Merge pull request #1245 from pi-hole/dev

Dev - > master

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,3 +1,12 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
 <!-- Provide a general summary of the issue in the Title above -->
 <!-- Note: these are comments that don't show up in the actual issue, no need to delete them as you fill out the template -->
 

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,12 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions and Configurations
+    url: https://discourse.pi-hole.net
+    about: Ask a question or get help with configurations.
+  - name: Feature Requests
+    url: https://discourse.pi-hole.net/c/feature-requests/8
+    about: See existing Feature Requests and suggest new ones.
+  - name: Documentation
+    url: https://docs.pi-hole.net
+    about: Documentation and guides.
+    

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,3 +1,5 @@
+`{Please select 'base: dev' as target branch above! (you can delete this line)}`
+
 <!--- Provide a general summary of your changes in the Title above -->
 
 ## Description

.github/dco.yml

@@ -0,0 +1,2 @@
+require:
+  members: false

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: saturday
+      time: "10:00"
+    target-branch: dev
+    reviewers:
+      - "pi-hole/docker-maintainers"

.github/release.yml

@@ -0,0 +1,7 @@
+changelog:
+  exclude:
+    labels:
+      - internal
+    authors:
+      - dependabot
+      - github-actions

.github/workflows/codespell.yml

@@ -0,0 +1,18 @@
+name: Codespell
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  spell-check:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+    -
+      name: Checkout repository
+      uses: actions/checkout@v3
+    -
+      name: Spell-Checking
+      uses: codespell-project/actions-codespell@master
+      with:
+        ignore_words_file: .codespellignore

.github/workflows/stale.yml

@@ -0,0 +1,26 @@
+name: Mark stale issues
+
+on:
+  schedule:
+  - cron: '0 8 * * *'
+  workflow_dispatch:
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+    - uses: actions/stale@v6
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        days-before-stale: 30
+        days-before-close: 5
+        stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.'
+        stale-issue-label: 'stale'
+        exempt-issue-labels: 'pinned, Fixed in next release, bug, never-stale, documentation, investigating'
+        exempt-all-issue-assignees: true
+        operations-per-run: 300
+        close-issue-reason: 'not_planned'

.github/workflows/sync-back-to-dev.yml

@@ -0,0 +1,27 @@
+name: Sync Back to Development
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  sync-branches:
+    runs-on: ubuntu-latest
+    name: Syncing branches
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Opening pull request
+        id: pull
+        uses: tretuna/sync-branches@1.4.0
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FROM_BRANCH: 'master'
+          TO_BRANCH: 'dev'
+      - name: Label the pull request to ignore for release note generation
+        uses: actions-ecosystem/action-add-labels@v1
+        with:
+          labels: internal
+          repo: ${{ github.repository }}
+          number: ${{ steps.pull.outputs.PULL_REQUEST_NUMBER }}

.github/workflows/test-and-build.yaml

@@ -1,65 +1,83 @@
 name: Test & Build
 on:
+  schedule:
+    - cron: '0 2 * * *'
   push:
     branches:
-      - master
       - dev
-      - v*
-      - beta-v*
-      - release/*
-    tags:
-      - v*
   pull_request:
-
-#env:
-#  DOCKER_HUB_REPO: pihole
+  release:
+    types: [published]
 
 jobs:
-  test-and-build:
+  test:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ARCH: [amd64, armhf, arm64]
-        DEBIAN_VERSION: [stretch, buster]
-    env:
-      ARCH: ${{matrix.ARCH}}
-      DEBIAN_VERSION: ${{matrix.DEBIAN_VERSION}}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run Tests
         run: |
-          echo "Building ${ARCH}-${DEBIAN_VERSION}"
-          ./gh-actions-test.sh
-      - name: Push the ARCH image
-        if: github.event_name != 'pull_request'
-        run: |
-          . gh-actions-vars.sh
-          echo "${{ secrets.DOCKERHUB_PASS }}" | docker login --username="${{ secrets.DOCKERHUB_USER }}" --password-stdin
-          docker push "${ARCH_IMAGE}"
-      - name: Upload gh-workspace
-        if: github.event_name != 'pull_request'
-        uses: actions/upload-artifact@v1
-        with:
-          name: gh-workspace
-          path: .gh-workspace
+          echo "Building image to test"
+          ./build-and-test.sh
 
-  publish:
+  build-and-publish:
     if: github.event_name != 'pull_request'
+    # If only readme has been touched, for example, then the `test` job will have been skipped. This job will therefore be skipped, too.
+    needs: test
     runs-on: ubuntu-latest
-    needs: test-and-build
     steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v2
-      - name: Download workspace files
-        uses: actions/download-artifact@v1
+      -
+        name: Checkout
+        if: github.event_name != 'schedule'
+        uses: actions/checkout@v3
+      -
+        name: Checkout dev branch if we are building nightly
+        if: github.event_name == 'schedule'
+        uses: actions/checkout@v3
         with:
-          name: gh-workspace
-          path: .gh-workspace
-      - name: Tag and Publish multi-arch images
-        env:
-          DOCKERHUB_PASS: ${{ secrets.DOCKERHUB_PASS }}
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-        run: |
-          ./gh-actions-deploy.sh
+          ref: dev
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole
+            ghcr.io/${{ github.repository_owner }}/pihole
+          flavor: |
+            latest=${{ startsWith(github.ref, 'refs/tags/') }}
+          tags: |
+            type=schedule
+            type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
+            type=ref,event=tag
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASS }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: ./src/
+          platforms: linux/amd64, linux/arm64, linux/386, linux/arm/v7, linux/arm/v6
+          build-args: |
+            PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

CHANGELOG.md

@@ -2,4 +2,4 @@
 
 Notes about releases will be documented on [docker-pi-hole's github releases page](https://github.com/pi-hole/docker-pi-hole/releases).  Breaking changes will be copied to the top of the docker repo's README file to assist with common upgrade issues.
 
-See the [Pi-hole releases](https://github.com/pi-hole/pi-hole/releases) for details on updates unreleated to docker image releases
+See the [Pi-hole releases](https://github.com/pi-hole/pi-hole/releases) for details on updates unrelated to docker image releases

CONTRIBUTING.md

@@ -6,5 +6,5 @@ Please review the following before opening a pull request (PR) to help your PR g
   * To ensure proper testing and quality control, target any code change pull requests against `dev` branch.
 
 * Make sure the tests pass
-  * Take a look at [TESTING.md](TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have GitHub Actions run it.
+  * Take a look at [TESTING.md](test/TESTING.md) to see how to run tests locally so you do not have to push all your code to a PR and have GitHub Actions run it.
   * Your tests will probably run faster locally and you get a faster feedback loop.

Dockerfile

@@ -1,58 +0,0 @@
-ARG PIHOLE_BASE
-FROM $PIHOLE_BASE
-
-ARG PIHOLE_ARCH
-ENV PIHOLE_ARCH "${PIHOLE_ARCH}"
-ARG S6_ARCH
-ARG S6_VERSION
-ENV S6OVERLAY_RELEASE "https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-${S6_ARCH}.tar.gz"
-
-COPY install.sh /usr/local/bin/install.sh
-COPY VERSION /etc/docker-pi-hole-version
-ENV PIHOLE_INSTALL /root/ph_install.sh
-
-RUN bash -ex install.sh 2>&1 && \
-    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
-
-ENTRYPOINT [ "/s6-init" ]
-
-ADD s6/debian-root /
-COPY s6/service /usr/local/bin/service
-
-# php config start passes special ENVs into
-ARG PHP_ENV_CONFIG
-ENV PHP_ENV_CONFIG "${PHP_ENV_CONFIG}"
-ARG PHP_ERROR_LOG
-ENV PHP_ERROR_LOG "${PHP_ERROR_LOG}"
-COPY ./start.sh /
-COPY ./bash_functions.sh /
-
-# IPv6 disable flag for networks/devices that do not support it
-ENV IPv6 True
-
-EXPOSE 53 53/udp
-EXPOSE 67/udp
-EXPOSE 80
-EXPOSE 443
-
-ENV S6_LOGGING 0
-ENV S6_KEEP_ENV 1
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
-
-ENV ServerIP 0.0.0.0
-ENV FTL_CMD no-daemon
-ENV DNSMASQ_USER root
-
-ARG PIHOLE_VERSION
-ENV VERSION "${PIHOLE_VERSION}"
-ENV PATH /opt/pihole:${PATH}
-
-ARG NAME
-LABEL image="${NAME}:${PIHOLE_VERSION}_${PIHOLE_ARCH}"
-ARG MAINTAINER
-LABEL maintainer="${MAINTAINER}"
-LABEL url="https://www.github.com/pi-hole/docker-pi-hole"
-
-HEALTHCHECK CMD dig +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
-
-SHELL ["/bin/bash", "-c"]

Dockerfile.py

@@ -1,86 +0,0 @@
-#!/usr/bin/env python3
-""" Dockerfile.py - generates and build dockerfiles
-
-Usage:
-  Dockerfile.py [--hub_tag=<tag>] [--arch=<arch> ...] [--debian=<version> ...] [-v] [-t] [--no-build] [--no-cache] [--fail-fast]
-
-Options:
-    --no-build           Skip building the docker images
-    --no-cache           Build without using any cache data
-    --fail-fast          Exit on first build error
-    --hub_tag=<tag>      What the Docker Hub Image should be tagged as [default: None]
-    --arch=<arch>        What Architecture(s) to build     [default: amd64 armel armhf arm64]
-    --debian=<version>   What debian version(s) to build   [default: stretch buster]
-    -v                   Print docker's command output     [default: False]
-    -t                   Print docker's build time         [default: False]
-
-Examples:
-"""
-from docopt import docopt
-import os
-import sys
-import subprocess
-
-__version__ = None
-dot = os.path.abspath('.')
-with open('{}/VERSION'.format(dot), 'r') as v:
-    raw_version = v.read().strip()
-    __version__ = raw_version.replace('release/', 'release-')
-
-
-def build_dockerfiles(args) -> bool:
-    all_success = True
-    if args['-v']:
-        print(args)
-    if args['--no-build']:
-        print(" ::: Skipping Dockerfile building")
-        return all_success
-
-    for arch in args['--arch']:
-        for debian_version in args['--debian']:
-            all_success = build('pihole', arch, debian_version, args['--hub_tag'], args['-t'], args['--no-cache'], args['-v']) and all_success
-            if not all_success and args['--fail-fast']:
-                return False
-    return all_success
-
-
-def run_and_stream_command_output(command, environment_vars, verbose) -> bool:
-    print("Running", command)
-    build_result = subprocess.Popen(command.split(), env=environment_vars, stdout=subprocess.PIPE,
-                                    stderr=subprocess.STDOUT, bufsize=1, universal_newlines=True)
-    if verbose:
-        while build_result.poll() is None:
-            for line in build_result.stdout:
-                print(line, end='')
-    build_result.wait()
-    if build_result.returncode != 0:
-        print("     ::: Error running".format(command))
-        print(build_result.stderr)
-    return build_result.returncode == 0
-
-
-def build(docker_repo: str, arch: str, debian_version: str, hub_tag: str, show_time: bool, no_cache: bool, verbose: bool) -> bool:
-    create_tag = f'{docker_repo}:{__version__}-{arch}-{debian_version}'
-    print(f' ::: Building {create_tag}')
-    time_arg = 'time' if show_time else ''
-    cache_arg = '--no-cache' if no_cache else ''
-    build_env = os.environ.copy()
-    build_env['PIHOLE_VERSION'] = __version__
-    build_env['DEBIAN_VERSION'] = debian_version
-    build_command = f'{time_arg} docker-compose -f build.yml build {cache_arg} --pull {arch}'
-    print(f' ::: Building {arch} into {create_tag}')
-    success = run_and_stream_command_output(build_command, build_env, verbose)
-    if verbose:
-        print(build_command, '\n')
-    if success and hub_tag:
-        hub_tag_command = f'{time_arg} docker tag {create_tag} {hub_tag}'
-        print(f' ::: Tagging {create_tag} into {hub_tag}')
-        success = run_and_stream_command_output(hub_tag_command, build_env, verbose)
-    return success
-
-
-if __name__ == '__main__':
-    args = docopt(__doc__, version='Dockerfile 1.1')
-    success = build_dockerfiles(args)
-    exit_code = 0 if success else 1
-    sys.exit(exit_code)

Dockerfile.sh

@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-# @param ${ARCH}             The architecture to build. Example: amd64
-# @param ${DEBIAN_VERSION}   The debian version to build. Example: buster
-# @param ${ARCH_IMAGE}       What the Docker Hub Image should be tagged as [default: None]
-
-set -eux
-./Dockerfile.py -v --no-cache --arch="${ARCH}" --debian="${DEBIAN_VERSION}" --hub_tag="${ARCH_IMAGE}"
-docker images
-
-# TODO: Add junitxml output and have something consume it
-# 2 parallel max b/c race condition with docker fixture (I think?)
-py.test -vv -n 2 -k "${ARCH}" ./test/

Dockerfile_build

@@ -1,25 +0,0 @@
-FROM python:3.8-buster
-
-# Only works for docker CLIENT (bind mounted socket)
-COPY --from=docker:18.09.3 /usr/local/bin/docker /usr/local/bin/
-
-ARG packages
-RUN apt-get update && \
-    apt-get install -y python3-dev curl gcc make \
-        libffi-dev libssl-dev ${packages} \
-    && pip3 install -U pip pipenv
-
-RUN curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
-    chmod +x /usr/local/bin/docker-compose 
-
-COPY ./Dockerfile.sh /usr/local/bin/
-COPY Pipfile* /root/
-WORKDIR /root
-
-RUN pipenv install --system \
-    && sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.8/site-packages/testinfra/backend/docker.py
-
-RUN echo "set -ex && Dockerfile.sh && \$@" > /usr/local/bin/entrypoint.sh
-RUN chmod +x /usr/local/bin/entrypoint.sh
-ENTRYPOINT entrypoint.sh
-CMD Dockerfile.sh

Pipfile

@@ -1,63 +0,0 @@
-[[source]]
-name = "pypi"
-url = "https://pypi.org/simple"
-verify_ssl = true
-
-[dev-packages]
-
-[packages]
-apipkg = "==1.5"
-atomicwrites = "==1.3.0"
-attrs = "==19.3.0"
-bcrypt = "==3.1.7"
-cached-property = "==1.5.1"
-certifi = "==2019.11.28"
-cffi = "==1.13.2"
-chardet = "==3.0.4"
-configparser = "==4.0.2"
-contextlib2 = "==0.6.0.post1"
-coverage = "==5.0.1"
-cryptography = "==2.8"
-docker = "==4.1.0"
-dockerpty = "==0.4.1"
-docopt = "==0.6.2"
-enum34 = "==1.1.6"
-execnet = "==1.7.1"
-filelock = "==3.0.12"
-funcsigs = "==1.0.2"
-idna = "==2.8"
-importlib-metadata = "==1.3.0"
-ipaddress = "==1.0.23"
-jsonschema = "==3.2.0"
-more-itertools = "==5.0.0"
-pathlib2 = "==2.3.5"
-pluggy = "==0.13.1"
-py = "==1.8.1"
-pycparser = "==2.19"
-pyparsing = "==2.4.6"
-pyrsistent = "==0.15.6"
-pytest = "==4.6.8"
-pytest-cov = "==2.8.1"
-pytest-forked = "==1.1.3"
-pytest-xdist = "==1.31.0"
-requests = "==2.22.0"
-scandir = "==1.10.0"
-six = "==1.13.0"
-subprocess32 = "==3.5.4"
-testinfra = "==3.3.0"
-texttable = "==1.6.2"
-toml = "==0.10.0"
-tox = "==3.14.3"
-urllib3 = "==1.25.7"
-virtualenv = "==16.7.9"
-wcwidth = "==0.1.7"
-zipp = "==0.6.0"
-"backports.shutil_get_terminal_size" = "==1.0.0"
-"backports.ssl_match_hostname" = "==3.7.0.1"
-Jinja2 = "==2.10.3"
-MarkupSafe = "==1.1.1"
-PyYAML = "==5.2"
-websocket_client = "==0.57.0"
-
-[requires]
-python_version = "3.8"

