )
-    mock_script += dedent(
-        """
-    esac"""
-    )
+    ;;""".format(orig_script_path=orig_script_path))
+    mock_script += dedent("""
+    esac""")
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -149,29 +117,19 @@ def mock_command_run(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(
-        r"""\
+    mock_script = dedent(r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1 \$2" in""".format(
-            script=script
-        )
-    )
+    case "\$1 \$2" in""".format(script=script))
     for k, v in args.items():
-        case = dedent(
-            """
+        case = dedent("""
         \"{arg}\")
         echo {res}
         exit {retcode}
-        ;;""".format(
-                arg=k, res=v[0], retcode=v[1]
-            )
-        )
+        ;;""".format(arg=k, res=v[0], retcode=v[1]))
         mock_script += case
-    mock_script += dedent(
-        """
-    esac"""
-    )
+    mock_script += dedent(r"""
+    esac""")
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF
@@ -188,29 +146,19 @@ def mock_command_2(script, args, container):
     in unit tests
     """
     full_script_path = "/usr/local/bin/{}".format(script)
-    mock_script = dedent(
-        r"""\
+    mock_script = dedent(r"""\
     #!/bin/bash -e
     echo "\$0 \$@" >> /var/log/{script}
-    case "\$1 \$2" in""".format(
-            script=script
-        )
-    )
+    case "\$1 \$2" in""".format(script=script))
     for k, v in args.items():
-        case = dedent(
-            """
+        case = dedent("""
         \"{arg}\")
         echo \"{res}\"
         exit {retcode}
-        ;;""".format(
-                arg=k, res=v[0], retcode=v[1]
-            )
-        )
+        ;;""".format(arg=k, res=v[0], retcode=v[1]))
         mock_script += case
-    mock_script += dedent(
-        """
-    esac"""
-    )
+    mock_script += dedent(r"""
+    esac""")
     container.run(
         """
     cat <<EOF> {script}\n{content}\nEOF

test/requirements.txt

@@ -1,6 +1,6 @@
-docker-compose == 1.29.2
-pytest == 7.2.2
-pytest-xdist == 3.2.1
-pytest-testinfra == 7.0.0
-tox == 4.4.7
-
+pyyaml == 6.0.3
+pytest == 9.0.2
+pytest-xdist == 3.8.0
+pytest-testinfra == 10.2.2
+tox == 4.49.1
+pytest-clarity == 1.0.1

test/test_any_utils.py

@@ -1,188 +1,50 @@
 def test_key_val_replacement_works(host):
     """Confirms addOrEditKeyValPair either adds or replaces a key value pair in a given file"""
-    host.run(
-        """
+    host.run("""
     source /opt/pihole/utils.sh
+    touch ./testoutput
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
     addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
     addOrEditKeyValPair "./testoutput" "KEY_ONE" "value3"
     addOrEditKeyValPair "./testoutput" "KEY_FOUR" "value4"
-    """
-    )
-    output = host.run(
-        """
+    """)
+    output = host.run("""
     cat ./testoutput
-    """
-    )
+    """)
     expected_stdout = "KEY_ONE=value3\nKEY_TWO=value2\nKEY_FOUR=value4\n"
     assert expected_stdout == output.stdout
 
