summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-dnscrypt-proxy/luasrc/model/cbi/dnscrypt-proxy/overview_tab.lua
blob: 999c81dee782c1ebf066585998d063c07b8b8257 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
-- Copyright 2017-2018 Dirk Brenken (dev@brenken.org)
-- This is free software, licensed under the Apache License, Version 2.0

local fs        = require("nixio.fs")
local uci       = require("luci.model.uci").cursor()
local util      = require("luci.util")
local date      = require("luci.http.protocol.date")
local res_input = "/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
local res_dir   = fs.dirname(res_input)
local dump      = util.ubus("network.interface", "dump", {})
local plug_cnt  = tonumber(luci.sys.exec("env -i /usr/sbin/dnscrypt-proxy --version | grep 'Support for plugins: present' | wc -l"))
local res_list  = {}
local url       = "https://raw.githubusercontent.com/dyne/dnscrypt-proxy/master/dnscrypt-resolvers.csv"

if not fs.access(res_input) then
	if not fs.access("/lib/libustream-ssl.so") then
		m = SimpleForm("error", nil, translate("No default resolver list and no SSL support available.<br />")
			.. translate("Please install a resolver list to '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv' to use this package."))
		m.submit = false
		m.reset = false
		return m
	else
		luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
	end
end

if not uci:get_first("dnscrypt-proxy", "global") then
	uci:add("dnscrypt-proxy", "global")
	uci:save("dnscrypt-proxy")
	uci:commit("dnscrypt-proxy")
end

if fs.access(res_input) then
	for line in io.lines(res_input) or {} do
		local name,
		location,
		dnssec,
		nolog = line:match("^([^,]+),.-,\".-\",\"*(.-)\"*,.-,[0-9],\"*([yesno]+)\"*,\"*([yesno]+)\"*,.*")
		if name ~= "" and name ~= "Name" then
			if location == "" then
				location = "-"
			end
			if dnssec == "" then
				dnssec = "-"
			end
			if nolog == "" then
				nolog = "-"
			end
			res_list[#res_list + 1] = { name = name, location = location, dnssec = dnssec, nolog = nolog }
		end
	end
end

m = Map("dnscrypt-proxy", translate("DNSCrypt-Proxy"),
	translate("Configuration of the DNSCrypt-Proxy package. ")
	.. translatef("For further information "
	.. "<a href=\"%s\" target=\"_blank\">"
	.. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
m:chain("dhcp")

function m.on_after_commit(self)
	function d1.validate(self, value, s1)
		if value == "1" then
			uci:commit("dnscrypt-proxy")
			uci:set("dhcp", s1, "noresolv", 1)
			if not fs.access("/etc/resolv-crypt.conf") or fs.stat("/etc/resolv-crypt.conf").size == 0 then
				uci:set("dhcp", s1, "resolvfile", "/tmp/resolv.conf.auto")
			else
				uci:set("dhcp", s1, "resolvfile", "/etc/resolv-crypt.conf")
			end
			local server_list = {}
			local cnt = 1
			uci:foreach("dnscrypt-proxy", "dnscrypt-proxy", function(s)
				server_list[cnt] = s['address'] .. "#" .. s['port']
				cnt = cnt + 1
			end)
			server_list[cnt] = "/pool.ntp.org/8.8.8.8"
			uci:set_list("dhcp", s1, "server", server_list)
			if cnt > 2 then
				uci:set("dhcp", s1, "allservers", 1)
			else
				uci:set("dhcp", s1, "allservers", 0)
			end
			uci:save("dhcp")
			uci:commit("dhcp")
		end
		return value
	end
	luci.sys.call("env -i /etc/init.d/dnscrypt-proxy restart >/dev/null 2>&1")
	luci.sys.call("env -i /etc/init.d/dnsmasq restart >/dev/null 2>&1")
end

s = m:section(TypedSection, "global", translate("General Options"))
s.anonymous = true

-- Main dnscrypt-proxy resource list

o1 = s:option(DummyValue, "", translate("Default Resolver List"))
o1.template = "dnscrypt-proxy/res_options"
o1.value = res_input

o2 = s:option(DummyValue, "", translate("File Date"))
o2.template = "dnscrypt-proxy/res_options"
if fs.access(res_input) then
	o2.value = date.to_http(fs.stat(res_input).mtime)
else
	o2.value = "-"
end

o3 = s:option(DummyValue, "", translate("File Checksum"))
o3.template = "dnscrypt-proxy/res_options"
if fs.access(res_input) then
	o3.value = luci.sys.exec("sha256sum " .. res_input .. " | awk '{print $1}'")
else
	o3.value = "-"
end

if fs.access("/lib/libustream-ssl.so") then
	btn1 = s:option(Button, "", translate("Refresh Resolver List"),
		translate("Download the current resolver list from 'github.com/dyne/dnscrypt-proxy'."))
	btn1.inputtitle = translate("Refresh List")
	btn1.inputstyle = "apply"
	btn1.disabled = false
	function btn1.write()
		if not fs.access(res_dir) then
			fs.mkdir(res_dir)
		end
		luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
		luci.http.redirect(luci.dispatcher.build_url("admin", "services", "dnscrypt-proxy"))
	end
else
	btn1 = s:option(Button, "", translate("Refresh Resolver List"),
		translate("No SSL support available.<br />")
		.. translate("Please install a 'libustream-ssl' library to download the current resolver list from 'github.com/dyne/dnscrypt-proxy'."))
	btn1.inputtitle = translate("-------")
	btn1.inputstyle = "button"
	btn1.disabled = true
end

