Comment + test latest hub tag

Signed-off-by: Adam Hill <adam@diginc.us>

.circleci/config.yml

@@ -0,0 +1,65 @@
+version: 2
+
+.job_template: &job_template
+  machine:
+    enabled: true
+  steps:
+    - checkout
+    - run:
+        command: ./circle-test.sh
+    - persist_to_workspace:
+        root: .
+        paths: [ 'ci-workspace' ]
+
+jobs:
+  amd64:
+    <<: *job_template
+  arm64:
+    <<: *job_template
+  armhf:
+    <<: *job_template
+  armel:
+    <<: *job_template
+  deploy:
+    docker:
+      - image: circleci/python:latest
+    steps:
+      - setup_remote_docker:
+          version: 18.06.0-ce
+      - checkout
+      - attach_workspace:
+          at: .
+      - run:
+          command: ./circle-deploy.sh
+
+
+
+workflows:
+  version: 2
+  build:
+    jobs:
+      - amd64:
+          filters:
+            tags:
+              only: /^v.*/
+      - arm64:
+          filters:
+            tags:
+              only: /^v.*/
+      - armhf:
+          filters:
+            tags:
+              only: /^v.*/
+      - armel:
+          filters:
+            tags:
+              only: /^v.*/
+      - deploy:
+          requires:
+            - amd64
+            - arm64
+            - armhf
+            - armel
+          filters:
+            tags:
+              only: /^v.*/

.dockerignore

@@ -0,0 +1,5 @@
+**/*.sw*
+.tox
+.git
+**/__pycache__
+.pipenv

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,52 @@
+<!-- Provide a general summary of the issue in the Title above -->
+<!-- Note: these are comments that don't show up in the actual issue, no need to delete them as you fill out the template -->
+
+This is a... <!-- To choose ONE, put an [x] in the box that applies -->
+
+- [ ] Request for a new or modified feature
+- [ ] Issue trying to run the docker image
+- [ ] Issue trying to build / test / develop the docker image
+
+## Description
+<!-- Provide a more detailed introduction to the issue or feature -->
+
+## Expected Behavior
+<!-- Tell us what should happen -->
+
+## Actual Behavior
+<!-- Tell us what happens instead -->
+
+## Possible Fix
+<!-- Not obligatory, but suggest a fix or reason for the bug -->
+
+## Steps to Reproduce and debugging done
+<!-- Reproduce this bug. Include code to reproduce, if relevant -->
+e.g. your docker run command, pages to visit, CLI commands you ran
+1.
+2. 
+3. 
+4. 
+
+## Debug steps I have tried
+<!-- Please attempt these debug steps to see if it helps you resolve or understand your own issue -->
+
+- [ ] I have tried destroying my container instance, pulling the newest image version, and re-creating a new container
+- [ ] I have tried running the nearly stock `docker run` example in the readme (removing any customizations I added)
+- [ ] I have tried running without my volume data mounts to eliminate volumes as the cause
+- [ ] I have searched this repository for existing issues and pull requests that look similar <!-- Add links below! -->
+
+<!-- Note: If volumes are your issue, I strongly recommend just starting with fresh volume data -->
+
+<!-- Add any other debugging steps you've taken that maybe relevant information -->
+
+## Context and extra information
+<!-- How has this bug affected you? What were you trying to accomplish? -->
+<!-- Got any other relevant links to similar issues? -->
+
+## Your Environment 
+<!--- Include as many relevant details about the environment you experienced the bug in -->
+* Docker Host Operating System and OS Version:
+* Docker Version:
+* Hardware architecture: <!-- ARMv7, x86 -->
+
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,26 @@
+<!--- Provide a general summary of your changes in the Title above -->
+
+## Description
+<!--- Describe your changes in detail -->
+
+## Motivation and Context
+<!--- Why is this change required? What problem does it solve? -->
+<!--- If it fixes an open issue, please link to the issue here. -->
+
+## How Has This Been Tested?
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, tests ran to see how -->
+<!--- your change affects other areas of the code, etc. -->
+
+## Types of changes
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+
+## Checklist:
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+- [ ] My code follows the code style of this project.
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.

.gitignore

@@ -1,4 +1,13 @@
-*.swp
+*.sw*
+*.pyc
+.cache
+__pycache__
+.tox
+.pipenv
+.eggs
+UNKNOWN.egg-info
+.env
+ci-workspace
 
 # WIP/test stuff
 doco.yml

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "pi-hole"]
-	path = pi-hole
-	url = https://github.com/pi-hole/pi-hole.git
-[submodule "AdminLTE"]
-	path = AdminLTE
-	url = https://github.com/pi-hole/AdminLTE.git

.travis.yml

@@ -1,12 +0,0 @@
-sudo: required
-
-services:
-  - docker
-
-before_install:
-  - docker pull diginc/pi-hole:alpine
-  - docker pull diginc/pi-hole:debian
-
-script:
-  - docker build -f alpine.docker .
-  - docker build -f debian.docker .

AdminLTE_version.txt

@@ -1 +0,0 @@
-v1.2

CHANGELOG.md

@@ -0,0 +1,5 @@
+# Docker Pi-Hole changelog
+
+Notes about releases will be documented on [docker-pi-hole's github releases page](https://github.com/pi-hole/docker-pi-hole/releases).  Breaking changes will be copied to the top of the docker repo's README file to assist with common upgrade issues.
+
+See the [Pi-hole releases](https://github.com/pi-hole/pi-hole/releases) for details on updates unreleated to docker image releases

CONTRIBUTING.md

@@ -0,0 +1,10 @@
+# Pull Request Guidelines
+
+Please review the following before opening a pull request (PR) to help your PR go smoothly:
+
+* Code changes go to the `dev` branch first
+  * To ensure proper testing and quality control, target any code change pull requests against `dev` branch.
+
+* Make sure the tests pass
+  * Take a look at [TESTING.md](TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have travis-ci run it.  
+  * Your tests will probably run faster locally and you get a faster feedback loop.

Dockerfile

@@ -1 +0,0 @@
-alpine.docker

Dockerfile.py

@@ -0,0 +1,149 @@
+#!/usr/bin/env python3
+""" Dockerfile.py - generates and build dockerfiles
+
+Usage:
+  Dockerfile.py [--hub_tag=<tag>] [--arch=<arch> ...] [-v] [-t] [--no-build | --no-generate] [--no-cache]
+
+Options:
+    --no-build      Skip building the docker images
+    --no-cache      Build without using any cache data
+    --no-generate   Skip generating Dockerfiles from template
+    --hub_tag=<tag> What the Docker Hub Image should be tagged as [default: None]
+    --arch=<arch>   What Architecture(s) to build   [default: amd64 armel armhf arm64]
+    -v              Print docker's command output   [default: False]
+    -t              Print docker's build time       [default: False]
+
+Examples:
+"""
+
+
+from jinja2 import Environment, FileSystemLoader
+from docopt import docopt
+import os
+import subprocess
+import sys
+
+THIS_DIR = os.path.dirname(os.path.abspath(__file__))
+
+base_vars = {
+    'name': 'pihole/pihole',
+    'maintainer' : 'adam@diginc.us',
+    's6_version' : 'v1.22.1.0',
+}
+
+os_base_vars = {
+    'php_env_config': '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf',
+    'php_error_log': '/var/log/lighttpd/error.log'
+}
+
+__version__ = None
+dot = os.path.abspath('.')
+with open('{}/VERSION'.format(dot), 'r') as v:
+    raw_version = v.read().strip()
+    __version__ = raw_version.replace('release/', 'release-')
+
+images = {
+    __version__: [
+        {
+            'base': 'pihole/debian-base:latest',
+            'arch': 'amd64',
+            's6arch': 'amd64',
+        },
+        {
+            'base': 'multiarch/debian-debootstrap:armel-stretch-slim',
+            'arch': 'armel',
+            's6arch': 'arm',
+        },
+        {
+            'base': 'multiarch/debian-debootstrap:armhf-stretch-slim',
+            'arch': 'arm',
+            's6arch' : 'arm',
+        },
+        {
+            'base': 'multiarch/debian-debootstrap:arm64-stretch-slim',
+            'arch': 'arm64',
+            's6arch' : 'aarch64',
+        }
+    ]
+}
+
+def generate_dockerfiles(args):
+    if args['--no-generate']:
+        print(" ::: Skipping Dockerfile generation")
+        return
+
+    for version, archs in images.items():
+        for image in archs:
+            if image['arch'] not in args['--arch']:
+                continue
+            s6arch = image['s6arch'] if image['s6arch'] else image['arch']
+            merged_data = dict(
+                list({ 'version': version }.items()) +
+                list(base_vars.items()) +
+                list(os_base_vars.items()) +
+                list(image.items()) +
+                list({ 's6arch': s6arch }.items())
+            )
+            j2_env = Environment(loader=FileSystemLoader(THIS_DIR),
+                                 trim_blocks=True)
+            template = j2_env.get_template('Dockerfile.template')
+
+            dockerfile = 'Dockerfile_{}'.format(image['arch'])
+            with open(dockerfile, 'w') as f:
+                f.write(template.render(pihole=merged_data))
+
+
+def build_dockerfiles(args):
+    if args['--no-build']:
+        print(" ::: Skipping Dockerfile building")
+        return
+
+    for arch in args['--arch']:
+        build('pihole', arch, args)
+
+
+def run_and_stream_command_output(command, args):
+    print("Running", command)
+    build_result = subprocess.Popen(command.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+                                    bufsize=1, universal_newlines=True)
+    if args['-v']:
+        while build_result.poll() is None:
+            for line in build_result.stdout:
+                print(line, end='')
+    build_result.wait()
+    if build_result.returncode != 0:
+        print("     ::: Error running".format(command))
+        print(build_result.stderr)
+
+
+def build(docker_repo, arch, args):
+    dockerfile = 'Dockerfile_{}'.format(arch)
+    repo_tag = '{}:{}_{}'.format(docker_repo, __version__, arch)
+    cached_image = '{}/{}'.format('pihole', repo_tag)
+    print(" ::: Building {}".format(repo_tag))
+    time=''
+    if args['-t']:
+        time='time '
+    no_cache = ''
+    if args['--no-cache']:
+        no_cache = '--no-cache'
+    build_command = '{time}docker build {no_cache} --pull --cache-from="{cache},{create_tag}" -f {dockerfile} -t {create_tag} .'\
+        .format(time=time, no_cache=no_cache, cache=cached_image, dockerfile=dockerfile, create_tag=repo_tag)
+    print(" ::: Building {} into {}".format(dockerfile, repo_tag))
+    run_and_stream_command_output(build_command, args)
+    if args['-v']:
+        print(build_command, '\n')
+    if args['--hub_tag']:
+        hub_tag_command = "{time}docker tag {create_tag} {hub_tag}"\
+            .format(time=time, create_tag=repo_tag, hub_tag=args['--hub_tag'])
+        print(" ::: Tagging {} into {}".format(repo_tag, args['--hub_tag']))
+        run_and_stream_command_output(hub_tag_command, args)
+
+
+if __name__ == '__main__':
+    args = docopt(__doc__, version='Dockerfile 1.1')
+    if args['-v']:
+        print(args)
+
+    generate_dockerfiles(args)
+    build_dockerfiles(args)

Dockerfile.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+# alpine sh only
+
+set -eux
+./Dockerfile.py -v --arch="${ARCH}" --hub_tag="${ARCH_IMAGE}"
+# TODO: Add junitxml output and have circleci consume it
+# 2 parallel max b/c race condition with docker fixture (I think?)
+py.test -vv -n 2 -k "${ARCH}" ./test/

Dockerfile.template

@@ -0,0 +1,49 @@
+FROM {{ pihole.base }}
+
+ENV ARCH {{ pihole.arch }}
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/{{ pihole.s6_version }}/s6-overlay-{{ pihole.s6arch }}.tar.gz
+
+COPY install.sh /usr/local/bin/install.sh
+COPY VERSION /etc/docker-pi-hole-version
+ENV PIHOLE_INSTALL /root/ph_install.sh
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '{{ pihole.php_env_config }}'
+ENV PHP_ERROR_LOG '{{ pihole.php_error_log }}'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+
+ENV ServerIP 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER root
+
+ENV VERSION {{ pihole.version }}
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="{{ pihole.name }}:{{ pihole.version }}_{{ pihole.arch }}"
+LABEL maintainer="{{ pihole.maintainer }}"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_amd64

@@ -0,0 +1,49 @@
+FROM pihole/debian-base:latest
+
+ENV ARCH amd64
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz
+
+COPY install.sh /usr/local/bin/install.sh
+COPY VERSION /etc/docker-pi-hole-version
+ENV PIHOLE_INSTALL /root/ph_install.sh
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
+ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+
+ENV ServerIP 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER root
+
+ENV VERSION v4.4
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.4_amd64"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_arm64

@@ -0,0 +1,49 @@
+FROM multiarch/debian-debootstrap:arm64-stretch-slim
+
+ENV ARCH arm64
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-aarch64.tar.gz
+
+COPY install.sh /usr/local/bin/install.sh
+COPY VERSION /etc/docker-pi-hole-version
+ENV PIHOLE_INSTALL /root/ph_install.sh
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
+ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+
+ENV ServerIP 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER root
+
+ENV VERSION v4.4
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.4_arm64"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_armel

@@ -0,0 +1,49 @@
+FROM multiarch/debian-debootstrap:armel-stretch-slim
+
+ENV ARCH armel
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-arm.tar.gz
+
+COPY install.sh /usr/local/bin/install.sh
+COPY VERSION /etc/docker-pi-hole-version
+ENV PIHOLE_INSTALL /root/ph_install.sh
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
+ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+
+ENV ServerIP 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER root
+
+ENV VERSION v4.4
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.4_armel"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_armhf

@@ -0,0 +1,49 @@
+FROM multiarch/debian-debootstrap:armhf-stretch-slim
+
+ENV ARCH armhf
+ENV S6OVERLAY_RELEASE https://github.com/just-containers/s6-overlay/releases/download/v1.21.7.0/s6-overlay-armhf.tar.gz
+
+COPY install.sh /usr/local/bin/install.sh
+COPY VERSION /etc/docker-pi-hole-version
+ENV PIHOLE_INSTALL /root/ph_install.sh
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+ENTRYPOINT [ "/s6-init" ]
+
+ADD s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+# php config start passes special ENVs into
+ENV PHP_ENV_CONFIG '/etc/lighttpd/conf-enabled/15-fastcgi-php.conf'
+ENV PHP_ERROR_LOG '/var/log/lighttpd/error.log'
+COPY ./start.sh /
+COPY ./bash_functions.sh /
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+EXPOSE 443
+
+ENV S6_LOGGING 0
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+
+ENV ServerIP 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER root
+
+ENV VERSION v4.4
+ENV PATH /opt/pihole:${PATH}
+
+LABEL image="pihole/pihole:v4.4_armhf"
+LABEL maintainer="adam@diginc.us"
+LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
+
+HEALTHCHECK CMD dig @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

Dockerfile_build

@@ -0,0 +1,23 @@
+FROM docker:latest
+
+# Based on https://github.com/Ilhicas/alpine-pipenv
+ARG packages
+RUN apk --update add python3 python3-dev curl gcc make \
+        musl-dev libffi-dev openssl-dev ${packages} \
+    && rm -rf /var/cache/apk/* \
+    && pip3 install -U pip pipenv
+
+
+# -v "$(pwd):/$(pwd)" -w "$(pwd)" to prevent nested docker path confusion
+COPY ./Dockerfile.sh /usr/local/bin/
+COPY Pipfile* /root/
+WORKDIR /root
+
+RUN pipenv install --system \
+    && sed -i 's|/bin/sh|/bin/bash|g' /usr/lib/python3.8/site-packages/testinfra/backend/docker.py
+
+
+RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT entrypoint.sh
+CMD Dockerfile.sh

Pipfile

@@ -0,0 +1,63 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+apipkg = "==1.5"
+atomicwrites = "==1.3.0"
+attrs = "==19.3.0"
+bcrypt = "==3.1.7"
+cached-property = "==1.5.1"
+certifi = "==2019.11.28"
+cffi = "==1.13.2"
+chardet = "==3.0.4"
+configparser = "==4.0.2"
+contextlib2 = "==0.6.0.post1"
+coverage = "==5.0.1"
+cryptography = "==2.8"
+docker = "==4.1.0"
+dockerpty = "==0.4.1"
+docopt = "==0.6.2"
+enum34 = "==1.1.6"
+execnet = "==1.7.1"
+filelock = "==3.0.12"
+funcsigs = "==1.0.2"
+idna = "==2.8"
+importlib-metadata = "==1.3.0"
+ipaddress = "==1.0.23"
+jsonschema = "==3.2.0"
+more-itertools = "==5.0.0"
+pathlib2 = "==2.3.5"
+pluggy = "==0.13.1"
+py = "==1.8.1"
+pycparser = "==2.19"
+pyparsing = "==2.4.6"
+pyrsistent = "==0.15.6"
+pytest = "==4.6.8"
+pytest-cov = "==2.8.1"
+pytest-forked = "==1.1.3"
+pytest-xdist = "==1.31.0"
+requests = "==2.22.0"
+scandir = "==1.10.0"
+six = "==1.13.0"
+subprocess32 = "==3.5.4"
+testinfra = "==3.3.0"
+texttable = "==1.6.2"
+toml = "==0.10.0"
+tox = "==3.14.3"
+urllib3 = "==1.25.7"
+virtualenv = "==16.7.9"
+wcwidth = "==0.1.7"
+zipp = "==0.6.0"
+"backports.shutil_get_terminal_size" = "==1.0.0"
+"backports.ssl_match_hostname" = "==3.7.0.1"
+Jinja2 = "==2.10.3"
+MarkupSafe = "==1.1.1"
+PyYAML = "==5.2"
+websocket_client = "==0.57.0"
+
+[requires]
+python_version = "3.8"