Pipfile.lock

@@ -1,586 +0,0 @@
-{
-    "_meta": {
-        "hash": {
-            "sha256": "ee7705112b315cad899e08bd6eac8f47e9a200a0d47a1920cc192995b79f8673"
-        },
-        "pipfile-spec": 6,
-        "requires": {
-            "python_version": "3.8"
-        },
-        "sources": [
-            {
-                "name": "pypi",
-                "url": "https://pypi.org/simple",
-                "verify_ssl": true
-            }
-        ]
-    },
-    "default": {
-        "apipkg": {
-            "hashes": [
-                "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6",
-                "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c"
-            ],
-            "index": "pypi",
-            "version": "==1.5"
-        },
-        "atomicwrites": {
-            "hashes": [
-                "sha256:03472c30eb2c5d1ba9227e4c2ca66ab8287fbfbbda3888aa93dc2e28fc6811b4",
-                "sha256:75a9445bac02d8d058d5e1fe689654ba5a6556a1dfd8ce6ec55a0ed79866cfa6"
-            ],
-            "index": "pypi",
-            "version": "==1.3.0"
-        },
-        "attrs": {
-            "hashes": [
-                "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c",
-                "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"
-            ],
-            "index": "pypi",
-            "version": "==19.3.0"
-        },
-        "backports.shutil-get-terminal-size": {
-            "hashes": [
-                "sha256:0975ba55054c15e346944b38956a4c9cbee9009391e41b86c68990effb8c1f64",
-                "sha256:713e7a8228ae80341c70586d1cc0a8caa5207346927e23d09dcbcaf18eadec80"
-            ],
-            "index": "pypi",
-            "version": "==1.0.0"
-        },
-        "backports.ssl-match-hostname": {
-            "hashes": [
-                "sha256:bb82e60f9fbf4c080eabd957c39f0641f0fc247d9a16e31e26d594d8f42b9fd2"
-            ],
-            "index": "pypi",
-            "version": "==3.7.0.1"
-        },
-        "bcrypt": {
-            "hashes": [
-                "sha256:0258f143f3de96b7c14f762c770f5fc56ccd72f8a1857a451c1cd9a655d9ac89",
-                "sha256:0b0069c752ec14172c5f78208f1863d7ad6755a6fae6fe76ec2c80d13be41e42",
-                "sha256:19a4b72a6ae5bb467fea018b825f0a7d917789bcfe893e53f15c92805d187294",
-                "sha256:5432dd7b34107ae8ed6c10a71b4397f1c853bd39a4d6ffa7e35f40584cffd161",
-                "sha256:6305557019906466fc42dbc53b46da004e72fd7a551c044a827e572c82191752",
-                "sha256:69361315039878c0680be456640f8705d76cb4a3a3fe1e057e0f261b74be4b31",
-                "sha256:6fe49a60b25b584e2f4ef175b29d3a83ba63b3a4df1b4c0605b826668d1b6be5",
-                "sha256:74a015102e877d0ccd02cdeaa18b32aa7273746914a6c5d0456dd442cb65b99c",
-                "sha256:763669a367869786bb4c8fcf731f4175775a5b43f070f50f46f0b59da45375d0",
-                "sha256:8b10acde4e1919d6015e1df86d4c217d3b5b01bb7744c36113ea43d529e1c3de",
-                "sha256:9fe92406c857409b70a38729dbdf6578caf9228de0aef5bc44f859ffe971a39e",
-                "sha256:a190f2a5dbbdbff4b74e3103cef44344bc30e61255beb27310e2aec407766052",
-                "sha256:a595c12c618119255c90deb4b046e1ca3bcfad64667c43d1166f2b04bc72db09",
-                "sha256:c9457fa5c121e94a58d6505cadca8bed1c64444b83b3204928a866ca2e599105",
-                "sha256:cb93f6b2ab0f6853550b74e051d297c27a638719753eb9ff66d1e4072be67133",
-                "sha256:ce4e4f0deb51d38b1611a27f330426154f2980e66582dc5f438aad38b5f24fc1",
-                "sha256:d7bdc26475679dd073ba0ed2766445bb5b20ca4793ca0db32b399dccc6bc84b7",
-                "sha256:ff032765bb8716d9387fd5376d987a937254b0619eff0972779515b5c98820bc"
-            ],
-            "index": "pypi",
-            "version": "==3.1.7"
-        },
-        "cached-property": {
-            "hashes": [
-                "sha256:3a026f1a54135677e7da5ce819b0c690f156f37976f3e30c5430740725203d7f",
-                "sha256:9217a59f14a5682da7c4b8829deadbfc194ac22e9908ccf7c8820234e80a1504"
-            ],
-            "index": "pypi",
-            "version": "==1.5.1"
-        },
-        "certifi": {
-            "hashes": [
-                "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
-                "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
-            ],
-            "index": "pypi",
-            "version": "==2019.11.28"
-        },
-        "cffi": {
-            "hashes": [
-                "sha256:0b49274afc941c626b605fb59b59c3485c17dc776dc3cc7cc14aca74cc19cc42",
-                "sha256:0e3ea92942cb1168e38c05c1d56b0527ce31f1a370f6117f1d490b8dcd6b3a04",
-                "sha256:135f69aecbf4517d5b3d6429207b2dff49c876be724ac0c8bf8e1ea99df3d7e5",
-                "sha256:19db0cdd6e516f13329cba4903368bff9bb5a9331d3410b1b448daaadc495e54",
-                "sha256:2781e9ad0e9d47173c0093321bb5435a9dfae0ed6a762aabafa13108f5f7b2ba",
-                "sha256:291f7c42e21d72144bb1c1b2e825ec60f46d0a7468f5346841860454c7aa8f57",
-                "sha256:2c5e309ec482556397cb21ede0350c5e82f0eb2621de04b2633588d118da4396",
-                "sha256:2e9c80a8c3344a92cb04661115898a9129c074f7ab82011ef4b612f645939f12",
-                "sha256:32a262e2b90ffcfdd97c7a5e24a6012a43c61f1f5a57789ad80af1d26c6acd97",
-                "sha256:3c9fff570f13480b201e9ab69453108f6d98244a7f495e91b6c654a47486ba43",
-                "sha256:415bdc7ca8c1c634a6d7163d43fb0ea885a07e9618a64bda407e04b04333b7db",
-                "sha256:42194f54c11abc8583417a7cf4eaff544ce0de8187abaf5d29029c91b1725ad3",
-                "sha256:4424e42199e86b21fc4db83bd76909a6fc2a2aefb352cb5414833c030f6ed71b",
-                "sha256:4a43c91840bda5f55249413037b7a9b79c90b1184ed504883b72c4df70778579",
-                "sha256:599a1e8ff057ac530c9ad1778293c665cb81a791421f46922d80a86473c13346",
-                "sha256:5c4fae4e9cdd18c82ba3a134be256e98dc0596af1e7285a3d2602c97dcfa5159",
-                "sha256:5ecfa867dea6fabe2a58f03ac9186ea64da1386af2159196da51c4904e11d652",
-                "sha256:62f2578358d3a92e4ab2d830cd1c2049c9c0d0e6d3c58322993cc341bdeac22e",
-                "sha256:6471a82d5abea994e38d2c2abc77164b4f7fbaaf80261cb98394d5793f11b12a",
-                "sha256:6d4f18483d040e18546108eb13b1dfa1000a089bcf8529e30346116ea6240506",
-                "sha256:71a608532ab3bd26223c8d841dde43f3516aa5d2bf37b50ac410bb5e99053e8f",
-                "sha256:74a1d8c85fb6ff0b30fbfa8ad0ac23cd601a138f7509dc617ebc65ef305bb98d",
-                "sha256:7b93a885bb13073afb0aa73ad82059a4c41f4b7d8eb8368980448b52d4c7dc2c",
-                "sha256:7d4751da932caaec419d514eaa4215eaf14b612cff66398dd51129ac22680b20",
-                "sha256:7f627141a26b551bdebbc4855c1157feeef18241b4b8366ed22a5c7d672ef858",
-                "sha256:8169cf44dd8f9071b2b9248c35fc35e8677451c52f795daa2bb4643f32a540bc",
-                "sha256:aa00d66c0fab27373ae44ae26a66a9e43ff2a678bf63a9c7c1a9a4d61172827a",
-                "sha256:ccb032fda0873254380aa2bfad2582aedc2959186cce61e3a17abc1a55ff89c3",
-                "sha256:d754f39e0d1603b5b24a7f8484b22d2904fa551fe865fd0d4c3332f078d20d4e",
-                "sha256:d75c461e20e29afc0aee7172a0950157c704ff0dd51613506bd7d82b718e7410",
-                "sha256:dcd65317dd15bc0451f3e01c80da2216a31916bdcffd6221ca1202d96584aa25",
-                "sha256:e570d3ab32e2c2861c4ebe6ffcad6a8abf9347432a37608fe1fbd157b3f0036b",
-                "sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d"
-            ],
-            "index": "pypi",
-            "version": "==1.13.2"
-        },
-        "chardet": {
-            "hashes": [
-                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
-                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
-            ],
-            "index": "pypi",
-            "version": "==3.0.4"
-        },
-        "configparser": {
-            "hashes": [
-                "sha256:254c1d9c79f60c45dfde850850883d5aaa7f19a23f13561243a050d5a7c3fe4c",
-                "sha256:c7d282687a5308319bf3d2e7706e575c635b0a470342641c93bea0ea3b5331df"
-            ],
-            "index": "pypi",
-            "version": "==4.0.2"
-        },
-        "contextlib2": {
-            "hashes": [
-                "sha256:01f490098c18b19d2bd5bb5dc445b2054d2fa97f09a4280ba2c5f3c394c8162e",
-                "sha256:3355078a159fbb44ee60ea80abd0d87b80b78c248643b49aa6d94673b413609b"
-            ],
-            "index": "pypi",
-            "version": "==0.6.0.post1"
-        },
-        "coverage": {
-            "hashes": [
-                "sha256:0101888bd1592a20ccadae081ba10e8b204d20235d18d05c6f7d5e904a38fc10",
-                "sha256:04b961862334687549eb91cd5178a6fbe977ad365bddc7c60f2227f2f9880cf4",
-                "sha256:1ca43dbd739c0fc30b0a3637a003a0d2c7edc1dd618359d58cc1e211742f8bd1",
-                "sha256:1cbb88b34187bdb841f2599770b7e6ff8e259dc3bb64fc7893acf44998acf5f8",
-                "sha256:232f0b52a5b978288f0bbc282a6c03fe48cd19a04202df44309919c142b3bb9c",
-                "sha256:24bcfa86fd9ce86b73a8368383c39d919c497a06eebb888b6f0c12f13e920b1a",
-                "sha256:25b8f60b5c7da71e64c18888f3067d5b6f1334b9681876b2fb41eea26de881ae",
-                "sha256:2714160a63da18aed9340c70ed514973971ee7e665e6b336917ff4cca81a25b1",
-                "sha256:2ca2cd5264e84b2cafc73f0045437f70c6378c0d7dbcddc9ee3fe192c1e29e5d",
-                "sha256:2cc707fc9aad2592fc686d63ef72dc0031fc98b6fb921d2f5395d9ab84fbc3ef",
-                "sha256:348630edea485f4228233c2f310a598abf8afa5f8c716c02a9698089687b6085",
-                "sha256:40fbfd6b044c9db13aeec1daf5887d322c710d811f944011757526ef6e323fd9",
-                "sha256:46c9c6a1d1190c0b75ec7c0f339088309952b82ae8d67a79ff1319eb4e749b96",
-                "sha256:591506e088901bdc25620c37aec885e82cc896528f28c57e113751e3471fc314",
-                "sha256:5ac71bba1e07eab403b082c4428f868c1c9e26a21041436b4905c4c3d4e49b08",
-                "sha256:5f622f19abda4e934938e24f1d67599249abc201844933a6f01aaa8663094489",
-                "sha256:65bead1ac8c8930cf92a1ccaedcce19a57298547d5d1db5c9d4d068a0675c38b",
-                "sha256:7362a7f829feda10c7265b553455de596b83d1623b3d436b6d3c51c688c57bf6",
-                "sha256:7f2675750c50151f806070ec11258edf4c328340916c53bac0adbc465abd6b1e",
-                "sha256:960d7f42277391e8b1c0b0ae427a214e1b31a1278de6b73f8807b20c2e913bba",
-                "sha256:a50b0888d8a021a3342d36a6086501e30de7d840ab68fca44913e97d14487dc1",
-                "sha256:b7dbc5e8c39ea3ad3db22715f1b5401cd698a621218680c6daf42c2f9d36e205",
-                "sha256:bb3d29df5d07d5399d58a394d0ef50adf303ab4fbf66dfd25b9ef258effcb692",
-                "sha256:c0fff2733f7c2950f58a4fd09b5db257b00c6fec57bf3f68c5bae004d804b407",
-                "sha256:c792d3707a86c01c02607ae74364854220fb3e82735f631cd0a345dea6b4cee5",
-                "sha256:c90bda74e16bcd03861b09b1d37c0a4158feda5d5a036bb2d6e58de6ff65793e",
-                "sha256:cfce79ce41cc1a1dc7fc85bb41eeeb32d34a4cf39a645c717c0550287e30ff06",
-                "sha256:eeafb646f374988c22c8e6da5ab9fb81367ecfe81c70c292623373d2a021b1a1",
-                "sha256:f425f50a6dd807cb9043d15a4fcfba3b5874a54d9587ccbb748899f70dc18c47",
-                "sha256:fcd4459fe35a400b8f416bc57906862693c9f88b66dc925e7f2a933e77f6b18b",
-                "sha256:ff3936dd5feaefb4f91c8c1f50a06c588b5dc69fba4f7d9c79a6617ad80bb7df"
-            ],
-            "index": "pypi",
-            "version": "==5.0.1"
-        },
-        "cryptography": {
-            "hashes": [
-                "sha256:02079a6addc7b5140ba0825f542c0869ff4df9a69c360e339ecead5baefa843c",
-                "sha256:1df22371fbf2004c6f64e927668734070a8953362cd8370ddd336774d6743595",
-                "sha256:369d2346db5934345787451504853ad9d342d7f721ae82d098083e1f49a582ad",
-                "sha256:3cda1f0ed8747339bbdf71b9f38ca74c7b592f24f65cdb3ab3765e4b02871651",
-                "sha256:44ff04138935882fef7c686878e1c8fd80a723161ad6a98da31e14b7553170c2",
-                "sha256:4b1030728872c59687badcca1e225a9103440e467c17d6d1730ab3d2d64bfeff",
-                "sha256:58363dbd966afb4f89b3b11dfb8ff200058fbc3b947507675c19ceb46104b48d",
-                "sha256:6ec280fb24d27e3d97aa731e16207d58bd8ae94ef6eab97249a2afe4ba643d42",
-                "sha256:7270a6c29199adc1297776937a05b59720e8a782531f1f122f2eb8467f9aab4d",
-                "sha256:73fd30c57fa2d0a1d7a49c561c40c2f79c7d6c374cc7750e9ac7c99176f6428e",
-                "sha256:7f09806ed4fbea8f51585231ba742b58cbcfbfe823ea197d8c89a5e433c7e912",
-                "sha256:90df0cc93e1f8d2fba8365fb59a858f51a11a394d64dbf3ef844f783844cc793",
-                "sha256:971221ed40f058f5662a604bd1ae6e4521d84e6cad0b7b170564cc34169c8f13",
-                "sha256:a518c153a2b5ed6b8cc03f7ae79d5ffad7315ad4569b2d5333a13c38d64bd8d7",
-                "sha256:b0de590a8b0979649ebeef8bb9f54394d3a41f66c5584fff4220901739b6b2f0",
-                "sha256:b43f53f29816ba1db8525f006fa6f49292e9b029554b3eb56a189a70f2a40879",
-                "sha256:d31402aad60ed889c7e57934a03477b572a03af7794fa8fb1780f21ea8f6551f",
-                "sha256:de96157ec73458a7f14e3d26f17f8128c959084931e8997b9e655a39c8fde9f9",
-                "sha256:df6b4dca2e11865e6cfbfb708e800efb18370f5a46fd601d3755bc7f85b3a8a2",
-                "sha256:ecadccc7ba52193963c0475ac9f6fa28ac01e01349a2ca48509667ef41ffd2cf",
-                "sha256:fb81c17e0ebe3358486cd8cc3ad78adbae58af12fc2bf2bc0bb84e8090fa5ce8"
-            ],
-            "index": "pypi",
-            "version": "==2.8"
-        },
-        "docker": {
-            "hashes": [
-                "sha256:6e06c5e70ba4fad73e35f00c55a895a448398f3ada7faae072e2bb01348bafc1",
-                "sha256:8f93775b8bdae3a2df6bc9a5312cce564cade58d6555f2c2570165a1270cd8a7"
-            ],
-            "index": "pypi",
-            "version": "==4.1.0"
-        },
-        "dockerpty": {
-            "hashes": [
-                "sha256:69a9d69d573a0daa31bcd1c0774eeed5c15c295fe719c61aca550ed1393156ce"
-            ],
-            "index": "pypi",
-            "version": "==0.4.1"
-        },
-        "docopt": {
-            "hashes": [
-                "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491"
-            ],
-            "index": "pypi",
-            "version": "==0.6.2"
-        },
-        "enum34": {
-            "hashes": [
-                "sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850",
-                "sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a",
-                "sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79",
-                "sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1"
-            ],
-            "index": "pypi",
-            "version": "==1.1.6"
-        },
-        "execnet": {
-            "hashes": [
-                "sha256:cacb9df31c9680ec5f95553976c4da484d407e85e41c83cb812aa014f0eddc50",
-                "sha256:d4efd397930c46415f62f8a31388d6be4f27a91d7550eb79bc64a756e0056547"
-            ],
-            "index": "pypi",
-            "version": "==1.7.1"
-        },
-        "filelock": {
-            "hashes": [
-                "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59",
-                "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836"
-            ],
-            "index": "pypi",
-            "version": "==3.0.12"
-        },
-        "funcsigs": {
-            "hashes": [
-                "sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca",
-                "sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50"
-            ],
-            "index": "pypi",
-            "version": "==1.0.2"
-        },
-        "idna": {
-            "hashes": [
-                "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407",
-                "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c"
-            ],
-            "index": "pypi",
-            "version": "==2.8"
-        },
-        "importlib-metadata": {
-            "hashes": [
-                "sha256:073a852570f92da5f744a3472af1b61e28e9f78ccf0c9117658dc32b15de7b45",
-                "sha256:d95141fbfa7ef2ec65cfd945e2af7e5a6ddbd7c8d9a25e66ff3be8e3daf9f60f"
-            ],
-            "index": "pypi",
-            "version": "==1.3.0"
-        },
-        "ipaddress": {
-            "hashes": [
-                "sha256:6e0f4a39e66cb5bb9a137b00276a2eff74f93b71dcbdad6f10ff7df9d3557fcc",
-                "sha256:b7f8e0369580bb4a24d5ba1d7cc29660a4a6987763faf1d8a8046830e020e7e2"
-            ],
-            "index": "pypi",
-            "version": "==1.0.23"
-        },
-        "jinja2": {
-            "hashes": [
-                "sha256:74320bb91f31270f9551d46522e33af46a80c3d619f4a4bf42b3164d30b5911f",
-                "sha256:9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
-            ],
-            "index": "pypi",
-            "version": "==2.10.3"
-        },
-        "jsonschema": {
-            "hashes": [
-                "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163",
-                "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a"
-            ],
-            "index": "pypi",
-            "version": "==3.2.0"
-        },
-        "markupsafe": {
-            "hashes": [
-                "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473",
-                "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161",
-                "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235",
-                "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5",
-                "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42",
-                "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff",
-                "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b",
-                "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1",
-                "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e",
-                "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183",
-                "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66",
-                "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b",
-                "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1",
-                "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15",
-                "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1",
-                "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e",
-                "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b",
-                "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905",
-                "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735",
-                "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d",
-                "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e",
-                "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d",
-                "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c",
-                "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21",
-                "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2",
-                "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5",
-                "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b",
-                "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6",
-                "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f",
-                "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f",
-                "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2",
-                "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7",
-                "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be"
-            ],
-            "index": "pypi",
-            "version": "==1.1.1"
-        },
-        "more-itertools": {
-            "hashes": [
-                "sha256:38a936c0a6d98a38bcc2d03fdaaedaba9f412879461dd2ceff8d37564d6522e4",
-                "sha256:c0a5785b1109a6bd7fac76d6837fd1feca158e54e521ccd2ae8bfe393cc9d4fc",
-                "sha256:fe7a7cae1ccb57d33952113ff4fa1bc5f879963600ed74918f1236e212ee50b9"
-            ],
-            "index": "pypi",
-            "version": "==5.0.0"
-        },
-        "packaging": {
-            "hashes": [
-                "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8",
-                "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"
-            ],
-            "version": "==20.4"
-        },
-        "pathlib2": {
-            "hashes": [
-                "sha256:0ec8205a157c80d7acc301c0b18fbd5d44fe655968f5d947b6ecef5290fc35db",
-                "sha256:6cd9a47b597b37cc57de1c05e56fb1a1c9cc9fab04fe78c29acd090418529868"
-            ],
-            "index": "pypi",
-            "version": "==2.3.5"
-        },
-        "pluggy": {
-            "hashes": [
-                "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0",
-                "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"
-            ],
-            "index": "pypi",
-            "version": "==0.13.1"
-        },
-        "py": {
-            "hashes": [
-                "sha256:5e27081401262157467ad6e7f851b7aa402c5852dbcb3dae06768434de5752aa",
-                "sha256:c20fdd83a5dbc0af9efd622bee9a5564e278f6380fffcacc43ba6f43db2813b0"
-            ],
-            "index": "pypi",
-            "version": "==1.8.1"
-        },
-        "pycparser": {
-            "hashes": [
-                "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
-            ],
-            "index": "pypi",
-            "version": "==2.19"
-        },
-        "pyparsing": {
-            "hashes": [
-                "sha256:4c830582a84fb022400b85429791bc551f1f4871c33f23e44f353119e92f969f",
-                "sha256:c342dccb5250c08d45fd6f8b4a559613ca603b57498511740e65cd11a2e7dcec"
-            ],
-            "index": "pypi",
-            "version": "==2.4.6"
-        },
-        "pyrsistent": {
-            "hashes": [
-                "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b"
-            ],
-            "index": "pypi",
-            "version": "==0.15.6"
-        },
-        "pytest": {
-            "hashes": [
-                "sha256:6192875be8af57b694b7c4904e909680102befcb99e610ef3d9f786952f795aa",
-                "sha256:f8447ebf8fd3d362868a5d3f43a9df786dfdfe9608843bd9002a2d47a104808f"
-            ],
-            "index": "pypi",
-            "version": "==4.6.8"
-        },
-        "pytest-cov": {
-            "hashes": [
-                "sha256:cc6742d8bac45070217169f5f72ceee1e0e55b0221f54bcf24845972d3a47f2b",
-                "sha256:cdbdef4f870408ebdbfeb44e63e07eb18bb4619fae852f6e760645fa36172626"
-            ],
-            "index": "pypi",
-            "version": "==2.8.1"
-        },
-        "pytest-forked": {
-            "hashes": [
-                "sha256:1805699ed9c9e60cb7a8179b8d4fa2b8898098e82d229b0825d8095f0f261100",
-                "sha256:1ae25dba8ee2e56fb47311c9638f9e58552691da87e82d25b0ce0e4bf52b7d87"
-            ],
-            "index": "pypi",
-            "version": "==1.1.3"
-        },
-        "pytest-xdist": {
-            "hashes": [
-                "sha256:0f46020d3d9619e6d17a65b5b989c1ebbb58fc7b1da8fb126d70f4bac4dfeed1",
-                "sha256:7dc0d027d258cd0defc618fb97055fbd1002735ca7a6d17037018cf870e24011"
-            ],
-            "index": "pypi",
-            "version": "==1.31.0"
-        },
-        "pyyaml": {
-            "hashes": [
-                "sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc",
-                "sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803",
-                "sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc",
-                "sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15",
-                "sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075",
-                "sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd",
-                "sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31",
-                "sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f",
-                "sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c",
-                "sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04",
-                "sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4"
-            ],
-            "index": "pypi",
-            "version": "==5.2"
-        },
-        "requests": {
-            "hashes": [
-                "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
-                "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
-            ],
-            "index": "pypi",
-            "version": "==2.22.0"
-        },
-        "scandir": {
-            "hashes": [
-                "sha256:2586c94e907d99617887daed6c1d102b5ca28f1085f90446554abf1faf73123e",
-                "sha256:2ae41f43797ca0c11591c0c35f2f5875fa99f8797cb1a1fd440497ec0ae4b022",
-                "sha256:2b8e3888b11abb2217a32af0766bc06b65cc4a928d8727828ee68af5a967fa6f",
-                "sha256:2c712840c2e2ee8dfaf36034080108d30060d759c7b73a01a52251cc8989f11f",
-                "sha256:4d4631f6062e658e9007ab3149a9b914f3548cb38bfb021c64f39a025ce578ae",
-                "sha256:67f15b6f83e6507fdc6fca22fedf6ef8b334b399ca27c6b568cbfaa82a364173",
-                "sha256:7d2d7a06a252764061a020407b997dd036f7bd6a175a5ba2b345f0a357f0b3f4",
-                "sha256:8c5922863e44ffc00c5c693190648daa6d15e7c1207ed02d6f46a8dcc2869d32",
-                "sha256:92c85ac42f41ffdc35b6da57ed991575bdbe69db895507af88b9f499b701c188",
-                "sha256:b24086f2375c4a094a6b51e78b4cf7ca16c721dcee2eddd7aa6494b42d6d519d",
-                "sha256:cb925555f43060a1745d0a321cca94bcea927c50114b623d73179189a4e100ac"
-            ],
-            "index": "pypi",
-            "version": "==1.10.0"
-        },
-        "six": {
-            "hashes": [
-                "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd",
-                "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
-            ],
-            "index": "pypi",
-            "version": "==1.13.0"
-        },
-        "subprocess32": {
-            "hashes": [
-                "sha256:88e37c1aac5388df41cc8a8456bb49ebffd321a3ad4d70358e3518176de3a56b",
-                "sha256:eb2937c80497978d181efa1b839ec2d9622cf9600a039a79d0e108d1f9aec79d"
-            ],
-            "index": "pypi",
-            "version": "==3.5.4"
-        },
-        "testinfra": {
-            "hashes": [
-                "sha256:780e6c2ab392ea93c26cee1777c968a144c2189a56b3e239a3a66e6d256925b5",
-                "sha256:c3492b39c8d2c98d8419ce1a91d7fe348213f9b98b91198d2e7e88b3954b050b"
-            ],
-            "index": "pypi",
-            "version": "==3.3.0"
-        },
-        "texttable": {
-            "hashes": [
-                "sha256:7dc282a5b22564fe0fdc1c771382d5dd9a54742047c61558e071c8cd595add86",
-                "sha256:eff3703781fbc7750125f50e10f001195174f13825a92a45e9403037d539b4f4"
-            ],
-            "index": "pypi",
-            "version": "==1.6.2"
-        },
-        "toml": {
-            "hashes": [
-                "sha256:229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c",
-                "sha256:235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e"
-            ],
-            "index": "pypi",
-            "version": "==0.10.0"
-        },
-        "tox": {
-            "hashes": [
-                "sha256:06ba73b149bf838d5cd25dc30c2dd2671ae5b2757cf98e5c41a35fe449f131b3",
-                "sha256:806d0a9217584558cc93747a945a9d9bff10b141a5287f0c8429a08828a22192"
-            ],
-            "index": "pypi",
-            "version": "==3.14.3"
-        },
-        "urllib3": {
-            "hashes": [
-                "sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
-                "sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
-            ],
-            "index": "pypi",
-            "version": "==1.25.7"
-        },
-        "virtualenv": {
-            "hashes": [
-                "sha256:0d62c70883c0342d59c11d0ddac0d954d0431321a41ab20851facf2b222598f3",
-                "sha256:55059a7a676e4e19498f1aad09b8313a38fcc0cdbe4fdddc0e9b06946d21b4bb"
-            ],
-            "index": "pypi",
-            "version": "==16.7.9"
-        },
-        "wcwidth": {
-            "hashes": [
-                "sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e",
-                "sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c"
-            ],
-            "index": "pypi",
-            "version": "==0.1.7"
-        },
-        "websocket-client": {
-            "hashes": [
-                "sha256:0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549",
-                "sha256:d735b91d6d1692a6a181f2a8c9e0238e5f6373356f561bb9dc4c7af36f452010"
-            ],
-            "index": "pypi",
-            "version": "==0.57.0"
-        },
-        "zipp": {
-            "hashes": [
-                "sha256:3718b1cbcd963c7d4c5511a8240812904164b7f381b647143a89d3b98f9bcd8e",
-                "sha256:f06903e9f1f43b12d371004b4ac7b06ab39a44adc747266928ae6debfa7b3335"
-            ],
-            "index": "pypi",
-            "version": "==0.6.0"
-        }
-    },
-    "develop": {}
-}