 
-def test_key_addition_works(host):
-    """Confirms addKey adds a key (no value) to a file without duplicating it"""
-    host.run(
-        """
-    source /opt/pihole/utils.sh
-    addKey "./testoutput" "KEY_ONE"
-    addKey "./testoutput" "KEY_ONE"
-    addKey "./testoutput" "KEY_TWO"
-    addKey "./testoutput" "KEY_TWO"
-    addKey "./testoutput" "KEY_THREE"
-    addKey "./testoutput" "KEY_THREE"
-    """
-    )
-    output = host.run(
-        """
-    cat ./testoutput
-    """
-    )
-    expected_stdout = "KEY_ONE\nKEY_TWO\nKEY_THREE\n"
-    assert expected_stdout == output.stdout
-
-
-def test_key_addition_substr(host):
-    """Confirms addKey adds substring keys (no value) to a file"""
-    host.run(
-        """
-    source /opt/pihole/utils.sh
-    addKey "./testoutput" "KEY_ONE"
-    addKey "./testoutput" "KEY_O"
-    addKey "./testoutput" "KEY_TWO"
-    addKey "./testoutput" "Y_TWO"
-    """
-    )
-    output = host.run(
-        """
-    cat ./testoutput
-    """
-    )
-    expected_stdout = "KEY_ONE\nKEY_O\nKEY_TWO\nY_TWO\n"
-    assert expected_stdout == output.stdout
-
-
-def test_key_removal_works(host):
-    """Confirms removeKey removes a key or key/value pair"""
-    host.run(
-        """
-    source /opt/pihole/utils.sh
-    addOrEditKeyValPair "./testoutput" "KEY_ONE" "value1"
-    addOrEditKeyValPair "./testoutput" "KEY_TWO" "value2"
-    addOrEditKeyValPair "./testoutput" "KEY_THREE" "value3"
-    addKey "./testoutput" "KEY_FOUR"
-    removeKey "./testoutput" "KEY_TWO"
-    removeKey "./testoutput" "KEY_FOUR"
-    """
-    )
-    output = host.run(
-        """
-    cat ./testoutput
-    """
-    )
-    expected_stdout = "KEY_ONE=value1\nKEY_THREE=value3\n"
-    assert expected_stdout == output.stdout
-
-
-def test_get_value_works(host):
-    """Confirms getVal returns the correct value for a given key"""
-    output = host.run(
-        """
-    source /opt/pihole/utils.sh
-    echo "Somekey=xxx" >> /tmp/testfile
-    echo "#Testkey=1234" >> /tmp/testfile
-    echo "Testkey=5678" >> /tmp/testfile
-    echo "Testkey=abcd" >> /tmp/testfile
-    getVal "/tmp/testfile" "Testkey"
-    """
-    )
-    expected_stdout = "5678"
-    assert expected_stdout == output.stdout
-
-
-def test_getFTLAPIPort_default(host):
-    """Confirms getFTLAPIPort returns the default API port"""
-    output = host.run(
-        """
-    source /opt/pihole/utils.sh
-    getFTLAPIPort
-    """
-    )
-    expected_stdout = "4711\n"
-    assert expected_stdout == output.stdout
-
-
-def test_getFTLAPIPort_custom(host):
-    """Confirms getFTLAPIPort returns a custom API port"""
-    host.run(
-        """
-    echo "FTLPORT=1234" > /etc/pihole/pihole-FTL.conf
-    """
-    )
-    output = host.run(
-        """
-    source /opt/pihole/utils.sh
-    getFTLAPIPort
-    """
-    )
-    expected_stdout = "1234\n"
-    assert expected_stdout == output.stdout
-
-
-def test_getFTLAPIPort_malicious(host):
-    """Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
-    host.run(
-        """
-    echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
-    """
-    )
-    output = host.run(
-        """
-    source /opt/pihole/utils.sh
-    getFTLAPIPort
-    """
-    )
-    expected_stdout = "4711\n"
-    assert expected_stdout == output.stdout
-
-
-def test_getFTLPIDFile_default(host):
-    """Confirms getFTLPIDFile returns the default PID file path"""
-    output = host.run(
-        """
-    source /opt/pihole/utils.sh
-    getFTLPIDFile
-    """
-    )
-    expected_stdout = "/run/pihole-FTL.pid\n"
-    assert expected_stdout == output.stdout
-
-
 def test_getFTLPID_default(host):
     """Confirms getFTLPID returns the default value if FTL is not running"""
-    output = host.run(
-        """
+    output = host.run("""
     source /opt/pihole/utils.sh
     getFTLPID
-    """
-    )
+    """)
     expected_stdout = "-1\n"
     assert expected_stdout == output.stdout
 
 
-def test_getFTLPIDFile_and_getFTLPID_custom(host):
-    """Confirms getFTLPIDFile returns a custom PID file path"""
-    host.run(
-        """
-    tmpfile=$(mktemp)
-    echo "PIDFILE=${tmpfile}" > /etc/pihole/pihole-FTL.conf
-    echo "1234" > ${tmpfile}
+def test_setFTLConfigValue_getFTLConfigValue(host):
     """
-    )
-    output = host.run(
-        """
+    Confirms getFTLConfigValue works (also assumes setFTLConfigValue works)
+    Requires FTL to be installed, so we do that first
+    (taken from test_FTL_development_binary_installed_and_responsive_no_errors)
+    """
+    host.run("""
+    source /opt/pihole/basic-install.sh
+    create_pihole_user
+    funcOutput=$(get_binary_name)
+    echo "development" > /etc/pihole/ftlbranch
+    binary="pihole-FTL${funcOutput##*pihole-FTL}"
+    theRest="${funcOutput%pihole-FTL*}"
+    FTLdetect "${binary}" "${theRest}"
+    """)
+
+    output = host.run("""
     source /opt/pihole/utils.sh
-    FTL_PID_FILE=$(getFTLPIDFile)
-    getFTLPID "${FTL_PID_FILE}"
-    """
-    )
-    expected_stdout = "1234\n"
-    assert expected_stdout == output.stdout
+    setFTLConfigValue "dns.upstreams" '["9.9.9.9"]' > /dev/null
+    getFTLConfigValue "dns.upstreams"
+    """)
+
+    assert "[ 9.9.9.9 ]" in output.stdout