Pipfile.lock

@@ -0,0 +1,581 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "ee7705112b315cad899e08bd6eac8f47e9a200a0d47a1920cc192995b79f8673"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3.8"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "apipkg": {
+            "hashes": [
+                "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6",
+                "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c"
+            ],
+            "index": "pypi",
+            "version": "==1.5"
+        },
+        "atomicwrites": {
+            "hashes": [
+                "sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4",
+                "sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6"
+            ],
+            "index": "pypi",
+            "version": "==1.3.0"
+        },
+        "attrs": {
+            "hashes": [
+                "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c",
+                "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"
+            ],
+            "index": "pypi",
+            "version": "==19.3.0"
+        },
+        "backports.shutil-get-terminal-size": {
+            "hashes": [
+                "sha256:0975ba55054c15e346944b38956a4c9cbee9009391e41b86c68990effb8c1f64",
+                "sha256:713e7a8228ae80341c70586d1cc0a8caa5207346927e23d09dcbcaf18eadec80"
+            ],
+            "index": "pypi",
+            "version": "==1.0.0"
+        },
+        "backports.ssl-match-hostname": {
+            "hashes": [
+                "sha256:bb82e60f9fbf4c080eabd957c39f0641f0fc247d9a16e31e26d594d8f42b9fd2"
+            ],
+            "index": "pypi",
+            "version": "==3.7.0.1"
+        },
+        "bcrypt": {
+            "hashes": [
+                "sha256:0258f143f3de96b7c14f762c770f5fc56ccd72f8a1857a451c1cd9a655d9ac89",
+                "sha256:0b0069c752ec14172c5f78208f1863d7ad6755a6fae6fe76ec2c80d13be41e42",
+                "sha256:19a4b72a6ae5bb467fea018b825f0a7d917789bcfe893e53f15c92805d187294",
+                "sha256:5432dd7b34107ae8ed6c10a71b4397f1c853bd39a4d6ffa7e35f40584cffd161",
+                "sha256:6305557019906466fc42dbc53b46da004e72fd7a551c044a827e572c82191752",
+                "sha256:69361315039878c0680be456640f8705d76cb4a3a3fe1e057e0f261b74be4b31",
+                "sha256:6fe49a60b25b584e2f4ef175b29d3a83ba63b3a4df1b4c0605b826668d1b6be5",
+                "sha256:74a015102e877d0ccd02cdeaa18b32aa7273746914a6c5d0456dd442cb65b99c",
+                "sha256:763669a367869786bb4c8fcf731f4175775a5b43f070f50f46f0b59da45375d0",
+                "sha256:8b10acde4e1919d6015e1df86d4c217d3b5b01bb7744c36113ea43d529e1c3de",
+                "sha256:9fe92406c857409b70a38729dbdf6578caf9228de0aef5bc44f859ffe971a39e",
+                "sha256:a190f2a5dbbdbff4b74e3103cef44344bc30e61255beb27310e2aec407766052",
+                "sha256:a595c12c618119255c90deb4b046e1ca3bcfad64667c43d1166f2b04bc72db09",
+                "sha256:c9457fa5c121e94a58d6505cadca8bed1c64444b83b3204928a866ca2e599105",
+                "sha256:cb93f6b2ab0f6853550b74e051d297c27a638719753eb9ff66d1e4072be67133",
+                "sha256:ce4e4f0deb51d38b1611a27f330426154f2980e66582dc5f438aad38b5f24fc1",
+                "sha256:d7bdc26475679dd073ba0ed2766445bb5b20ca4793ca0db32b399dccc6bc84b7",
+                "sha256:ff032765bb8716d9387fd5376d987a937254b0619eff0972779515b5c98820bc"
+            ],
+            "index": "pypi",
+            "version": "==3.1.7"
+        },
+        "cached-property": {
+            "hashes": [
+                "sha256:3a026f1a54135677e7da5ce819b0c690f156f37976f3e30c5430740725203d7f",
+                "sha256:9217a59f14a5682da7c4b8829deadbfc194ac22e9908ccf7c8820234e80a1504"
+            ],
+            "index": "pypi",
+            "version": "==1.5.1"
+        },
+        "certifi": {
+            "hashes": [
+                "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
+                "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
+            ],
+            "index": "pypi",
+            "version": "==2019.11.28"
+        },
+        "cffi": {
+            "hashes": [
+                "sha256:0b49274afc941c626b605fb59b59c3485c17dc776dc3cc7cc14aca74cc19cc42",
+                "sha256:0e3ea92942cb1168e38c05c1d56b0527ce31f1a370f6117f1d490b8dcd6b3a04",
+                "sha256:135f69aecbf4517d5b3d6429207b2dff49c876be724ac0c8bf8e1ea99df3d7e5",
+                "sha256:19db0cdd6e516f13329cba4903368bff9bb5a9331d3410b1b448daaadc495e54",
+                "sha256:2781e9ad0e9d47173c0093321bb5435a9dfae0ed6a762aabafa13108f5f7b2ba",
+                "sha256:291f7c42e21d72144bb1c1b2e825ec60f46d0a7468f5346841860454c7aa8f57",
+                "sha256:2c5e309ec482556397cb21ede0350c5e82f0eb2621de04b2633588d118da4396",
+                "sha256:2e9c80a8c3344a92cb04661115898a9129c074f7ab82011ef4b612f645939f12",
+                "sha256:32a262e2b90ffcfdd97c7a5e24a6012a43c61f1f5a57789ad80af1d26c6acd97",
+                "sha256:3c9fff570f13480b201e9ab69453108f6d98244a7f495e91b6c654a47486ba43",
+                "sha256:415bdc7ca8c1c634a6d7163d43fb0ea885a07e9618a64bda407e04b04333b7db",
+                "sha256:42194f54c11abc8583417a7cf4eaff544ce0de8187abaf5d29029c91b1725ad3",
+                "sha256:4424e42199e86b21fc4db83bd76909a6fc2a2aefb352cb5414833c030f6ed71b",
+                "sha256:4a43c91840bda5f55249413037b7a9b79c90b1184ed504883b72c4df70778579",
+                "sha256:599a1e8ff057ac530c9ad1778293c665cb81a791421f46922d80a86473c13346",
+                "sha256:5c4fae4e9cdd18c82ba3a134be256e98dc0596af1e7285a3d2602c97dcfa5159",
+                "sha256:5ecfa867dea6fabe2a58f03ac9186ea64da1386af2159196da51c4904e11d652",
+                "sha256:62f2578358d3a92e4ab2d830cd1c2049c9c0d0e6d3c58322993cc341bdeac22e",
+                "sha256:6471a82d5abea994e38d2c2abc77164b4f7fbaaf80261cb98394d5793f11b12a",
+                "sha256:6d4f18483d040e18546108eb13b1dfa1000a089bcf8529e30346116ea6240506",
+                "sha256:71a608532ab3bd26223c8d841dde43f3516aa5d2bf37b50ac410bb5e99053e8f",
+                "sha256:74a1d8c85fb6ff0b30fbfa8ad0ac23cd601a138f7509dc617ebc65ef305bb98d",
+                "sha256:7b93a885bb13073afb0aa73ad82059a4c41f4b7d8eb8368980448b52d4c7dc2c",
+                "sha256:7d4751da932caaec419d514eaa4215eaf14b612cff66398dd51129ac22680b20",
+                "sha256:7f627141a26b551bdebbc4855c1157feeef18241b4b8366ed22a5c7d672ef858",
+                "sha256:8169cf44dd8f9071b2b9248c35fc35e8677451c52f795daa2bb4643f32a540bc",
+                "sha256:aa00d66c0fab27373ae44ae26a66a9e43ff2a678bf63a9c7c1a9a4d61172827a",
+                "sha256:ccb032fda0873254380aa2bfad2582aedc2959186cce61e3a17abc1a55ff89c3",
+                "sha256:d754f39e0d1603b5b24a7f8484b22d2904fa551fe865fd0d4c3332f078d20d4e",
+                "sha256:d75c461e20e29afc0aee7172a0950157c704ff0dd51613506bd7d82b718e7410",
+                "sha256:dcd65317dd15bc0451f3e01c80da2216a31916bdcffd6221ca1202d96584aa25",
+                "sha256:e570d3ab32e2c2861c4ebe6ffcad6a8abf9347432a37608fe1fbd157b3f0036b",
+                "sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d"
+            ],
+            "index": "pypi",
+            "version": "==1.13.2"
+        },
+        "chardet": {
+            "hashes": [
+                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
+                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+            ],
+            "index": "pypi",
+            "version": "==3.0.4"
+        },
+        "configparser": {
+            "hashes": [
+                "sha256:254c1d9c79f60c45dfde850850883d5aaa7f19a23f13561243a050d5a7c3fe4c",
+                "sha256:c7d282687a5308319bf3d2e7706e575c635b0a470342641c93bea0ea3b5331df"
+            ],
+            "index": "pypi",
+            "version": "==4.0.2"
+        },
+        "contextlib2": {
+            "hashes": [
+                "sha256:01f490098c18b19d2bd5bb5dc445b2054d2fa97f09a4280ba2c5f3c394c8162e",
+                "sha256:3355078a159fbb44ee60ea80abd0d87b80b78c248643b49aa6d94673b413609b"
+            ],
+            "index": "pypi",
+            "version": "==0.6.0.post1"
+        },
+        "coverage": {
+            "hashes": [
+                "sha256:0101888bd1592a20ccadae081ba10e8b204d20235d18d05c6f7d5e904a38fc10",
+                "sha256:04b961862334687549eb91cd5178a6fbe977ad365bddc7c60f2227f2f9880cf4",
+                "sha256:1ca43dbd739c0fc30b0a3637a003a0d2c7edc1dd618359d58cc1e211742f8bd1",
+                "sha256:1cbb88b34187bdb841f2599770b7e6ff8e259dc3bb64fc7893acf44998acf5f8",
+                "sha256:232f0b52a5b978288f0bbc282a6c03fe48cd19a04202df44309919c142b3bb9c",
+                "sha256:24bcfa86fd9ce86b73a8368383c39d919c497a06eebb888b6f0c12f13e920b1a",
+                "sha256:25b8f60b5c7da71e64c18888f3067d5b6f1334b9681876b2fb41eea26de881ae",
+                "sha256:2714160a63da18aed9340c70ed514973971ee7e665e6b336917ff4cca81a25b1",
+                "sha256:2ca2cd5264e84b2cafc73f0045437f70c6378c0d7dbcddc9ee3fe192c1e29e5d",
+                "sha256:2cc707fc9aad2592fc686d63ef72dc0031fc98b6fb921d2f5395d9ab84fbc3ef",
+                "sha256:348630edea485f4228233c2f310a598abf8afa5f8c716c02a9698089687b6085",
+                "sha256:40fbfd6b044c9db13aeec1daf5887d322c710d811f944011757526ef6e323fd9",
+                "sha256:46c9c6a1d1190c0b75ec7c0f339088309952b82ae8d67a79ff1319eb4e749b96",
+                "sha256:591506e088901bdc25620c37aec885e82cc896528f28c57e113751e3471fc314",
+                "sha256:5ac71bba1e07eab403b082c4428f868c1c9e26a21041436b4905c4c3d4e49b08",
+                "sha256:5f622f19abda4e934938e24f1d67599249abc201844933a6f01aaa8663094489",
+                "sha256:65bead1ac8c8930cf92a1ccaedcce19a57298547d5d1db5c9d4d068a0675c38b",
+                "sha256:7362a7f829feda10c7265b553455de596b83d1623b3d436b6d3c51c688c57bf6",
+                "sha256:7f2675750c50151f806070ec11258edf4c328340916c53bac0adbc465abd6b1e",
+                "sha256:960d7f42277391e8b1c0b0ae427a214e1b31a1278de6b73f8807b20c2e913bba",
+                "sha256:a50b0888d8a021a3342d36a6086501e30de7d840ab68fca44913e97d14487dc1",
+                "sha256:b7dbc5e8c39ea3ad3db22715f1b5401cd698a621218680c6daf42c2f9d36e205",
+                "sha256:bb3d29df5d07d5399d58a394d0ef50adf303ab4fbf66dfd25b9ef258effcb692",
+                "sha256:c0fff2733f7c2950f58a4fd09b5db257b00c6fec57bf3f68c5bae004d804b407",
+                "sha256:c792d3707a86c01c02607ae74364854220fb3e82735f631cd0a345dea6b4cee5",
+                "sha256:c90bda74e16bcd03861b09b1d37c0a4158feda5d5a036bb2d6e58de6ff65793e",
+                "sha256:cfce79ce41cc1a1dc7fc85bb41eeeb32d34a4cf39a645c717c0550287e30ff06",
+                "sha256:eeafb646f374988c22c8e6da5ab9fb81367ecfe81c70c292623373d2a021b1a1",
+                "sha256:f425f50a6dd807cb9043d15a4fcfba3b5874a54d9587ccbb748899f70dc18c47",
+                "sha256:fcd4459fe35a400b8f416bc57906862693c9f88b66dc925e7f2a933e77f6b18b",
+                "sha256:ff3936dd5feaefb4f91c8c1f50a06c588b5dc69fba4f7d9c79a6617ad80bb7df"
+            ],
+            "index": "pypi",
+            "version": "==5.0.1"
+        },
+        "cryptography": {
+            "hashes": [
+                "sha256:02079a6addc7b5140ba0825f542c0869ff4df9a69c360e339ecead5baefa843c",
+                "sha256:1df22371fbf2004c6f64e927668734070a8953362cd8370ddd336774d6743595",
+                "sha256:369d2346db5934345787451504853ad9d342d7f721ae82d098083e1f49a582ad",
+                "sha256:3cda1f0ed8747339bbdf71b9f38ca74c7b592f24f65cdb3ab3765e4b02871651",
+                "sha256:44ff04138935882fef7c686878e1c8fd80a723161ad6a98da31e14b7553170c2",
+                "sha256:4b1030728872c59687badcca1e225a9103440e467c17d6d1730ab3d2d64bfeff",
+                "sha256:58363dbd966afb4f89b3b11dfb8ff200058fbc3b947507675c19ceb46104b48d",
+                "sha256:6ec280fb24d27e3d97aa731e16207d58bd8ae94ef6eab97249a2afe4ba643d42",
+                "sha256:7270a6c29199adc1297776937a05b59720e8a782531f1f122f2eb8467f9aab4d",
+                "sha256:73fd30c57fa2d0a1d7a49c561c40c2f79c7d6c374cc7750e9ac7c99176f6428e",
+                "sha256:7f09806ed4fbea8f51585231ba742b58cbcfbfe823ea197d8c89a5e433c7e912",
+                "sha256:90df0cc93e1f8d2fba8365fb59a858f51a11a394d64dbf3ef844f783844cc793",
+                "sha256:971221ed40f058f5662a604bd1ae6e4521d84e6cad0b7b170564cc34169c8f13",
+                "sha256:a518c153a2b5ed6b8cc03f7ae79d5ffad7315ad4569b2d5333a13c38d64bd8d7",
+                "sha256:b0de590a8b0979649ebeef8bb9f54394d3a41f66c5584fff4220901739b6b2f0",
+                "sha256:b43f53f29816ba1db8525f006fa6f49292e9b029554b3eb56a189a70f2a40879",
+                "sha256:d31402aad60ed889c7e57934a03477b572a03af7794fa8fb1780f21ea8f6551f",
+                "sha256:de96157ec73458a7f14e3d26f17f8128c959084931e8997b9e655a39c8fde9f9",
+                "sha256:df6b4dca2e11865e6cfbfb708e800efb18370f5a46fd601d3755bc7f85b3a8a2",
+                "sha256:ecadccc7ba52193963c0475ac9f6fa28ac01e01349a2ca48509667ef41ffd2cf",
+                "sha256:fb81c17e0ebe3358486cd8cc3ad78adbae58af12fc2bf2bc0bb84e8090fa5ce8"
+            ],
+            "index": "pypi",
+            "version": "==2.8"
+        },
+        "docker": {
+            "hashes": [
+                "sha256:6e06c5e70ba4fad73e35f00c55a895a448398f3ada7faae072e2bb01348bafc1",
+                "sha256:8f93775b8bdae3a2df6bc9a5312cce564cade58d6555f2c2570165a1270cd8a7"
+            ],
+            "index": "pypi",
+            "version": "==4.1.0"
+        },
+        "dockerpty": {
+            "hashes": [
+                "sha256:69a9d69d573a0daa31bcd1c0774eeed5c15c295fe719c61aca550ed1393156ce"
+            ],
+            "index": "pypi",
+            "version": "==0.4.1"
+        },
+        "docopt": {
+            "hashes": [
+                "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491"
+            ],
+            "index": "pypi",
+            "version": "==0.6.2"
+        },
+        "enum34": {
+            "hashes": [
+                "sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850",
+                "sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a",
+                "sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79",
+                "sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1"
+            ],
+            "index": "pypi",
+            "version": "==1.1.6"
+        },
+        "execnet": {
+            "hashes": [
+                "sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50",
+                "sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547"
+            ],
+            "index": "pypi",
+            "version": "==1.7.1"
+        },
+        "filelock": {
+            "hashes": [
+                "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59",
+                "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836"
+            ],
+            "index": "pypi",
+            "version": "==3.0.12"
+        },
+        "funcsigs": {
+            "hashes": [
+                "sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca",
+                "sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50"
+            ],
+            "index": "pypi",
+            "version": "==1.0.2"
+        },
+        "idna": {
+            "hashes": [
+                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
+                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
+            ],
+            "index": "pypi",
+            "version": "==2.8"
+        },
+        "importlib-metadata": {
+            "hashes": [
+                "sha256:073a852570f92da5f744a3472af1b61e28e9f78ccf0c9117658dc32b15de7b45",
+                "sha256:d95141fbfa7ef2ec65cfd945e2af7e5a6ddbd7c8d9a25e66ff3be8e3daf9f60f"
+            ],
+            "index": "pypi",
+            "version": "==1.3.0"
+        },
+        "ipaddress": {
+            "hashes": [
+                "sha256:6e0f4a39e66cb5bb9a137b00276a2eff74f93b71dcbdad6f10ff7df9d3557fcc",
+                "sha256:b7f8e0369580bb4a24d5ba1d7cc29660a4a6987763faf1d8a8046830e020e7e2"
+            ],
+            "index": "pypi",
+            "version": "==1.0.23"
+        },
+        "jinja2": {
+            "hashes": [
+                "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
+                "sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
+            ],
+            "index": "pypi",
+            "version": "==2.10.3"
+        },
+        "jsonschema": {
+            "hashes": [
+                "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163",
+                "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"
+            ],
+            "index": "pypi",
+            "version": "==3.2.0"
+        },
+        "markupsafe": {
+            "hashes": [
+                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
+                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
+                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
+                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
+                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
+                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
+                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
+                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
+                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
+                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
+                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
+                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
+                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
+                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
+                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
+                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
+                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
+                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
+                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
+                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
+                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
+                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
+                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
+                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
+                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
+                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
+                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
+                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7"
+            ],
+            "index": "pypi",
+            "version": "==1.1.1"
+        },
+        "more-itertools": {
+            "hashes": [
+                "sha256:38a936c0a6d98a38bcc2d03fdaaedaba9f412879461dd2ceff8d37564d6522e4",
+                "sha256:c0a5785b1109a6bd7fac76d6837fd1feca158e54e521ccd2ae8bfe393cc9d4fc",
+                "sha256:fe7a7cae1ccb57d33952113ff4fa1bc5f879963600ed74918f1236e212ee50b9"
+            ],
+            "index": "pypi",
+            "version": "==5.0.0"
+        },
+        "packaging": {
+            "hashes": [
+                "sha256:aec3fdbb8bc9e4bb65f0634b9f551ced63983a529d6a8931817d52fdd0816ddb",
+                "sha256:fe1d8331dfa7cc0a883b49d75fc76380b2ab2734b220fbb87d774e4fd4b851f8"
+            ],
+            "version": "==20.0"
+        },
+        "pathlib2": {
+            "hashes": [
+                "sha256:0ec8205a157c80d7acc301c0b18fbd5d44fe655968f5d947b6ecef5290fc35db",
+                "sha256:6cd9a47b597b37cc57de1c05e56fb1a1c9cc9fab04fe78c29acd090418529868"
+            ],
+            "index": "pypi",
+            "version": "==2.3.5"
+        },
+        "pluggy": {
+            "hashes": [
+                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
+                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
+            ],
+            "index": "pypi",
+            "version": "==0.13.1"
+        },
+        "py": {
+            "hashes": [
+                "sha256:5e27081401262157467ad6e7f851b7aa402c5852dbcb3dae06768434de5752aa",
+                "sha256:c20fdd83a5dbc0af9efd622bee9a5564e278f6380fffcacc43ba6f43db2813b0"
+            ],
+            "index": "pypi",
+            "version": "==1.8.1"
+        },
+        "pycparser": {
+            "hashes": [
+                "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
+            ],
+            "index": "pypi",
+            "version": "==2.19"
+        },
+        "pyparsing": {
+            "hashes": [
+                "sha256:4c830582a84fb022400b85429791bc551f1f4871c33f23e44f353119e92f969f",
+                "sha256:c342dccb5250c08d45fd6f8b4a559613ca603b57498511740e65cd11a2e7dcec"
+            ],
+            "index": "pypi",
+            "version": "==2.4.6"
+        },
+        "pyrsistent": {
+            "hashes": [
+                "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b"
+            ],
+            "index": "pypi",
+            "version": "==0.15.6"
+        },
+        "pytest": {
+            "hashes": [
+                "sha256:6192875be8af57b694b7c4904e909680102befcb99e610ef3d9f786952f795aa",
+                "sha256:f8447ebf8fd3d362868a5d3f43a9df786dfdfe9608843bd9002a2d47a104808f"
+            ],
+            "index": "pypi",
+            "version": "==4.6.8"
+        },
+        "pytest-cov": {
+            "hashes": [
+                "sha256:cc6742d8bac45070217169f5f72ceee1e0e55b0221f54bcf24845972d3a47f2b",
+                "sha256:cdbdef4f870408ebdbfeb44e63e07eb18bb4619fae852f6e760645fa36172626"
+            ],
+            "index": "pypi",
+            "version": "==2.8.1"
+        },
+        "pytest-forked": {
+            "hashes": [
+                "sha256:1805699ed9c9e60cb7a8179b8d4fa2b8898098e82d229b0825d8095f0f261100",
+                "sha256:1ae25dba8ee2e56fb47311c9638f9e58552691da87e82d25b0ce0e4bf52b7d87"
+            ],
+            "index": "pypi",
+            "version": "==1.1.3"
+        },
+        "pytest-xdist": {
+            "hashes": [
+                "sha256:0f46020d3d9619e6d17a65b5b989c1ebbb58fc7b1da8fb126d70f4bac4dfeed1",
+                "sha256:7dc0d027d258cd0defc618fb97055fbd1002735ca7a6d17037018cf870e24011"
+            ],
+            "index": "pypi",
+            "version": "==1.31.0"
+        },
+        "pyyaml": {
+            "hashes": [
+                "sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc",
+                "sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803",
+                "sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc",
+                "sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15",
+                "sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075",
+                "sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd",
+                "sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31",
+                "sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f",
+                "sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c",
+                "sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04",
+                "sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4"
+            ],
+            "index": "pypi",
+            "version": "==5.2"
+        },
+        "requests": {
+            "hashes": [
+                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
+                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
+            ],
+            "index": "pypi",
+            "version": "==2.22.0"
+        },
+        "scandir": {
+            "hashes": [
+                "sha256:2586c94e907d99617887daed6c1d102b5ca28f1085f90446554abf1faf73123e",
+                "sha256:2ae41f43797ca0c11591c0c35f2f5875fa99f8797cb1a1fd440497ec0ae4b022",
+                "sha256:2b8e3888b11abb2217a32af0766bc06b65cc4a928d8727828ee68af5a967fa6f",
+                "sha256:2c712840c2e2ee8dfaf36034080108d30060d759c7b73a01a52251cc8989f11f",
+                "sha256:4d4631f6062e658e9007ab3149a9b914f3548cb38bfb021c64f39a025ce578ae",
+                "sha256:67f15b6f83e6507fdc6fca22fedf6ef8b334b399ca27c6b568cbfaa82a364173",
+                "sha256:7d2d7a06a252764061a020407b997dd036f7bd6a175a5ba2b345f0a357f0b3f4",
+                "sha256:8c5922863e44ffc00c5c693190648daa6d15e7c1207ed02d6f46a8dcc2869d32",
+                "sha256:92c85ac42f41ffdc35b6da57ed991575bdbe69db895507af88b9f499b701c188",
+                "sha256:b24086f2375c4a094a6b51e78b4cf7ca16c721dcee2eddd7aa6494b42d6d519d",
+                "sha256:cb925555f43060a1745d0a321cca94bcea927c50114b623d73179189a4e100ac"
+            ],
+            "index": "pypi",
+            "version": "==1.10.0"
+        },
+        "six": {
+            "hashes": [
+                "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd",
+                "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
+            ],
+            "index": "pypi",
+            "version": "==1.13.0"
+        },
+        "subprocess32": {
+            "hashes": [
+                "sha256:88e37c1aac5388df41cc8a8456bb49ebffd321a3ad4d70358e3518176de3a56b",
+                "sha256:eb2937c80497978d181efa1b839ec2d9622cf9600a039a79d0e108d1f9aec79d"
+            ],
+            "index": "pypi",
+            "version": "==3.5.4"
+        },
+        "testinfra": {
+            "hashes": [
+                "sha256:780e6c2ab392ea93c26cee1777c968a144c2189a56b3e239a3a66e6d256925b5",
+                "sha256:c3492b39c8d2c98d8419ce1a91d7fe348213f9b98b91198d2e7e88b3954b050b"
+            ],
+            "index": "pypi",
+            "version": "==3.3.0"
+        },
+        "texttable": {
+            "hashes": [
+                "sha256:7dc282a5b22564fe0fdc1c771382d5dd9a54742047c61558e071c8cd595add86",
+                "sha256:eff3703781fbc7750125f50e10f001195174f13825a92a45e9403037d539b4f4"
+            ],
+            "index": "pypi",
+            "version": "==1.6.2"
+        },
+        "toml": {
+            "hashes": [
+                "sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c",
+                "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e"
+            ],
+            "index": "pypi",
+            "version": "==0.10.0"
+        },
+        "tox": {
+            "hashes": [
+                "sha256:06ba73b149bf838d5cd25dc30c2dd2671ae5b2757cf98e5c41a35fe449f131b3",
+                "sha256:806d0a9217584558cc93747a945a9d9bff10b141a5287f0c8429a08828a22192"
+            ],
+            "index": "pypi",
+            "version": "==3.14.3"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
+                "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
+            ],
+            "index": "pypi",
+            "version": "==1.25.7"
+        },
+        "virtualenv": {
+            "hashes": [
+                "sha256:0d62c70883c0342d59c11d0ddac0d954d0431321a41ab20851facf2b222598f3",
+                "sha256:55059a7a676e4e19498f1aad09b8313a38fcc0cdbe4fdddc0e9b06946d21b4bb"
+            ],
+            "index": "pypi",
+            "version": "==16.7.9"
+        },
+        "wcwidth": {
+            "hashes": [
+                "sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e",
+                "sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c"
+            ],
+            "index": "pypi",
+            "version": "==0.1.7"
+        },
+        "websocket-client": {
+            "hashes": [
+                "sha256:0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549",
+                "sha256:d735b91d6d1692a6a181f2a8c9e0238e5f6373356f561bb9dc4c7af36f452010"
+            ],
+            "index": "pypi",
+            "version": "==0.57.0"
+        },
+        "zipp": {
+            "hashes": [
+                "sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e",
+                "sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335"
+            ],
+            "index": "pypi",
+            "version": "==0.6.0"
+        }
+    },
+    "develop": {}
+}