README.md

@@ -5,6 +5,23 @@
 </p>
 <!-- Delete above HTML and insert markdown for dockerhub : ![Pi-hole](https://pi-hole.github.io/graphics/Vortex/Vortex_with_text.png) -->
 
+## Upgrade Notes
+
+- **Using Watchtower? See the [Note on Watchtower](#note-on-watchtower) at the bottom of this readme**
+
+- Due to [a known issue with Docker and libseccomp <2.5](https://github.com/moby/moby/issues/40734), you may run into issues running `2022.04` and later on host systems with an older version of `libseccomp2` ([Such as Debian/Raspbian buster or Ubuntu 20.04](https://pkgs.org/download/libseccomp2), and maybe [CentOS 7](https://pkgs.org/download/libseccomp)).
+
+  The first recommendation is to upgrade your host OS, which will include a more up to date (and fixed) version of `libseccomp`.
+
+  _If you absolutely cannot do this, some users [have reported](https://github.com/pi-hole/docker-pi-hole/issues/1042#issuecomment-1086728157) success in updating `libseccomp2` via backports on debian, or similar via updates on Ubuntu. You can try this workaround at your own risk_  (Note, you may also find that you need the latest `docker.io` (more details [here](https://blog.samcater.com/fix-workaround-rpi4-docker-libseccomp2-docker-20/))
+
+- Some users [have reported issues](https://github.com/pi-hole/docker-pi-hole/issues/963#issuecomment-1095602502) with using the `--privileged` flag on `2022.04` and above. TL;DR, don't use that mode, and be [explicit with the permitted caps](https://github.com/pi-hole/docker-pi-hole#note-on-capabilities) (if needed) instead
+
+- As of `2022.04.01`, setting `CAP_NET_ADMIN` is only required if you are using Pi-hole as your DHCP server. The container will only try to set caps that are explicitly granted (or natively available)
+
+- In `2022.01` and later, the default `DNSMASQ_USER` has been changed to `pihole`, however this may cause issues on some systems such as Synology, see Issue [#963](https://github.com/pi-hole/docker-pi-hole/issues/963) for more information.
+ If the container won't start due to issues setting capabilities, set `DNSMASQ_USER` to `root` in your environment.
+
 ## Quick Start
 
 1. Copy docker-compose.yml.example to docker-compose.yml and update as needed. See example below:
@@ -18,50 +35,31 @@ services:
   pihole:
     container_name: pihole
     image: pihole/pihole:latest
+    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
     ports:
       - "53:53/tcp"
       - "53:53/udp"
-      - "67:67/udp"
+      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
       - "80:80/tcp"
-      - "443:443/tcp"
     environment:
       TZ: 'America/Chicago'
       # WEBPASSWORD: 'set a secure password here or it will be random'
     # Volumes store your data between container upgrades
     volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
-    # Recommended but not required (DHCP needs NET_ADMIN)
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
     #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
     cap_add:
-      - NET_ADMIN
+      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
     restart: unless-stopped
 ```
-2. Run `docker-compose up --detach` to build and start pi-hole
+2. Run `docker compose -f docker-compose.yml up -d` to build and start pi-hole
+3. Use the Pi-hole web UI to change the DNS settings *Interface listening behavior* to "Listen on all interfaces, permit all origins", if using Docker's default `bridge` network setting. (This can also be achieved by setting the environment variable `DNSMASQ_LISTENING` to `all`)
 
-[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh).
-
-## Upgrade Notices:
-
-### Docker Pi-Hole v4.2.2
-
-- ServerIP no longer a required enviroment variable **unless you run network 'host' mode**!  Feel free to remove it unless you need it to customize lighttpd
-- --cap-add NET_ADMIN no longer required unless using DHCP, leaving in examples for consistency
-
-### Docker Pi-Hole v4.1.1+
-
-Starting with the v4.1.1 release your Pi-hole container may encounter issues starting the DNS service unless ran with the following setting:
-
-- `--dns=127.0.0.1 --dns=1.1.1.1` The second server can be any DNS IP of your choosing, but the **first dns must be 127.0.0.1**
-    - A WARNING stating "Misconfigured DNS in /etc/resolv.conf" may show in docker logs without this.
-- 4.1 required --cap-add NET_ADMIN until 4.2.1-1
-
-These are the raw [docker run cli](https://docs.docker.com/engine/reference/commandline/cli/) versions of the commands.  We provide no official support for docker GUIs but the community forums may be able to help if you do not see a place for these settings.  Remember, always consult your manual too!
+[Here is an equivalent docker run script](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh).
 
 ## Overview
 
-#### Renamed from `diginc/pi-hole` to `pihole/pihole`
-
 A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86 and ARM container with [Pi-hole](https://pi-hole.net) functionality.
 
 1) Install docker for your [x86-64 system](https://www.docker.com/community-edition) or [ARMv7 system](https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/) using those links. [Docker-compose](https://docs.docker.com/compose/install/) is also recommended.
@@ -72,21 +70,19 @@ A [Docker](https://www.docker.com/what-docker) project to make a lightweight x86
 
 ## Running Pi-hole Docker
 
-This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/docker_run.sh)
+This container uses 2 popular ports, port 53 and port 80, so **may conflict with existing applications ports**.  If you have no other services or docker containers using port 53/80 (if you do, keep reading below for a reverse proxy example), the minimum arguments required to run this container are in the script [docker_run.sh](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker_run.sh)
 
 If you're using a Red Hat based distribution with an SELinux Enforcing policy add `:z` to line with volumes like so:
 
