123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 |
- -- Copyright 2017 Dirk Brenken (dev@brenken.org)
- -- This is free software, licensed under the Apache License, Version 2.0
- local fs = require("nixio.fs")
- local uci = require("luci.model.uci").cursor()
- local util = require("luci.util")
- local date = require("luci.http.protocol.date")
- local res_input = "/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
- local dump = util.ubus("network.interface", "dump", {})
- local plug_cnt = tonumber(luci.sys.exec("env -i /usr/sbin/dnscrypt-proxy --version | grep 'Support for plugins: present' | wc -l"))
- local res_list = {}
- local url = "https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv"
- if not fs.access("/lib/libustream-ssl.so") then
- m = SimpleForm("error", nil, translate("SSL support not available, please install an libustream-ssl variant to use this package."))
- m.submit = false
- m.reset = false
- return m
- end
- if not fs.access(res_input) then
- luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
- end
- if not uci:get_first("dnscrypt-proxy", "global") then
- uci:add("dnscrypt-proxy", "global")
- uci:save("dnscrypt-proxy")
- uci:commit("dnscrypt-proxy")
- end
- for line in io.lines(res_input) do
- local name = line:match("^[%w_.-]*")
- res_list[#res_list + 1] = { name = name }
- end
- m = Map("dnscrypt-proxy", translate("DNSCrypt-Proxy"),
- translate("Configuration of the DNSCrypt-Proxy package. ")
- .. translate("Keep in mind to configure Dnsmasq as well. ")
- .. translatef("For further information "
- .. "<a href=\"%s\" target=\"_blank\">"
- .. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
- function m.on_after_commit(self)
- luci.sys.call("env -i /etc/init.d/dnsmasq restart >/dev/null 2>&1")
- luci.sys.call("env -i /etc/init.d/dnscrypt-proxy restart >/dev/null 2>&1")
- end
- s = m:section(TypedSection, "global", translate("General options"))
- s.anonymous = true
- -- Main dnscrypt-proxy resource list
- o1 = s:option(DummyValue, "", translate("Default Resolver List"))
- o1.template = "dnscrypt-proxy/res_options"
- o1.value = res_input
- o2 = s:option(DummyValue, "", translate("File Date"))
- o2.template = "dnscrypt-proxy/res_options"
- o2.value = date.to_http(nixio.fs.stat(res_input).mtime)
- o3 = s:option(DummyValue, "", translate("File Checksum"))
- o3.template = "dnscrypt-proxy/res_options"
- o3.value = luci.sys.exec("sha256sum " .. res_input .. " | awk '{print $1}'")
- btn = s:option(Button, "", translate("Refresh Resolver List"))
- btn.inputtitle = translate("Refresh List")
- btn.inputstyle = "apply"
- btn.disabled = false
- function btn.write(self, section, value)
- luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
- luci.http.redirect(luci.dispatcher.build_url("admin", "services", "dnscrypt-proxy"))
- end
- -- Trigger settings
- t = s:option(DynamicList, "procd_trigger", translate("Startup Trigger"),
- translate("By default the DNSCrypt-Proxy startup will be triggered by ifup events of multiple network interfaces. ")
- .. translate("To restrict the trigger, add only the relevant network interface(s). ")
- .. translate("Usually the 'wan' interface should work for most users."))
- if dump then
- local i, v
- for i, v in ipairs(dump.interface) do
- if v.interface ~= "loopback" then
- t:value(v.interface)
- end
- end
- end
- t.rmempty = true
- -- Extra options
- ds = s:option(DummyValue, "_dummy", translate("Extra options"),
- translate("Options for further tweaking in case the defaults are not suitable for you."))
- ds.template = "cbi/nullsection"
- btn = s:option(Button, "", translate("Create custom config file"),
- translate("Create '/etc/resolv-crypt.conf' with 'options timeout:1' to reduce DNS upstream timeouts with multiple DNSCrypt instances. ")
- .. translatef("For further information "
- .. "<a href=\"%s\" target=\"_blank\">"
- .. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
- btn.inputtitle = translate("Create Config File")
- btn.inputstyle = "apply"
- btn.disabled = false
- function btn.write(self, section, value)
- if not fs.access("/etc/resolv-crypt.conf") then
- luci.sys.call("env -i echo 'options timeout:1' > '/etc/resolv-crypt.conf'")
- end
- end
- -- Mandatory options per instance
- s = m:section(TypedSection, "dnscrypt-proxy", translate("Instance options"))
- s.anonymous = true
- s.addremove = true
- o1 = s:option(Value, "address", translate("IP Address"),
- translate("The local IPv4 or IPv6 address. The latter one should be specified within brackets, e.g. '[::1]'."))
- o1.default = address or "127.0.0.1"
- o1.rmempty = false
- o2 = s:option(Value, "port", translate("Port"),
- translate("The listening port for DNS queries."))
- o2.datatype = "port"
- o2.default = port
- o2.rmempty = false
- o3 = s:option(ListValue, "resolver", translate("Resolver"),
- translate("Name of the remote DNS service for resolving queries."))
- o3.datatype = "hostname"
- o3.widget = "select"
- local i, v
- for i, v in ipairs(res_list) do
- if v.name ~= "Name" then
- o3:value(v.name)
- end
- end
- o3.default = resolver
- o3.rmempty = false
- -- Extra options per instance
- e1 = s:option(Value, "resolvers_list", translate("Alternate Resolver List"),
- translate("Specify a non-default Resolver List."))
- e1.datatype = "file"
- e1.optional = true
- e2 = s:option(Value, "ephemeral_keys", translate("Ephemeral Keys"),
- translate("Improve privacy by using an ephemeral public key for each query. ")
- .. translate("This option requires extra CPU cycles and is useless with most DNSCrypt server."))
- e2.datatype = "bool"
- e2.value = 1
- e2.optional = true
- if plug_cnt > 0 then
- e3 = s:option(DynamicList, "blacklist", translate("Blacklist"),
- translate("Local blacklists allow you to block abuse sites by domains or ip addresses. ")
- .. translate("The value for this property is the blocklist type and path to the file, e.g.'domains:/path/to/dbl.txt' or 'ips:/path/to/ipbl.txt'."))
- e3.optional = true
- e4 = s:option(Value, "block_ipv6", translate("Block IPv6"),
- translate("Disable IPv6 to speed up DNSCrypt-Proxy."))
- e4.datatype = "bool"
- e4.value = 1
- e4.optional = true
- e5 = s:option(Value, "local_cache", translate("Local Cache"),
- translate("Enable Caching to speed up DNSCcrypt-Proxy."))
- e5.datatype = "bool"
- e5.value = 1
- e5.optional = true
-
- e6 = s:option(Value, "query_log_file", translate("DNS Query Logfile"),
- translate("Log the received DNS queries to a file, so you can watch in real-time what is happening on the network."))
- e6.optional = true
- end
- return m
|