README.md

@@ -1,70 +1,247 @@
-A Docker project to make lightweight x86 continers with [pi-hole](https://pi-hole.net) functionality.  
+# Docker Pi-hole
 
-[![Build Status](https://travis-ci.org/diginc/docker-pi-hole.svg?branch=master)](https://travis-ci.org/diginc/docker-pi-hole)
+<p align="center">
+<a href="https://pi-hole.net"><img src="https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png" width="150" height="255" alt="Pi-hole"></a><br/>
+</p>
+<!-- Delete above HTML and insert markdown for dockerhub : ![Pi-hole](https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png) -->
 
-*April 25, 2016 Update*: piholeIP env var replaced by ServerIP env var, update your docker run/docker-compose configs accordingly please.
+## Quick Start
 
-## Basic Docker Usage
+[Docker-compose](https://docs.docker.com/compose/install/) example:
 
-If you have no other dockers using port 80 (if you do, read the list below for reverse proxy advice), the minimum options required to run this container are in the script [docker_run.sh](https://github.com/diginc/docker-pi-hole/blob/master/docker_run.sh): 
+```yaml
+version: "3"
 
-To customize your upstream DNS servers you use docker environment varibales of *DNS1* and *DNS2* passed into docker at runtime.  The default servers are Google's 8.8.8.8 and 8.8.4.4.
-
-```
-IP=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)
-docker run -p 53:53/tcp -p 53:53/udp -p 80:80 --cap-add=NET_ADMIN -e piholeIP="$IP" --name pihole -d diginc/pi-hole
+# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+      - "80:80/tcp"
+      - "443:443/tcp"
+    environment:
+      TZ: 'America/Chicago'
+      # WEBPASSWORD: 'set a secure password here or it will be random'
+    # Volumes store your data between container upgrades
+    volumes:
+      - './etc-pihole/:/etc/pihole/'
+      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+    dns:
+      - 127.0.0.1
+      - 1.1.1.1
+    # Recommended but not required (DHCP needs NET_ADMIN)
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped
 ```
 
-* piholeIP environment variable is required or default pi-hole scripts autodetect and give ads the private docker ip address that is not on your network so won't work.
- * A good way to test things are working right is by loading this page: [http://pi-hole.isworking.ok/admin/](http://pi-hole.isworking.ok/admin/)
- * [Here is an example of running with jwilder/proxy](https://github.com/diginc/docker-pi-hole/blob/master/jwilder-proxy-example-doco.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with pihole on another porg.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the pihole.  Please read jwilder/proxy readme for more info if you have trouble.  I tested this basic exmaple which is based off what I run.
- * If you have something else taking up port 80 then the ads may not transform into blank ads correctly.  The solution to this is to make sure whatever you do have as the 'default' port 80 virtual host is redirect to this container.  
-* dnsmasq requires NET_ADMIN capabilities to run correctly in docker.
+[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
 
-**Updating ad sources** - Just run a `docker restart your_pihole_name` to kick off the gravity script which updates all the ad lists.
+## Upgrade Notices:
 
-Here are some useful volume mount options to persist your history of stats in the admin interface, or add custom whitelists/blacklists.  **Create these files on the docker host first or you'll get errors**:
+### Docker Pi-Hole v4.2.2
 
-* `docker run -v /var/log/pihole.log:/var/log/pihole.log ...` (plus all of the minimum options added)
-* `docker run -v /etc/pihole/blacklist.txt:/etc/pihole/blacklist.txt ...` (plus all of the minimum options added)
-* `docker run -v /etc/pihole/whitelist.txt:/etc/pihole/whitelist.txt ...` (plus all of the minimum options added)
- * if you use this you should probably read the Advanced Usage section
+- ServerIP no longer a required enviroment variable **unless you run network 'host' mode**!  Feel free to remove it unless you need it to customize lighttpd
+- --cap-add NET_ADMIN no longer required unless using DHCP, leaving in examples for consistency
 
-All of these options get really long when strung together in one command, which is why I'm not going to show all the full commands variations.  This is where [docker-compose](https://docs.docker.com/compose/install/) yml files come in handy for representing [really long docker commands in a readable file format](https://github.com/diginc/docker-pi-hole/blob/master/doco-example.yml).
+### Docker Pi-Hole v4.1.1+
 
+Starting with the v4.1.1 release your Pi-hole container may encounter issues starting the DNS service unless ran with the following setting:
 
-## Docker tags
+- `--dns=127.0.0.1 --dns=1.1.1.1` The second server can be any DNS IP of your choosing, but the **first dns must be 127.0.0.1**
+    - A WARNING stating "Misconfigured DNS in /etc/resolv.conf" may show in docker logs without this.
+- 4.1 required --cap-add NET_ADMIN until 4.2.1-1
 
-### Alpine
+These are the raw [docker run cli](https://docs.docker.com/engine/reference/commandline/cli/) versions of the commands.  We provide no official support for docker GUIs but the community forums may be able to help if you do not see a place for these settings.  Remember, always consult your manual too!
 
-[![](https://badge.imagelayers.io/diginc/pi-hole:alpine.svg)](https://imagelayers.io/?images=diginc/pi-hole:alpine 'Get your own badge on imagelayers.io')
-This is an optimized docker using [alpine](https://hub.docker.com/_/alpine/) as its base.  It uses nginx instead of lighttpd.
+## Overview
 
-### Debian
+#### Renamed from `diginc/pi-hole` to `pihole/pihole`
 
-[![](https://badge.imagelayers.io/diginc/pi-hole:debian.svg)](https://imagelayers.io/?images=diginc/pi-hole:debian 'Get your own badge on imagelayers.io')
-This version of the docker aims to be as close to a standard pi-hole installation by using the same base OS and the exact configs and scripts (minimally modified to get them working).  This serves as a nice baseline for merging and testing upstream repository pi-hole changes.
+A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality.
 
+1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended.
+2) Use the above quick start example, customize if desired.
+3) Enjoy!
 
-## Advanced Usage and Notes
+[![Build Status](https://api.travis-ci.org/pi-hole/docker-pi-hole.svg?branch=master)](https://travis-ci.org/pi-hole/docker-pi-hole) [![Docker Stars](https://img.shields.io/docker/stars/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole) [![Docker Pulls](https://img.shields.io/docker/pulls/pihole/pihole.svg?maxAge=604800)](https://store.docker.com/community/images/pihole/pihole)
 
-The standard pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration incase you have remove the pi-hole container which is a typical docker upgrade pattern.
+## Running Pi-hole Docker
 
-### Customizing with volume mounts
+This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh)
 
-Here are some relevant wiki pages from pi-hole's documentation and example volume mappings to optionally add to the basic example:
+If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so:
 
-* [Customizing sources for ad lists](https://github.com/pi-hole/pi-hole/wiki/Customising-sources-for-ad-lists)
- * `-v your-adlists.list:/etc/pihole/adlists.list` Your version should probably start with the existing defaults for this file.
-* [Whitlisting and Blacklisting](https://github.com/pi-hole/pi-hole/wiki/Whitelisting-and-Blacklisting)
- * `-v your-whitelist:/etc/pihole/whitelist.txt` Your version should probably start with the existing defaults for this file.
- * `-v your-blacklist:/etc/pihole/blacklist.txt` This one is empty by default
+```
+    -v "$(pwd)/etc-pihole/:/etc/pihole/:z" \
+    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/:z" \
+```
 
-### Scripts inside the docker
+Volumes are recommended for persisting data across container re-creations for updating images.  The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary.
 
-The original pi-hole scripts are in the container, so they should work **for the debian version**, via `docker exec` like so:
+Port 443 is to provide a sinkhole for ads that use SSL.  If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times.  Rejecting 443 on your firewall can also serve this same purpose.  Ubuntu firewall example: `sudo ufw reject https`
 
-* `docker exec pihole_container_name whitelist.sh some-good-domain.com`
-* `docker exec pihole_container_name blacklist.sh some-bad-domain.com`
+**Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs.  **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.
 
-`diginc/pi-hole:debian` has working `service` command functionality, which the original scripts also use to reload after configuration changes. `diginc/pi-hole:alpine` does **not** use `service`, so while the scripts may (or may not) work, to make the changes scripts make take effect please run `docker restart pihole`.
+## Running DHCP from Docker Pi-Hole
+
+There are multiple different ways to run DHCP from within your Docker Pi-hole container but it is slightly more advanced and one size does not fit all. DHCP and Docker's multiple network modes are covered in detail on our docs site: [Docker DHCP and Network Modes](https://docs.pi-hole.net/docker/DHCP/)
+
+## Environment Variables
+
+There are other environment variables if you want to customize various things inside the docker container:
+
+| Docker Environment Var. | Description |
+| ----------------------- | ----------- |
+| `TZ: <Timezone>`<br/> **Recommended** *Default: UTC* | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
+| `WEBPASSWORD: <Admin password>`<br/> **Recommended** *Default: random* | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
+| `DNS1: <IP>`<br/> *Optional* *Default: 8.8.8.8* | Primary upstream DNS provider, default is google DNS
+| `DNS2: <IP>`<br/> *Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used
+| `DNSSEC: <True\|False>`<br/> *Optional* *Default: false* | Enable DNSSEC support
+| `DNS_BOGUS_PRIV: <True\|False>`<br/> *Optional* *Default: true* | Enable forwarding of reverse lookups for private ranges
+| `DNS_FQDN_REQUIRED: <True\|False>`<br/> *Optional* *Default: true* | Never forward non-FQDNs
+| `CONDITIONAL_FORWARDING: <True\|False>`<br/> *Optional* *Default: False* | Enable DNS conditional forwarding for device name resolution
+| `CONDITIONAL_FORWARDING_IP: <Router's IP>`<br/> *Optional* | If conditional forwarding is enabled, set the IP of the local network router
+| `CONDITIONAL_FORWARDING_DOMAIN: <Network Domain>`<br/> *Optional* | If conditional forwarding is enabled, set the domain of the local network router
+| `CONDITIONAL_FORWARDING_REVERSE: <Reverse DNS>`<br/> *Optional* | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`)
+| `ServerIP: <Host's IP>`<br/> **Recommended** | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
+| `ServerIPv6: <Host's IPv6>`<br/> *Required if using IPv6* | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully
+| `VIRTUAL_HOST: <Custom Hostname>`<br/> *Optional* *Default: $ServerIP*   | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
+| `IPv6: <True\|False>`<br/> *Optional* *Default: True* | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
+| `INTERFACE: <NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
+| `DNSMASQ_LISTENING: <local\|all\|NIC>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local.
+| `WEB_PORT: <PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
+| `DNSMASQ_USER: <pihole\|root>`<br/> *Experimental Default: root* | Allows running FTLDNS as non-root.
+
+To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1`
+
+Here is a rundown of other arguments for your docker-compose / docker run.
+
+| Docker Arguments | Description |
+| ---------------- | ----------- |
+| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67, 443), the bare minimum ports required for Pi-holes HTTP and DNS services
+| `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash
+| `-v $(pwd)/etc-pihole:/etc/pihole`<br/> **Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates
+| `-v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d`<br/> **Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates
+| `--net=host`<br/> *Optional* | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings.
+| `--cap-add=NET_ADMIN`<br/> *Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities.
+| `--dns=127.0.0.1`<br/> *Recommended* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, also fixes common resolution errors on container restart.
+| `--dns=1.1.1.1`<br/> *Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting
+| `--env-file .env` <br/> *Optional* | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience
+
+## Tips and Tricks
+
+* A good way to test things are working right is by loading this page: [http://pi.hole/admin/](http://pi.hole/admin/)
+* [How do I set or reset the Web interface Password?](https://discourse.pi-hole.net/t/how-do-i-set-or-reset-the-web-interface-password/1328)
+  * `docker exec -it pihole_container_name pihole -a -p` - then enter your password into the prompt
+* Port conflicts?  Stop your server's existing DNS / Web services.
+  * Don't forget to stop your services from auto-starting again after you reboot
+  * Ubuntu users see below for more detailed information
+* Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly.  To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already.  Pi-hole must be the default web app on the proxy e.g. if you go to your host by IP instead of domain then Pi-hole is served out instead of any other sites hosted by the proxy. This is the '[default_server](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)' in nginx or ['_default_' virtual host](https://httpd.apache.org/docs/2.4/vhosts/examples.html#default) in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads.
+  * You can still map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80`, but again the ads won't render properly.  Changing the inner port 80 shouldn't be required unless you run docker host networking mode.
+  * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.
+
+### Installing on Ubuntu
+Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
+The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf`
+
+This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the `/etc/resolv.conf` symlink to point to `/run/systemd/resolve/resolv.conf`, which is automatically updated to follow the system's [`netplan`](https://netplan.io/):
+`sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'`
+
+Once pi-hole is installed, you'll want to configure your clients to use it ([see here](https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245)). If you used the symlink above, your docker host will either use whatever is served by DHCP, or whatever static setting you've configured. If you want to explicitly set your docker host's nameservers you can edit the netplan(s) found at `/etc/netplan`, then run `sudo netplan apply`.
+Example netplan:
+```yaml
+network:
+    ethernets:
+        ens160:
+            dhcp4: true
+            dhcp4-overrides:
+                use-dns: false
+            nameservers:
+                addresses: [127.0.0.1]
+    version: 2
+```
+
+Note that it is also possible to disable `systemd-resolved` entirely. However, this can cause problems with name resolution in vpns ([see bug report](https://bugs.launchpad.net/network-manager/+bug/1624317)). It also disables the functionality of netplan since systemd-resolved is used as the default renderer ([see `man netplan`](http://manpages.ubuntu.com/manpages/bionic/man5/netplan.5.html#description)). If you choose to disable the service, you will need to manually set the nameservers, for example by creating a new `/etc/resolv.conf`.
+
+Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.
+
+## Docker tags and versioning
+
+The primary docker tags / versions are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags) ([arm tags are here](https://store.docker.com/community/images/pihole/pihole/tags)), I also try to tag with the specific version of Pi-hole Core for version archival purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases).
+
+| tag                 | architecture | description                                                             | Dockerfile |
+| ---                 | ------------ | -----------                                                             | ---------- |
+| `latest`            | auto detect  | x86, arm, or arm64 container, docker auto detects your architecture.    | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile_amd64) |
+| `v4.0.0-1`          | auto detect  | Versioned tags, if you want to pin against a specific version, use one of these |  |
+| `v4.0.0-1_<arch>`   | based on tag | Specific architectures tags | |
+| `dev`       | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
+
+### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
+
+This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from Pi-hole.
+
+https://hub.docker.com/r/pihole/pihole/tags/
+
+## Upgrading, Persistence, and Customizations
+
+The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.
+
+### Upgrading / Reconfiguring
+
+Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`).  New images will be released for upgrades, upgrading by replacing your old container with a fresh upgraded image is the 'docker way'.  Long-living docker containers are not the docker way since they aim to be portable and reproducible, why not re-create them often!  Just to prove you can.
+
+0. Read the release notes for both this Docker release and the Pi-hole release
+    * This will help you avoid common problems due to any known issues with upgrading or newly required arguments or variables
+    * We will try to put common break/fixes at the top of this readme too
+1. Download the latest version of the image: `docker pull pihole/pihole`
+2. Throw away your container: `docker rm -f pihole`
+    * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS inturruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
+    * If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