 ```
-    -v "$(pwd)/etc-pihole/:/etc/pihole/:z" \
-    -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/:z" \
+    -v "$(pwd)/etc-pihole:/etc/pihole:z" \
+    -v "$(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d:z" \
 ```
 
 Volumes are recommended for persisting data across container re-creations for updating images.  The IP lookup variables may not work for everyone, please review their values and hard code IP and IPv6 if necessary.
 
 You can customize where to store persistent data by setting the `PIHOLE_BASE` environment variable when invoking `docker_run.sh` (e.g. `PIHOLE_BASE=/opt/pihole-storage ./docker_run.sh`).  If `PIHOLE_BASE` is not set, files are stored in your current directory when you invoke the script.
 
-Port 443 is to provide a sinkhole for ads that use SSL.  If only port 80 is used, then blocked HTTPS queries will fail to connect to port 443 and may cause long loading times.  Rejecting 443 on your firewall can also serve this same purpose.  Ubuntu firewall example: `sudo ufw reject https`
-
 **Automatic Ad List Updates** - since the 3.0+ release, `cron` is baked into the container and will grab the newest versions of your lists and flush your logs.  **Set your TZ** environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.
 
 ## Running DHCP from Docker Pi-Hole
@@ -97,43 +93,79 @@ There are multiple different ways to run DHCP from within your Docker Pi-hole co
 
 There are other environment variables if you want to customize various things inside the docker container:
 
-| Docker Environment Var. | Description |
-| ----------------------- | ----------- |
-| `ADMIN_EMAIL: <email address>`<br/> *Optional Default: ''* | Set an administrative contact address for the Block Page
-| `TZ: <Timezone>`<br/> **Recommended** *Default: UTC* | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
-| `WEBPASSWORD: <Admin password>`<br/> **Recommended** *Default: random* | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
-| `PIHOLE_DNS_: <IPs delimited by ;>`<br/> *Optional* *Default: 8.8.8.8;8.8.4.4* | Upstream DNS server(s) for Pi-hole to forward queries to, seperated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4`
-| `DNSSEC: <"true"\|"false">`<br/> *Optional* *Default: "false"* | Enable DNSSEC support
-| `DNS_BOGUS_PRIV: <"true"\|"false">`<br/> *Optional* *Default: "true"* | Enable forwarding of reverse lookups for private ranges
-| `DNS_FQDN_REQUIRED: <"true"\|"false">`<br/> *Optional* *Default: true* | Never forward non-FQDNs
-| `REV_SERVER: <"true"\|"false">`<br/> *Optional* *Default: "false"* | Enable DNS conditional forwarding for device name resolution
-| `REV_SERVER_DOMAIN: <Network Domain>`<br/> *Optional* | If conditional forwarding is enabled, set the domain of the local network router
-| `REV_SERVER_TARGET: <Router's IP>`<br/> *Optional* | If conditional forwarding is enabled, set the IP of the local network router
-| `REV_SERVER_CIDR: <Reverse DNS>`<br/> *Optional* | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`)
-| `ServerIP: <Host's IP>`<br/> **Recommended** | **--net=host mode requires** Set to your server's LAN IP, used by web block modes and lighttpd bind address
-| `ServerIPv6: <Host's IPv6>`<br/> *Required if using IPv6* | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully
-| `VIRTUAL_HOST: <Custom Hostname>`<br/> *Optional* *Default: $ServerIP*   | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
-| `IPv6: <"true"\|"false">`<br/> *Optional* *Default: "true"* | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
-| `INTERFACE: <NIC>`<br/> *Advanced/Optional* | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
-| `DNSMASQ_LISTENING: <local\|all\|NIC>`<br/> *Advanced/Optional* | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local.
-| `WEB_PORT: <PORT>`<br/> *Advanced/Optional* | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
-| `DNSMASQ_USER: <pihole\|root>`<br/> *Experimental Default: root* | Allows running FTLDNS as non-root.
-| `TEMPERATUREUNIT`: <c\|k\|f><br/>*Optional Default: c* | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
-| `WEBUIBOXEDLAYOUT: <boxed\|traditional>`<br/>*Optional Default: boxed* | Use boxed layout (helpful when working on large screens)
-| `SKIPGRAVITYONBOOT`: <Not Set\|1><br/> *Optional Default: Not Set* | Use this option to skip updating the Gravity Database when booting up the container.  By default this environment variable is not set so the Gravity Database will be updated when the container starts up.  Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up.
-| `QUERY_LOGGING: <"true"\|"false">`<br/> *Optional* *Default: "true"* | Enable query logging or not.
+### Recommended Variables
+
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `TZ` | UTC | `<Timezone>` | Set your [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) to make sure logs rotate at local midnight instead of at UTC midnight.
+| `WEBPASSWORD` | random | `<Admin password>` | http://pi.hole/admin password. Run `docker logs pihole \| grep random` to find your random pass.
+| `FTLCONF_LOCAL_IPV4` | unset | `<Host's IP>` | Set to your server's LAN IP, used by web block modes and lighttpd bind address.
+
+### Optional Variables
+
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `PIHOLE_DNS_` |  `8.8.8.8;8.8.4.4` | IPs delimited by `;` | Upstream DNS server(s) for Pi-hole to forward queries to, separated by a semicolon <br/> (supports non-standard ports with `#[port number]`) e.g `127.0.0.1#5053;8.8.8.8;8.8.4.4` <br/> (supports [Docker service names and links](https://docs.docker.com/compose/networking/) instead of IPs) e.g `upstream0;upstream1` where `upstream0` and `upstream1` are the service names of or links to docker services <br/> Note: The existence of this environment variable assumes this as the _sole_ management of upstream DNS. Upstream DNS added via the web interface will be overwritten on container restart/recreation |
+| `DNSSEC` | `false` | `<"true"\|"false">` | Enable DNSSEC support |
+| `DNS_BOGUS_PRIV` | `true` |`<"true"\|"false">`| Never forward reverse lookups for private ranges |
+| `DNS_FQDN_REQUIRED` | `true` | `<"true"\|"false">`| Never forward non-FQDNs |
+| `REV_SERVER` | `false` | `<"true"\|"false">` | Enable DNS conditional forwarding for device name resolution |
+| `REV_SERVER_DOMAIN` | unset | Network Domain | If conditional forwarding is enabled, set the domain of the local network router |
+| `REV_SERVER_TARGET` | unset | Router's IP | If conditional forwarding is enabled, set the IP of the local network router |
+| `REV_SERVER_CIDR` | unset | Reverse DNS | If conditional forwarding is enabled, set the reverse DNS zone (e.g. `192.168.0.0/24`) |
+| `DHCP_ACTIVE` | `false` | `<"true"\|"false">` | Enable DHCP server. Static DHCP leases can be configured with a custom `/etc/dnsmasq.d/04-pihole-static-dhcp.conf`
+| `DHCP_START` | unset | `<Start IP>` | Start of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_END` | unset | `<End IP>` | End of the range of IP addresses to hand out by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_ROUTER` | unset | `<Router's IP>` | Router (gateway) IP address sent by the DHCP server (mandatory if DHCP server is enabled).
+| `DHCP_LEASETIME` | 24 | `<hours>` | DHCP lease time in hours.
+| `PIHOLE_DOMAIN` | `lan` | `<domain>` | Domain name sent by the DHCP server.
+| `DHCP_IPv6` | `false` | `<"true"\|"false">` | Enable DHCP server IPv6 support (SLAAC + RA).
+| `DHCP_rapid_commit` | `false` | `<"true"\|"false">` | Enable DHCPv4 rapid commit (fast address assignment).
+| `VIRTUAL_HOST` | `$FTLCONF_LOCAL_IPV4` | `<Custom Hostname>` | What your web server 'virtual host' is, accessing admin through this Hostname/IP allows you to make changes to the whitelist / blacklists in addition to the default 'http://pi.hole/admin/' address
+| `IPv6` | `true` | `<"true"\|"false">` | For unraid compatibility, strips out all the IPv6 configuration from DNS/Web services when false.
+| `TEMPERATUREUNIT` | `c` | `<c\|k\|f>` | Set preferred temperature unit to `c`: Celsius, `k`: Kelvin, or `f` Fahrenheit units.
+| `WEBUIBOXEDLAYOUT` | `boxed` | `<boxed\|traditional>` | Use boxed layout (helpful when working on large screens)
+| `QUERY_LOGGING` | `true` | `<"true"\|"false">` | Enable query logging or not.
+| `WEBTHEME` | `default-light` | `<"default-dark"\|"default-darker"\|"default-light"\|"default-auto"\|"lcars">`| User interface theme to use.
+| `WEBPASSWORD_FILE`| unset | `<Docker secret path>` |Set an Admin password using [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). If `WEBPASSWORD` is set, `WEBPASSWORD_FILE` is ignored. If `WEBPASSWORD` is empty, and `WEBPASSWORD_FILE` is set to a valid readable file path, then `WEBPASSWORD` will be set to the contents of `WEBPASSWORD_FILE`.
+
+### Advanced Variables
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `INTERFACE` | unset | `<NIC>` | The default works fine with our basic example docker run commands.  If you're trying to use DHCP with `--net host` mode then you may have to customize this or DNSMASQ_LISTENING.
+| `DNSMASQ_LISTENING` | unset | `<local\|all\|single>` | `local` listens on all local subnets, `all` permits listening on internet origin subnets in addition to local, `single` listens only on the interface specified.
+| `WEB_PORT` | unset | `<PORT>` | **This will break the 'webpage blocked' functionality of Pi-hole** however it may help advanced setups like those running synology or `--net=host` docker argument.  This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: [Alternative Synology installation method](https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc)
+| `SKIPGRAVITYONBOOT` | unset | `<unset\|1>` | Use this option to skip updating the Gravity Database when booting up the container.  By default this environment variable is not set so the Gravity Database will be updated when the container starts up.  Setting this environment variable to 1 (or anything) will cause the Gravity Database to not be updated when container starts up.
+| `CORS_HOSTS` | unset | `<FQDNs delimited by ,>` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported. Eg: `CORS_HOSTS: domain.com,home.domain.com,www.domain.com`.
+| `CUSTOM_CACHE_SIZE` | `10000` | Number | Set the cache size for dnsmasq. Useful for increasing the default cache size or to set it to 0. Note that when `DNSSEC` is "true", then this setting is ignored.
+| `FTL_CMD` | `no-daemon` | `no-daemon -- <dnsmasq option>` | Customize the options with which dnsmasq gets started. e.g. `no-daemon -- --dns-forward-max 300` to increase max. number of concurrent dns queries on high load setups. |
+| `FTLCONF_[SETTING]` | unset | As per documentation | Customize pihole-FTL.conf with settings described in the [FTLDNS Configuration page](https://docs.pi-hole.net/ftldns/configfile/). For example, to customize LOCAL_IPV4, ensure you have the `FTLCONF_LOCAL_IPV4` environment variable set.
+
+### Experimental Variables
+| Variable | Default | Value | Description |
+| -------- | ------- | ----- | ---------- |
+| `DNSMASQ_USER` | unset | `<pihole\|root>` | Allows changing the user that FTLDNS runs as. Default: `pihole`|
+| `PIHOLE_UID` | `999` | Number | Overrides image's default pihole user id to match a host user id<br/>**IMPORTANT**: id must not already be in use inside the container! |
+| `PIHOLE_GID` | `999` | Number | Overrides image's default pihole group id to match a host group id<br/>**IMPORTANT**: id must not already be in use inside the container!|
+| `WEB_UID` | `33` | Number | Overrides image's default www-data user id to match a host user id<br/>**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_UID` if you are using that, also)|
+| `WEB_GID` | `33` | Number | Overrides image's default www-data group id to match a host group id<br/>**IMPORTANT**: id must not already be in use inside the container! (Make sure it is different to `PIHOLE_GID` if you are using that, also)|
+| `WEBLOGS_STDOUT` | 0 | 0&vert;1 | 0 logs to defined files, 1 redirect access and error logs to stdout |
 
 ## Deprecated environment variables:
-While these may still work, they are likely to be removed in a future version. Where applicible, alternative variable names are indicated. Please review the table above for usage of the alternative variables
+While these may still work, they are likely to be removed in a future version. Where applicable, alternative variable names are indicated. Please review the table above for usage of the alternative variables
 
 | Docker Environment Var. | Description | Replaced By |
 | ----------------------- | ----------- | ----------- |
-| `CONDITIONAL_FORWARDING: <"true"\|"false">`<br/> *Optional* *Default: "false"* | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`|
-| `CONDITIONAL_FORWARDING_IP: <Router's IP>`<br/> *Optional* | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` |
-| `CONDITIONAL_FORWARDING_DOMAIN: <Network Domain>`<br/> *Optional* | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` |
-| `CONDITIONAL_FORWARDING_REVERSE: <Reverse DNS>`<br/> *Optional* | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` |
-| `DNS1: <IP>`<br/> *Optional* *Default: 8.8.8.8* | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` |
-| `DNS2: <IP>`<br/> *Optional* *Default: 8.8.4.4* | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` |
+| `CONDITIONAL_FORWARDING` | Enable DNS conditional forwarding for device name resolution | `REV_SERVER`|
+| `CONDITIONAL_FORWARDING_IP` | If conditional forwarding is enabled, set the IP of the local network router | `REV_SERVER_TARGET` |
+| `CONDITIONAL_FORWARDING_DOMAIN` | If conditional forwarding is enabled, set the domain of the local network router | `REV_SERVER_DOMAIN` |
+| `CONDITIONAL_FORWARDING_REVERSE` | If conditional forwarding is enabled, set the reverse DNS of the local network router (e.g. `0.168.192.in-addr.arpa`) | `REV_SERVER_CIDR` |
+| `DNS1` | Primary upstream DNS provider, default is google DNS | `PIHOLE_DNS_` |
+| `DNS2` | Secondary upstream DNS provider, default is google DNS, `no` if only one DNS should used | `PIHOLE_DNS_` |
+| `ServerIP` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_REPLY_ADDR4` |
+| `ServerIPv6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_REPLY_ADDR6` |
+| `FTLCONF_REPLY_ADDR4` | Set to your server's LAN IP, used by web block modes and lighttpd bind address | `FTLCONF_LOCAL_IPV4` |
+| `FTLCONF_REPLY_ADDR6` | **If you have a v6 network** set to your server's LAN IPv6 to block IPv6 ads fully | `FTLCONF_LOCAL_IPV6` |
 
 To use these env vars in docker run format style them like: `-e DNS1=1.1.1.1`
 
@@ -141,13 +173,13 @@ Here is a rundown of other arguments for your docker-compose / docker run.
 
 | Docker Arguments | Description |
 | ---------------- | ----------- |
-| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67, 443), the bare minimum ports required for Pi-holes HTTP and DNS services
+| `-p <port>:<port>` **Recommended** | Ports to expose (53, 80, 67), the bare minimum ports required for Pi-holes HTTP and DNS services
 | `--restart=unless-stopped`<br/> **Recommended** | Automatically (re)start your Pi-hole on boot or in the event of a crash
 | `-v $(pwd)/etc-pihole:/etc/pihole`<br/> **Recommended** | Volumes for your Pi-hole configs help persist changes across docker image updates
 | `-v $(pwd)/etc-dnsmasq.d:/etc/dnsmasq.d`<br/> **Recommended** | Volumes for your dnsmasq configs help persist changes across docker image updates
 | `--net=host`<br/> *Optional* | Alternative to `-p <port>:<port>` arguments (Cannot be used at same time as -p) if you don't run any other web application. DHCP runs best with --net=host, otherwise your router must support dhcp-relay settings.
 | `--cap-add=NET_ADMIN`<br/> *Recommended* | Commonly added capability for DHCP, see [Note on Capabilities](#note-on-capabilities) below for other capabilities.
-| `--dns=127.0.0.1`<br/> *Recommended* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, also fixes common resolution errors on container restart.
+| `--dns=127.0.0.1`<br/> *Optional* | Sets your container's resolve settings to localhost so it can resolve DHCP hostnames from Pi-hole's DNSMasq, may fix resolution errors on container restart.
 | `--dns=1.1.1.1`<br/> *Optional* | Sets a backup server of your choosing in case DNSMasq has problems starting
 | `--env-file .env` <br/> *Optional* | File to store environment variables for docker replacing `-e key=value` settings. Here for convenience
 
@@ -159,12 +191,12 @@ Here is a rundown of other arguments for your docker-compose / docker run.
 * Port conflicts?  Stop your server's existing DNS / Web services.
   * Don't forget to stop your services from auto-starting again after you reboot
   * Ubuntu users see below for more detailed information
-* Port 80 is highly recommended because if you have another site/service using port 80 by default then the ads may not transform into blank ads correctly.  To make sure docker-pi-hole plays nicely with an existing webserver you run you'll probably need a reverse proxy webserver config if you don't have one already.  Pi-hole must be the default web app on the proxy e.g. if you go to your host by IP instead of domain then Pi-hole is served out instead of any other sites hosted by the proxy. This is the '[default_server](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen)' in nginx or ['_default_' virtual host](https://httpd.apache.org/docs/2.4/vhosts/examples.html#default) in Apache and is taken advantage of so any undefined ad domain can be directed to your webserver and get a 'blocked' response instead of ads.
-  * You can still map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80`, but again the ads won't render properly.  Changing the inner port 80 shouldn't be required unless you run docker host networking mode.
-  * [Here is an example of running with jwilder/proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/docker-compose-jwilder-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in jwilder/proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read jwilder/proxy readme for more info if you have trouble.
+* You can map other ports to Pi-hole port 80 using docker's port forwarding like this `-p 8080:80` if you are using the default blocking mode. If you are using the legacy IP blocking mode, you should not remap this port.
+  * [Here is an example of running with nginxproxy/nginx-proxy](https://github.com/pi-hole/docker-pi-hole/blob/master/examples/docker-compose-nginx-proxy.yml) (an nginx auto-configuring docker reverse proxy for docker) on my port 80 with Pi-hole on another port.  Pi-hole needs to be `DEFAULT_HOST` env in nginxproxy/nginx-proxy and you need to set the matching `VIRTUAL_HOST` for the Pi-hole's container.  Please read nginxproxy/nginx-proxy readme for more info if you have trouble.
+* Docker's default network mode `bridge` isolates the container from the host's network. This is a more secure setting, but requires setting the Pi-hole DNS option for *Interface listening behavior* to "Listen on all interfaces, permit all origins".
 
-### Installing on Ubuntu
-Modern releases of Ubuntu (17.10+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
+### Installing on Ubuntu or Fedora
+Modern releases of Ubuntu (17.10+) and Fedora (33+) include [`systemd-resolved`](http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html) which is configured by default to implement a caching DNS stub resolver. This will prevent pi-hole from listening on port 53.
 The stub resolver should be disabled with: `sudo sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf`
 
 This will not change the nameserver settings, which point to the stub resolver thus preventing DNS resolution. Change the `/etc/resolv.conf` symlink to point to `/run/systemd/resolve/resolv.conf`, which is automatically updated to follow the system's [`netplan`](https://netplan.io/):
@@ -189,27 +221,25 @@ Note that it is also possible to disable `systemd-resolved` entirely. However, t
 
 Users of older Ubuntu releases (circa 17.04) will need to disable dnsmasq.
 
+## Installing on Dokku
+@Rikj000 has produced a guide to assist users [installing Pi-hole on Dokku](https://github.com/Rikj000/Pihole-Dokku-Installation)
+
 ## Docker tags and versioning
 
-The primary docker tags / versions are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags), I also try to tag with the specific version of Pi-hole Core for version archival purposes, the web version that comes with the core releases should be in the [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases).
+The primary docker tags are explained in the following table.  [Click here to see the full list of tags](https://store.docker.com/community/images/pihole/pihole/tags). See [GitHub Release notes](https://github.com/pi-hole/docker-pi-hole/releases) to see the specific version of Pi-hole Core, Web, and FTL included in the release.
 
-| tag                     | architecture | description                                                             | Dockerfile |
-| ---                     | ------------ | -----------                                                             | ---------- |
-| `latest`                | auto detect  | x86, arm, or arm64 container, docker auto detects your architecture.    | [Dockerfile](https://github.com/pi-hole/docker-pi-hole/blob/master/Dockerfile) |
-| `v5.0`                  | auto detect  | Versioned tags, if you want to pin against a specific Pi-hole version, use one of these |  |