test/test_centos_common_support.py

@@ -1,27 +0,0 @@
-import pytest
-from .conftest import (
-    tick_box,
-    info_box,
-    cross_box,
-    mock_command,
-)
-
-
-def test_enable_epel_repository_centos(host):
-    """
-    confirms the EPEL package repository is enabled when installed on CentOS
-    """
-    package_manager_detect = host.run(
-        """
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    """
-    )
-    expected_stdout = info_box + (
-        " Enabling EPEL package repository " "(https://fedoraproject.org/wiki/EPEL)"
-    )
-    assert expected_stdout in package_manager_detect.stdout
-    expected_stdout = tick_box + " Installed"
-    assert expected_stdout in package_manager_detect.stdout
-    epel_package = host.package("epel-release")
-    assert epel_package.is_installed

test/test_centos_fedora_common_support.py

@@ -15,14 +15,10 @@ def mock_selinux_config(state, host):
     # getenforce returns the running state of SELinux
     mock_command("getenforce", {"*": (state.capitalize(), "0")}, host)
     # create mock configuration with desired content
-    host.run(
-        """
+    host.run("""
     mkdir /etc/selinux
     echo "SELINUX={state}" > /etc/selinux/config
-    """.format(
-            state=state.lower()
-        )
-    )
+    """.format(state=state.lower()))
 
 
 def test_selinux_enforcing_exit(host):
@@ -30,12 +26,10 @@ def test_selinux_enforcing_exit(host):
     confirms installer prompts to exit when SELinux is Enforcing by default
     """
     mock_selinux_config("enforcing", host)
-    check_selinux = host.run(
-        """
+    check_selinux = host.run("""
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """
-    )
+    """)
     expected_stdout = cross_box + " Current SELinux: enforcing"
     assert expected_stdout in check_selinux.stdout
     expected_stdout = "SELinux Enforcing detected, exiting installer"
@@ -48,12 +42,10 @@ def test_selinux_permissive(host):
     confirms installer continues when SELinux is Permissive
     """
     mock_selinux_config("permissive", host)
-    check_selinux = host.run(
-        """
+    check_selinux = host.run("""
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """
-    )
+    """)
     expected_stdout = tick_box + " Current SELinux: permissive"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0
@@ -64,12 +56,10 @@ def test_selinux_disabled(host):
     confirms installer continues when SELinux is Disabled
     """
     mock_selinux_config("disabled", host)
-    check_selinux = host.run(
-        """
+    check_selinux = host.run("""
     source /opt/pihole/basic-install.sh
     checkSelinux
-    """
-    )
+    """)
     expected_stdout = tick_box + " Current SELinux: disabled"
     assert expected_stdout in check_selinux.stdout
     assert check_selinux.rc == 0

test/test_fedora_support.py

@@ -1,15 +0,0 @@
-def test_epel_and_remi_not_installed_fedora(host):
-    """
-    confirms installer does not attempt to install EPEL/REMI repositories
-    on Fedora
-    """
-    package_manager_detect = host.run(
-        """
-    source /opt/pihole/basic-install.sh
-    package_manager_detect
-    """
-    )
-    assert package_manager_detect.stdout == ""
-
-    epel_package = host.package("epel-release")
-    assert not epel_package.is_installed

test/tox.alpine_3_21.ini

@@ -0,0 +1,10 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
+commands = docker buildx build --load --progress plain -f _alpine_3_21.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.alpine_3_22.ini

@@ -0,0 +1,10 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
+commands = docker buildx build --load --progress plain -f _alpine_3_22.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.alpine_3_23.ini

@@ -0,0 +1,10 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
+commands = docker buildx build --load --progress plain -f _alpine_3_23.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py

test/tox.centos_10.ini

@@ -0,0 +1,10 @@
+[tox]
+envlist = py3
+
+[testenv:py3]
+allowlist_externals = docker
+deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
+commands = docker buildx build --load --progress plain -f _centos_10.Dockerfile -t pytest_pihole:test_container ../
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py

test/tox.centos_8.ini

@@ -1,8 +0,0 @@
-[tox]
-envlist = py3
-
-[testenv:py3]
-allowlist_externals = docker
-deps = -rrequirements.txt
-commands =  docker buildx build --load --progress plain -f _centos_8.Dockerfile -t pytest_pihole:test_container ../
-            pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py

test/tox.centos_9.ini

@@ -4,5 +4,7 @@ envlist = py3
 [testenv:py3]
 allowlist_externals = docker
 deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
 commands = docker buildx build --load --progress plain -f _centos_9.Dockerfile -t pytest_pihole:test_container ../
-           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py ./test_centos_common_support.py
+           pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py ./test_centos_fedora_common_support.py

test/tox.debian_11.ini

@@ -4,5 +4,7 @@ envlist = py3
 [testenv:py3]
 allowlist_externals = docker
 deps = -rrequirements.txt
+setenv =
+    COLUMNS=120
 commands = docker buildx build --load --progress plain -f _debian_11.Dockerfile -t pytest_pihole:test_container ../
            pytest {posargs:-vv -n auto} ./test_any_automated_install.py ./test_any_utils.py