+3. Start your container with the newer base image: `docker run <args> pihole/pihole` (`<args>` being your preferred run volumes and env vars)
+
+Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to known it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reducing complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers.
+
+To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands.
+
+### Pi-hole features
+
+Here are some relevant wiki pages from [Pi-hole's documentation](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  The web interface or command line tools can be used to implement changes to pihole.
+
+We install all pihole utilities so the the built in [pihole commands](https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738) will work via `docker exec <container> <command>` like so:
+
+* `docker exec pihole_container_name pihole updateGravity`
+* `docker exec pihole_container_name pihole -w spclient.wg.spotify.com`
+* `docker exec pihole_container_name pihole -wild example.com`
+
+### Customizations
+
+The webserver and DNS service inside the container can be customized if necessary.  Any configuration files you volume mount into `/etc/dnsmasq.d/` will be loaded by dnsmasq when the container starts or restarts or if you need to modify the Pi-hole config it is located at `/etc/dnsmasq.d/01-pihole.conf`.  The docker start scripts runs a config test prior to starting so it will tell you about any errors in the docker log.
+
+Similarly for the webserver you can customize configs in /etc/lighttpd
+
+### Systemd init script
+
+As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
+
+NOTE:  After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container.
+
+## Note on Capabilities
+
+DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities) expects to have the following capabilities available:
+- `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
+- `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
+- `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
+
+This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
+By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
+However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the `NET_RAW` capability to prevent FTLDNS from automatically gaining it.
+
+# User Feedback
+
+Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole or general docker questions are best answered on our [user forums](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  Ping me (@diginc) on the forums if it's a docker container and you're not sure if it's docker related.

TESTING.md

@@ -0,0 +1,21 @@
+# Prerequisites 
+
+Make sure you have docker, python, and pip.  I won't cover how to install those here, please search the internet for that info if you need it.
+
+# Running tests locally
+
+Travis-ci auto runs tests during pull requests (PR) but it only has 2 cores and if you have more/faster cpus your PC's local tests will be faster and you'll have quicker feedback loops than continually pushing to have your PR run travis-ci
+
+After you have the prereqs, to get the required pip packages run: `pip install -r requirements.txt`
+
+To run the Dockerfile templating, image build, and tests all in one command just run: `tox`
+
+# Local image names
+
+Docker images built by `tox` or `python Dockerfile.py` are named the same but stripped of the `pihole/` docker repository namespace.
+
+e.g. `pi-hole:debian_amd64` or `pi-hole-multiarch:debian_arm64`
+
+You can run the multiarch images on an amd64 development system if you [enable binfmt-support as described in the multiarch image docs](https://hub.docker.com/r/multiarch/multiarch/debian-debootstrap/)
+
+`docker run --rm --privileged multiarch/qemu-user-static:register --reset`

VERSION

@@ -0,0 +1 @@
+v4.4

alpine.docker

@@ -1,52 +0,0 @@
-FROM alpine:edge
-MAINTAINER adam@diginc.us <adam@diginc.us>
-
-RUN apk add --update \
-        dnsmasq \
-        nginx \
-        ca-certificates \
-        php-fpm php-json libxml2 \
-        bc bash curl perl && \
-    apk add --update --repository http://dl-1.alpinelinux.org/alpine/edge/testing/ tini && \
-    rm -rf /var/cache/apk/*
-
-# Customized from submodules
-COPY ./alpine/gravity.sh /usr/local/bin/
-COPY ./alpine/nginx.conf /etc/nginx/nginx.conf
-# Original upstream pihole code being used
-COPY ./pi-hole/adlists.default /etc/pihole/
-COPY ./pi-hole/pihole /usr/local/bin/
-COPY ./pi-hole/advanced/Scripts/* /usr/local/bin/
-COPY ./pi-hole/advanced/dnsmasq.conf.original /etc/dnsmasq.conf
-COPY ./pi-hole/advanced/01-pihole.conf /etc/dnsmasq.d/
-COPY ./pi-hole/advanced/index.html /var/www/html/pihole/index.html
-COPY ./AdminLTE /var/www/html/admin
-COPY ./AdminLTE_version.txt /etc/
-COPY ./pi-hole_version.txt /etc/
-
-# Things installer did
-RUN mkdir -p /etc/pihole/ && \
-    mkdir -p /var/www/html/pihole && \
-    mkdir -p /var/www/html/admin/ && \
-    chown nginx:nginx /var/www/html && \
-    chmod 775 /var/www/html && \
-    touch /var/log/pihole.log && \
-    chmod 644 /var/log/pihole.log && \
-    chown dnsmasq:root /var/log/pihole.log && \
-    sed -i "s/@INT@/eth0/" /etc/dnsmasq.d/01-pihole.conf && \
-    sed -i 's|"cd /etc/.pihole/ && git describe --tags --abbrev=0"|"cat /etc/pi-hole_version.txt"|g' /var/www/html/admin/footer.php && \
-    sed -i 's|"cd /var/www/html/admin/ && git describe --tags --abbrev=0"|"cat /etc/AdminLTE_version.txt"|g' /var/www/html/admin/footer.php
-
-# This chould be eliminated if all (upstream) files were +x in git
-RUN chmod +x /usr/local/bin/*.sh
-
-# Fix dnsmasq in docker
-RUN grep -q '^user=root' || echo 'user=root' >> /etc/dnsmasq.conf
-
-COPY ./alpine/start.sh /
-
-EXPOSE 53 53/udp
-EXPOSE 80
-
-ENTRYPOINT ["tini", "--"]
-CMD /start.sh

alpine/gravity.sh

@@ -1,340 +0,0 @@
-#!/usr/bin/env bash
-# Pi-hole: A black hole for Internet advertisements
-# (c) 2015 by Jacob Salmela
-# Network-wide ad blocking via your Raspberry Pi
-# http://pi-hole.net
-# Compiles a list of ad-serving domains by downloading them from multiple sources
-#
-# Pi-hole is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 2 of the License, or
-# (at your option) any later version.
-
-# Run this script as root or under sudo
-echo ":::"
-
-if [[ $EUID -eq 0 ]];then
-	echo "::: You are root."
-else
-	echo "::: sudo will be used."
-	# Check if it is actually installed
-	# If it isn't, exit because the install cannot complete
-	if [[ $(dpkg-query -s sudo) ]];then
-		export SUDO="sudo"
-	else
-		echo "::: Please install sudo or run this script as root."
-		exit 1
-	fi
-fi
-
-piholeIPfile=/tmp/piholeIP
-piholeIPv6file=/etc/pihole/.useIPv6
-
-adListFile=/etc/pihole/adlists.list
-adListDefault=/etc/pihole/adlists.default
-whitelistScript=/opt/pihole/whitelist.sh
-blacklistScript=/opt/pihole/blacklist.sh
-
-if [[ -f $piholeIPfile ]];then
-    # If the file exists, it means it was exported from the installation script and we should use that value instead of detecting it in this script
-    piholeIP=$(cat $piholeIPfile)
-    rm $piholeIPfile
-else
-    # Otherwise, the IP address can be taken directly from the machine, which will happen when the script is run by the user and not the installation script
-    IPv4dev=$(ip route get 8.8.8.8 | awk '{for(i=1;i<=NF;i++)if($i~/dev/)print $(i+1)}')
-    piholeIPCIDR=$(ip -o -f inet addr show dev "$IPv4dev" | awk '{print $4}' | awk 'END {print}')
-    piholeIP=${piholeIPCIDR%/*}
-fi
-
-if [[ -f $piholeIPv6file ]];then
-    # If the file exists, then the user previously chose to use IPv6 in the automated installer
-    piholeIPv6=$(ip -6 route get 2001:4860:4860::8888 | awk -F " " '{ for(i=1;i<=NF;i++) if ($i == "src") print $(i+1) }')
-fi
-
-# Variables for various stages of downloading and formatting the list
-## Nate 3/26/2016 - Commented unused variables
-basename=pihole
-piholeDir=/etc/$basename
-adList=$piholeDir/gravity.list
-#blacklist=$piholeDir/blacklist.txt
-#whitelist=$piholeDir/whitelist.txt
-#latentWhitelist=$piholeDir/latentWhitelist.txt
-justDomainsExtension=domains
-matterandlight=$basename.0.matterandlight.txt
-supernova=$basename.1.supernova.txt
-eventHorizon=$basename.2.eventHorizon.txt
-accretionDisc=$basename.3.accretionDisc.txt
-#eyeOfTheNeedle=$basename.4.wormhole.txt
-
-# After setting defaults, check if there's local overrides
-if [[ -r $piholeDir/pihole.conf ]];then
-    echo "::: Local calibration requested..."
-        . $piholeDir/pihole.conf
-fi
-
-###########################
-# collapse - begin formation of pihole
-function gravity_collapse() {
-	echo "::: Neutrino emissions detected..."
-	echo ":::"
-	#Decide if we're using a custom ad block list, or defaults.
-	if [ -f $adListFile ]; then
-		#custom file found, use this instead of default
-		echo -n "::: Custom adList file detected. Reading..."
-		sources=()
-		while read -r line; do
-			#Do not read commented out or blank lines
-			if [[ $line = \#* ]] || [[ ! $line ]]; then
-				echo "" > /dev/null
-			else
-				sources+=($line)
-			fi
-		done < $adListFile
-		echo " done!"
-	else
-		#no custom file found, use defaults!
-		echo -n "::: No custom adlist file detected, reading from default file..."
-		sources=()
-		while read -r line; do
-			#Do not read commented out or blank lines
-			if [[ $line = \#* ]] || [[ ! $line ]]; then
-				echo "" > /dev/null
-			else
-				sources+=($line)
-			fi
-		done < $adListDefault
-		echo " done!"
-	fi
-
-	# Create the pihole resource directory if it doesn't exist.  Future files will be stored here
-	if [[ -d $piholeDir ]];then
-        # Temporary hack to allow non-root access to pihole directory
-        # Will update later, needed for existing installs, new installs should
-        # create this directory as non-root
-        $SUDO chmod 777 $piholeDir
-        echo ":::"
-        echo "::: Existing pihole directory found"
-	else
-        echo "::: Creating pihole directory..."
-        mkdir $piholeDir
-        $SUDO chmod 777 $piholeDir
-	fi
-}
-
-# patternCheck - check to see if curl downloaded any new files.
-function gravity_patternCheck() {
-	patternBuffer=$1
-	# check if the patternbuffer is a non-zero length file
-	if [[ -s "$patternBuffer" ]];then
-		# Some of the blocklists are copyright, they need to be downloaded
-		# and stored as is. They can be processed for content after they
-		# have been saved.
-		cp "$patternBuffer" "$saveLocation"
-		echo " List updated, transport successful!"
-	else
-		# curl didn't download any host files, probably because of the date check
-		echo " No changes detected, transport skipped!"
-	fi
-}
-
-# transport - curl the specified url with any needed command extentions
-function gravity_transport() {
-	url=$1
-	cmd_ext=$2
-	agent=$3
-
-	# tmp file, so we don't have to store the (long!) lists in RAM
-	patternBuffer=$(mktemp)
-	heisenbergCompensator=""
-	if [[ -r $saveLocation ]]; then
-		# if domain has been saved, add file for date check to only download newer
-		heisenbergCompensator="-z $saveLocation"
-	fi
-
-	# Silently curl url
-	curl -s $cmd_ext $heisenbergCompensator -A "$agent" $url > $patternBuffer
-	# Check for list updates
-	gravity_patternCheck "$patternBuffer"
-	# Cleanup
-	rm -f "$patternBuffer"
-}
-
-# spinup - main gravity function
-function gravity_spinup() {
-	echo ":::"
-	# Loop through domain list.  Download each one and remove commented lines (lines beginning with '# 'or '/') and	 		# blank lines
-	for ((i = 0; i < "${#sources[@]}"; i++))
-	do
-        url=${sources[$i]}
-        # Get just the domain from the URL
-        domain=$(echo "$url" | cut -d'/' -f3)
-
-        # Save the file as list.#.domain
-        saveLocation=$piholeDir/list.$i.$domain.$justDomainsExtension
-        activeDomains[$i]=$saveLocation
-
-        agent="Mozilla/10.0"
-
-        echo -n "::: Getting $domain list..."
-
-        # Use a case statement to download lists that need special cURL commands
-        # to complete properly and reset the user agent when required
-        case "$domain" in
-            "adblock.mahakala.is")
-                agent='Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0'
-                cmd_ext="-e http://forum.xda-developers.com/"
-            ;;
-
-            "pgl.yoyo.org")
-                cmd_ext="-d mimetype=plaintext -d hostformat=hosts"
-            ;;
-
-            # Default is a simple request
-            *) cmd_ext=""
-        esac
-        gravity_transport "$url" "$cmd_ext" "$agent"
-	done
-}
-
-# Schwarzchild - aggregate domains to one list and add blacklisted domains
-function gravity_Schwarzchild() {
-	echo "::: "
-	# Find all active domains and compile them into one file and remove CRs
-	echo -n "::: Aggregating list of domains..."
-	truncate -s 0 $piholeDir/$matterandlight
-	for i in "${activeDomains[@]}"
-	do
-		cat "$i" | tr -d '\r' >> $piholeDir/$matterandlight
-	done
-	echo " done!"
-}
-
-function gravity_Blacklist(){
-	# Append blacklist entries if they exist
-	echo -n "::: Running blacklist script to update HOSTS file...."
-	$blacklistScript -f -nr -q > /dev/null
-
-	numBlacklisted=$(wc -l < "/etc/pihole/blacklist.txt")
-	plural=; [[ "$numBlacklisted" != "1" ]] && plural=s
-	echo " $numBlacklisted domain${plural} blacklisted!"
-}
-
-function gravity_Whitelist() {
-	echo ":::"
-	# Prevent our sources from being pulled into the hole
-	plural=; [[ "${sources[@]}" != "1" ]] && plural=s
-	echo -n "::: Adding ${#sources[@]} adlist source${plural} to the whitelist..."
-
-	urls=()
-	for url in "${sources[@]}"
-	do
-        tmp=$(echo "$url" | awk -F '/' '{print $3}')
-        urls=("${urls[@]}" $tmp)
-	done
-	echo " done!"
-
-	echo -n "::: Running whitelist script to update HOSTS file...."
-	$whitelistScript -f -nr -q "${urls[@]}" > /dev/null
-	numWhitelisted=$(wc -l < "/etc/pihole/whitelist.txt")
-	plural=; [[ "$numWhitelisted" != "1" ]] && plural=s
-	echo " $numWhitelisted domain${plural} whitelisted!"
-}
-
-function gravity_unique() {
-	# Sort and remove duplicates
-	echo -n "::: Removing duplicate domains...."
-	sort -u  $piholeDir/$supernova > $piholeDir/$eventHorizon
-	echo " done!"
-	numberOf=$(wc -l < $piholeDir/$eventHorizon)
-	echo "::: $numberOf unique domains trapped in the event horizon."
-}
-
-function gravity_hostFormat() {
-	# Format domain list as "192.168.x.x domain.com"
-	echo "::: Formatting domains into a HOSTS file..."
-	hostname=$(</etc/hostname)
-	# If there is a value in the $piholeIPv6, then IPv6 will be used, so the awk command modified to create a line for both protocols
-	if [[ -n $piholeIPv6 ]];then
-		# Add hostname and dummy domain to the top of gravity.list to make ping result return a friendlier looking domain! Also allows for an easy way to access the Pi-hole admin console (pi.hole/admin)
-		echo -e "$piholeIP $hostname\n$piholeIPv6 $hostname\n$piholeIP pi.hole\n$piholeIPv6 pi.hole" > $piholeDir/$accretionDisc
-		cat $piholeDir/$eventHorizon | awk -v ipv4addr="$piholeIP" -v ipv6addr="$piholeIPv6" '{sub(/\r$/,""); print ipv4addr" "$0"\n"ipv6addr" "$0}' >> $piholeDir/$accretionDisc
-	else
-		# Otherwise, just create gravity.list as normal using IPv4
-		# Add hostname and dummy domain to the top of gravity.list to make ping result return a friendlier looking domain! Also allows for an easy way to access the Pi-hole admin console (pi.hole/admin)
-		echo -e "$piholeIP $hostname\n$piholeIP pi.hole" > $piholeDir/$accretionDisc
-		cat $piholeDir/$eventHorizon | awk -v ipv4addr="$piholeIP" '{sub(/\r$/,""); print ipv4addr" "$0}' >> $piholeDir/$accretionDisc
-	fi
-
-	# Copy the file over as /etc/pihole/gravity.list so dnsmasq can use it
-	cp $piholeDir/$accretionDisc $adList
-}
-
-# blackbody - remove any remnant files from script processes
-function gravity_blackbody() {
-	# Loop through list files
-	for file in $piholeDir/*.$justDomainsExtension
-	do
-		# If list is in active array then leave it (noop) else rm the list
-		if [[ " ${activeDomains[@]} " =~ ${file} ]]; then
-			:
-		else
-			rm -f "$file"
-		fi
-	done
-}
-
-function gravity_advanced() {
-	# Remove comments and print only the domain name
-	# Most of the lists downloaded are already in hosts file format but the spacing/formating is not contigious
-	# This helps with that and makes it easier to read
-	# It also helps with debugging so each stage of the script can be researched more in depth
-	echo -n "::: Formatting list of domains to remove comments...."
-	awk '($1 !~ /^#/) { if (NF>1) {print $2} else {print $1}}' $piholeDir/$matterandlight | sed -nr -e 's/\.{2,}/./g' -e '/\./p' >  $piholeDir/$supernova
-	echo " done!"
-
-	numberOf=$(wc -l < $piholeDir/$supernova)
-	echo "::: $numberOf domains being pulled in by gravity..."
-
-	gravity_unique
-}
-
-function gravity_reload() {
-	#Clear no longer needed files...
-	echo ":::"
-	echo -n "::: Cleaning up un-needed files..."
-	$SUDO rm $piholeDir/pihole.*.txt
-	echo " done!"
-
-	# Reload hosts file
-	echo ":::"
-	echo -n "::: Refresh lists in dnsmasq..."
-	
-	#ensure /etc/dnsmasq.d/01-pihole.conf is pointing at the correct list!
-	#First escape forward slashes in the path:
-	adList=${adList//\//\\\/}
-	#Now replace the line in dnsmasq file
-	$SUDO sed -i "s/^addn-hosts.*/addn-hosts=$adList/" /etc/dnsmasq.d/01-pihole.conf
-	dnsmasqPid=$(pidof dnsmasq)
-
-    find "$piholeDir" -type f -exec $SUDO chmod 666 {} \;
-
-	if [[ $dnsmasqPid ]]; then
-		# service already running - reload config
-		$SUDO kill -HUP "$dnsmasqPid"
-	else
-		# service not running, start it up
-		$SUDO service dnsmasq start
-	fi
-	echo " done!"
-}
-
-$SUDO cp /etc/.pihole/adlists.default /etc/pihole/adlists.default
-gravity_collapse
-gravity_spinup
-gravity_Schwarzchild
-gravity_advanced
-gravity_hostFormat
-gravity_blackbody
-gravity_Whitelist
-gravity_Blacklist
-#gravity_reload

alpine/nginx.conf

@@ -1,38 +0,0 @@
-worker_processes  1;
-pid               /var/run/nginx.pid;
-
-events {
-    worker_connections  1024;
-}
-
-http {
-    include            mime.types;
-    default_type       application/octet-stream;
-    sendfile           on;
-    keepalive_timeout  65;
-
-    server {
-        listen 80;
-        listen [::]:80;
-        root /var/www/html;
-        index index.php index.html index.nginx-debian.html;
-
-        error_page 404 /pihole/index.html;
-
-        location ~ ^/admin/ {
-            add_header X-Pi-hole "The Pi-hole Web interface is working!";
-
-            location ~ .php$ {
-                fastcgi_pass 127.0.0.1:9000;
-                fastcgi_index index.php;