-| `v5.0-buster`           | auto detect  | Versioned tags, if you want to pin against a specific Pi-hole and Debian version, use one of these |  |
-| `v5.0-<arch>-buster `   | based on tag | Specific architectures and Debian version tags | |
-| `dev`                   | auto detect  | like latest tag, but for the development branch (pushed occasionally)   | |
-
-### `pihole/pihole:latest` [![](https://images.microbadger.com/badges/image/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own image badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/version/pihole/pihole:latest.svg)](https://microbadger.com/images/pihole/pihole "Get your own version badge on microbadger.com")
-
-This version of the docker aims to be as close to a standard Pi-hole installation by using the recommended base OS and the exact configs and scripts (minimally modified to get them working).  This enables fast updating when an update comes from Pi-hole.
-
-https://hub.docker.com/r/pihole/pihole/tags/
+| tag                 | description
+|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| `latest`            | Always latest release                                                                                                                      |
+| `2022.04`           | Date-based release that can receive bugfix updates                                                                                         |
+| `2022.04.1`         | A specific image that will not receive updates                                                                                             |
+| `dev`               | Similar to `latest`, but for the development branch (pushed occasionally)                                                                  |
+| `*beta`             | Early beta releases of upcoming versions - here be dragons                                                                                 |
+| `nightly`           | Like `dev` but pushed every night and pulls from the latest `development` branches of the core Pi-hole components (Pi-hole, AdminLTE, FTL) |
 
 ## Upgrading, Persistence, and Customizations
 
-The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.
+The standard Pi-hole customization abilities apply to this docker, but with docker twists such as using docker volume mounts to map host stored file configurations over the container defaults.  However, mounting these configuration files as read-only should be avoided.  Volumes are also important to persist the configuration in case you have removed the Pi-hole container which is a typical docker upgrade pattern.
 
 ### Upgrading / Reconfiguring
 
@@ -220,11 +250,11 @@ Do not attempt to upgrade (`pihole -up`) or reconfigure (`pihole -r`).  New imag
     * We will try to put common break/fixes at the top of this readme too
 1. Download the latest version of the image: `docker pull pihole/pihole`
 2. Throw away your container: `docker rm -f pihole`
-    * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS inturruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
+    * **Warning** When removing your pihole container you may be stuck without DNS until step 3; **docker pull** before **docker rm -f** to avoid DNS interruption **OR** always have a fallback DNS server configured in DHCP to avoid this problem altogether.
     * If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
 3. Start your container with the newer base image: `docker run <args> pihole/pihole` (`<args>` being your preferred run volumes and env vars)
 
-Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to known it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reducing complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers.
+Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to known it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reduces complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix server](https://www.google.com/?q=phoenix+servers) principles for your containers.
 
 To reconfigure Pi-hole you'll either need to use an existing container environment variables or if there is no a variable for what you need, use the web UI or CLI commands.
 
@@ -246,7 +276,7 @@ Similarly for the webserver you can customize configs in /etc/lighttpd
 
 ### Systemd init script
 
-As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
+As long as your docker system service auto starts on boot and you run your container with `--restart=unless-stopped` your container should always start on boot and restart on crashes.  If you prefer to have your docker container run as a systemd service instead, add the file [pihole.service](https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/examples/pihole.service) to "/etc/systemd/system"; customize whatever your container name is and remove `--restart=unless-stopped` from your docker run.  Then after you have initially created the docker container using the docker run command above, you can control it with "systemctl start pihole" or "systemctl stop pihole" (instead of `docker start`/`docker stop`).  You can also enable it to auto-start on boot with "systemctl enable pihole" (as opposed to `--restart=unless-stopped` and making sure docker service auto-starts on boot).
 
 NOTE:  After initial run you may need to manually stop the docker container with "docker stop pihole" before the systemctl can start controlling the container.
 
@@ -256,11 +286,25 @@ DNSMasq / [FTLDNS](https://docs.pi-hole.net/ftldns/in-depth/#linux-capabilities)
 - `CAP_NET_BIND_SERVICE`: Allows FTLDNS binding to TCP/UDP sockets below 1024 (specifically DNS service on port 53)
 - `CAP_NET_RAW`: use raw and packet sockets (needed for handling DHCPv6 requests, and verifying that an IP is not in use before leasing it)
 - `CAP_NET_ADMIN`: modify routing tables and other network-related operations (in particular inserting an entry in the neighbor table to answer DHCP requests using unicast packets)
+- `CAP_SYS_NICE`: FTL sets itself as an important process to get some more processing time if the latter is running low
+- `CAP_CHOWN`: we need to be able to change ownership of log files and databases in case FTL is started as a different user than `pihole`
 
 This image automatically grants those capabilities, if available, to the FTLDNS process, even when run as non-root.\
 By default, docker does not include the `NET_ADMIN` capability for non-privileged containers, and it is recommended to explicitly add it to the container using `--cap-add=NET_ADMIN`.\
 However, if DHCP and IPv6 Router Advertisements are not in use, it should be safe to skip it. For the most paranoid, it should even be possible to explicitly drop the `NET_RAW` capability to prevent FTLDNS from automatically gaining it.
 
+
+## Note on Watchtower
+
+We have noticed that a lot of people use Watchtower to keep their Pi-hole containers up to date. For the same reason we don't provide an auto-update feature on a bare metal install, you _should not_ have a system automatically update your Pi-hole container. Especially unattended. As much as we try to ensure nothing will go wrong, sometimes things do go wrong - and you need to set aside time to _manually_ pull and update to the version of the container you wish to run. The upgrade process should be along the lines of:
+
+ - **Important**: Read the release notes. Sometimes you will need to make changes other than just updating the image
+ - Pull the new image
+ - Stop and _remove_ the running Pi-hole container
+   - If you care about your data (logs/customizations), make sure you have it volume-mapped or it will be deleted in this step.
+ - Recreate the container using the new image
+
+Pi-hole is an integral part of your network, don't let it fall over because of an unattended update in the middle of the night.
 # User Feedback
 
-Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole or general docker questions are best answered on our [user forums](https://github.com/pi-hole/pi-hole/blob/master/README.md#get-help-or-connect-with-us-on-the-web).  Ping me (@diginc) on the forums if it's a docker container and you're not sure if it's docker related.
+Please report issues on the [GitHub project](https://github.com/pi-hole/docker-pi-hole) when you suspect something docker related.  Pi-hole or general docker questions are best answered on our [user forums](https://discourse.pi-hole.net/c/bugs-problems-issues/docker/30).

TESTING.md

@@ -1,24 +0,0 @@
-# Prerequisites 
-
-Make sure you have bash & docker.  
-Python and some test hacks are crammed into the `Dockerfile_build` file for now.  
-Revisions in the future may re-enable running python on your host (not just in docker).
-
-# Running tests locally
-
-`ARCH=amd64 ./gh-actions-test.sh`
-
-Should result in:
-
-- An image named `pihole:amd64` being built
-- Tests being ran to confirm the image doesn't have any regressions
-
-# Local image names
-
-Docker images built by `Dockerfile.py` are named the same but stripped of the `pihole/` docker repository namespace.
-
-e.g. `pi-hole:debian_amd64` or `pi-hole-multiarch:debian_arm64`
-
-You can run the multiarch images on an amd64 development system if you [enable binfmt-support as described in the multiarch image docs](https://hub.docker.com/r/multiarch/debian-debootstrap/)
-
-`docker run --rm --privileged multiarch/qemu-user-static:register --reset`

VERSION

@@ -1 +0,0 @@
-v5.2.4

autotest

@@ -1 +0,0 @@
-py.test -f ./test -v $@

bash_functions.sh

@@ -1,337 +0,0 @@
-#!/bin/bash
-# Some of the bash_functions use variables these core pi-hole/web scripts
-. /opt/pihole/webpage.sh
-
-fix_capabilities() {
-    setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN+ei $(which pihole-FTL) || ret=$?
-
-    if [[ $ret -ne 0 && "${DNSMASQ_USER:-root}" != "root" ]]; then
-        echo "ERROR: Failed to set capabilities for pihole-FTL. Cannot run as non-root."
-        exit 1
-    fi
-}
-
-prepare_configs() {
-    # Done in /start.sh, don't do twice
-    PH_TEST=true . $PIHOLE_INSTALL
-    # Set Debian webserver variables for installConfigs
-    LIGHTTPD_USER="www-data"
-    LIGHTTPD_GROUP="www-data"
-    LIGHTTPD_CFG="lighttpd.conf.debian"
-    installConfigs
-    touch "$setupVars"
-    set +e
-    mkdir -p /var/run/pihole /var/log/pihole
-    # Re-apply perms from basic-install over any volume mounts that may be present (or not)
-    # Also  similar to preflights for FTL https://github.com/pi-hole/pi-hole/blob/master/advanced/Templates/pihole-FTL.service
-    chown pihole:root /etc/lighttpd
-    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" "/var/log/pihole" "${regexFile}"
-    chmod 644 "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
-    # not sure why pihole:pihole user/group write perms are not enough for web to write...dirty fix:
-    chmod 777 "${regexFile}"
-    touch /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    chown pihole:pihole /var/run/pihole /var/log/pihole
-    test -f /var/run/pihole/FTL.sock && rm /var/run/pihole/FTL.sock
-    chown pihole:pihole /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /etc/pihole /etc/pihole/dhcp.leases /var/log/pihole.log
-    chmod 0644 /var/log/pihole-FTL.log /run/pihole-FTL.pid /run/pihole-FTL.port /var/log/pihole.log
-    set -e
-    # Update version numbers
-    pihole updatechecker
-    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
-
-    # If the setup variable file exists,
-    if [[ -e "${setupVars}" ]]; then
-        cp -f "${setupVars}" "${setupVars}.update.bak"
-    fi
-}
-
-validate_env() {
-    # Optional ServerIP is a valid IP
-    # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
-    # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
-    if [[ "$(nc -4 -w1 -z "$ServerIP" 53 2>&1)" != "" ]] && ! ip route get "$ServerIP" > /dev/null ; then
-        echo "ERROR: ServerIP Environment variable ($ServerIP) doesn't appear to be a valid IPv4 address"
-        exit 1
-    fi
-
-    # Optional IPv6 is a valid address
-    if [[ -n "$ServerIPv6" ]] ; then
-        if [[ "$ServerIPv6" == 'kernel' ]] ; then
-            echo "ERROR: You passed in IPv6 with a value of 'kernel', this maybe beacuse you do not have IPv6 enabled on your network"
-            unset ServerIPv6
-            exit 1
-        fi
-        if [[ "$(nc -6 -w1 -z "$ServerIPv6" 53 2>&1)" != "" ]] && ! ip route get "$ServerIPv6" > /dev/null ; then
-            echo "ERROR: ServerIPv6 Environment variable ($ServerIPv6) doesn't appear to be a valid IPv6 address"
-            echo "  TIP: If your server is not IPv6 enabled just remove '-e ServerIPv6' from your docker container"
-            exit 1
-        fi
-    fi;
-}
-
-setup_dnsmasq_interface() {
-    local interface="${1:-eth0}"
-    local interfaceType='default'
-    if [ "$interface" != 'eth0' ] ; then
-      interfaceType='custom'
-    fi;
-    echo "DNSMasq binding to $interfaceType interface: $interface"
-    [ -n "$interface" ] && change_setting "PIHOLE_INTERFACE" "${interface}"
-}
-
-setup_dnsmasq_listening_behaviour() {
-    local dnsmasq_listening_behaviour="${1}"
-
-    if [ -n "$dnsmasq_listening_behaviour" ]; then
-      change_setting "DNSMASQ_LISTENING" "${dnsmasq_listening_behaviour}"
-    fi;
-}
-
-setup_dnsmasq_config_if_missing() {
-    # When fresh empty directory volumes are used we miss this file
-    if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
-        cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
-    fi;
-}
-
-setup_dnsmasq() {
-    local interface="$1"
-    local dnsmasq_listening_behaviour="$2"
-    # Coordinates
-    setup_dnsmasq_config_if_missing
-    setup_dnsmasq_interface "$interface"
-    setup_dnsmasq_listening_behaviour "$dnsmasq_listening_behaviour"
-    setup_dnsmasq_user "${DNSMASQ_USER}"
-    ProcessDNSSettings
-}
-
-setup_dnsmasq_user() {
-    local DNSMASQ_USER="${1}"
-
-    # Run DNSMASQ as root user to avoid SHM permission issues
-    if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
-        # Change user that had been set previously to root
-        for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
-            sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
-        done
-    else
-      echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
-    fi
-}
-
-setup_dnsmasq_hostnames() {
-    # largely borrowed from automated install/basic-install.sh
-    local IPV4_ADDRESS="${1}"
-    local IPV6_ADDRESS="${2}"
-    local hostname="${3}"
-    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
-
-    if [ -z "$hostname" ]; then
-        if [[ -f /etc/hostname ]]; then
-            hostname=$(</etc/hostname)
-        elif [ -x "$(command -v hostname)" ]; then
-            hostname=$(hostname -f)
-        fi
-    fi;
-
-    if [[ "${IPV4_ADDRESS}" != "" ]]; then
-        tmp=${IPV4_ADDRESS%/*}
-        sed -i "s/@IPV4@/$tmp/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/pi.hole\/@IPV4@/d' ${dnsmasq_pihole_01_location}
-        sed -i '/^address=\/@HOSTNAME@\/@IPV4@/d' ${dnsmasq_pihole_01_location}
-    fi
-
-    if [[ "${IPV6_ADDRESS}" != "" ]]; then
-        sed -i "s/@IPv6@/$IPV6_ADDRESS/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/pi.hole\/@IPv6@/d' ${dnsmasq_pihole_01_location}
-        sed -i '/^address=\/@HOSTNAME@\/@IPv6@/d' ${dnsmasq_pihole_01_location}
-    fi
-
-    if [[ "${hostname}" != "" ]]; then
-        sed -i "s/@HOSTNAME@/$hostname/" ${dnsmasq_pihole_01_location}
-    else
-        sed -i '/^address=\/@HOSTNAME@*/d' ${dnsmasq_pihole_01_location}
-    fi
-}
-
-setup_lighttpd_bind() {
-    local serverip="$1"
-    # if using '--net=host' only bind lighttpd on $ServerIP and localhost
-    if grep -q "docker" /proc/net/dev && [[ $serverip != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
-        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
-            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
-        fi
-    fi
-}
-
-setup_php_env() {
-    if [ -z "$VIRTUAL_HOST" ] ; then
-      VIRTUAL_HOST="$ServerIP"
-    fi;
-    local vhost_line="\t\t\t\"VIRTUAL_HOST\" => \"${VIRTUAL_HOST}\","
-    local serverip_line="\t\t\t\"ServerIP\" => \"${ServerIP}\","
-    local php_error_line="\t\t\t\"PHP_ERROR_LOG\" => \"${PHP_ERROR_LOG}\","
-
-    # idempotent line additions
-    grep -qP "$vhost_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${vhost_line}" "$PHP_ENV_CONFIG"
-    grep -qP "$serverip_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${serverip_line}" "$PHP_ENV_CONFIG"
-    grep -qP "$php_error_line" "$PHP_ENV_CONFIG" || \
-        sed -i "/bin-environment/ a\\${php_error_line}" "$PHP_ENV_CONFIG"
-
-    echo "Added ENV to php:"
-    grep -E '(VIRTUAL_HOST|ServerIP|PHP_ERROR_LOG)' "$PHP_ENV_CONFIG"
-}
-
-setup_web_port() {
-    local warning="WARNING: Custom WEB_PORT not used"
-    # Quietly exit early for empty or default
-    if [[ -z "${1}" || "${1}" == '80' ]] ; then return ; fi
-
-    if ! echo $1 | grep -q '^[0-9][0-9]*$' ; then
-        echo "$warning - $1 is not an integer"
-        return
-    fi
-
-    local -i web_port="$1"
-    if (( $web_port < 1 || $web_port > 65535 )); then
-        echo "$warning - $web_port is not within valid port range of 1-65535"
-        return
-    fi
-    echo "Custom WEB_PORT set to $web_port"
-    echo "INFO: Without proper router DNAT forwarding to $ServerIP:$web_port, you may not get any blocked websites on ads"
-
-    # Update lighttpd's port
-    sed -i '/server.port\s*=\s*80\s*$/ s/80/'$WEB_PORT'/g' /etc/lighttpd/lighttpd.conf
-
-}
-
-load_web_password_secret() {
-   # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
-   # allowing secrets to be passed via docker secrets
-   if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
-     WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
-   fi;
-}
-
-generate_password() {
-    if [ -z "${WEBPASSWORD+x}" ] ; then
-        # Not set at all, give the user a random pass
-        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
-        echo "Assigning random password: $WEBPASSWORD"
-    fi;
-}
-
-setup_web_password() {
-    setup_var_exists "WEBPASSWORD" && return
-
-    PASS="$1"
-    # Turn bash debug on while setting up password (to print it)
-    if [[ "$PASS" == "" ]] ; then
-        echo "" | pihole -a -p
-    else
-        echo "Setting password: ${PASS}"
-        set -x
-        pihole -a -p "$PASS" "$PASS"
-    fi
-    # Turn bash debug back off after print password setup
-    # (subshell to null hides printing output)
-    { set +x; } 2>/dev/null
-
-    # To avoid printing this if conditional in bash debug, turn off  debug above..
-    # then re-enable debug if necessary (more code but cleaner printed output)
-    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
-        set -x
-    fi
-}
-
-setup_ipv4_ipv6() {
-    local ip_versions="IPv4 and IPv6"
-    if [ "$IPv6" != "True" ] ; then
-        ip_versions="IPv4"
-        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
-    fi;
-    echo "Using $ip_versions"
-}
-
-test_configs() {
-    set -e
-    echo -n '::: Testing pihole-FTL DNS: '
-    sudo -u ${DNSMASQ_USER:-root} pihole-FTL test || exit 1
-    echo -n '::: Testing lighttpd config: '
-    lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
-    set +e
-    echo "::: All config checks passed, cleared for startup ..."
-}
-
-setup_blocklists() {
-    local blocklists="$1"
-    # Exit/return early without setting up adlists with defaults for any of the following conditions:
-    # 1. skip_setup_blocklists env is set
-    exit_string="(exiting ${FUNCNAME[0]} early)"
-
-    if [ -n "${skip_setup_blocklists}" ]; then
-        echo "::: skip_setup_blocklists requested ($exit_string)"
-        return
-    fi
-
-    # 2. The adlist file exists already (restarted container or volume mounted list)
-    if [ -f "${adlistFile}" ]; then
-        echo "::: Preexisting ad list ${adlistFile} detected ($exit_string)"
-        cat "${adlistFile}"
-        return
-    fi
-
-    echo "::: ${FUNCNAME[0]} now setting default blocklists up: "
-    echo "::: TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
-    installDefaultBlocklists
-
-    echo "::: Blocklists (${adlistFile}) now set to:"
-    cat "${adlistFile}"
-}
-
-setup_var_exists() {
-    local KEY="$1"
-    if [ -n "$2" ]; then
-        local REQUIRED_VALUE="[^\n]+"
-    fi
-    if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
-        echo "::: Pre existing ${KEY} found"
-        true
-    else
-        false
-    fi
-}
-
-setup_temp_unit() {
-  local UNIT="$1"
-  # check if var is empty
-  if [[ "$UNIT" != "" ]] ; then
-      # check if we have valid units
-      if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then
-          pihole -a -${UNIT}
-      fi
-  fi
-}
-
-setup_ui_layout() {
-  local LO=$1
-  # check if var is empty
-  if [[ "$LO" != "" ]] ; then
-      # check if we have valid types boxed | traditional
-      if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then
-          change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT"
-      fi
-  fi
-}
-
-setup_admin_email() {
-  local EMAIL=$1
-  # check if var is empty
-  if [[ "$EMAIL" != "" ]] ; then
-      pihole -a -e "$EMAIL"
-  fi
-}

build-and-test.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -ex
+
+if [[ "$1" == "enter" ]]; then
+    enter="-it --entrypoint=bash"
+fi
+
+GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g")
+GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true)