if not fs.access("/etc/resolv-crypt.conf") or fs.stat("/etc/resolv-crypt.conf").size == 0 then
	btn2 = s:option(Button, "", translate("Create Custom Config File"),
		translate("Create '/etc/resolv-crypt.conf' with 'options timeout:1' to reduce DNS upstream timeouts with multiple DNSCrypt instances.<br />")
		.. translatef("For further information "
		.. "<a href=\"%s\" target=\"_blank\">"
		.. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
	btn2.inputtitle = translate("Create Config File")
	btn2.inputstyle = "apply"
	btn2.disabled = false
	function btn2.write()
		luci.sys.call("env -i echo 'options timeout:1' > '/etc/resolv-crypt.conf'")
		luci.http.redirect(luci.dispatcher.build_url("admin", "services", "dnscrypt-proxy"))
	end
else
	btn2 = s:option(Button, "", translate("Create Custom Config File"),
		translate("The config file '/etc/resolv-crypt.conf' already exist.<br />")
		.. translate("Please edit the file manually in the 'Advanced' section."))
	btn2.inputtitle = translate("-------")
	btn2.inputstyle = "button"
	btn2.disabled = true
end

-- Trigger settings

t = s:option(ListValue, "procd_trigger", translate("Startup Trigger"),
	translate("By default the DNSCrypt-Proxy startup will be triggered by ifup events of 'All' available network interfaces.<br />")
	.. translate("To restrict the trigger, select only the relevant network interface. Usually the 'wan' interface should work for most users."))
t:value("", "All")
if dump then
	local i, v
	for i, v in ipairs(dump.interface) do
		if v.interface ~= "loopback" then
			t:value(v.interface)
		end
	end
end
t.default = procd_trigger or "All"
t.rmempty = true

-- Mandatory options per instance

s = m:section(TypedSection, "dnscrypt-proxy", translate("Instance Options"))
s.anonymous = true
s.addremove = true

i1 = s:option(Value, "address", translate("IP Address"),
	translate("The local IPv4 or IPv6 address. The latter one should be specified within brackets, e.g. '[::1]'."))
i1.default = address or "127.0.0.1"
i1.rmempty = false

i2 = s:option(Value, "port", translate("Port"),
	translate("The listening port for DNS queries."))
i2.datatype = "port"
i2.default = port
i2.rmempty = false

i3 = s:option(ListValue, "resolver", translate("Resolver (LOC/SEC/NOLOG)"),
	translate("Name of the remote DNS service for resolving queries incl. Location, DNSSEC- and NOLOG-Flag."))
i3.datatype = "hostname"
i3.widget = "select"
local i, v
for i, v in ipairs(res_list) do
	if v.name then
		i3:value(v.name, v.name .. " (" .. v.location .. "/" .. v.dnssec .. "/" .. v.nolog .. ")")
	end
end
i3.default = resolver
i3.rmempty = false

-- Extra options per instance

e1 = s:option(Value, "resolvers_list", translate("Alternate Resolver List"),
	translate("Specify a non-default Resolver List."))
e1.datatype = "file"
e1.optional = true

e2 = s:option(Value, "ephemeral_keys", translate("Ephemeral Keys"),
	translate("Improve privacy by using an ephemeral public key for each query. ")
	.. translate("This option requires extra CPU cycles and is useless with most DNSCrypt server."))
e2.datatype = "bool"
e2.value = 1
e2.optional = true

if plug_cnt > 0 then
	e3 = s:option(DynamicList, "blacklist", translate("Blacklist"),
		translate("Local blacklists allow you to block abuse sites by domains or ip addresses. ")
		.. translate("The value for this property is the blocklist type and path to the file, e.g.'domains:/path/to/dbl.txt' or 'ips:/path/to/ipbl.txt'."))
	e3.optional = true

	e4 = s:option(Value, "block_ipv6", translate("Block IPv6"),
		translate("Disable IPv6 to speed up DNSCrypt-Proxy."))
	e4.datatype = "bool"
	e4.value = 1
	e4.optional = true

	e5 = s:option(Value, "local_cache", translate("Local Cache"),
		translate("Enable Caching to speed up DNSCcrypt-Proxy."))
	e5.datatype = "bool"
	e5.value = 1
	e5.optional = true
	
	e6 = s:option(Value, "query_log_file", translate("DNS Query Logfile"),
	translate("Log the received DNS queries to a file, so you can watch in real-time what is happening on the network."))
	e6.optional = true
end

-- Dnsmasq options

m1 = Map("dhcp")

s1 = m1:section(TypedSection, "dnsmasq", translate("Dnsmasq Options"))
s1.anonymous = true

d1 = s1:option(Flag, "", translate("Transfer Options To Dnsmasq"),
	translate("Apply DNSCrypt-Proxy specific settings to the Dnsmasq configuration.<br />")
	.. translate("Please note: This may change the values for 'noresolv', 'resolvfile', 'allservers' and the list 'server' settings."))
d1.default = d1.enabled
d1.rmempty = false

return m, m1