-                include fastcgi_params;
-                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-            }
-        }
-
-        location / {
-            add_header X-Pi-hole "A black hole for Internet advertisements." always;
-        }
-    }
-
-}

alpine/start.sh

@@ -1,30 +0,0 @@
-#!/bin/sh
-if [ -n "$ServerIP" ] ; then
-  # /tmp/piholeIP is the current override of auto-lookup in gravity.sh
-  echo "$ServerIP" > /tmp/piholeIP;
-else
-  echo "ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container with the IP of your docker host from which you are passing web (80) and dns (53) ports from"
-  exit 1
-fi;
-
-dnsType='default'
-DNS1=${DNS1:-'8.8.8.8'}
-DNS2=${DNS2:-'8.8.4.4'}
-if [ "$DNS1" != '8.8.8.8' ] || [ "$DNS2" != '8.8.4.4' ] ; then 
-  dnsType='custom'
-fi;
-
-echo "Using $dnsType DNS servers: $DNS1 & $DNS2"
-sed -i "s/@DNS1@/$DNS1/" /etc/dnsmasq.d/01-pihole.conf && \
-sed -i "s/@DNS2@/$DNS2/" /etc/dnsmasq.d/01-pihole.conf && \
-
-dnsmasq --test -7 /etc/dnsmasq.d || exit 1
-php-fpm -t || exit 1
-nginx -t || exit 1
-
-gravity.sh # pi-hole version without 'service dnsmasq start'
-dnsmasq -7 /etc/dnsmasq.d
-php-fpm
-nginx
-
-tail -F /var/log/nginx/*.log /var/log/pihole.log

autotest

@@ -0,0 +1 @@
+py.test -f ./test -v $@

bash_functions.sh

@@ -0,0 +1,382 @@
+#!/bin/bash
+# Some of the bash_functions use variables these core pi-hole/web scripts
+. /opt/pihole/webpage.sh
+
+docker_checks() {
+    warn_msg='WARNING Misconfigured DNS in /etc/resolv.conf'
+    ns_count="$(grep -c nameserver /etc/resolv.conf)"
+    ns_primary="$(grep nameserver /etc/resolv.conf | head -1)"
+    ns_primary="${ns_primary/nameserver /}"
+    warned=false
+
+    if [ "$ns_count" -lt 2 ] ; then
+        echo "$warn_msg: Two DNS servers are recommended, 127.0.0.1 and any backup server"
+        warned=true
+    fi
+
+    if [ "$ns_primary" != "127.0.0.1" ] ; then
+        echo "$warn_msg: Primary DNS should be 127.0.0.1 (found ${ns_primary})"
+        warned=true
+    fi
+
+    if ! $warned ; then
+        echo "OK: Checks passed for /etc/resolv.conf DNS servers"
+    fi
+
+    echo
+    cat /etc/resolv.conf
+}
+
+fix_capabilities() {
+    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+ei $(which pihole-FTL) || ret=$?
+
+    if [[ $ret -ne 0 && "${DNSMASQ_USER:-root}" != "root" ]]; then
+        echo "ERROR: Failed to set capabilities for pihole-FTL. Cannot run as non-root."
+        exit 1
+    fi
+}
+
+prepare_configs() {
+    # Done in /start.sh, don't do twice
+    PH_TEST=true . $PIHOLE_INSTALL
+    distro_check
+    installConfigs
+    touch "$setupVars"
+    set +e
+    mkdir -p /var/run/pihole /var/log/pihole
+    # Re-apply perms from basic-install over any volume mounts that may be present (or not)
+    # Also  similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
+    chown pihole:root /etc/lighttpd
+    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole" "${regexFile}"
+    chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" 
+    # not sure why pihole:pihole user/group write perms are not enough for web to write...dirty fix:
+    chmod 777 "${regexFile}"
+    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    chown pihole:pihole /var/run/pihole /var/log/pihole
+    test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
+    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
+    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
+    set -e
+    # Update version numbers
+    pihole updatechecker
+    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
+    
+    # If the setup variable file exists,
+    if [[ -e "${setupVars}" ]]; then
+        # update the variables in the file
+        local USERWEBPASSWORD="${WEBPASSWORD}"
+        . "${setupVars}"
+        # Stash and pop the user password to avoid setting the password to the hashed setupVar variable
+        WEBPASSWORD="${USERWEBPASSWORD}"
+        # Clean up old before re-writing the required setupVars
+        sed -i.update.bak '/PIHOLE_INTERFACE/d;/IPV4_ADDRESS/d;/IPV6_ADDRESS/d;/QUERY_LOGGING/d;/INSTALL_WEB_SERVER/d;/INSTALL_WEB_INTERFACE/d;/LIGHTTPD_ENABLED/d;' "${setupVars}"
+    fi
+    # echo the information to the user
+    {
+    echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
+    echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
+    echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
+    echo "QUERY_LOGGING=${QUERY_LOGGING}"
+    echo "INSTALL_WEB_SERVER=${INSTALL_WEB_SERVER}"
+    echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
+    echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
+    }>> "${setupVars}"
+}
+
+validate_env() {
+    # Optional ServerIP is a valid IP
+    # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
+    # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
+    if [[ "$(nc -4 -w1 -z "$ServerIP" 53 2>&1)" != "" ]] || ! ip route get "$ServerIP" > /dev/null ; then
+        echo "ERROR: ServerIP Environment variable ($ServerIP) doesn't appear to be a valid IPv4 address"
+        exit 1
+    fi
+
+    # Optional IPv6 is a valid address
+    if [[ -n "$ServerIPv6" ]] ; then
+        if [[ "$ServerIPv6" == 'kernel' ]] ; then
+            echo "ERROR: You passed in IPv6 with a value of 'kernel', this maybe beacuse you do not have IPv6 enabled on your network"
+            unset ServerIPv6
+            exit 1
+        fi
+        if [[ "$(nc -6 -w1 -z "$ServerIPv6" 53 2>&1)" != "" ]] || ! ip route get "$ServerIPv6" > /dev/null ; then
+            echo "ERROR: ServerIPv6 Environment variable ($ServerIPv6) doesn't appear to be a valid IPv6 address"
+            echo "  TIP: If your server is not IPv6 enabled just remove '-e ServerIPv6' from your docker container"
+            exit 1
+        fi
+    fi;
+}
+
+setup_dnsmasq_dns() {
+    . /opt/pihole/webpage.sh
+    local DNS1="${1:-8.8.8.8}"
+    local DNS2="${2:-8.8.4.4}"
+    local dnsType='default'
+    if [ "$DNS1" != '8.8.8.8' ] || [ "$DNS2" != '8.8.4.4' ] ; then
+        dnsType='custom'
+    fi;
+
+    # TODO With the addition of this to /start.sh this needs a refactor
+    if [ ! -f /.piholeFirstBoot ] ; then
+        local setupDNS1="$(grep 'PIHOLE_DNS_1' ${setupVars})"
+        local setupDNS2="$(grep 'PIHOLE_DNS_2' ${setupVars})"
+        setupDNS1="${setupDNS1/PIHOLE_DNS_1=/}"
+        setupDNS2="${setupDNS2/PIHOLE_DNS_2=/}"
+        if [[ -n "$DNS1" && -n "$setupDNS1"  ]] || \
+           [[ -n "$DNS2" && -n "$setupDNS2"  ]] ; then 
+                echo "Docker DNS variables not used"
+        fi
+        echo "Existing DNS servers used (${setupDNS1:-unset} & ${setupDNS2:-unset})"
+        return
+    fi
+
+    echo "Using $dnsType DNS servers: $DNS1 & $DNS2"
+    if [[ -n "$DNS1" && -z "$setupDNS1" ]] ; then
+        change_setting "PIHOLE_DNS_1" "${DNS1}"
+    fi
+    if [[ -n "$DNS2" && -z "$setupDNS2" ]] ; then
+        if [[ "$DNS2" == "no" ]] ; then
+            delete_setting "PIHOLE_DNS_2"
+            unset PIHOLE_DNS_2
+        else
+            change_setting "PIHOLE_DNS_2" "${DNS2}"
+        fi
+    fi
+}
+
+setup_dnsmasq_interface() {
+    local interface="${1:-eth0}"
+    local interfaceType='default'
+    if [ "$interface" != 'eth0' ] ; then
+      interfaceType='custom'
+    fi;
+    echo "DNSMasq binding to $interfaceType interface: $interface"
+    [ -n "$interface" ] && change_setting "PIHOLE_INTERFACE" "${interface}"
+}
+
+setup_dnsmasq_listening_behaviour() {
+    local dnsmasq_listening_behaviour="${1}"
+
+    if [ -n "$dnsmasq_listening_behaviour" ]; then
+      change_setting "DNSMASQ_LISTENING" "${dnsmasq_listening_behaviour}"
+    fi;
+}
+
+setup_dnsmasq_config_if_missing() {
+    # When fresh empty directory volumes are used we miss this file
+    if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
+        cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
+    fi;
+}
+
+setup_dnsmasq() {
+    local dns1="$1"
+    local dns2="$2"
+    local interface="$3"
+    local dnsmasq_listening_behaviour="$4"
+    # Coordinates 
+    setup_dnsmasq_config_if_missing
+    setup_dnsmasq_dns "$dns1" "$dns2" 
+    setup_dnsmasq_interface "$interface"
+    setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
+    setup_dnsmasq_user "${DNSMASQ_USER}"
+    ProcessDNSSettings
+}
+
+setup_dnsmasq_user() {
+    local DNSMASQ_USER="${1}"
+
+    # Run DNSMASQ as root user to avoid SHM permission issues
+    if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
+        # Change user that had been set previously to root
+        for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
+            sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
+        done
+    else
+      echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
+    fi
+}
+
+setup_dnsmasq_hostnames() {
+    # largely borrowed from automated install/basic-install.sh
+    local IPV4_ADDRESS="${1}"
+    local IPV6_ADDRESS="${2}"
+    local hostname="${3}"
+    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+
+    if [ -z "$hostname" ]; then
+        if [[ -f /etc/hostname ]]; then
+            hostname=$(</etc/hostname)
+        elif [ -x "$(command -v hostname)" ]; then
+            hostname=$(hostname -f)
+        fi
+    fi;
+
+    if [[ "${IPV4_ADDRESS}" != "" ]]; then
+        tmp=${IPV4_ADDRESS%/*}
+        sed -i "s/@IPV4@/$tmp/" ${dnsmasq_pihole_01_location}
+    else
+        sed -i '/^address=\/pi.hole\/@IPV4@/d' ${dnsmasq_pihole_01_location}
+        sed -i '/^address=\/@HOSTNAME@\/@IPV4@/d' ${dnsmasq_pihole_01_location}
+    fi
+
+    if [[ "${IPV6_ADDRESS}" != "" ]]; then
+        sed -i "s/@IPv6@/$IPV6_ADDRESS/" ${dnsmasq_pihole_01_location}
+    else
+        sed -i '/^address=\/pi.hole\/@IPv6@/d' ${dnsmasq_pihole_01_location}
+        sed -i '/^address=\/@HOSTNAME@\/@IPv6@/d' ${dnsmasq_pihole_01_location}
+    fi
+
+    if [[ "${hostname}" != "" ]]; then
+        sed -i "s/@HOSTNAME@/$hostname/" ${dnsmasq_pihole_01_location}
+    else
+        sed -i '/^address=\/@HOSTNAME@*/d' ${dnsmasq_pihole_01_location}
+    fi
+}
+
+setup_lighttpd_bind() {
+    local serverip="$1"
+    # if using '--net=host' only bind lighttpd on $ServerIP and localhost
+    if grep -q "docker" /proc/net/dev ; then #docker (docker0 by default) should only be present on the host system
+        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
+            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
+        fi
+    fi
+}
+
+setup_php_env() {
+    if [ -z "$VIRTUAL_HOST" ] ; then
+      VIRTUAL_HOST="$ServerIP"
+    fi;
+    local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\","
+    local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\","
+    local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\","
+
+    # idempotent line additions
+    grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \
+        sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG"
+    grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \
+        sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG"
+    grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \
+        sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG"
+
+    echo "Added ENV to php:"
+    grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
+}
+
+setup_web_port() {
+    local warning="WARNING: Custom WEB_PORT not used"
+    # Quietly exit early for empty or default
+    if [[ -z "${1}" || "${1}" == '80' ]] ; then return ; fi
+
+    if ! echo $1 | grep -q '^[0-9][0-9]*$' ; then 
+        echo "$warning - $1 is not an integer"
+        return
+    fi
+
+    local -i web_port="$1"
+    if (( $web_port < 1 || $web_port > 65535 )); then
+        echo "$warning - $web_port is not within valid port range of 1-65535"
+        return
+    fi
+    echo "Custom WEB_PORT set to $web_port"
+    echo "INFO: Without proper router DNAT forwarding to $ServerIP:$web_port, you may not get any blocked websites on ads"
+
+    # Update any default port 80 references in the HTML
+    grep -Prl '://127\.0\.0\.1/' /var/www/html/ | xargs -r sed -i "s|/127\.0\.0\.1/|/127.0.0.1:${WEB_PORT}/|g"
+    grep -Prl '://pi\.hole/' /var/www/html/ | xargs -r sed -i "s|/pi\.hole/|/pi\.hole:${WEB_PORT}/|g"
+    # Update lighttpd's port
+    sed -i '/server.port\s*=\s*80\s*$/ s/80/'$WEB_PORT'/g' /etc/lighttpd/lighttpd.conf
+
+}
+
+generate_password() {
+    if [ -z "${WEBPASSWORD+x}" ] ; then
+        # Not set at all, give the user a random pass
+        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
+        echo "Assigning random password: $WEBPASSWORD"
+    fi;
+}
+
+setup_web_password() {
+    setup_var_exists "WEBPASSWORD" && return
+
+    PASS="$1"
+    # Turn bash debug on while setting up password (to print it)
+    if [[ "$PASS" == "" ]] ; then
+        echo "" | pihole -a -p
+    else
+        echo "Setting password: ${PASS}"
+        set -x
+        pihole -a -p "$PASS" "$PASS"
+    fi
+    # Turn bash debug back off after print password setup
+    # (subshell to null hides printing output)
+    { set +x; } 2>/dev/null
+
+    # To avoid printing this if conditional in bash debug, turn off  debug above..
+    # then re-enable debug if necessary (more code but cleaner printed output)
+    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+        set -x
+    fi
+}
+
+setup_ipv4_ipv6() {
+    local ip_versions="IPv4 and IPv6"
+    if [ "$IPv6" != "True" ] ; then
+        ip_versions="IPv4"
+        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
+    fi;
+    echo "Using $ip_versions"
+}
+
+test_configs() {
+    set -e
+    echo -n '::: Testing pihole-FTL DNS: '
+    sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
+    echo -n '::: Testing lighttpd config: '
+    lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
+    set +e
+    echo "::: All config checks passed, cleared for startup ..."
+}
+
+
+setup_blocklists() {
+    local blocklists="$1"   
+    # Exit/return early without setting up adlists with defaults for any of the following conditions:
+    # 1. skip_setup_blocklists env is set
+    exit_string="(exiting ${FUNCNAME[0]} early)"
+
+    if [ -n "${skip_setup_blocklists}" ]; then
+        echo "::: skip_setup_blocklists requested ($exit_string)"
+        return
+    fi
+
+    # 2. The adlist file exists already (restarted container or volume mounted list)
+    if [ -f "${adlistFile}" ]; then
+        echo "::: Preexisting ad list ${adlistFile} detected ($exit_string)"
+        cat "${adlistFile}"
+        return
+    fi
+
+    echo "::: ${FUNCNAME[0]} now setting default blocklists up: "
+    echo "::: TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
+    installDefaultBlocklists
+
+    echo "::: Blocklists (${adlistFile}) now set to:"
+    cat "${adlistFile}"
+}
+
+setup_var_exists() {
+    local KEY="$1"
+    if [ -n "$2" ]; then
+        local REQUIRED_VALUE="[^\n]+"
+    fi
+    if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
+        echo "::: Pre existing ${KEY} found"
+        true
+    else
+        false
+    fi
+}
+

circle-deploy.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -ex
+# Circle CI Job for merging/deploying all architectures (post-test passing)
+. circle-vars.sh
+
+annotate() {
+    local base=$1
+    local image=$2
+    local arch=$3
+    local annotate_flags="${annotate_map[$arch]}"
+
+    $dry docker manifest annotate ${base} ${image} --os linux ${annotate_flags}
+}
+
+# Keep in sync with circle-ci job names
+declare -A annotate_map=( 
+    ["amd64"]="--arch amd64" 
+    ["armel"]="--arch arm --variant v6" 
+    ["armhf"]="--arch arm --variant v7" 
+    ["arm64"]="--arch arm64 --variant v8"
+)
+
+# push image when not running a PR
+mkdir -p ~/.docker
+export DOCKER_CLI_EXPERIMENTAL='enabled'
+echo "{}" | jq '.experimental="enabled"' | tee ~/.docker/config.json
+docker info
+if [[ "$CIRCLE_PR_NUMBER" == "" ]]; then
+    images=()
+    echo $DOCKERHUB_PASS | docker login --username=$DOCKERHUB_USER --password-stdin
+    ls -lat ./ci-workspace/
+    cd ci-workspace
+
+    for arch in *; do
+        arch_image=$(cat $arch)
+        docker pull $arch_image
+        images+=($arch_image)
+    done
+
+    for docker_tag in $MULTIARCH_IMAGE $LATEST_IMAGE; do
+        docker manifest create $docker_tag ${images[*]}
+        for arch in *; do
+            arch_image=$(cat $arch)
+            docker pull $arch_image
+            annotate "$docker_tag" "$arch_image" "$arch"
+        done
+
+        docker manifest inspect "$docker_tag"
+        docker manifest push "$docker_tag"
+    done;
+fi

circle-test.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -ex
+
+# Circle CI Job for single architecture
+
+# setup qemu/variables
+docker run --rm --privileged multiarch/qemu-user-static:register --reset > /dev/null
+. circle-vars.sh
+
+if [[ "$1" == "enter" ]]; then
+    enter="-it --entrypoint=sh"
+fi
+
+# generate and build dockerfile
+docker build -t image_pipenv -f Dockerfile_build .
+env > /tmp/env
+docker run --rm \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -v "$(pwd):/$(pwd)" \
+    -w "$(pwd)" \
+    -e PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
+    --env-file /tmp/env \
+    $enter image_pipenv
+# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v "$(pwd):/$(pwd)" -w "$(pwd)" --env-file /tmp/env image_pipenv /ws/Dockerfile.sh
+
+docker images
+echo $DOCKERHUB_PASS | docker login --username=$DOCKERHUB_USER --password-stdin
+docker push $ARCH_IMAGE
+mkdir -p ci-workspace
+echo "$ARCH_IMAGE" | tee ./ci-workspace/$ARCH

circle-vars.sh

@@ -0,0 +1,49 @@
+set -a
+
+CIRCLE_JOB="${CIRCLE_JOB:-}"
+ARCH="${ARCH:-$CIRCLE_JOB}"
+if [[ -z "$ARCH" ]] ; then
+    echo "Defaulting arch to amd64"
+    ARCH="amd64"
+fi
+BASE_IMAGE="${BASE_IMAGE:-${CIRCLE_PROJECT_REPONAME}}"
+if [[ -z "$BASE_IMAGE" ]] ; then
+    echo "Defaulting image name to pihole"
+    BASE_IMAGE="pihole"
+fi
+
+# The docker image will  match the github repo path by default but is overrideable with CircleCI environment
+# BASE_IMAGE Overridable by Circle environment, including namespace (e.g. BASE_IMAGE=bobsmith/test-img:latest)
+CIRCLE_PROJECT_USERNAME="${CIRCLE_PROJECT_USERNAME:-unset}"
+HUB_NAMESPACE="${HUB_NAMESPACE:-$CIRCLE_PROJECT_USERNAME}"
+[[ $CIRCLE_PROJECT_USERNAME == "pi-hole" ]] && HUB_NAMESPACE="pihole" # Custom mapping for namespace
+[[ $BASE_IMAGE != *"/"* ]] && BASE_IMAGE="${HUB_NAMESPACE}/${BASE_IMAGE}" # If missing namespace, add one