+GIT_TAG="${GIT_TAG:-$GIT_BRANCH}"
+
+# generate and build dockerfile
+docker build --tag image_pipenv --file test/Dockerfile test/
+docker run --rm \
+    --volume /var/run/docker.sock:/var/run/docker.sock \
+    --volume "$(pwd):/$(pwd)" \
+    --workdir "$(pwd)" \
+    --env PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
+    --env GIT_TAG="${GIT_TAG}" \
+    ${enter} image_pipenv

build.yml

@@ -1,49 +0,0 @@
-# Docker Compose build file: docker-compose -f build.yml build
-version: "3.7"
-
-x-common-args: &common-args
-  PIHOLE_VERSION: ${PIHOLE_VERSION}
-  NAME: pihole/pihole
-  MAINTAINER: adam@diginc.us
-  S6_VERSION: v2.1.0.2
-  PHP_ENV_CONFIG: /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
-  PHP_ERROR_LOG: /var/log/lighttpd/error.log
-
-
-services:
-  amd64:
-    image: pihole:${PIHOLE_VERSION}-amd64-${DEBIAN_VERSION:-buster}
-    build:
-      context: .
-      args:
-        <<: *common-args
-        PIHOLE_BASE: pihole/debian-base:${DEBIAN_VERSION:-buster}
-        PIHOLE_ARCH: amd64
-        S6_ARCH: amd64
-  armel:
-    image: pihole:${PIHOLE_VERSION}-armel-${DEBIAN_VERSION:-buster}
-    build:
-      context: .
-      args:
-        <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:armel-${DEBIAN_VERSION:-buster}-slim
-        PIHOLE_ARCH: armel
-        S6_ARCH: arm
-  armhf:
-    image: pihole:${PIHOLE_VERSION}-armhf-${DEBIAN_VERSION:-buster}
-    build:
-      context: .
-      args:
-        <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:armhf-${DEBIAN_VERSION:-buster}-slim
-        PIHOLE_ARCH: arm
-        S6_ARCH: arm
-  arm64:
-    image: pihole:${PIHOLE_VERSION}-arm64-${DEBIAN_VERSION:-buster}
-    build:
-      context: .
-      args:
-        <<: *common-args
-        PIHOLE_BASE: multiarch/debian-debootstrap:arm64-${DEBIAN_VERSION:-buster}-slim
-        PIHOLE_ARCH: arm64
-        S6_ARCH: aarch64

doco-example.yml

@@ -1 +0,0 @@
-docker-compose.yml

examples/Caddyfile

@@ -0,0 +1,5 @@
+pihole-dev.lab {
+  tls internal
+  redir / /admin
+  reverse_proxy pihole:8081
+}

examples/docker-compose-caddy-proxy.yml

@@ -0,0 +1,66 @@
+version: "3"
+
+services:
+
+  # Caddy example derived from Caddy's own example at https://hub.docker.com/_/caddy
+  caddy:
+    container_name: caddy
+    image: caddy:latest
+    networks:
+      - caddy-net  # Network exclusively for Caddy-proxied containers
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"  # QUIC protocol support: https://www.chromium.org/quic/
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile  # config file on host in same directory as docker-compose.yml for easy editing.
+      #- $PWD/site:/srv  # Only use if you are serving a website behind caddy
+      - caddy_data:/data  # Use docker volumes here bc no need to access these files from host
+      - caddy_config:/config  # Use docker volumes here bc no need to access these files from host
+
+
+  # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
+  pihole:
+    depends_on: 
+      - caddy
+    container_name: pihole
+    #dns:  # Optional. Specify desired upstream DNS servers here.
+    #  - 127.0.0.1
+    #  - 9.9.9.9
+    #  - 149.112.112.112
+    image: pihole/pihole:latest
+    networks:
+      - caddy-net  # Need to plug into caddy net to access proxy
+    ports:
+      - "8081:80/tcp" # Pi-hole web admin interface, proxied through Caddy (configure port in Caddyfile)
+      # Following are NOT proxied through Caddy, bound to host net instead:
+      - "53:53/udp"
+      - "53:53/tcp"
+      - "853:853/tcp" # DNS-over-TLS 
+      #- "67:67/udp" # DHCP, if desired. If not bound to host net you need an mDNS proxy service configured somewhere on host net.
+        # ref: https://docs.pi-hole.net/docker/DHCP/
+    environment:
+      TZ: 'America/New_York' # Supported TZ database names: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#Time_Zone_abbreviations
+      WEBPASSWORD: 'password' # Only used on first boot, change with pihole cli then comment out here.
+    volumes:
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
+      - './etc-lighttpd/external.conf:/etc/lighttpd/external.conf'  # Recommend leave as bind mount for easier editing.
+        # ref for why you may need to change this file: https://docs.pi-hole.net/guides/webserver/caddy/#modifying-lighttpd-configuration
+    #cap_add:  # Uncomment if using Pi-hole as DHCP server
+      # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
+      #- NET_ADMIN # ONLY required if you are using Pi-hole as your DHCP server, else remove for better security
+    restart: unless-stopped
+
+# ref: https://hub.docker.com/_/caddy
+networks:
+  caddy-net:
+    driver: bridge
+    name: caddy-net
+
+# ref: https://hub.docker.com/_/caddy
+volumes:
+  caddy_data:
+    external: true  # May need to create volume with 'docker volume create caddy_data'
+  caddy_config:

examples/docker-compose-nginx-proxy.yml

@@ -3,8 +3,8 @@ version: "3"
 # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md
 
 services:
-  jwilder-proxy:
-    image: jwilder/nginx-proxy
+  nginx-proxy:
+    image: nginxproxy/nginx-proxy
     ports:
       - '80:80'
     environment:
@@ -20,12 +20,11 @@ services:
       - '53:53/udp'
       - "67:67/udp"
       - '8053:80/tcp'
-      - "443:443/tcp"
     volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
       # run `touch ./var-log/pihole.log` first unless you like errors
-      # - './var-log/pihole.log:/var/log/pihole.log'
+      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
     # Recommended but not required (DHCP needs NET_ADMIN)
     #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
     cap_add:
@@ -38,7 +37,7 @@ services:
     extra_hosts:
       # Resolve to nothing domains (terminate connection)
       - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
-      # LAN hostnames for other docker containers using jwilder
+      # LAN hostnames for other docker containers using nginx-proxy
       - 'yourDomain.lan:192.168.41.55'
       - 'pihole pihole.yourDomain.lan:192.168.41.55'
       - 'ghost ghost.yourDomain.lan:192.168.41.55'
@@ -52,7 +51,7 @@ services:
 #    ports:
 #      - '2368:2368/tcp'
 #    volumes:
-#      - '/etc/ghost/:/ghost-override'
+#      - '/etc/ghost:/ghost-override'
 #    environment:
 #      PROXY_LOCATION: ghost
 #      VIRTUAL_HOST: ghost.yourDomain.lan

examples/docker-compose.yml.example

@@ -12,18 +12,14 @@ services:
       - "53:53/udp"
       - "67:67/udp"
       - "80:80/tcp"
-      - "443:443/tcp"
     environment:
       TZ: 'America/Chicago'
       # WEBPASSWORD: 'set a secure password here or it will be random'
     # Volumes store your data between container upgrades
     volumes:
-      - './etc-pihole/:/etc/pihole/'
-      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
-      # run `touch ./var-log/pihole.log` first unless you like errors
-      # - './var-log/pihole.log:/var/log/pihole.log'
-    # Recommended but not required (DHCP needs NET_ADMIN)
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
     #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
     cap_add:
       - NET_ADMIN
-    restart: unless-stopped
+    restart: unless-stopped # Recommended but not required (DHCP needs NET_ADMIN)  

examples/docker_run.sh

@@ -5,28 +5,27 @@
 PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}"
 [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
 
-# Note: ServerIP should be replaced with your external ip.
+# Note: FTLCONF_LOCAL_IPV4 should be replaced with your external ip.
 docker run -d \
     --name pihole \
     -p 53:53/tcp -p 53:53/udp \
     -p 80:80 \
-    -p 443:443 \
     -e TZ="America/Chicago" \
-    -v "${PIHOLE_BASE}/etc-pihole/:/etc/pihole/" \
-    -v "${PIHOLE_BASE}/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
+    -v "${PIHOLE_BASE}/etc-pihole:/etc/pihole" \
+    -v "${PIHOLE_BASE}/etc-dnsmasq.d:/etc/dnsmasq.d" \
     --dns=127.0.0.1 --dns=1.1.1.1 \
     --restart=unless-stopped \
     --hostname pi.hole \
     -e VIRTUAL_HOST="pi.hole" \
     -e PROXY_LOCATION="pi.hole" \
-    -e ServerIP="127.0.0.1" \
+    -e FTLCONF_LOCAL_IPV4="127.0.0.1" \
     pihole/pihole:latest
 
 printf 'Starting up pihole container '
 for i in $(seq 1 20); do
     if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then
         printf ' OK'
-        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/"
+        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: http://${IP}/admin/"
         exit 0
     else
         sleep 3

gh-actions-deploy.sh

@@ -1,73 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-# Github Actions Job for merging/deploying all architectures (post-test passing)
-. gh-actions-vars.sh
-
-function annotate() {
-    local base=$1
-    local image=$2
-    local arch=$3
-    local annotate_flags="${annotate_map[$arch]}"
-
-    $dry docker manifest annotate ${base} ${image} --os linux ${annotate_flags}
-}
-
-function create_manifest() {
-    local debian_version=$1
-    local images=()
-    cd "${debian_version}"
-
-    for arch in *; do
-        arch_image=$(cat "${arch}")
-        docker pull "${arch_image}"
-        images+=("${arch_image}")
-    done
-
-    multiarch_images=$(get_multiarch_images)
-    for docker_tag in ${multiarch_images}; do
-        docker manifest create ${docker_tag} ${images[*]}
-        for arch in *; do
-            arch_image=$(cat "${arch}")
-            annotate "${docker_tag}" "${arch_image}" "${arch}"
-        done
-
-        docker manifest inspect "${docker_tag}"
-        docker manifest push --purge "${docker_tag}"
-    done
-    cd ../
-}
-
-function get_multiarch_images() {
-    multiarch_images="${MULTIARCH_IMAGE}-${debian_version}"
-    if [[ "${debian_version}" == "${DEFAULT_DEBIAN_VERSION}" ]] ; then
-        # default debian version gets a non-debian tag as well as latest tag
-        multiarch_images="${multiarch_images} ${MULTIARCH_IMAGE} ${LATEST_IMAGE}"
-    fi
-    echo "${multiarch_images}"
-}
-
-
-# Keep in sync with build.yml names
-declare -A annotate_map=( 
-    ["amd64"]="--arch amd64" 
-    ["armel"]="--arch arm --variant v6" 
-    ["armhf"]="--arch arm --variant v7" 
-    ["arm64"]="--arch arm64 --variant v8"
-)
-
-mkdir -p ~/.docker
-export DOCKER_CLI_EXPERIMENTAL='enabled'
-echo "{}" | jq '.experimental="enabled"' | tee ~/.docker/config.json
-# I tried to keep this login command outside of this script
-# but for some reason auth would always fail in Github Actions.
-# I think setting up a cred store would fix it
-# https://docs.docker.com/engine/reference/commandline/login/#credentials-store
-echo "${DOCKERHUB_PASS}" | docker login --username="${DOCKERHUB_USER}" --password-stdin
-docker info
-
-ls -lat ./.gh-workspace/
-cd .gh-workspace
-
-for debian_version in *; do
-    create_manifest "${debian_version}"
-done

gh-actions-test.sh

@@ -1,31 +0,0 @@
-#!/usr/bin/env bash
-set -ex
-
-# Script ran by Github actions for tests
-#
-# @environment ${ARCH}              The architecture to build. Example: amd64.
-# @environment ${DEBIAN_VERSION}    Debian version to build. ('buster' or 'stretch').
-# @environment ${ARCH_IMAGE}        What the Docker Hub Image should be tagged as. Example: pihole/pihole:master-amd64-buster
-
-# setup qemu/variables
-docker run --rm --privileged multiarch/qemu-user-static:register --reset > /dev/null
-. gh-actions-vars.sh
-
-if [[ "$1" == "enter" ]]; then
-    enter="-it --entrypoint=sh"
-fi
-
-# generate and build dockerfile
-docker build --tag image_pipenv --file Dockerfile_build .
-docker run --rm \
-    --volume /var/run/docker.sock:/var/run/docker.sock \
-    --volume "$(pwd):/$(pwd)" \
-    --workdir "$(pwd)" \
-    --env PIPENV_CACHE_DIR="$(pwd)/.pipenv" \
-    --env ARCH="${ARCH}" \
-    --env ARCH_IMAGE="${ARCH_IMAGE}" \
-    --env DEBIAN_VERSION="${DEBIAN_VERSION}" \
-    ${enter} image_pipenv
-
-mkdir -p ".gh-workspace/${DEBIAN_VERSION}/"
-echo "${ARCH_IMAGE}" | tee "./.gh-workspace/${DEBIAN_VERSION}/${ARCH}"

gh-actions-vars.sh

@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-set -a
-
-# @environment ${ARCH}                    The architecture to build. Defaults to 'amd64'.
-# @environment ${DEBIAN_VERSION}          Debian version to build. Defaults to 'buster'.
-# @environment ${DOCKER_HUB_REPO}         The docker hub repo to tag images for. Defaults to 'pihole'.
-# @environment ${DOCKER_HUB_IMAGE_NAME}   The name of the resulting image. Defaults to 'pihole'.
-
-GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD | sed "s/\//-/g")
-GIT_TAG=$(git describe --tags --exact-match 2> /dev/null || true)
-
-DEFAULT_DEBIAN_VERSION="buster"
-
-if [[ -z "${ARCH}" ]]; then
-    ARCH="amd64"
-    echo "Defaulting arch to ${ARCH}"
-fi
-
-if [[ -z "${DEBIAN_VERSION}" ]]; then
-    DEBIAN_VERSION="${DEFAULT_DEBIAN_VERSION}"
-    echo "Defaulting DEBIAN_VERSION to ${DEBIAN_VERSION}"
-fi
-
-if [[ -z "${DOCKER_HUB_REPO}" ]]; then
-    DOCKER_HUB_REPO="pihole"
-    echo "Defaulting DOCKER_HUB_REPO to ${DOCKER_HUB_REPO}"
-fi
-
-if [[ -z "${DOCKER_HUB_IMAGE_NAME}" ]]; then
-    DOCKER_HUB_IMAGE_NAME="pihole"
-    echo "Defaulting DOCKER_HUB_IMAGE_NAME to ${DOCKER_HUB_IMAGE_NAME}"
-fi
-
-BASE_IMAGE="${DOCKER_HUB_REPO}/${DOCKER_HUB_IMAGE_NAME}"
-
-GIT_TAG="${GIT_TAG:-$GIT_BRANCH}"
-ARCH_IMAGE="${BASE_IMAGE}:${GIT_TAG}-${ARCH}-${DEBIAN_VERSION}"
-MULTIARCH_IMAGE="${BASE_IMAGE}:${GIT_TAG}"
-
-
-
-# To get latest released, cut a release on https://github.com/pi-hole/docker-pi-hole/releases (manually gated for quality control)
-latest_tag='UNKNOWN'
-if ! latest_tag=$(curl -sI https://github.com/pi-hole/docker-pi-hole/releases/latest | grep --color=never -i Location: | awk -F / '{print $NF}' | tr -d '[:cntrl:]'); then
-    print "Failed to retrieve latest docker-pi-hole release metadata"
-else
-    if [[ "${GIT_TAG}" == "${latest_tag}" ]] ; then
-        LATEST_IMAGE="${BASE_IMAGE}:latest"
-    fi
-fi
-
-
-set +a

install.sh

@@ -1,107 +0,0 @@
-#!/bin/bash -ex
-
-mkdir -p /etc/pihole/
-mkdir -p /var/run/pihole
-# Production tags with valid web footers
-export CORE_VERSION="$(cat /etc/docker-pi-hole-version)"
-export WEB_VERSION="${CORE_VERSION}"
-export PIHOLE_SKIP_OS_CHECK=true
-# Overwrite WEB_VERSION if core and web versions are different
-export WEB_VERSION="v5.3.2"
-
-# Only use for pre-production / testing
-export CHECKOUT_BRANCHES=false
-# Search for release/* branch naming convention for custom checkouts
-if [[ "$CORE_VERSION" == *"release/"* ]] ; then
-    CHECKOUT_BRANCHES=true
-fi
-
-apt-get update
-apt-get install --no-install-recommends -y curl procps ca-certificates
-# curl in armhf-buster's image has SSL issues. Running c_rehash fixes it.
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479
-c_rehash
-ln -s `which echo` /usr/local/bin/whiptail
-curl -L -s $S6OVERLAY_RELEASE | tar xvzf - -C /
-mv /init /s6-init
-
-# debconf-apt-progress seems to hang so get rid of it too
-which debconf-apt-progress
-mv "$(which debconf-apt-progress)" /bin/no_debconf-apt-progress
-
-# Get the install functions
-curl https://raw.githubusercontent.com/pi-hole/pi-hole/${CORE_VERSION}/automated%20install/basic-install.sh > "$PIHOLE_INSTALL"
-PH_TEST=true . "${PIHOLE_INSTALL}"
-
-# Preseed variables to assist with using --unattended install
-{
-  echo "PIHOLE_INTERFACE=eth0"
-  echo "IPV4_ADDRESS=0.0.0.0"
-  echo "IPV6_ADDRESS=0:0:0:0:0:0"
-  echo "PIHOLE_DNS_1=8.8.8.8"
-  echo "PIHOLE_DNS_2=8.8.4.4"
-  echo "QUERY_LOGGING=true"
-  echo "INSTALL_WEB_SERVER=true"
-  echo "INSTALL_WEB_INTERFACE=true"
-  echo "LIGHTTPD_ENABLED=true"
-}>> "${setupVars}"
-source $setupVars
-
-export USER=pihole
-distro_check
-
-# fix permission denied to resolvconf post-inst /etc/resolv.conf moby/moby issue #1297
-apt-get -y install debconf-utils
-echo resolvconf resolvconf/linkify-resolvconf boolean false | debconf-set-selections
-
-ln -s /bin/true /usr/local/bin/service
-bash -ex "./${PIHOLE_INSTALL}" --unattended
-rm /usr/local/bin/service
-
-# IPv6 support for nc openbsd better than traditional
-apt-get install -y --force-yes netcat-openbsd
-
-fetch_release_metadata() {
-    local directory="$1"
-    local version="$2"
-    pushd "$directory"
-    git fetch -t
-    git remote set-branches origin '*'
-    git fetch --depth 10
-    git checkout master
-    git reset --hard "$version"
-    popd
-}
-
-if [[ $CHECKOUT_BRANCHES == true ]] ; then
-    ln -s /bin/true /usr/local/bin/service
-    ln -s /bin/true /usr/local/bin/update-rc.d
-    echo "${CORE_VERSION}" | sudo tee /etc/pihole/ftlbranch
-    echo y | bash -x pihole checkout core ${CORE_VERSION}
-    echo y | bash -x pihole checkout web ${WEB_VERSION}
-    # echo y | bash -x pihole checkout ftl ${CORE_VERSION}
-    # If the v is forgotten: ${CORE_VERSION/v/}
-    unlink /usr/local/bin/service
-    unlink /usr/local/bin/update-rc.d
-else
-    # Reset to our tags so version numbers get detected correctly
-    fetch_release_metadata "${PI_HOLE_LOCAL_REPO}" "${CORE_VERSION}"
-    fetch_release_metadata "${webInterfaceDir}" "${WEB_VERSION}"
-fi
-
-# FTL Armel fix not in prod yet
-# Remove once https://github.com/pi-hole/pi-hole/commit/3fbb0ac8dde14b8edc1982ae3a2a021f3cf68477 is in master
-if [[ "$ARCH" == 'armel' ]]; then
-    curl -o /usr/bin/pihole-FTL https://ftl.pi-hole.net/development/pihole-FTL-armel-native
-fi
-
-sed -i 's/readonly //g' /opt/pihole/webpage.sh
-sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
-
-# Replace the call to `updatePiholeFunc` in arg parse with new `unsupportedFunc`
-sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
-sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
-
-touch /.piholeFirstBoot
-
-echo 'Docker install successful'

requirements.txt

@@ -1,53 +0,0 @@
-apipkg==1.5
-atomicwrites==1.3.0
-attrs==19.3.0
-backports.shutil-get-terminal-size==1.0.0
-backports.ssl-match-hostname==3.7.0.1
-bcrypt==3.1.7
-cached-property==1.5.1
-certifi==2019.11.28
-cffi==1.13.2
-chardet==3.0.4
-configparser==4.0.2
-contextlib2==0.6.0.post1
-coverage==5.0.1
-cryptography==2.8
-docker==4.1.0
-dockerpty==0.4.1
-docopt==0.6.2
-enum34==1.1.6
-execnet==1.7.1
-filelock==3.0.12
-funcsigs==1.0.2
-idna==2.8
-importlib-metadata==1.3.0
-ipaddress==1.0.23
-Jinja2==2.10.3
-jsonschema==3.2.0
-MarkupSafe==1.1.1
-more-itertools==5.0.0
-packaging==19.2
-pathlib2==2.3.5
-pluggy==0.13.1
-py==1.8.1
-pycparser==2.19
-pyparsing==2.4.6
-pyrsistent==0.15.6
-pytest==4.6.8
-pytest-cov==2.8.1
-pytest-forked==1.1.3
-pytest-xdist==1.31.0
-PyYAML==5.2
-requests==2.22.0
-scandir==1.10.0
-six==1.13.0
-subprocess32==3.5.4
-testinfra==3.3.0
-texttable==1.6.2
-toml==0.10.0
-tox==3.14.3
-urllib3==1.25.7
-virtualenv==16.7.9
-wcwidth==0.1.7
-websocket-client==0.57.0
-zipp==0.6.0

s6/debian-root/etc/cont-init.d/20-start.sh

@@ -1,26 +0,0 @@
-#!/usr/bin/with-contenv bash
-set -e
-
-bashCmd='bash -e'
-if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then 
-    set -x ;
-    bashCmd='bash -e -x'
-fi
-
-# used to start dnsmasq here for gravity to use...now that conflicts port 53
-
-$bashCmd /start.sh
-# Gotta go fast, no time for gravity
-if [ -n "$PYTEST" ]; then 
-    sed -i 's/^gravity_spinup$/#gravity_spinup # DISABLED FOR PYTEST/g' "$(which gravity.sh)" 
-fi
-if [ -z "$SKIPGRAVITYONBOOT" ]; then
-    gravity.sh
-else
-    echo "  Skipping Gravity Database Update."
-fi
-
-# Kill dnsmasq because s6 won't like it if it's running when s6 services start
-kill -9 $(pgrep pihole-FTL) || true
-
-pihole -v

s6/debian-root/etc/fix-attrs.d/01-resolver-resolv

@@ -1 +0,0 @@
-/etc/resolv.conf false doesntexist,0:1000 0664 0664

s6/debian-root/etc/services.d/cron/run

@@ -1,5 +0,0 @@
-#!/usr/bin/with-contenv bash
-s6-echo "Starting crond"
-
-exec -c
-fdmove -c 2 1 /usr/sbin/cron -f

s6/debian-root/etc/services.d/lighttpd/finish

@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Stopping lighttpd"
-killall -9 lighttpd

s6/debian-root/etc/services.d/lighttpd/run

@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Starting lighttpd"
-lighttpd -D -f /etc/lighttpd/lighttpd.conf

s6/debian-root/etc/services.d/pihole-FTL/finish

@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Stopping pihole-FTL"
-kill -9 $(pgrep pihole-FTL)

s6/debian-root/etc/services.d/pihole-FTL/run

@@ -1,9 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-s6-echo "Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
-s6-setuidgid ${DNSMASQ_USER} pihole-FTL $FTL_CMD >/dev/null 2>&1
-
-# Notes on above:
-# - DNSMASQ_USER default of root is in Dockerfile & can be overwritten by runtime container env
-# - /var/log/pihole*.log has FTL's output that no-daemon would normally print in FG too
-#   prevent duplicating it in docker logs by sending to dev null

s6/debian-root/usr/bin/host-ip

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-#
-# This script will determine the network IP of the container.
-#
-# Return format should be a single IP address.
-#
-
-# Default to using the value of the $HOSTNAME ENV variable.
-getent hosts ${1:-$HOSTNAME} | awk '{print $1}'

s6/debian-root/usr/bin/set-contenv

@@ -1,12 +0,0 @@
-#!/usr/bin/execlineb -S0
-
-if { s6-test $# -eq 2 }
-
-backtick -in FILENAME {
-    pipeline { s6-echo "${1}" }
-    tr "a-z" "A-Z"
-}
-import -u FILENAME
-
-redirfd -w 1 /var/run/s6/container_environment/${FILENAME}
-s6-echo -n -- ${2}

s6/service

@@ -1,30 +0,0 @@
-#!/bin/bash
-# This script patches all service commands into the appropriate s6- commands
-# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
-start() {
-    s6-svc -wU -u -T2500 /var/run/s6/services/$service