+
+# Secondary docker tag info (origin github branch/tag) will get prepended also
+ARCH_IMAGE="$BASE_IMAGE"
+[[ $ARCH_IMAGE != *":"* ]] && ARCH_IMAGE="${BASE_IMAGE}:$ARCH" # If tag missing, add circle job name as a tag (architecture here)
+
+DOCKER_TAG="${CIRCLE_TAG:-$CIRCLE_BRANCH}"
+if [[ -n "$DOCKER_TAG" ]]; then
+    # remove latest tag if used (as part of a user provided image variable)
+    ARCH_IMAGE="${ARCH_IMAGE/:latest/:}"
+    # Prepend the github tag(version) or branch. image:arch = image:v1.0-arch
+    ARCH_IMAGE="${ARCH_IMAGE/:/:${DOCKER_TAG}-}"
+    # latest- sometimes has a trailing slash, remove it
+    ARCH_IMAGE="${ARCH_IMAGE/%-/}"
+fi
+
+# To get latest released, cut a release on https://github.com/pi-hole/docker-pi-hole/releases (manually gated for quality control)
+latest_tag=''
+if ! latest_tag=$(curl -sI https://github.com/pi-hole/docker-pi-hole/releases/latest | grep --color=never -i Location | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then
+    print "Failed to retrieve latest docker-pi-hole release metadata"
+else
+    if [[ "$DOCKER_TAG" == "$latest_tag" ]] ; then
+        #LATEST_IMAGE="$BASE_IMAGE:latest"
+        LATEST_IMAGE="$BASE_IMAGE:testing_latest_deleteme"
+    fi
+fi
+
+MULTIARCH_IMAGE="$BASE_IMAGE:$DOCKER_TAG"
+
+set +a

debian.docker

@@ -1,58 +0,0 @@
-FROM debian:jessie
-MAINTAINER adam@diginc.us <adam@diginc.us>
-
-ENV TINI_VERSION v0.9.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /tini.asc
-RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 0527A9B7 \
- && gpg --verify /tini.asc
-RUN chmod +x /tini
-
-# Requirements
-RUN apt-get -q update && \
-    apt-get install -y \
-        dnsmasq \
-        lighttpd \
-        php5-common php5-cgi php5 \
-        bc curl unzip wget && \
-    rm -rf /var/cache/apt/archives
-
-# Original upstream pihole code being used
-COPY ./pi-hole/gravity.sh /usr/local/bin/
-COPY ./pi-hole/adlists.default /etc/pihole/
-COPY ./pi-hole/pihole /usr/local/bin/
-COPY ./pi-hole/advanced/Scripts/* /usr/local/bin/
-COPY ./pi-hole/advanced/lighttpd.conf /etc/lighttpd/lighttpd.conf
-COPY ./pi-hole/advanced/dnsmasq.conf.original /etc/dnsmasq.conf
-COPY ./pi-hole/advanced/01-pihole.conf /etc/dnsmasq.d/
-COPY ./pi-hole/advanced/index.html /var/www/html/pihole/index.html
-COPY ./AdminLTE /var/www/html/admin
-COPY ./AdminLTE_version.txt /etc/
-COPY ./pi-hole_version.txt /etc/
-
-RUN mkdir -p /etc/pihole/ && \
-    mkdir -p /var/www/html/pihole && \
-    mkdir -p /var/www/html/admin/ && \
-    chown www-data:www-data /var/www/html && \
-    chmod 775 /var/www/html && \
-    lighty-enable-mod fastcgi fastcgi-php || true && \
-    touch /var/log/pihole.log && \
-    chmod 644 /var/log/pihole.log && \
-    chown dnsmasq:root /var/log/pihole.log && \
-    sed -i "s/@INT@/eth0/" /etc/dnsmasq.d/01-pihole.conf && \
-    sed -i 's|"cd /etc/.pihole/ && git describe --tags --abbrev=0"|"cat /etc/pi-hole_version.txt"|g' /var/www/html/admin/footer.php && \
-    sed -i 's|"cd /var/www/html/admin/ && git describe --tags --abbrev=0"|"cat /etc/AdminLTE_version.txt"|g' /var/www/html/admin/footer.php
-
-# This chould be eliminated if all (upstream) files were +x in git
-RUN chmod +x /usr/local/bin/*.sh
-
-# Fix dnsmasq in docker
-RUN grep -q '^user=root' || echo 'user=root' >> /etc/dnsmasq.conf
-
-COPY ./debian/start.sh /
-
-EXPOSE 53 53/udp
-EXPOSE 80
-
-ENTRYPOINT ["/tini", "--"]
-CMD /start.sh

debian/start.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-if [ -n "$ServerIP" ] ; then
-  # /tmp/piholeIP is the current override of auto-lookup in gravity.sh
-  echo "$ServerIP" > /tmp/piholeIP;
-else
-  echo "ERROR: It is required you pass an environment variables of 'ServerIP' with the IP of your docker host which you are passing 80/53 from"
-  exit 1
-fi;
-
-dnsType='default'
-DNS1=${DNS1:-'8.8.8.8'}
-DNS2=${DNS2:-'8.8.4.4'}
-if [ "$DNS1" != '8.8.8.8' ] || [ "$DNS2" != '8.8.4.4' ] ; then 
-  dnsType='custom'
-fi;
-
-echo "Using $dnsType DNS servers: $DNS1 & $DNS2"
-sed -i "s/@DNS1@/$DNS1/" /etc/dnsmasq.d/01-pihole.conf && \
-sed -i "s/@DNS2@/$DNS2/" /etc/dnsmasq.d/01-pihole.conf && \
-
-dnsmasq --test -7 /etc/dnsmasq.d || exit 1
-lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
-
-gravity.sh # dnsmasq start included
-service lighttpd start
-
-tail -F /var/log/lighttpd/*.log /var/log/pihole.log

docker-compose-jwilder-proxy.yml

@@ -0,0 +1,63 @@
+version: "3"
+
+# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
+
+services:
+  jwilder-proxy:
+    image: jwilder/nginx-proxy
+    ports:
+      - '80:80'
+    environment:
+      DEFAULT_HOST: pihole.yourDomain.lan
+    volumes:
+      - '/var/run/docker.sock:/tmp/docker.sock'
+    restart: always
+
+  pihole:
+    image: pihole/pihole:latest
+    dns:
+      - 127.0.0.1
+      - 1.1.1.1
+    ports:
+      - '53:53/tcp'
+      - '53:53/udp'
+      - "67:67/udp"
+      - '8053:80/tcp'
+      - "443:443/tcp"
+    volumes:
+      - './etc-pihole/:/etc/pihole/'
+      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+      # run `touch ./var-log/pihole.log` first unless you like errors
+      # - './var-log/pihole.log:/var/log/pihole.log'
+    # Recommended but not required (DHCP needs NET_ADMIN)
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN
+    environment:
+      ServerIP: 192.168.41.55
+      PROXY_LOCATION: pihole
+      VIRTUAL_HOST: pihole.yourDomain.lan
+      VIRTUAL_PORT: 80
+    extra_hosts:
+      # Resolve to nothing domains (terminate connection)
+      - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
+      # LAN hostnames for other docker containers using jwilder
+      - 'yourDomain.lan:192.168.41.55'
+      - 'pihole pihole.yourDomain.lan:192.168.41.55'
+      - 'ghost ghost.yourDomain.lan:192.168.41.55'
+      - 'wordpress wordpress.yourDomain.lan:192.168.41.55'
+    restart: always
+
+#   Another container you might want to have running through the proxy
+#   Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
+#  ghost:
+#    image: fractalf/ghost
+#    ports:
+#      - '2368:2368/tcp'
+#    volumes:
+#      - '/etc/ghost/:/ghost-override'
+#    environment:
+#      PROXY_LOCATION: ghost
+#      VIRTUAL_HOST: ghost.yourDomain.lan
+#      VIRTUAL_PORT: 2368
+#    restart: always

docker-compose-traefik-proxy.md

@@ -0,0 +1,108 @@
+Please note the following about this [traefik](https://traefik.io/) example for Docker Pi-hole
+
+- Still requires standard Pi-hole setup steps, make sure you've gone through the [README](https://github.com/pihole/docker-pi-hole/blob/master/README.md) and understand how to setup Pi-hole without traefik first
+- Update these things before using:
+    - set instances of `homedomain.lan` below to your home domain (typically set in your router)
+    - set your Pi-hole ENV WEBPASSWORD if you don't want a random admin pass
+- This works for me, Your mileage may vary!
+- For support, do your best to figure out traefik issues on your own:
+    - by looking at logs and traefik web interface on port 8080
+    - also by searching the web and searching their forums/docker issues for similar question/problems
+- Port 8053 is mapped directly to Pi-hole to serve as a back door without going through traefik
+- There is some delay after starting your container before traefik forwards the HTTP traffic correctly, give it a minute
+
+```
+version: '3'
+
+services:
+  #
+  traefik:
+    container_name: traefik
+    domainname: homedomain.lan
+
+    image: traefik
+    restart: unless-stopped
+    # Note I opt to whitelist certain apps for exposure to traefik instead of auto discovery
+    # use `--docker.exposedbydefault=true` if you don't want to have to do this
+    command: "--web --docker --docker.domain=homedomain.lan --docker.exposedbydefault=false --logLevel=DEBUG"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /dev/null:/traefik.toml
+    networks:
+      - default
+      - discovery
+    dns:
+      - 192.168.1.50
+      - 192.168.1.1
+
+  pihole:
+    container_name: pihole
+    domainname: homedomain.lan
+
+    image: pihole/pihole:latest
+    dns:
+      - 127.0.0.1
+      - 1.1.1.1
+    ports:
+      - '0.0.0.0:53:53/tcp'
+      - '0.0.0.0:53:53/udp'
+      - '0.0.0.0:67:67/udp'
+      - '0.0.0.0:8053:80/tcp'
+    volumes:
+      - ./etc-pihole/:/etc/pihole/
+      - ./etc-dnsmasqd/:/etc/dnsmasq.d/
+      # run `touch ./pihole.log` first unless you like errors
+      # - ./pihole.log:/var/log/pihole.log
+    environment:
+      ServerIP: 192.168.1.50
+      PROXY_LOCATION: pihole
+      VIRTUAL_HOST: pihole.homedomain.lan
+      VIRTUAL_PORT: 80
+      TZ: 'America/Chicago'
+      # WEBPASSWORD:
+    restart: unless-stopped
+    labels:
+       # required when using --docker.exposedbydefault=false
+       - "traefik.enable=true"
+       # https://www.techjunktrunk.com/docker/2017/11/03/traefik-default-server-catch-all/
+       - "traefik.frontend.rule=HostRegexp:pihole.homedomain.lan,{catchall:.*}"
+       - "traefik.frontend.priority=1"
+       - "traefik.backend=pihole"
+       - "traefik.port=80"
+
+networks:
+  # Discovery is manually created to avoid forcing any order of docker-compose stack creation (`docker network create discovery`)
+  # allows other compose files to be seen by proxy
+  # Not required if you aren't using multiple docker-compose files...
+  discovery:
+    external: true
+```
+
+After running `docker-compose up -d` you should see this if you look at logs on traefik `docker-compose logs -f traefik`
+
+```
+traefik    | time="2018-03-07T18:57:41Z" level=debug msg="Provider event received {Status:health_status: healthy ID:33567e94e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 From:pihole/pihole:latest Type:container Action:health_status: healthy Actor:{ID:33567e94
+e02c5adba3d47fa44c391e94fdea359fb05eecb196c95de288ffb861 Attributes:map[com.docker.compose.project:traefik image:pihole/pihole:latest traefik.frontend.priority:1 com.docker.compose.container-number:1 com.docker.compose.service:pihole com.docker.compose.version:1.19.0 name:pihole traefik.enable:true url:https://www.github.com/pihole/docker-pi-hole com.docker.compose.oneoff:False maintainer:adam@diginc.us traefik.backend:pihole traefik.frontend.rule:HostRegexp:pihole.homedomain.lan,{catchall:.*} traefik.port:80 com.docker.compose.config-
+hash:7551c3f4bd11766292c7dad81473ef21da91cae8666d1b04a42d1daab53fba0f]} Scope:local Time:1520449061 TimeNano:1520449061934970670}"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Filtering disabled container /traefik"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.whitelistSourceRange labels"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.entryPoints labels"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Could not load traefik.frontend.auth.basic labels"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Validation of load balancer method for backend backend-pihole failed: invalid load-balancing method ''. Using default method wrr."
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-pihole":{"servers":{"server-pihole":{"url":"http://172.18.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-HostRegexp
+-pihole-homedomain-lan-catchall-0":{"entryPoints":["http"],"backend":"backend-pihole","routes":{"route-frontend-HostRegexp-pihole-homedomain-lan-catchall-0":{"rule":"HostRegexp:pihole.homedomain.lan,{catchall:.*}"}},"passHostHeader":true,"priority":1,"basicAuth":[]}}}"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating frontend frontend-HostRegexp-pihole-homedomain-lan-catchall-0"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Wiring frontend frontend-HostRegexp-pihole-homedomain-lan-catchall-0 to entryPoint http"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating route route-frontend-HostRegexp-pihole-homedomain-lan-catchall-0 HostRegexp:pihole.homedomain.lan,{catchall:.*}"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating backend backend-pihole"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating load-balancer wrr"
+traefik    | time="2018-03-07T18:57:42Z" level=debug msg="Creating server server-pihole at http://172.18.0.2:80 with weight 0"
+traefik    | time="2018-03-07T18:57:42Z" level=info msg="Server configuration reloaded on :80"
+traefik    | time="2018-03-07T18:57:42Z" level=info msg="Server configuration reloaded on :8080"
+```
+
+Also your port 8080 should list the Route/Rule for pihole and backend-pihole container.

docker-compose.yml

@@ -1 +0,0 @@
-doco-alpine.yml

docker-compose.yml

@@ -0,0 +1,32 @@
+version: "3"
+
+# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
+
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+      - "80:80/tcp"
+      - "443:443/tcp"
+    environment:
+      TZ: 'America/Chicago'
+      # WEBPASSWORD: 'set a secure password here or it will be random'
+    # Volumes store your data between container upgrades
+    volumes:
+      - './etc-pihole/:/etc/pihole/'
+      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+      # run `touch ./var-log/pihole.log` first unless you like errors
+      # - './var-log/pihole.log:/var/log/pihole.log'
+    dns:
+      - 127.0.0.1
+      - 1.1.1.1
+    # Recommended but not required (DHCP needs NET_ADMIN)
+    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped

docker-pi-hole.cron

@@ -0,0 +1,31 @@
+# Pi-hole: A black hole for Internet advertisements
+# (c) 2015, 2016 by Jacob Salmela
+# Network-wide ad blocking via your Raspberry Pi
+# http://pi-hole.net
+# Updates ad sources every week
+#
+# Pi-hole is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is under source-control of the Pi-hole installation and update
+# scripts, any changes made to this file will be overwritten when the softare
+# is updated or re-installed. Please make any changes to the appropriate crontab
+# or other cron file snippets.
+
+# Your container name goes here:
+DOCKER_NAME=pihole
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+# Pi-hole: Update the ad sources once a week on Sunday at 01:59
+#          Download any updates from the adlists
+59 1    * * 7   root    PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updateGravity > /dev/null
+
+# Update docker-pi-hole by pulling the latest docker image ane re-creating your container.
+# pihole software update commands are unsupported in docker!
+#30 2    * * 7   root    PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole updatePihole > /dev/null
+
+# Pi-hole: Flush the log daily at 00:00 so it doesn't get out of control
+#          Stats will be viewable in the Web interface thanks to the cron job above
+00 00   * * *   root    PATH="$PATH:/usr/local/bin/" docker exec $DOCKER_NAME pihole flush > /dev/null

docker_dev.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-docker build -f alpine.docker -t dockerpihole_alpine .
-docker build -f debian.docker -t dockerpihole_debian .
-
-IP=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)
-
-docker run -it --rm --cap-add=NET_ADMIN \
-  -p 5053:53/tcp \
-  -p 5053:53/udp \
-  -p 5080:80 \
-  -e ServerIP="$IP" \
-  $@ \
-  dockerpihole_${image:-alpine}

docker_run.sh

@@ -1,10 +1,32 @@
 #!/bin/bash
-image=${1:-'diginc/pihole:alpine'}
-IP=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1)
 
-# Default ports + daemonized docker container
-docker run -p 53:53/tcp -p 53:53/udp -p 80:80 \
-  --cap-add=NET_ADMIN \
-  -e piholeIP="$IP" \
-  --name pihole \
-  -d $image
+# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
+
+docker run -d \
+    --name pihole \
+    -p 53:53/tcp -p 53:53/udp \
+    -p 80:80 \
+    -p 443:443 \
+    -e TZ="America/Chicago" \
+    -v "$(pwd)/etc-pihole/:/etc/pihole/" \
+    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
+    --dns=127.0.0.1 --dns=1.1.1.1 \
+    --restart=unless-stopped \
+    pihole/pihole:latest
+
+printf 'Starting up pihole container '
+for i in $(seq 1 20); do
+    if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
+        printf ' OK'
+        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
+        exit 0
+    else
+        sleep 3
+        printf '.'
+    fi
+
+    if [ $i -eq 20 ] ; then
+        echo -e "\nTimed out waiting for Pi-hole start, consult check your container logs for more info (\`docker logs pihole\`)"
+        exit 1
+    fi
+done;

doco-alpine.yml

@@ -1,12 +0,0 @@
-alpine:
-  build: .
-  dockerfile: alpine.docker
-  environment:
-    # Your docker host IP is required if you run RUN (not build)
-    piholeIP: 192.168.1.55
-  ports:
-    - "53:53/tcp"
-    - "53:53/udp"
-    - "80:80/tcp"
-  cap_add:
-    - NET_ADMIN

doco-debian.yml

@@ -1,12 +0,0 @@
-debian:
-  build: .
-  dockerfile: debian.docker
-  environment:
-    # Your docker host IP is required if you run RUN (not build)
-    piholeIP: 192.168.1.55
-  ports:
-    - "53:53/tcp"
-    - "53:53/udp"
-    - "80:80/tcp"
-  cap_add:
-    - NET_ADMIN

doco-example.yml

@@ -1,26 +0,0 @@
-pihole:
-  image: diginc/pi-hole
-  ports:
-    - "53:53/tcp"
-    - "53:53/udp"
-    - "80:80/tcp"
-  cap_add:
-    - NET_ADMIN
-  environment:
-    # enter your docker host IP here
-    piholeIP:
-    # jwilder/proxy envs, see readme for more info
-    PROXY_LOCATION: pihole
-    VIRTUAL_HOST: pihole.yourdomain.local
-    VIRTUAL_PORT: 80
-  # Add your own custom hostnames you need for your domain
-  extra_hosts:
-    #   Point any of the jwilder virtual_host addresses
-    # to your docker host ip address
-    - 'pihole.yourdomain.local:192.168.1.55'
-  volumes:
-    # WARNING: if these don't exist as files on the host already
-    # docker will try to create them as directories 
-    # - '/var/log/pihole.log:/var/log/pihole.log'
-    #- '/etc/pihole/whitelist.txt:/etc/pihole/whitelist.txt'
-    # - '/etc/pihole/blacklist.txt:/etc/pihole/blacklist.txt'

doco-example.yml

@@ -0,0 +1 @@
+docker-compose.yml

install.sh

@@ -0,0 +1,113 @@
+#!/bin/bash -ex
+
+mkdir -p /etc/pihole/
+mkdir -p /var/run/pihole
+# Production tags with valid web footers
+export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
+export WEB_VERSION="v4.3.3"
+
+# Only use for pre-production / testing
+export CHECKOUT_BRANCHES=false
+# Search for release/* branch naming convention for custom checkouts
+if [[ "$CORE_VERSION" == *"release/"* ]] ; then
+    CHECKOUT_BRANCHES=true
+fi
+
+apt-get update
+apt-get install --no-install-recommends -y curl procps ca-certificates
+curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C /
+mv /init /s6-init
+
+# debconf-apt-progress seems to hang so get rid of it too
+which debconf-apt-progress
+mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
+
+# Get the install functions
+curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL"
+PH_TEST=true . "${PIHOLE_INSTALL}"
+
+# Preseed variables to assist with using --unattended install
+{
+  echo "PIHOLE_INTERFACE=eth0"
+  echo "IPV4_ADDRESS=0.0.0.0"
+  echo "IPV6_ADDRESS=0:0:0:0:0:0"
+  echo "PIHOLE_DNS_1=8.8.8.8"
+  echo "PIHOLE_DNS_2=8.8.4.4"
+  echo "QUERY_LOGGING=true"
+  echo "INSTALL_WEB_SERVER=true"
+  echo "INSTALL_WEB_INTERFACE=true"
+  echo "LIGHTTPD_ENABLED=true"
+}>> "${setupVars}"
+source $setupVars
+
+export USER=pihole
+distro_check
+
+# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
+apt-get -y install debconf-utils
+echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
+
+ln -s /bin/true /usr/local/bin/service
+bash -ex "./${PIHOLE_INSTALL}" --unattended
+rm /usr/local/bin/service
+# Old way of setting up
+#install_dependent_packages INSTALLER_DEPS[@]
+#install_dependent_packages PIHOLE_DEPS[@]
+#install_dependent_packages PIHOLE_WEB_DEPS[@]
+# IPv6 support for nc openbsd better than traditional
+apt-get install -y --force-yes netcat-openbsd
+
+piholeGitUrl="${piholeGitUrl}"
+webInterfaceGitUrl="${webInterfaceGitUrl}"
+webInterfaceDir="${webInterfaceDir}"
+#git clone --branch "${CORE_VERSION}" --depth 1 "${piholeGitUrl}" "${PI_HOLE_LOCAL_REPO}"
+#git clone --branch "${WEB_VERSION}" --depth 1 "${webInterfaceGitUrl}" "${webInterfaceDir}"
+
+tmpLog="/tmp/pihole-install.log"
+installLogLoc="${installLogLoc}"
+FTLdetect 2>&1 | tee "${tmpLog}"
+installPihole 2>&1 | tee "${tmpLog}"
+mv "${tmpLog}" /
+
+fetch_release_metadata() {
+    local directory="$1"
+    local version="$2"
+    pushd "$directory"
+    git fetch -t
+    git remote set-branches origin '*'
+    git fetch --depth 10
+    git checkout master
+    git reset --hard "$version"
+    popd
+}
+
+if [[ $CHECKOUT_BRANCHES == true ]] ; then
+    ln -s /bin/true /usr/local/bin/service
+    ln -s /bin/true /usr/local/bin/update-rc.d
+    echo y | bash -x pihole checkout core ${CORE_VERSION}
+    echo y | bash -x pihole checkout web ${WEB_VERSION}
+    echo y | bash -x pihole checkout ftl tweak/overhaul_overTime
+    # If the v is forgotten: ${CORE_VERSION/v/}
+    unlink /usr/local/bin/service
+    unlink /usr/local/bin/update-rc.d
+else
+    # Reset to our tags so version numbers get detected correctly
+    fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}"
+    fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}"
+fi
+# FTL Armel fix not in prod yet
+# Remove once https://github.com/pi-hole/pi-hole/commit/3fbb0ac8dde14b8edc1982ae3a2a021f3cf68477 is in master
+if [[ "$ARCH" == 'armel' ]]; then
+    curl -o /usr/bin/pihole-FTL https://ftl.pi-hole.net/development/pihole-FTL-armel-native
+fi
+
+sed -i 's/readonly //g' /opt/pihole/webpage.sh
+sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
+
+# Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc`
+sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
+sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+
+touch /.piholeFirstBoot
+
+echo 'Docker install successful'

jwilder-proxy-example-doco.yml

@@ -1,35 +0,0 @@
-applist:
-  image: jwilder/nginx-proxy
-  ports:
-    - '80:80'
-  environment:
-    DEFAULT_HOST: pihole.yourDomain.lan
-  volumes:
-    - '/var/run/docker.sock:/tmp/docker.sock'
-  restart: always
-
-pihole:
-  image: diginc/pi-hole:alpine
-  ports:
-    - '53:53/tcp'
-    - '53:53/udp'
-    - '8053:80/tcp'
-  volumes:
-    - '/var/log/pihole.log:/var/log/pihole.log'
-  #net: host
-  cap_add:
-    - NET_ADMIN
-  environment:
-    piholeIP: 192.168.41.55
-    PROXY_LOCATION: pihole
-    VIRTUAL_HOST: pihole.yourDomain.lan
-    VIRTUAL_PORT: 80
-  extra_hosts:
-    # Resolve to nothing domains (terminate connection)
-    - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
-    # LAN hostnames for other docker containers using jwilder
-    - 'yourDomain.lan:192.168.41.55'
-    - 'pihole pihole.yourDomain.lan:192.168.41.55'
-    - 'ghost ghost.yourDomain.lan:192.168.41.55'
-    - 'wordpress wordpress.yourDomain.lan:192.168.41.55'
-  restart: always

make_symlinks.sh

@@ -1,11 +0,0 @@
-#!/bin/sh -e
-supportedTags='^(alpine|debian)$'
-if ! (echo $1 | grep -Pq "$supportedTags") ; then
-    echo "$1 is not a supported tag"; exit 1;
-fi
-
-unlink docker-compose.yml
-unlink Dockerfile
-
-ln -s doco-${1}.yml docker-compose.yml
-ln -s ${1}.docker Dockerfile

pi-hole_version.txt

@@ -1 +0,0 @@
-v2.6.2

pihole.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=pihole
+Requires=docker.service multi-user.target
+After=docker.service network-online.target dhcpd.service
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/docker start -a pihole
+ExecStop=/usr/bin/docker stop -t 2 pihole
+
+[Install]
+WantedBy=multi-user.target
+

requirements.txt

@@ -1 +1,53 @@
-docker-compose
+apipkg==1.5
+atomicwrites==1.3.0
+attrs==19.3.0
+backports.shutil-get-terminal-size==1.0.0
+backports.ssl-match-hostname==3.7.0.1
+bcrypt==3.1.7
+cached-property==1.5.1
+certifi==2019.11.28
+cffi==1.13.2
+chardet==3.0.4
+configparser==4.0.2
+contextlib2==0.6.0.post1
+coverage==5.0.1
+cryptography==2.8
+docker==4.1.0
+dockerpty==0.4.1
+docopt==0.6.2
+enum34==1.1.6
+execnet==1.7.1
+filelock==3.0.12
+funcsigs==1.0.2
+idna==2.8
+importlib-metadata==1.3.0
+ipaddress==1.0.23
+Jinja2==2.10.3
+jsonschema==3.2.0
+MarkupSafe==1.1.1
+more-itertools==5.0.0
+packaging==19.2
+pathlib2==2.3.5
+pluggy==0.13.1
+py==1.8.1
+pycparser==2.19
+pyparsing==2.4.6
+pyrsistent==0.15.6
+pytest==4.6.8
+pytest-cov==2.8.1
+pytest-forked==1.1.3
+pytest-xdist==1.31.0
+PyYAML==5.2
+requests==2.22.0
+scandir==1.10.0
+six==1.13.0
+subprocess32==3.5.4
+testinfra==3.3.0
+texttable==1.6.2
+toml==0.10.0
+tox==3.14.3
+urllib3==1.25.7
+virtualenv==16.7.9
+wcwidth==0.1.7
+websocket-client==0.57.0
+zipp==0.6.0

s6/debian-root/etc/cont-init.d/20-start.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/with-contenv bash
+set -e
+
+bashCmd='bash -e'
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then 
+    set -x ;
+    bashCmd='bash -e -x'
+fi
+
+# used to start dnsmasq here for gravity to use...now that conflicts port 53
+
+$bashCmd /start.sh
+# Gotta go fast, no time for gravity
+if [ -n "$PYTEST" ]; then 
+    sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" 
+fi
+gravity.sh
+
+# Kill dnsmasq because s6 won't like it if it's running when s6 services start
+kill -9 $(pgrep pihole-FTL) || true

s6/debian-root/etc/fix-attrs.d/01-resolver-resolv

@@ -0,0 +1 @@
+/etc/resolv.conf false doesntexist,0:1000 0664 0664

s6/debian-root/etc/services.d/cron/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping cron"
+killall -9 cron

s6/debian-root/etc/services.d/cron/run

@@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv bash
+s6-echo "Starting crond"
+
+exec -c
+fdmove -c 2 1 /usr/sbin/cron -f

s6/debian-root/etc/services.d/lighttpd/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping lighttpd"
+killall -9 lighttpd

s6/debian-root/etc/services.d/lighttpd/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Starting lighttpd"
+lighttpd -D -f /etc/lighttpd/lighttpd.conf

s6/debian-root/etc/services.d/pihole-FTL/finish

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Stopping pihole-FTL"
+kill -9 $(pgrep pihole-FTL)

s6/debian-root/etc/services.d/pihole-FTL/run

@@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv bash
+
+s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
+s6-setuidgid ${DNSMASQ_USER} pihole-FTL $FTL_CMD >/dev/null 2>&1
+
+# Notes on above:
+# - DNSMASQ_USER default of root is in Dockerfile & can be overwritten by runtime container env
+# - /var/log/pihole*.log has FTL's output that no-daemon would normally print in FG too
+#   prevent duplicating it in docker logs by sending to dev null

s6/debian-root/usr/bin/host-ip

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv sh
+
+#
+# This script will determine the network IP of the container.
+#
+# Return format should be a single IP address.
+#
+
+# Default to using the value of the $HOSTNAME ENV variable.
+getent hosts ${1:-$HOSTNAME} | awk '{print $1}'

s6/debian-root/usr/bin/set-contenv

@@ -0,0 +1,12 @@
+#!/usr/bin/execlineb -S0
+
+if { s6-test $# -eq 2 }
+
+backtick -in FILENAME {
+    pipeline { s6-echo "${1}" }
+    tr "a-z" "A-Z"
+}
+import -u FILENAME
+
+redirfd -w 1 /var/run/s6/container_environment/${FILENAME}
+s6-echo -n -- ${2}

s6/service

@@ -0,0 +1,30 @@
+#!/bin/bash
+# This script patches all service commands into the appropriate s6- commands
+# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
+start() {
+    s6-svc -wU -u -T2500 /var/run/s6/services/$service
+}
+
+stop() {
+    s6-svc -wD -d -T2500 /var/run/s6/services/$service
+}
+
+restart() {
+    stop
+    start
+    #s6-svc -t -wR -T5000 /var/run/s6/services/$service
+}
+
+status() {
+    s6-svstat /var/run/s6/services/$service
+}
+
+service="$1"
+command="$2"
+
+if [[ ! -d "/var/run/s6/services/$service" ]] ; then
+    echo "s6 service not found for $service, exiting..."
+    exit
+fi;
+
+${command} "${service}"

s6/timeout

@@ -0,0 +1,15 @@
+#!/bin/bash
+# A shim to make busybox timeout take in debian style args
+# v1 only need support for this style: `timeout 1 getent hosts github.com`
+
+# Busybox args:
+#   Usage: timeout [-t SECS] [-s SIG] PROG ARGS
+# Debian args:
+#   Usage: timeout [OPTION] DURATION COMMAND [ARG]...
+#     or:  timeout [OPTION]
+
+TIMEOUT=/usr/bin/timeout
+SECS="${1}"
+ARGS="${@:2}"
+
+$TIMEOUT -t $SECS $ARGS

setup.py

@@ -0,0 +1,6 @@
+from setuptools import setup
+
+setup(
+    setup_requires=['pytest-runner'],
+    tests_require=['pytest'],
+)

start.sh

@@ -0,0 +1,69 @@
+#!/bin/bash -e
+# Dockerfile variables
+export TAG
+export ServerIP
+export ServerIPv6
+export PYTEST
+export PHP_ENV_CONFIG
+export PHP_ERROR_LOG 
+export HOSTNAME
+export WEBLOGDIR
+export DNS1
+export DNS2
+export DNSSEC
+export DNS_BOGUS_PRIV
+export DNS_FQDN_REQUIRED
+export INTERFACE
+export DNSMASQ_LISTENING_BEHAVIOUR="$DNSMASQ_LISTENING"
+export IPv6
+export WEB_PORT
+export CONDITIONAL_FORWARDING
+export CONDITIONAL_FORWARDING_IP
+export CONDITIONAL_FORWARDING_DOMAIN
+export CONDITIONAL_FORWARDING_REVERSE
+
+export adlistFile='/etc/pihole/adlists.list'
+
+# The below functions are all contained in bash_functions.sh
+. /bash_functions.sh
+
+# PH_TEST prevents the install from actually running (someone should rename that)
+PH_TEST=true . $PIHOLE_INSTALL
+
+echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
+
+docker_checks
+
+# TODO:
+#if [ ! -f /.piholeFirstBoot ] ; then
+#    echo " ::: Not first container startup so not running docker's setup, re-create container to run setup again"
+#else
+#    regular_setup_functions
+#fi
+
+fix_capabilities
+generate_password
+validate_env || exit 1
+prepare_configs
+change_setting "IPV4_ADDRESS" "$ServerIP"
+change_setting "IPV6_ADDRESS" "$ServerIPv6"
+change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
+change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
+change_setting "DNSSEC" "$DNSSEC"
+change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
+change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
+change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
+change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
+setup_web_port "$WEB_PORT"
+setup_web_password "$WEBPASSWORD"
+setup_dnsmasq "$DNS1" "$DNS2" "$INTERFACE" "$DNSMASQ_LISTENING_BEHAVIOUR"
+setup_php_env
+setup_dnsmasq_hostnames "$ServerIP" "$ServerIPv6" "$HOSTNAME"
+setup_ipv4_ipv6
+setup_lighttpd_bind "$ServerIP"
+setup_blocklists
+test_configs
+
+[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
+
+echo " ::: Docker start setup complete"

test/conftest.py

@@ -0,0 +1,196 @@
+
+import functools
+import os
+import pytest
+import testinfra
+import types
+
+local_host = testinfra.get_host('local://')
+check_output = local_host.check_output
+
+__version__ = None
+dotdot = os.path.abspath(os.path.join(os.path.abspath(__file__), os.pardir, os.pardir))
+with open('{}/VERSION'.format(dotdot), 'r') as v:
+    raw_version = v.read().strip()
+    __version__ = raw_version.replace('release/', 'release-')
+
+@pytest.fixture()
+def args_dns():
+    return '--dns 127.0.0.1 --dns 1.1.1.1'
+
+@pytest.fixture()
+def args_volumes():
+    return '-v /dev/null:/etc/pihole/adlists.list'
+
+@pytest.fixture()
+def args_env():
+    return '-e ServerIP="127.0.0.1"'
+
+@pytest.fixture()
+def args(args_dns, args_volumes, args_env):
+    return "{} {} {}".format(args_dns, args_volumes, args_env)
+
+@pytest.fixture()
+def test_args():
+    ''' test override fixture to provide arguments seperate from our core args '''
+    return ''
+
+def DockerGeneric(request, _test_args, _args, _image, _cmd, _entrypoint):
+    #assert 'docker' in check_output('id'), "Are you in the docker group?"
+    # Always appended PYTEST arg to tell pihole we're testing
+    if 'pihole' in _image and 'PYTEST=1' not in _args:
+       _args = '{} -e PYTEST=1'.format(_args)
+    docker_run = 'docker run -d -t {args} {test_args} {entry} {image} {cmd}'\
+        .format(args=_args, test_args=_test_args, entry=_entrypoint, image=_image, cmd=_cmd)
+    # Print a human runable version of the container run command for faster debugging
+    print(docker_run.replace('-d -t', '--rm -it').replace('tail -f /dev/null', 'bash'))
+    docker_id = check_output(docker_run)
+
+    def teardown():
+        check_output("docker logs {}".format(docker_id))
+        check_output("docker rm -f {}".format(docker_id))
+    request.addfinalizer(teardown)
+
+    docker_container = testinfra.backend.get_backend("docker://" + docker_id, sudo=False)
+    docker_container.id = docker_id
+
+    return docker_container
+
+
+@pytest.fixture
+def Docker(request, test_args, args, image, cmd, entrypoint):
+    ''' One-off Docker container run '''
+    return DockerGeneric(request, test_args, args, image, cmd, entrypoint)
+
+@pytest.fixture(scope='module')
+def DockerPersist(request, persist_test_args, persist_args, persist_image, persist_cmd, persist_entrypoint, Dig):
+    ''' Persistent Docker container for multiple tests, instead of stopping container after one test '''
+    ''' Uses DUP'd module scoped fixtures because smaller scoped fixtures won't mix with module scope '''
+    persistent_container = DockerGeneric(request, persist_test_args, persist_args, persist_image, persist_cmd, persist_entrypoint) 
+    ''' attach a dig conatiner for lookups '''
+    persistent_container.dig = Dig(persistent_container.id)
+    return persistent_container
+
+@pytest.fixture
+def entrypoint():
+    return ''
+
+@pytest.fixture(params=['amd64', 'armhf', 'arm64', 'armel'])
+def arch(request):
+    return request.param
+
+@pytest.fixture()
+def version():
+    return __version__
+
+@pytest.fixture()
+def tag(version, arch):
+    return '{}_{}'.format(version, arch)
+
+@pytest.fixture
+def webserver(tag):
+    ''' TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests? '''
+    return 'lighttpd'
+
+@pytest.fixture()
+def image(tag):
+    image = 'pihole'
+    return '{}:{}'.format(image, tag)
+
+@pytest.fixture()
+def cmd():
+    return 'tail -f /dev/null'
+
+@pytest.fixture(scope='module')
+def persist_arch():
+    '''amd64 only, dnsmasq/pihole-FTL(?untested?) will not start under qemu-user-static :('''
+    return 'amd64'
+
+@pytest.fixture(scope='module')
+def persist_version():
+    return __version__
+
+@pytest.fixture(scope='module')
+def persist_args_dns():
+    return '--dns 127.0.0.1 --dns 1.1.1.1'
+
+@pytest.fixture(scope='module')
+def persist_args_volumes():
+    return '-v /dev/null:/etc/pihole/adlists.list'
+
+@pytest.fixture(scope='module')
+def persist_args_env():
+    return '-e ServerIP="127.0.0.1"'
+
+@pytest.fixture(scope='module')
+def persist_args(persist_args_dns, persist_args_volumes, persist_args_env):
+    return "{} {} {}".format(args_dns, args_volumes, args_env)
+
+@pytest.fixture(scope='module')
+def persist_test_args():
+    ''' test override fixture to provide arguments seperate from our core args '''
+    return ''
+
+@pytest.fixture(scope='module')
+def persist_tag(persist_version, persist_arch):
+    return '{}_{}'.format(persist_version, persist_arch)
+
+@pytest.fixture(scope='module')
+def persist_webserver(persist_tag):
+    ''' TODO: this is obvious without alpine+nginx as the alternative, remove fixture, hard code lighttpd in tests? '''
+    return 'lighttpd'
+
+@pytest.fixture(scope='module')
+def persist_image(persist_tag):
+    image = 'pihole'
+    return '{}:{}'.format(image, persist_tag)
+
+@pytest.fixture(scope='module')
+def persist_cmd():
+    return 'tail -f /dev/null'
+
+@pytest.fixture(scope='module')
+def persist_entrypoint():
+    return ''
+
+@pytest.fixture
+def Slow():
+    """
+    Run a slow check, check if the state is correct for `timeout` seconds.
+    """
+    import time
+    def slow(check, timeout=20):
+        timeout_at = time.time() + timeout
+        while True:
+            try:
+                assert check()
+            except AssertionError as e:
+                if time.time() < timeout_at:
+                    time.sleep(1)
+                else:
+                    raise e
+            else:
+                return
+    return slow
+
+@pytest.fixture(scope='module')
+def Dig():
+    ''' separate container to link to pi-hole and perform lookups '''
+    ''' a docker pull is faster than running an install of dnsutils '''
+    def dig(docker_id):
+        args  = '--link {}:test_pihole'.format(docker_id)
+        image = 'azukiapp/dig'
+        cmd   = 'tail -f /dev/null'
+        dig_container = DockerGeneric(request, '', args, image, cmd, '')
+        return dig_container
+    return dig
+
+'''
+Persistent Docker container for testing service post start.sh
+'''
+@pytest.fixture
+def RunningPiHole(DockerPersist, Slow, persist_webserver):
+    ''' Persist a fully started docker-pi-hole to help speed up subsequent tests '''
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
+    Slow(lambda: DockerPersist.run('pgrep lighttpd').rc == 0)
+    return DockerPersist

test/test_bash_functions.py

@@ -0,0 +1,203 @@
+
+import os
+import pytest
+import re
+
+
+@pytest.mark.parametrize('test_args,expected_ipv6,expected_stdout', [