-}
-
-stop() {
-    s6-svc -wD -d -T2500 /var/run/s6/services/$service
-}
-
-restart() {
-    stop
-    start
-    #s6-svc -t -wR -T5000 /var/run/s6/services/$service
-}
-
-status() {
-    s6-svstat /var/run/s6/services/$service
-}
-
-service="$1"
-command="$2"
-
-if [[ ! -d "/var/run/s6/services/$service" ]] ; then
-    echo "s6 service not found for $service, exiting..."
-    exit
-fi;
-
-${command} "${service}"

s6/timeout

@@ -1,15 +0,0 @@
-#!/bin/bash
-# A shim to make busybox timeout take in debian style args
-# v1 only need support for this style: `timeout 1 getent hosts github.com`
-
-# Busybox args:
-#   Usage: timeout [-t SECS] [-s SIG] PROG ARGS
-# Debian args:
-#   Usage: timeout [OPTION] DURATION COMMAND [ARG]...
-#     or:  timeout [OPTION]
-
-TIMEOUT=/usr/bin/timeout
-SECS="${1}"
-ARGS="${@:2}"
-
-$TIMEOUT -t $SECS $ARGS

setup.py

@@ -1,6 +0,0 @@
-from setuptools import setup
-
-setup(
-    setup_requires=['pytest-runner'],
-    tests_require=['pytest'],
-)

src/Dockerfile

@@ -0,0 +1,40 @@
+ARG PIHOLE_BASE
+FROM "${PIHOLE_BASE:-ghcr.io/pi-hole/docker-pi-hole-base:bullseye-slim}"
+
+ARG PIHOLE_DOCKER_TAG
+RUN echo "${PIHOLE_DOCKER_TAG}" > /pihole.docker.tag
+
+ENTRYPOINT [ "/s6-init" ]
+
+COPY s6/debian-root /
+COPY s6/service /usr/local/bin/service
+
+RUN bash -ex install.sh 2>&1 && \
+    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
+
+# php config start passes special ENVs into
+ARG PHP_ENV_CONFIG
+ENV PHP_ENV_CONFIG /etc/lighttpd/conf-enabled/15-fastcgi-php.conf
+ARG PHP_ERROR_LOG
+ENV PHP_ERROR_LOG /var/log/lighttpd/error-pihole.log
+
+# IPv6 disable flag for networks/devices that do not support it
+ENV IPv6 True
+
+EXPOSE 53 53/udp
+EXPOSE 67/udp
+EXPOSE 80
+
+ENV S6_KEEP_ENV 1
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS 2
+ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME 0
+
+ENV FTLCONF_LOCAL_IPV4 0.0.0.0
+ENV FTL_CMD no-daemon
+ENV DNSMASQ_USER pihole
+
+ENV PATH /opt/pihole:${PATH}
+
+HEALTHCHECK CMD dig +short +norecurse +retry=0 @127.0.0.1 pi.hole || exit 1
+
+SHELL ["/bin/bash", "-c"]

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/type

@@ -0,0 +1 @@
+oneshot

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_postFTL/up

@@ -0,0 +1,2 @@
+#!/command/execlineb
+background { bash -e /usr/local/bin/_postFTL.sh }

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/type

@@ -0,0 +1 @@
+oneshot

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_startup/up

@@ -0,0 +1,2 @@
+#!/command/execlineb
+foreground { bash -e /usr/local/bin/_startup.sh }

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/type

@@ -0,0 +1 @@
+oneshot

src/s6/debian-root/etc/s6-overlay/s6-rc.d/_uid-gid-changer/up

@@ -0,0 +1,2 @@
+#!/command/execlineb
+foreground { bash -e /usr/local/bin/_uid-gid-changer.sh }

src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/finish

@@ -1,4 +1,4 @@
-#!/usr/bin/with-contenv bash
+#!/command/with-contenv bash
 
 s6-echo "Stopping cron"
 killall -9 cron

src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/run

@@ -0,0 +1,3 @@
+#!/command/with-contenv bash
+exec -c
+fdmove -c 2 1 /usr/sbin/cron -f

src/s6/debian-root/etc/s6-overlay/s6-rc.d/cron/type

@@ -0,0 +1 @@
+longrun

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/finish

@@ -0,0 +1,8 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd-access-log"
+pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+access\.log" |cut -f1 -d" ")
+if [[ -n ${pid} ]]; then
+  kill -9 ${pid}
+fi
+s6-echo "Stopped lighttpd-access-log"

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/run

@@ -0,0 +1,5 @@
+#!/command/with-contenv bash
+
+s6-echo "Starting lighttpd-access-log"
+
+s6-setuidgid www-data cat /var/log/lighttpd/access-pihole.log 2>&1

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-access-log/type

@@ -0,0 +1 @@
+longrun

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/finish

@@ -0,0 +1,8 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd-error-log"
+pid=$(ps -C cat -o pid=,args= |grep -oP "([0-9]+).+error\.log" |cut -f1 -d" ")
+if [[ -n ${pid} ]]; then
+  kill -9 ${pid}
+fi
+s6-echo "Stopped lighttpd-error-log"

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/run

@@ -0,0 +1,5 @@
+#!/command/with-contenv bash
+
+s6-echo "Starting lighttpd-error-log"
+
+s6-setuidgid www-data cat /var/log/lighttpd/error-pihole.log 2>&1

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd-error-log/type

@@ -0,0 +1 @@
+longrun

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/finish

@@ -0,0 +1,6 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping lighttpd"
+service lighttpd-access-log stop
+service lighttpd-error-log stop
+killall -9 lighttpd

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/run

@@ -0,0 +1,34 @@
+#!/command/with-contenv bash
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+if [[ 1 -eq ${WEBLOGS_STDOUT:-0} ]]; then
+  #lighthttpd cannot use /dev/stdout https://redmine.lighttpd.net/issues/2731
+  for fi in /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
+  do
+    if [[ ! -p ${fi} ]]; then
+      rm -f ${fi}
+      mkfifo -m 600 ${fi}
+    fi
+  done
+  chown -R www-data:www-data /var/log/lighttpd
+  service lighttpd-access-log start
+  service lighttpd-error-log start
+  sleep 2
+else
+  #remove fifo if exists
+  [[ -p /var/log/lighttpd/access-pihole.log ]] && rm -Rf /var/log/lighttpd/access-pihole.log
+  [[ -p  /var/log/lighttpd/error-pihole.log ]] && rm -Rf /var/log/lighttpd/error-pihole.log
+
+  # install /dev/null log files to ensure they exist (create if non-existing, preserve if existing)
+  [[ ! -f /var/log/lighttpd/access-pihole.log ]] && install /dev/null /var/log/lighttpd/access-pihole.log
+  [[ ! -f  /var/log/lighttpd/error-pihole.log ]] && install /dev/null /var/log/lighttpd/error-pihole.log
+
+  # Ensure that permissions are set so that lighttpd can write to the logs
+  chown -R www-data:www-data /var/log/lighttpd
+  chmod 0644 /var/log/lighttpd/access-pihole.log /var/log/lighttpd/error-pihole.log
+fi
+
+lighttpd -D -f /etc/lighttpd/lighttpd.conf

src/s6/debian-root/etc/s6-overlay/s6-rc.d/lighttpd/type

@@ -0,0 +1 @@
+longrun

src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/finish

@@ -0,0 +1,4 @@
+#!/command/with-contenv bash
+
+s6-echo "Stopping pihole-FTL"
+killall -15 pihole-FTL

src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/run

@@ -0,0 +1,47 @@
+#!/command/with-contenv bash
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+# Remove possible leftovers from previous pihole-FTL processes
+rm -f /dev/shm/FTL-* 2> /dev/null
+rm /run/pihole/FTL.sock 2> /dev/null
+
+# install /dev/null files to ensure they exist (create if non-existing, preserve if existing)
+mkdir -pm 0755 /run/pihole /var/log/pihole
+[[ ! -f /run/pihole-FTL.pid ]] && install /dev/null /run/pihole-FTL.pid
+[[ ! -f /var/log/pihole/FTL.log ]] && install /dev/null /var/log/pihole/FTL.log
+[[ ! -f /var/log/pihole/pihole.log ]] && install /dev/null /var/log/pihole/pihole.log
+[[ ! -f /etc/pihole/dhcp.leases ]] && install /dev/null /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit all necessary files
+chown pihole:pihole /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases /run/pihole /etc/pihole
+chmod 0644 /run/pihole-FTL.pid /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
+
+# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
+chmod -f 0644 /etc/pihole/macvendor.db
+# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
+chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
+# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
+chmod -f 0664 /etc/pihole/pihole-FTL.db
+
+# Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
+# Should be removed with Pi-hole v6.0
+if [ ! -f /var/log/pihole.log ]; then
+    ln -s /var/log/pihole/pihole.log /var/log/pihole.log
+    chown -h pihole:pihole /var/log/pihole.log
+
+fi
+if [ ! -f /var/log/pihole-FTL.log ]; then
+    ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
+    chown -h pihole:pihole /var/log/pihole-FTL.log
+fi
+
+# Call capsh with the detected capabilities
+capsh --inh=${CAP_STR:1} --addamb=${CAP_STR:1} --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null 2>&1"
+
+# Notes on above:
+# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
+# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
+#   prevent duplicating it in docker logs by sending to dev null

src/s6/debian-root/etc/s6-overlay/s6-rc.d/pihole-FTL/type

@@ -0,0 +1 @@
+longrun

src/s6/debian-root/usr/local/bin/_postFTL.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# This script contains function calls and lines that may rely on pihole-FTL to be running, it is run as part of a oneshot service on container startup
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+gravityDBfile="/etc/pihole/gravity.db"
+config_file="/etc/pihole/pihole-FTL.conf"
+# make a point to mention which config file we're checking, as breadcrumb to revisit if/when pihole-FTL.conf is succeeded by TOML
+echo "  Checking if custom gravity.db is set in ${config_file}"
+if [[ -f "${config_file}" ]]; then
+    gravityDBfile="$(grep --color=never -Po "^GRAVITYDB=\K.*" "${config_file}" 2> /dev/null || echo "/etc/pihole/gravity.db")"
+fi
+
+if [ -z "$SKIPGRAVITYONBOOT" ] || [ ! -f "${gravityDBfile}" ]; then
+    if [ -n "$SKIPGRAVITYONBOOT" ];then
+        echo "  SKIPGRAVITYONBOOT is set, however ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
+        echo "  Ignoring SKIPGRAVITYONBOOT on this occaision."
+    fi
+    pihole -g
+else
+    echo "  Skipping Gravity Database Update."
+fi
+
+# Run update checker to check for newer container, and display version output
+echo ""
+pihole updatechecker
+pihole -v
+
+DOCKER_TAG=$(cat /pihole.docker.tag)
+echo "  Container tag is: ${DOCKER_TAG}"
+echo ""

src/s6/debian-root/usr/local/bin/_startup.sh

@@ -0,0 +1,74 @@
+#!/bin/bash -e
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+# The below functions are all contained in bash_functions.sh
+# shellcheck source=/dev/null
+. /usr/local/bin/bash_functions.sh
+
+# shellcheck source=/dev/null
+SKIP_INSTALL=true . /etc/.pihole/automated\ install/basic-install.sh
+
+echo "  [i] Starting docker specific checks & setup for docker pihole/pihole"
+
+# TODO:
+#if [ ! -f /.piholeFirstBoot ] ; then
+#    echo "   [i] Not first container startup so not running docker's setup, re-create container to run setup again"
+#else
+#    regular_setup_functions
+#fi
+
+# Initial checks
+# ===========================
+fix_capabilities
+validate_env || exit 1
+ensure_basic_configuration
+
+# Web interface setup
+# ===========================
+setup_web_port
+load_web_password_secret
+setup_web_password
+setup_web_theme
+setup_web_temp_unit
+setup_web_layout
+setup_web_php_env
+
+# lighttpd setup
+# ===========================
+setup_ipv4_ipv6
+setup_lighttpd_bind
+
+# Misc Setup
+# ===========================
+setup_blocklists
+
+# FTL setup
+# ===========================
+setup_FTL_upstream_DNS
+[[ -n "${DHCP_ACTIVE}" && ${DHCP_ACTIVE} == "true" ]] && echo "Setting DHCP server" && setup_FTL_dhcp
+apply_FTL_Configs_From_Env
+setup_FTL_User
+setup_FTL_Interface
+setup_FTL_ListeningBehaviour
+setup_FTL_CacheSize
+setup_FTL_query_logging
+setup_FTL_server || true
+[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
+[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
+[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
+# The following must be called last! It will source setupVars.conf and override any env vars users pass in before they have been applied
+setup_FTL_ProcessDNSSettings
+
+test_configs
+
+[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
+
+echo "  [i] Docker start setup complete"
+echo ""
+
+
+echo "  [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}"
+echo ""

src/s6/debian-root/usr/local/bin/_uid-gid-changer.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+    set -x ;
+fi
+
+modifyUser()
+{
+  declare username=${1:-} newId=${2:-}
+  [[ -z ${username} || -z ${newId} ]] && return
+
+  local currentId=$(id -u ${username})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "  [i] Changing ID for user: ${username} (${currentId} => ${newId})"
+  usermod -o -u ${newId} ${username}
+}
+
+modifyGroup()
+{
+  declare groupname=${1:-} newId=${2:-}
+  [[ -z ${groupname} || -z ${newId} ]] && return
+
+  local currentId=$(id -g ${groupname})
+  [[ ${currentId} -eq ${newId} ]] && return
+
+  echo "  [i] Changing ID for group: ${groupname} (${currentId} => ${newId})"
+  groupmod -o -g ${newId} ${groupname}
+}
+
+modifyUser www-data ${WEB_UID}
+modifyGroup www-data ${WEB_GID}
+modifyUser pihole ${PIHOLE_UID}
+modifyGroup pihole ${PIHOLE_GID}

src/s6/debian-root/usr/local/bin/bash_functions.sh

@@ -0,0 +1,523 @@
+#!/bin/bash
+
+# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE,
+# else it will get overridden itself when we source basic-install.sh
+[ -n "${QUERY_LOGGING}" ] && export QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
+
+# Legacy Env Vars preserved for backwards compatibility - convert them to FTLCONF_ equivalents
+[ -n "${ServerIP}" ] && echo "ServerIP is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$ServerIP"
+[ -n "${ServerIPv6}" ] && echo "ServerIPv6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$ServerIPv6"
+
+# Previously used FTLCONF_ equivalent has since been deprecated, also convert this one
+[ -n "${FTLCONF_REPLY_ADDR4}" ] && echo "FTLCONF_REPLY_ADDR4 is deprecated. Converting to FTLCONF_LOCAL_IPV4" && export "FTLCONF_LOCAL_IPV4"="$FTLCONF_REPLY_ADDR4"
+[ -n "${FTLCONF_REPLY_ADDR6}" ] && echo "FTLCONF_REPLY_ADDR6 is deprecated. Converting to FTLCONF_LOCAL_IPV6" && export "FTLCONF_LOCAL_IPV6"="$FTLCONF_REPLY_ADDR6"
+
+# Some of the bash_functions use utilities from Pi-hole's utils.sh
+# shellcheck disable=SC2154
+# shellcheck source=/dev/null
+. /opt/pihole/utils.sh
+
+export setupVars="/etc/pihole/setupVars.conf"
+export FTLconf="/etc/pihole/pihole-FTL.conf"
+export dnsmasqconfig="/etc/dnsmasq.d/01-pihole.conf"
+export adlistFile="/etc/pihole/adlists.list"
+
+change_setting() {
+    addOrEditKeyValPair "${setupVars}" "${1}" "${2}"
+}
+
+changeFTLsetting() {
+    addOrEditKeyValPair "${FTLconf}" "${1}" "${2}"
+}
+
+fix_capabilities() {
+    # Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
+    # Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep
+    # FTL can also use CAP_NET_ADMIN and CAP_SYS_NICE. If we try to set them when they haven't been explicitly enabled, FTL will not start. Test for them first:
+    echo "  [i] Setting capabilities on pihole-FTL where possible"
+    /sbin/capsh --has-p=cap_chown 2>/dev/null && CAP_STR+=',CAP_CHOWN'
+    /sbin/capsh --has-p=cap_net_bind_service 2>/dev/null && CAP_STR+=',CAP_NET_BIND_SERVICE'
+    /sbin/capsh --has-p=cap_net_raw 2>/dev/null && CAP_STR+=',CAP_NET_RAW'
+    /sbin/capsh --has-p=cap_net_admin 2>/dev/null && CAP_STR+=',CAP_NET_ADMIN' || DHCP_READY='false'
+    /sbin/capsh --has-p=cap_sys_nice 2>/dev/null && CAP_STR+=',CAP_SYS_NICE'
+
+    if [[ ${CAP_STR} ]]; then
+        # We have the (some of) the above caps available to us - apply them to pihole-FTL
+        echo "  [i] Applying the following caps to pihole-FTL:"
+        IFS=',' read -ra CAPS <<< "${CAP_STR:1}"
+        for i in "${CAPS[@]}"; do
+            echo "        * ${i}"
+        done
+
+        setcap ${CAP_STR:1}+ep "$(which pihole-FTL)" || ret=$?
+
+        if [[ $DHCP_READY == false ]] && [[ $DHCP_ACTIVE == true ]]; then
+            # DHCP is requested but NET_ADMIN is not available.
+            echo "ERROR: DHCP requested but NET_ADMIN is not available. DHCP will not be started."
+            echo "      Please add cap_net_admin to the container's capabilities or disable DHCP."
+            DHCP_ACTIVE='false'
+            change_setting "DHCP_ACTIVE" "false"
+        fi
+
+        if [[ $ret -ne 0 && "${DNSMASQ_USER:-pihole}" != "root" ]]; then
+            echo "  [!] ERROR: Unable to set capabilities for pihole-FTL. Cannot run as non-root."
+            echo "            If you are seeing this error, please set the environment variable 'DNSMASQ_USER' to the value 'root'"
+            exit 1
+        fi
+    else
+        echo "  [!] WARNING: Unable to set capabilities for pihole-FTL."
+        echo "              Please ensure that the container has the required capabilities."
+        exit 1
+    fi
+}
+
+
+# shellcheck disable=SC2034
+ensure_basic_configuration() {
+    echo "  [i] Ensuring basic configuration by re-running select functions from basic-install.sh"
+    # Set Debian webserver variables for installConfigs
+    LIGHTTPD_USER="www-data"
+    LIGHTTPD_GROUP="www-data"
+    LIGHTTPD_CFG="lighttpd.conf.debian"
+    installConfigs
+    installLogrotate || true #installLogRotate can return 2 or 3, but we are still OK to continue in that case
+
+    if [ ! -f "${setupVars}" ]; then
+        install -m 644 /dev/null "${setupVars}"
+        echo "  [i] Creating empty ${setupVars} file."
+        # The following setting needs to exist else the web interface version won't show in pihole -v
+        change_setting "INSTALL_WEB_INTERFACE" "true"
+    fi
+
+    set +e
+    mkdir -p /var/run/pihole /var/log/pihole
+    touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
+
+    chown pihole:root /etc/lighttpd
+
+    # In case of `pihole` UID being changed, re-chown the pihole scripts and pihole command
+    chown -R pihole:root "${PI_HOLE_INSTALL_DIR}"
+    chown pihole:root "${PI_HOLE_BIN_DIR}/pihole"
+
+    set -e
+    # Re-write all of the setupVars to ensure required ones are present (like QUERY_LOGGING)
+
+    # If the setup variable file exists,
+    if [[ -e "${setupVars}" ]]; then
+        cp -f "${setupVars}" "${setupVars}.update.bak"
+    fi
+
+    # Remove any existing macvendor.db and replace it with a symblink to the one moved to the root directory (see install.sh)
+    if [[ -f "/etc/pihole/macvendor.db" ]]; then
+        rm /etc/pihole/macvendor.db
+    fi
+    ln -s /macvendor.db /etc/pihole/macvendor.db
+
+    # When fresh empty directory volumes are used then we need to create this file
+    if [ ! -f /etc/dnsmasq.d/01-pihole.conf ] ; then
+        cp /etc/.pihole/advanced/01-pihole.conf /etc/dnsmasq.d/
+    fi;
+
+    # setup_or_skip_gravity
+}
+
+validate_env() {
+    # Optional FTLCONF_LOCAL_IPV4 is a valid IP
+    # nc won't throw any text based errors when it times out connecting to a valid IP, otherwise it complains about the DNS name being garbage
+    # if nc doesn't behave as we expect on a valid IP the routing table should be able to look it up and return a 0 retcode
+    if [[ "$(nc -4 -w1 -z "$FTLCONF_LOCAL_IPV4" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV4" > /dev/null ; then
+        echo "ERROR: FTLCONF_LOCAL_IPV4 Environment variable ($FTLCONF_LOCAL_IPV4) doesn't appear to be a valid IPv4 address"
+        exit 1
+    fi
+
+    # Optional IPv6 is a valid address
+    if [[ -n "$FTLCONF_LOCAL_IPV6" ]] ; then
+        if [[ "$FTLCONF_LOCAL_IPV6" == 'kernel' ]] ; then
+            echo "  [!] ERROR: You passed in IPv6 with a value of 'kernel', this maybe because you do not have IPv6 enabled on your network"
+            unset FTLCONF_LOCAL_IPV6
+            exit 1
+        fi
+        if [[ "$(nc -6 -w1 -z "$FTLCONF_LOCAL_IPV6" 53 2>&1)" != "" ]] && ! ip route get "$FTLCONF_LOCAL_IPV6" > /dev/null ; then
+            echo "  [!] ERROR: FTLCONF_LOCAL_IPV6 Environment variable ($FTLCONF_LOCAL_IPV6) doesn't appear to be a valid IPv6 address"
+            echo "        TIP: If your server is not IPv6 enabled just remove '-e FTLCONF_LOCAL_IPV6' from your docker container"
+            exit 1
+        fi
+    fi;
+}
+
+setup_FTL_User(){
+    # Run DNSMASQ as root user to avoid SHM permission issues
+    if grep -r -q '^\s*user=' /etc/dnsmasq.* ; then
+        # Change user that had been set previously to root
+        for f in $(grep -r -l '^\s*user=' /etc/dnsmasq.*); do
+            sed -i "/^\s*user=/ c\user=${DNSMASQ_USER}" "${f}"
+        done
+    else
+      echo -e "\nuser=${DNSMASQ_USER}" >> /etc/dnsmasq.conf
+    fi
+}
+
+setup_FTL_Interface(){
+    local interface="${INTERFACE:-eth0}"
+
+    # Set the interface for FTL to listen on
+    local interfaceType='default'
+    if [ "$interface" != 'eth0' ] ; then
+      interfaceType='custom'
+    fi;
+    echo "  [i] FTL binding to $interfaceType interface: $interface"
+    change_setting "PIHOLE_INTERFACE" "${interface}"
+}
+
+setup_FTL_ListeningBehaviour(){
+    if [ -n "$DNSMASQ_LISTENING" ]; then
+      change_setting "DNSMASQ_LISTENING" "${DNSMASQ_LISTENING}"
+    fi;
+}
+
+setup_FTL_CacheSize() {
+    local warning="  [i] WARNING: CUSTOM_CACHE_SIZE not used"
+    local dnsmasq_pihole_01_location="/etc/dnsmasq.d/01-pihole.conf"
+    # Quietly exit early for empty or default
+    if [[ -z "${CUSTOM_CACHE_SIZE}" || "${CUSTOM_CACHE_SIZE}" == '10000' ]] ; then return ; fi
+
+    if [[ "${DNSSEC}" == "true" ]] ; then
+        echo "$warning - Cannot change cache size if DNSSEC is enabled"
+        return
+    fi
+
+    if ! echo "$CUSTOM_CACHE_SIZE" | grep -q '^[0-9]*$' ; then
+        echo "$warning - $CUSTOM_CACHE_SIZE is not an integer"
+        return
+    fi
+
+    local -i custom_cache_size="$CUSTOM_CACHE_SIZE"
+    if (( custom_cache_size < 0 )); then
+        echo "$warning - $custom_cache_size is not a positive integer or zero"
+        return
+    fi
+    echo "  [i] Custom CUSTOM_CACHE_SIZE set to $custom_cache_size"