+    ('', True, 'IPv4 and IPv6'),
+    ('-e "IPv6=True"', True, 'IPv4 and IPv6'),
+    ('-e "IPv6=False"', False, 'IPv4'),
+    ('-e "IPv6=foobar"', False, 'IPv4'),
+])
+def test_IPv6_not_True_removes_ipv6(Docker, Slow, test_args, expected_ipv6, expected_stdout):
+    ''' When a user overrides IPv6=True they only get IPv4 listening webservers '''
+    IPV6_LINE = 'use-ipv6.pl'
+    WEB_CONFIG = '/etc/lighttpd/lighttpd.conf'
+
+    function = Docker.run('. /bash_functions.sh ; setup_ipv4_ipv6')
+    assert "Using {}".format(expected_stdout) in function.stdout
+    if expected_stdout == 'IPv4':
+        assert 'IPv6' not in function.stdout
+    # On overlay2(?) docker sometimes writes to disk are slow enough to break some tests...
+    expected_ipv6_check = lambda: (\
+        IPV6_LINE in Docker.run('grep \'use-ipv6.pl\' {}'.format(WEB_CONFIG)).stdout
+    ) == expected_ipv6
+    Slow(expected_ipv6_check)
+
+
+@pytest.mark.parametrize('test_args', ['-e "WEB_PORT=999"'])
+def test_overrides_default_WEB_PORT(Docker, Slow, test_args):
+    ''' When a --net=host user sets WEB_PORT to avoid synology's 80 default IPv4 and or IPv6 ports are updated'''
+    CONFIG_LINE = 'server.port\s*=\s*999'
+    WEB_CONFIG = '/etc/lighttpd/lighttpd.conf'
+
+    function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_port /start.sh`')
+    assert "Custom WEB_PORT set to 999" in function.stdout
+    assert "INFO: Without proper router DNAT forwarding to 127.0.0.1:999, you may not get any blocked websites on ads" in function.stdout
+    Slow(lambda: re.search(CONFIG_LINE, Docker.run('cat {}'.format(WEB_CONFIG)).stdout) != None)
+    Slow(lambda: re.search('://127.0.0.1:999/', Docker.run('cat /var/www/html/pihole/index.php').stdout) != None)
+    # grep fails to find any of the old address w/o port
+    #assert Docker.run('grep -r "://127.0.0.1/" /var/www/html/').stdout == ''
+    #assert Docker.run('grep -r "://pi.hole/" /var/www/html/').stdout == ''
+    ## Find at least one instance of our changes
+    ## upstream repos determines how many and I don't want to keep updating this test
+    #assert int(Docker.run('grep -rl "://127.0.0.1:999/" /var/www/html/ | wc -l').stdout) >= 1
+    #assert int(Docker.run('grep -rl "://pi.hole:999/" /var/www/html/ | wc -l').stdout) >= 1
+
+
+@pytest.mark.parametrize('test_args,expected_error', [
+    ('-e WEB_PORT="LXXX"', 'WARNING: Custom WEB_PORT not used - LXXX is not an integer'),
+    ('-e WEB_PORT="1,000"', 'WARNING: Custom WEB_PORT not used - 1,000 is not an integer'),
+    ('-e WEB_PORT="99999"', 'WARNING: Custom WEB_PORT not used - 99999 is not within valid port range of 1-65535'),
+])
+def test_bad_input_to_WEB_PORT(Docker, test_args, expected_error):
+    function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_port /start.sh`')
+    assert expected_error in function.stdout
+
+
+# DNS Environment Variable behavior in combinations of modified pihole LTE settings
+@pytest.mark.parametrize('args_env, expected_stdout, dns1, dns2', [
+    ('',                                     'default DNS', '8.8.8.8', '8.8.4.4' ),
+    ('-e DNS1="1.2.3.4"',                   'custom DNS',  '1.2.3.4', '8.8.4.4' ),
+    ('-e DNS2="1.2.3.4"',                   'custom DNS',  '8.8.8.8', '1.2.3.4' ),
+    ('-e DNS1="1.2.3.4" -e DNS2="2.2.3.4"', 'custom DNS',  '1.2.3.4', '2.2.3.4' ),
+    ('-e DNS1="1.2.3.4" -e DNS2="no"',      'custom DNS',  '1.2.3.4', None ),
+    ('-e DNS2="no"',                        'custom DNS',  '8.8.8.8', None ),
+])
+def test_override_default_servers_with_DNS_EnvVars(Docker, Slow, args_env, expected_stdout, dns1, dns2):
+    ''' on first boot when DNS vars are NOT set explain default google DNS settings are used
+                   or when DNS vars are set override the pihole DNS settings '''
+    assert Docker.run('test -f /.piholeFirstBoot').rc == 0
+    function = Docker.run('. /bash_functions.sh ; eval `grep "^setup_dnsmasq " /start.sh`')
+    assert expected_stdout in function.stdout
+    expected_servers = 'server={}\n'.format(dns1) if dns2 == None else 'server={}\nserver={}\n'.format(dns1, dns2)
+    Slow(lambda: expected_servers == Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout)
+
+
+@pytest.mark.skipif(os.environ.get('TRAVIS') == 'true',
+                    reason="Can't get setupVar setup to work on travis")
+@pytest.mark.parametrize('args_env, dns1, dns2, expected_stdout', [
+
+    ('', '9.9.9.1', '9.9.9.2',
+     'Existing DNS servers used'),
+    ('-e DNS1="1.2.3.4"', '9.9.9.1', '9.9.9.2',
+     'Docker DNS variables not used\nExisting DNS servers used (9.9.9.1 & 9.9.9.2)'),
+    ('-e DNS2="1.2.3.4"', '8.8.8.8', None,
+     'Docker DNS variables not used\nExisting DNS servers used (8.8.8.8 & unset)'),
+    ('-e DNS1="1.2.3.4" -e DNS2="2.2.3.4"', '1.2.3.4', '2.2.3.4',
+     'Docker DNS variables not used\nExisting DNS servers used (1.2.3.4 & 2.2.3.4'),
+])
+def test_DNS_Envs_are_secondary_to_setupvars(Docker, Slow, args_env, expected_stdout, dns1, dns2):
+    ''' on second boot when DNS vars are set just use pihole DNS settings
+                    or when DNS vars and FORCE_DNS var are set override the pihole DNS settings '''
+    # Given we are not booting for the first time
+    assert Docker.run('rm /.piholeFirstBoot').rc == 0
+
+    # and a user already has custom pihole dns variables in setup vars
+    dns_count = 1
+    setupVars = '/etc/pihole/setupVars.conf'
+    Docker.run('sed -i "/^PIHOLE_DNS/ d" {}'.format(setupVars))
+    Docker.run('echo "PIHOLE_DNS_1={}" | tee -a {}'.format(dns1, setupVars))
+    if dns2:
+        Docker.run('echo "PIHOLE_DNS_2={}" | tee -a {}'.format(dns2, setupVars))
+    Docker.run('sync {}'.format(setupVars))
+    Slow(lambda: 'PIHOLE_DNS' in Docker.run('cat {}'.format(setupVars)).stdout)
+
+    # When we run setup dnsmasq during startup of the container
+    function = Docker.run('. /bash_functions.sh ; eval `grep "^setup_dnsmasq " /start.sh`')
+    assert expected_stdout in function.stdout
+
+    # Then the servers are still what the user had customized if forced dnsmasq is not set
+    expected_servers = ['server={}'.format(dns1)]
+    if dns2:
+        expected_servers.append('server={}'.format(dns2))
+    Slow(lambda: Docker.run('grep "^server=[^/]" /etc/dnsmasq.d/01-pihole.conf').stdout.strip().split('\n') == \
+         expected_servers)
+
+
+@pytest.mark.parametrize('args_env, expected_stdout, expected_config_line', [
+    ('', 'binding to default interface: eth0', 'interface=eth0' ),
+    ('-e INTERFACE="eth0"', 'binding to default interface: eth0', 'interface=eth0' ),
+    ('-e INTERFACE="br0"', 'binding to custom interface: br0', 'interface=br0'),
+])
+def test_DNS_interface_override_defaults(Docker, Slow, args_env, expected_stdout, expected_config_line):
+    ''' When INTERFACE environment var is passed in, overwrite dnsmasq interface '''
+    function = Docker.run('. /bash_functions.sh ; eval `grep "^setup_dnsmasq " /start.sh`')
+    assert expected_stdout in function.stdout
+    Slow(lambda: expected_config_line + '\n' == Docker.run('grep "^interface" /etc/dnsmasq.d/01-pihole.conf').stdout)
+
+
+expected_debian_lines = [
+    '"VIRTUAL_HOST" => "127.0.0.1"',
+    '"ServerIP" => "127.0.0.1"',
+    '"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log"'
+]
+
+
+@pytest.mark.parametrize('expected_lines,repeat_function', [
+    (expected_debian_lines, 1),
+    (expected_debian_lines, 2)
+])
+def test_debian_setup_php_env(Docker, expected_lines, repeat_function):
+    ''' confirm all expected output is there and nothing else '''
+    stdout = ''
+    for i in range(repeat_function):
+        stdout = Docker.run('. /bash_functions.sh ; eval `grep setup_php_env /start.sh`').stdout
+    for expected_line in expected_lines:
+        search_config_cmd = "grep -c '{}' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf".format(expected_line)
+        search_config_count = Docker.run(search_config_cmd)
+        found_lines = int(search_config_count.stdout.rstrip('\n'))
+        if found_lines > 1:
+            assert False, "Found line {} times (more than once): {}".format(expected_line)
+
+
+def test_webPassword_random_generation(Docker):
+    ''' When a user sets webPassword env the admin password gets set to that '''
+    function = Docker.run('. /bash_functions.sh ; eval `grep generate_password /start.sh`')
+    assert 'assigning random password' in function.stdout.lower()
+
+
+@pytest.mark.parametrize('entrypoint,cmd', [('--entrypoint=tail','-f /dev/null')])
+@pytest.mark.parametrize('args_env,secure,setupVarsHash', [
+    ('-e ServerIP=1.2.3.4 -e WEBPASSWORD=login', True, 'WEBPASSWORD=6060d59351e8c2f48140f01b2c3f3b61652f396c53a5300ae239ebfbe7d5ff08'),
+    ('-e ServerIP=1.2.3.4 -e WEBPASSWORD=""', False, ''),
+])
+def test_webPassword_env_assigns_password_to_file_or_removes_if_empty(Docker, args_env, secure, setupVarsHash):
+    ''' When a user sets webPassword env the admin password gets set or removed if empty '''
+    function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_password /start.sh`')
+
+    if secure:
+        assert 'new password set' in function.stdout.lower()
+        assert Docker.run('grep -q \'{}\' {}'.format(setupVarsHash, '/etc/pihole/setupVars.conf')).rc == 0
+    else:
+        assert 'password removed' in function.stdout.lower()
+        assert Docker.run('grep -q \'^WEBPASSWORD=$\' /etc/pihole/setupVars.conf').rc == 0
+
+
+@pytest.mark.parametrize('entrypoint,cmd', [('--entrypoint=tail','-f /dev/null')])
+@pytest.mark.parametrize('test_args', ['-e WEBPASSWORD=login', '-e WEBPASSWORD=""'])
+def test_webPassword_pre_existing_trumps_all_envs(Docker, args_env, test_args):
+    '''When a user setup webPassword in the volume prior to first container boot,
+        during prior container boot, the prior volume password is left intact / setup skipped'''
+    Docker.run('. /opt/pihole/webpage.sh ; add_setting WEBPASSWORD volumepass')
+    function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_password /start.sh`')
+
+    assert '::: Pre existing WEBPASSWORD found' in function.stdout
+    assert Docker.run('grep -q \'{}\' {}'.format('WEBPASSWORD=volumepass', '/etc/pihole/setupVars.conf')).rc == 0
+
+
+@pytest.mark.parametrize('args_dns, expected_stdout', [
+    # No DNS passed will vary by the host this is ran on, bad idea for a test
+    #('', 'WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1'),
+    ('--dns 1.1.1.1',                 'WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server\n'
+                                      'WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 1.1.1.1)'),
+    ('--dns 127.0.0.1',               'WARNING Misconfigured DNS in /etc/resolv.conf: Two DNS servers are recommended, 127.0.0.1 and any backup server'),
+    ('--dns 1.1.1.1 --dns 127.0.0.1', 'WARNING Misconfigured DNS in /etc/resolv.conf: Primary DNS should be 127.0.0.1 (found 1.1.1.1)'),
+    ('--dns 127.0.0.1 --dns 1.1.1.1', 'OK: Checks passed for /etc/resolv.conf DNS servers'),
+])
+def test_docker_checks_for_resolvconf_misconfiguration(Docker, args_dns, expected_stdout):
+    ''' The container checks for misconfigured resolv.conf '''
+    function = Docker.run('. /bash_functions.sh ; eval `grep docker_checks /start.sh`')
+    print(function.stdout)
+    assert expected_stdout in function.stdout

test/test_pihole_scripts.py

@@ -0,0 +1,54 @@
+import pytest
+
+
+@pytest.fixture(scope='module')
+def start_cmd():
+    ''' broken by default, required override '''
+    return None
+
+
+@pytest.fixture
+def RunningPiHole(DockerPersist, Slow, persist_webserver, persist_tag, start_cmd):
+    ''' Override the RunningPiHole to run and check for success of a
+        pihole-FTL start based `pihole` script command
+        
+        Individual tests all must override start_cmd'''
+    #print DockerPersist.run('ps -ef').stdout
+    assert DockerPersist.dig.run('ping -c 1 test_pihole').rc == 0
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
+    Slow(lambda: DockerPersist.run('pgrep {}'.format(persist_webserver)).rc == 0)
+    oldpid = DockerPersist.run('pidof pihole-FTL')
+    cmd = DockerPersist.run('pihole {}'.format(start_cmd))
+    Slow(lambda: DockerPersist.run('pgrep pihole-FTL').rc == 0)
+    newpid = DockerPersist.run('pidof pihole-FTL')
+    for pid in [oldpid, newpid]:
+        assert pid != ''
+    # ensure a new pid for pihole-FTL appeared due to service restart
+    assert oldpid != newpid
+    assert cmd.rc == 0
+    # Save out cmd result to check different stdout of start/enable/disable
+    DockerPersist.cmd = cmd
+    return DockerPersist
+
+
+@pytest.mark.parametrize('start_cmd,hostname,expected_ip, expected_messages', [
+    ('enable',  'pi.hole', '127.0.0.1', ['Blocking already enabled,','nothing to do']),
+    ('disable', 'pi.hole', '127.0.0.1', ['Disabling blocking','Pi-hole Disabled']),
+])
+def test_pihole_enable_disable_command(RunningPiHole, Dig, persist_tag, start_cmd, hostname, expected_ip, expected_messages):
+    ''' the start_cmd tests are all built into the RunningPiHole fixture in this file '''
+    dig_cmd = "dig +time=1 +noall +answer {} @test_pihole".format(hostname)
+    lookup = RunningPiHole.dig.run(dig_cmd)
+    assert lookup.rc == 0
+    lookup_ip = lookup.stdout.split()[4]
+    assert lookup_ip == expected_ip
+
+    for part_of_output in expected_messages:
+        assert part_of_output in RunningPiHole.cmd.stdout
+
+@pytest.mark.parametrize('start_cmd,expected_message', [
+    ('-up', 'Function not supported in Docker images')
+])
+def test_pihole_update_command(RunningPiHole, start_cmd, expected_message):
+    assert RunningPiHole.cmd.stdout.strip() == expected_message
+

test/test_start.py

@@ -0,0 +1,69 @@
+
+import pytest
+import time
+''' conftest.py provides the defaults through fixtures '''
+''' Note, testinfra builtins don't seem fully compatible with
+        docker containers (esp. musl based OSs) stripped down nature '''
+
+# If the test runs /start.sh, do not let s6 run it too!  Kill entrypoint to avoid race condition/duplicated execution
+@pytest.mark.parametrize('persist_entrypoint,persist_cmd,persist_args_env', [('--entrypoint=tail','-f /dev/null','')])
+def test_ServerIP_missing_is_not_required_anymore(RunningPiHole):
+    ''' When args to docker are empty start.sh exits saying ServerIP is required '''
+    start = Docker.run('/start.sh')
+    error_msg = "ERROR: To function correctly you must pass an environment variables of 'ServerIP' into the docker container"
+    assert start.rc == 1
+    assert error_msg in start.stdout
+
+# If the test runs /start.sh, do not let s6 run it too!  Kill entrypoint to avoid race condition/duplicated execution
+@pytest.mark.parametrize('entrypoint,cmd', [('--entrypoint=tail','-f /dev/null')])
+@pytest.mark.parametrize('args,error_msg,expect_rc', [ 
+    ('-e ServerIP="1.2.3.z"', "ServerIP Environment variable (1.2.3.z) doesn't appear to be a valid IPv4 address",1), 
+    ('-e ServerIP="1.2.3.4" -e ServerIPv6="1234:1234:1234:ZZZZ"', "Environment variable (1234:1234:1234:ZZZZ) doesn't appear to be a valid IPv6 address",1),
+    ('-e ServerIP="1.2.3.4" -e ServerIPv6="kernel"', "ERROR: You passed in IPv6 with a value of 'kernel'",1),
+])
+def test_ServerIP_invalid_IPs_triggers_exit_error(Docker, error_msg, expect_rc):
+    ''' When args to docker are empty start.sh exits saying ServerIP is required '''
+    start = Docker.run('/start.sh')
+    assert start.rc == expect_rc
+    assert 'ERROR' in start.stdout
+    assert error_msg in start.stdout
+
+@pytest.mark.parametrize('hostname,expected_ip', [
+    ('pi.hole',                        '127.0.0.1'),
+    ('google-public-dns-a.google.com', '8.8.8.8'),
+    ('b.resolvers.Level3.net',         '4.2.2.2')
+])
+def test_dns_responses(RunningPiHole, hostname, expected_ip):
+    dig_cmd = "dig +time=1 +noall +answer {} @test_pihole | awk '{{ print $5 }}'".format(hostname)
+    lookup = RunningPiHole.dig.run(dig_cmd).stdout.rstrip('\n')
+    assert lookup == expected_ip
+
+def test_indecies_are_present(RunningPiHole):
+    File = RunningPiHole.get_module('File')
+    File('/var/www/html/pihole/index.html').exists
+    File('/var/www/html/pihole/index.js').exists
+
+def validate_curl(http_rc, expected_http_code, page_contents):
+    if int(http_rc.rc) != 0 or int(http_rc.stdout) != expected_http_code:
+        print('CURL return code: {}'.format(http_rc.rc))
+        print('CURL stdout: {}'.format(http_rc.stdout))
+        print('CURL stderr:{}'.format(http_rc.stderr))
+        print('CURL file:\n{}\n'.format(page_contents.encode('utf-8')))
+
+
+@pytest.mark.parametrize('addr', [ 'localhost' ] )
+@pytest.mark.parametrize('url', [ '/admin/', '/admin/index.php' ] )
+def test_admin_requests_load_as_expected(RunningPiHole, version, addr, url):
+    command = 'curl -L -s -o /tmp/curled_file -w "%{{http_code}}" http://{}{}'.format(addr, url)
+    http_rc = RunningPiHole.run(command)
+    page_contents = RunningPiHole.run('cat /tmp/curled_file ').stdout
+    expected_http_code = 200
+
+    validate_curl(http_rc, expected_http_code, page_contents)
+    assert http_rc.rc == 0
+    assert int(http_rc.stdout) == expected_http_code
+    for html_text in ['dns_queries_today', 'Content-Security-Policy', 
+                      'scripts/pi-hole/js/footer.js']:
+        # version removed, not showing up in footer of test env (fix me)
+        assert html_text in page_contents
+

tox.ini

@@ -0,0 +1,14 @@
+[tox]
+envlist = py38
+
+[testenv]
+whitelist_externals = docker
+deps = -rrequirements.txt
+# 2 parallel max b/c race condition with docker fixture (I think?)
+commands = docker run --rm --privileged multiarch/qemu-user-static:register --reset
+           ./Dockerfile.py -v --arch amd64
+           pytest -vv -n auto -k amd64 ./test/
+           ./Dockerfile.py -v --arch armhf --arch arm64 --arch armel
+           pytest -vv -n auto -k arm64 ./test/
+           pytest -vv -n auto -k armhf ./test/
+           pytest -vv -n auto -k armel ./test/

update.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-git submodule foreach git pull origin master;
-cp pi-hole/gravity.sh alpine/;
-sed -i '/^gravity_reload/ c\#gravity_reload' alpine/gravity.sh
-pushd pi-hole ; git describe --tags --abbrev=0 > ../pi-hole_version.txt ; popd ;
-pushd AdminLTE ; git describe --tags --abbrev=0 > ../AdminLTE_version.txt ; popd ;