+
+    change_setting "CACHE_SIZE" "$custom_cache_size"
+    sed -i "s/^cache-size=\s*[0-9]*/cache-size=$custom_cache_size/" ${dnsmasq_pihole_01_location}
+}
+
+apply_FTL_Configs_From_Env(){
+    # Get all exported environment variables starting with FTLCONF_ as a prefix and call the changeFTLsetting
+    # function with the environment variable's suffix as the key. This allows applying any pihole-FTL.conf
+    # setting defined here: https://docs.pi-hole.net/ftldns/configfile/
+    declare -px | grep FTLCONF_ | sed -E 's/declare -x FTLCONF_([^=]+)=\"(.+)\"/\1 \2/' | while read -r name value
+    do
+        echo "  [i] Applying pihole-FTL.conf setting $name=$value"
+        changeFTLsetting "$name" "$value"
+    done
+}
+
+setup_FTL_dhcp() {
+  if [ -z "${DHCP_START}" ] || [ -z "${DHCP_END}" ] || [ -z "${DHCP_ROUTER}" ]; then
+    echo "  [!] ERROR: Won't enable DHCP server because mandatory Environment variables are missing: DHCP_START, DHCP_END and/or DHCP_ROUTER"
+    change_setting "DHCP_ACTIVE" "false"
+  else
+    change_setting "DHCP_ACTIVE" "${DHCP_ACTIVE}"
+    change_setting "DHCP_START" "${DHCP_START}"
+    change_setting "DHCP_END" "${DHCP_END}"
+    change_setting "DHCP_ROUTER" "${DHCP_ROUTER}"
+    change_setting "DHCP_LEASETIME" "${DHCP_LEASETIME}"
+    change_setting "PIHOLE_DOMAIN" "${PIHOLE_DOMAIN}"
+    change_setting "DHCP_IPv6" "${DHCP_IPv6}"
+    change_setting "DHCP_rapid_commit" "${DHCP_rapid_commit}"
+  fi
+}
+
+setup_FTL_query_logging(){
+    if [ "${QUERY_LOGGING_OVERRIDE}" == "false" ]; then
+        echo "  [i] Disabling Query Logging"
+        change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE"
+        removeKey "${dnsmasqconfig}" log-queries
+    else
+        # If it is anything other than false, set it to true
+        change_setting "QUERY_LOGGING" "true"
+        # Set pihole logging on for good measure
+        echo "  [i] Enabling Query Logging"
+        addKey "${dnsmasqconfig}" log-queries
+    fi
+
+}
+
+setup_FTL_server(){
+    [ -n "${REV_SERVER}" ] && change_setting "REV_SERVER" "$REV_SERVER"
+    [ -n "${REV_SERVER_DOMAIN}" ] && change_setting "REV_SERVER_DOMAIN" "$REV_SERVER_DOMAIN"
+    [ -n "${REV_SERVER_TARGET}" ] && change_setting "REV_SERVER_TARGET" "$REV_SERVER_TARGET"
+    [ -n "${REV_SERVER_CIDR}" ] && change_setting "REV_SERVER_CIDR" "$REV_SERVER_CIDR"
+
+    if [ -z "$REV_SERVER" ];then
+        # If the REV_SERVER* variables are set, then there is no need to add these.
+        # If it is not set, then adding these variables is fine, and they will be converted by the Pi-hole install script
+        [ -n "${CONDITIONAL_FORWARDING}" ] && change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
+        [ -n "${CONDITIONAL_FORWARDING_IP}" ] && change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
+        [ -n "${CONDITIONAL_FORWARDING_DOMAIN}" ] && change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
+        [ -n "${CONDITIONAL_FORWARDING_REVERSE}" ] && change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
+    fi
+}
+
+setup_FTL_upstream_DNS(){
+    if [ -z "${PIHOLE_DNS_}" ]; then
+        # For backward compatibility, if DNS1 and/or DNS2 are set, but PIHOLE_DNS_ is not, convert them to
+        # a semi-colon delimited string and store in PIHOLE_DNS_
+        # They are not used anywhere if PIHOLE_DNS_ is set already
+        [ -n "${DNS1}" ] && echo "  [i] Converting DNS1 to PIHOLE_DNS_" && PIHOLE_DNS_="$DNS1"
+        [[ -n "${DNS2}" && "${DNS2}" != "no" ]] && echo "  [i] Converting DNS2 to PIHOLE_DNS_" && PIHOLE_DNS_="$PIHOLE_DNS_;$DNS2"
+    fi
+
+    # Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config
+    if [ -n "${PIHOLE_DNS_}" ]; then
+        echo "  [i] Setting DNS servers based on PIHOLE_DNS_ variable"
+        # Remove any PIHOLE_DNS_ entries from setupVars.conf, if they exist
+        sed -i '/PIHOLE_DNS_/d' /etc/pihole/setupVars.conf
+        # Split into an array (delimited by ;)
+        # Loop through and add them one by one to setupVars.conf
+        IFS=";" read -r -a PIHOLE_DNS_ARR <<< "${PIHOLE_DNS_}"
+        count=1
+        valid_entries=0
+        for i in "${PIHOLE_DNS_ARR[@]}"; do
+            # Ensure we don't have an empty value first (see https://github.com/pi-hole/docker-pi-hole/issues/1174#issuecomment-1228763422 )
+            if [ -n "$i" ]; then
+              if valid_ip "$i" || valid_ip6 "$i" ; then
+                change_setting "PIHOLE_DNS_$count" "$i"
+                ((count=count+1))
+                ((valid_entries=valid_entries+1))
+                continue
+              fi
+              # shellcheck disable=SC2086
+              if [ -n "$(dig +short ${i//#*/})" ]; then
+                # If the "address" is a domain (for example a docker link) then try to resolve it and add
+                # the result as a DNS server in setupVars.conf.
+                resolved_ip="$(dig +short ${i//#*/} | head -n 1)"
+                if [ -n "${i//*#/}" ] && [ "${i//*#/}" != "${i//#*/}" ]; then
+                    resolved_ip="${resolved_ip}#${i//*#/}"
+                fi
+                echo "Resolved ${i} from PIHOLE_DNS_ as: ${resolved_ip}"
+                if valid_ip "$resolved_ip" || valid_ip6 "$resolved_ip" ; then
+                    change_setting "PIHOLE_DNS_$count" "$resolved_ip"
+                    ((count=count+1))
+                    ((valid_entries=valid_entries+1))
+                    continue
+                fi
+              fi
+              # If the above tests fail then this is an invalid DNS server
+              echo "  [!] Invalid entry detected in PIHOLE_DNS_: ${i}"
+            fi
+        done
+
+        if [ $valid_entries -eq 0 ]; then
+            echo "  [!] No Valid entries detected in PIHOLE_DNS_. Aborting"
+            exit 1
+        fi
+    else
+        # Environment variable has not been set, but there may be existing values in an existing setupVars.conf
+        # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4
+        # Pi-hole can run with only one upstream configured, so we will just check for one.
+        setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)"
+
+        if [ -z "${setupVarsDNS}" ]; then
+            echo "  [i] Configuring default DNS servers: 8.8.8.8, 8.8.4.4"
+            change_setting "PIHOLE_DNS_1" "8.8.8.8"
+            change_setting "PIHOLE_DNS_2" "8.8.4.4"
+        else
+            echo "  [i] Existing DNS servers detected in setupVars.conf. Leaving them alone"
+        fi
+    fi
+}
+
+setup_FTL_ProcessDNSSettings(){
+    # Commit settings to 01-pihole.conf
+
+    # shellcheck source=/dev/null
+    . /opt/pihole/webpage.sh
+    ProcessDNSSettings
+}
+
+setup_lighttpd_bind() {
+    local serverip="${FTLCONF_LOCAL_IPV4}"
+    # if using '--net=host' only bind lighttpd on $FTLCONF_LOCAL_IPV4 and localhost
+    if grep -q "docker" /proc/net/dev && [[ $serverip != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
+        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
+            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
+        fi
+    fi
+}
+
+setup_web_php_env() {
+    if [ -z "$VIRTUAL_HOST" ] ; then
+      VIRTUAL_HOST="$FTLCONF_LOCAL_IPV4"
+    fi;
+
+    for config_var in "VIRTUAL_HOST" "CORS_HOSTS" "PHP_ERROR_LOG" "PIHOLE_DOCKER_TAG" "TZ"; do
+      local beginning_of_line="\t\t\t\"${config_var}\" => "
+      if grep -qP "$beginning_of_line" "$PHP_ENV_CONFIG" ; then
+        # replace line if already present
+        sed -i "/${beginning_of_line}/c\\${beginning_of_line}\"${!config_var}\"," "$PHP_ENV_CONFIG"
+      else
+        # add line otherwise
+        sed -i "/bin-environment/ a\\${beginning_of_line}\"${!config_var}\"," "$PHP_ENV_CONFIG"
+      fi
+    done
+
+    echo "  [i] Added ENV to php:"
+    grep -E '(VIRTUAL_HOST|CORS_HOSTS|PHP_ERROR_LOG|PIHOLE_DOCKER_TAG|TZ)' "$PHP_ENV_CONFIG"
+}
+
+setup_web_port() {
+    local warning="  [!] WARNING: Custom WEB_PORT not used"
+    # Quietly exit early for empty or default
+    if [[ -z "${WEB_PORT}" || "${WEB_PORT}" == '80' ]] ; then return ; fi
+
+    if ! echo "$WEB_PORT" | grep -q '^[0-9][0-9]*$' ; then
+        echo "$warning - $WEB_PORT is not an integer"
+        return
+    fi
+
+    local -i web_port="$WEB_PORT"
+    if (( web_port < 1 || web_port > 65535 )); then
+        echo "$warning - $web_port is not within valid port range of 1-65535"
+        return
+    fi
+    echo "  [i] Custom WEB_PORT set to $web_port"
+    echo "  [i] Without proper router DNAT forwarding to $FTLCONF_LOCAL_IPV4:$web_port, you may not get any blocked websites on ads"
+
+    # Update lighttpd's port
+    sed -i '/server.port\s*=\s*80\s*$/ s/80/'"${WEB_PORT}"'/g' /etc/lighttpd/lighttpd.conf
+
+}
+
+setup_web_theme(){
+    # Parse the WEBTHEME variable, if it exists, and set the selected theme if it is one of the supported values.
+    # If an invalid theme name was supplied, setup WEBTHEME to use the default-light theme.
+    if [ -n "${WEBTHEME}" ]; then
+        case "${WEBTHEME}" in
+        "default-dark" | "default-darker" | "default-light" | "default-auto" | "lcars")
+            echo "  [i] Setting Web Theme based on WEBTHEME variable, using value ${WEBTHEME}"
+            change_setting "WEBTHEME" "${WEBTHEME}"
+            ;;
+        *)
+            echo "  [!] Invalid theme name supplied: ${WEBTHEME}, falling back to default-light."
+            change_setting "WEBTHEME" "default-light"
+            ;;
+        esac
+    fi
+}
+
+load_web_password_secret() {
+   # If WEBPASSWORD is not set at all, attempt to read password from WEBPASSWORD_FILE,
+   # allowing secrets to be passed via docker secrets
+   if [ -z "${WEBPASSWORD+x}" ] && [ -n "${WEBPASSWORD_FILE}" ] && [ -r "${WEBPASSWORD_FILE}" ]; then
+     WEBPASSWORD=$(<"${WEBPASSWORD_FILE}")
+   fi;
+}
+
+setup_web_password() {
+    if [ -z "${WEBPASSWORD+x}" ] ; then
+        # ENV WEBPASSWORD_OVERRIDE is not set
+
+        # Exit if setupvars already has a password
+        setup_var_exists "WEBPASSWORD" && return
+        # Generate new random password
+        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
+        echo "  [i] Assigning random password: $WEBPASSWORD"
+    else
+        # ENV WEBPASSWORD_OVERRIDE is set and will be used
+        echo "  [i] Assigning password defined by Environment Variable"
+        # WEBPASSWORD="$WEBPASSWORD"
+    fi
+
+    # Explicitly turn off bash printing when working with secrets
+    { set +x; } 2>/dev/null
+
+    if [[ "$WEBPASSWORD" == "" ]] ; then
+        echo "" | pihole -a -p
+    else
+        pihole -a -p "$WEBPASSWORD" "$WEBPASSWORD"
+    fi
+
+    # To avoid printing this if conditional in bash debug, turn off  debug above..
+    # then re-enable debug if necessary (more code but cleaner printed output)
+    if [ "${PH_VERBOSE:-0}" -gt 0 ] ; then
+        set -x
+    fi
+}
+
+setup_ipv4_ipv6() {
+    local ip_versions="IPv4 and IPv6"
+    if [ "${IPv6,,}" != "true" ] ; then
+        ip_versions="IPv4"
+        sed -i '/use-ipv6.pl/ d' /etc/lighttpd/lighttpd.conf
+    fi;
+    echo "  [i] Using $ip_versions"
+}
+
+test_configs() {
+    set -e
+    echo -n '  [i] Testing lighttpd config: '
+    lighttpd -t -f /etc/lighttpd/lighttpd.conf || exit 1
+    set +e
+    echo "  [i] All config checks passed, cleared for startup ..."
+}
+
+setup_blocklists() {
+    # Exit/return early without setting up adlists with defaults for any of the following conditions:
+    # 1. skip_setup_blocklists env is set
+    exit_string="(exiting ${FUNCNAME[0]} early)"
+
+    if [ -n "${skip_setup_blocklists}" ]; then
+        echo "  [i] skip_setup_blocklists requested $exit_string"
+        return
+    fi
+
+    # 2. The adlist file exists already (restarted container or volume mounted list)
+    if [ -f "${adlistFile}" ]; then
+        echo "  [i] Preexisting ad list ${adlistFile} detected $exit_string"
+        return
+    fi
+
+    echo "  [i] ${FUNCNAME[0]} now setting default blocklists up: "
+    echo "  [i] TIP: Use a docker volume for ${adlistFile} if you want to customize for first boot"
+    installDefaultBlocklists
+
+    echo "  [i] Blocklists (${adlistFile}) now set to:"
+    cat "${adlistFile}"
+}
+
+setup_var_exists() {
+    local KEY="$1"
+    if [ -n "$2" ]; then
+        local REQUIRED_VALUE="[^\n]+"
+    fi
+    if grep -Pq "^${KEY}=${REQUIRED_VALUE}" "$setupVars"; then
+        echo "  [i] Pre existing ${KEY} found"
+        true
+    else
+        false
+    fi
+}
+
+setup_web_temp_unit() {
+  local UNIT="${TEMPERATUREUNIT}"
+  # check if var is empty
+  if [[ "$UNIT" != "" ]] ; then
+      # check if we have valid units
+      if [[ "$UNIT" == "c" || "$UNIT" == "k" || $UNIT == "f" ]] ; then
+          pihole -a -"${UNIT}"
+      fi
+  fi
+}
+
+setup_web_layout() {
+  local LO="${WEBUIBOXEDLAYOUT}"
+  # check if var is empty
+  if [[ "$LO" != "" ]] ; then
+      # check if we have valid types boxed | traditional
+      if [[ "$LO" == "traditional" || "$LO" == "boxed" ]] ; then
+          change_setting "WEBUIBOXEDLAYOUT" "$WEBUIBOXEDLAYOUT"
+      fi
+  fi
+}

src/s6/debian-root/usr/local/bin/install.sh

@@ -0,0 +1,98 @@
+#!/bin/bash -ex
+# shellcheck disable=SC2034
+
+mkdir -p /etc/pihole/
+mkdir -p /var/run/pihole
+
+CORE_LOCAL_REPO=/etc/.pihole
+WEB_LOCAL_REPO=/var/www/html/admin
+
+setupVars=/etc/pihole/setupVars.conf
+
+detect_arch() {
+  DETECTED_ARCH=$(dpkg --print-architecture)
+  S6_ARCH=$DETECTED_ARCH
+  case $DETECTED_ARCH in
+  amd64)
+    S6_ARCH="x86_64";;
+  armel)
+    S6_ARCH="armhf";;
+  armhf)
+    S6_ARCH="armhf";;
+  arm64)
+    S6_ARCH="aarch64";;
+  i386)
+    S6_ARCH="i686";;
+esac
+}
+
+
+DOCKER_TAG=$(cat /pihole.docker.tag)
+# Helps to have some additional tools in the dev image when debugging
+if [[ "${DOCKER_TAG}" = 'nightly' ||  "${DOCKER_TAG}" = 'dev' ]]; then
+  apt-get update
+  apt-get install --no-install-recommends -y nano less
+  rm -rf /var/lib/apt/lists/*
+fi
+
+detect_arch
+
+S6_OVERLAY_VERSION=v3.1.1.2
+
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" | tar Jxpf - -C /
+curl -L -s "https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" | tar Jxpf - -C /
+
+# IMPORTANT: #########################################################################
+# Move /init somewhere else to prevent issues with podman/RHEL                       #
+# See: https://github.com/pi-hole/docker-pi-hole/issues/1176#issuecomment-1227587045 #
+mv /init /s6-init                                                                    #
+######################################################################################
+
+# Preseed variables to assist with using --unattended install
+{
+  echo "PIHOLE_INTERFACE=eth0"
+  echo "IPV4_ADDRESS=0.0.0.0"
+  echo "IPV6_ADDRESS=0:0:0:0:0:0"
+  echo "PIHOLE_DNS_1=8.8.8.8"
+  echo "QUERY_LOGGING=true"
+  echo "INSTALL_WEB_SERVER=true"
+  echo "INSTALL_WEB_INTERFACE=true"
+  echo "LIGHTTPD_ENABLED=true"
+}>> "${setupVars}"
+source $setupVars
+
+export USER=pihole
+
+export PIHOLE_SKIP_OS_CHECK=true
+
+# Run the installer in unattended mode using the preseeded variables above and --reconfigure so that local repos are not updated
+curl -sSL https://install.pi-hole.net | bash -sex -- --unattended
+
+# At this stage, if we are building a :nightly tag, then switch the Pi-hole install to dev versions
+if [[ "${DOCKER_TAG}" = 'nightly'  ]]; then
+  yes | pihole checkout dev
+fi
+
+sed -i '/^WEBPASSWORD/d' /etc/pihole/setupVars.conf
+
+# sed a new function into the `pihole` script just above the `helpFunc()` function for later use.
+sed -i $'s/helpFunc() {/unsupportedFunc() {\\\n  echo "Function not supported in Docker images"\\\n  exit 0\\\n}\\\n\\\nhelpFunc() {/g' /usr/local/bin/pihole
+
+# Replace a few of the `pihole` options with calls to `unsupportedFunc`:
+# pihole -up / pihole updatePihole
+sed -i $'s/)\s*updatePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+# pihole uninstall
+sed -i $'s/)\s*uninstallFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+# pihole -r / pihole reconfigure
+sed -i $'s/)\s*reconfigurePiholeFunc/) unsupportedFunc/g' /usr/local/bin/pihole
+
+# Move macvendor.db to root dir and symlink it back into /etc/pihole. See https://github.com/pi-hole/docker-pi-hole/issues/1137
+# If user goes on to bind monunt this directory to their host, then we can easily ensure macvendor.db is the latest
+# (it is otherwise only updated when FTL is updated, which doesn't happen as part of the normal course of running this image)
+mv /etc/pihole/macvendor.db /macvendor.db
+ln -s /macvendor.db /etc/pihole/macvendor.db
+
+if [ ! -f /.piholeFirstBoot ]; then
+  touch /.piholeFirstBoot
+fi
+echo 'Docker install successful'

src/s6/service

@@ -0,0 +1,53 @@
+#!/bin/bash
+# This script patches all service commands into the appropriate s6- commands
+# pi-hole upstream scripts need a 'service' interface. why not systemd? docker said so.
+
+start() {
+  restart
+}
+
+stop() {
+  /command/s6-svc -wD -d -T2500 /run/service/"$service"
+}
+
+restart() {
+  local pid
+
+  # Get the PID(s) of the service we are asking to restart
+  mapfile -t pids < <(pgrep "$service")
+
+  # Only attempt to stop the service if it is already running
+  if [ "${#pids[@]}" -gt 0 ]; then
+    stop
+
+    for pid in "${pids[@]}"; do
+      # Loop until we are certain that the process has been stopped
+      while test -d /proc/"$pid"; do
+        sleep 0.2
+      done
+    done
+  fi
+
+  # Check it hasn't been started by something else in the meantime
+  pid=$(pgrep "$service")
+
+  # Only attempt to start the service if it is not already running
+  if [ -z "$pid" ]; then
+    /command/s6-svc -wu -u -T2500 /run/service/"$service"
+  fi
+
+}
+
+status() {
+  /command/s6-svstat /run/service/"$service"
+}
+
+service="$1"
+command="$2"
+
+if [[ ! -d "/run/service/$service" ]] ; then
+  echo "s6 service not found for $service, exiting..."
+  exit
+fi;
+
+${command} "${service}"

start.sh

@@ -1,153 +0,0 @@
-#!/bin/bash -e
-# Dockerfile variables
-export TAG
-export ServerIP
-export ServerIPv6
-export PYTEST
-export PHP_ENV_CONFIG
-export PHP_ERROR_LOG
-export HOSTNAME
-export WEBLOGDIR
-export DNS1
-export DNS2
-export DNSSEC
-export DNS_BOGUS_PRIV
-export DNS_FQDN_REQUIRED
-export INTERFACE
-export DNSMASQ_LISTENING_BEHAVIOUR="$DNSMASQ_LISTENING"
-export IPv6
-export WEB_PORT
-export REV_SERVER
-export REV_SERVER_DOMAIN
-export REV_SERVER_TARGET
-export REV_SERVER_CIDR
-export CONDITIONAL_FORWARDING
-export CONDITIONAL_FORWARDING_IP
-export CONDITIONAL_FORWARDING_DOMAIN
-export CONDITIONAL_FORWARDING_REVERSE
-export TEMPERATUREUNIT
-export ADMIN_EMAIL
-export WEBUIBOXEDLAYOUT
-export QUERY_LOGGING
-export PIHOLE_DNS_
-
-export adlistFile='/etc/pihole/adlists.list'
-
-# If user has set QUERY_LOGGING Env Var, copy it out to _OVERRIDE, else it will get reset when we source the next two files
-# Come back to it at the end of the file
-[ -n "${QUERY_LOGGING}" ] && QUERY_LOGGING_OVERRIDE="${QUERY_LOGGING}"
-
-# The below functions are all contained in bash_functions.sh
-. /bash_functions.sh
-
-# Ensure we have all functions available to update our configurations
-. /opt/pihole/webpage.sh
-
-# PH_TEST prevents the install from actually running (someone should rename that)
-PH_TEST=true . $PIHOLE_INSTALL
-
-echo " ::: Starting docker specific checks & setup for docker pihole/pihole"
-
-# TODO:
-#if [ ! -f /.piholeFirstBoot ] ; then
-#    echo " ::: Not first container startup so not running docker's setup, re-create container to run setup again"
-#else
-#    regular_setup_functions
-#fi
-
-fix_capabilities
-load_web_password_secret
-generate_password
-validate_env || exit 1
-prepare_configs
-
-[ -n "${PIHOLE_INTERFACE}" ] && change_setting "PIHOLE_INTERFACE" "$PIHOLE_INTERFACE"
-[ -n "${IPV4_ADDRESS}" ] && change_setting "IPV4_ADDRESS" "$IPV4_ADDRESS"
-[ -n "${INSTALL_WEB_SERVER}" ] && change_setting "INSTALL_WEB_SERVER" "$INSTALL_WEB_SERVER"
-[ -n "${INSTALL_WEB_INTERFACE}" ] && change_setting "INSTALL_WEB_INTERFACE" "$INSTALL_WEB_INTERFACE"
-[ -n "${LIGHTTPD_ENABLED}" ] && change_setting "LIGHTTPD_ENABLED" "$LIGHTTPD_ENABLED"
-[ -n "${ServerIP}" ] && change_setting "IPV4_ADDRESS" "$ServerIP"
-[ -n "${ServerIPv6}" ] && change_setting "IPV6_ADDRESS" "$ServerIPv6"
-[ -n "${DNS_BOGUS_PRIV}" ] && change_setting "DNS_BOGUS_PRIV" "$DNS_BOGUS_PRIV"
-[ -n "${DNS_FQDN_REQUIRED}" ] && change_setting "DNS_FQDN_REQUIRED" "$DNS_FQDN_REQUIRED"
-[ -n "${DNSSEC}" ] && change_setting "DNSSEC" "$DNSSEC"
-[ -n "${REV_SERVER}" ] && change_setting "REV_SERVER" "$REV_SERVER"
-[ -n "${REV_SERVER_DOMAIN}" ] && change_setting "REV_SERVER_DOMAIN" "$REV_SERVER_DOMAIN"
-[ -n "${REV_SERVER_TARGET}" ] && change_setting "REV_SERVER_TARGET" "$REV_SERVER_TARGET"
-[ -n "${REV_SERVER_CIDR}" ] && change_setting "REV_SERVER_CIDR" "$REV_SERVER_CIDR"
-
-if [ -z "$REV_SERVER" ];then
-    # If the REV_SERVER* variables are set, then there is no need to add these.
-    # If it is not set, then adding these variables is fine, and they will be converted by the Pi-hole install script
-    [ -n "${CONDITIONAL_FORWARDING}" ] && change_setting "CONDITIONAL_FORWARDING" "$CONDITIONAL_FORWARDING"
-    [ -n "${CONDITIONAL_FORWARDING_IP}" ] && change_setting "CONDITIONAL_FORWARDING_IP" "$CONDITIONAL_FORWARDING_IP"
-    [ -n "${CONDITIONAL_FORWARDING_DOMAIN}" ] && change_setting "CONDITIONAL_FORWARDING_DOMAIN" "$CONDITIONAL_FORWARDING_DOMAIN"
-    [ -n "${CONDITIONAL_FORWARDING_REVERSE}" ] && change_setting "CONDITIONAL_FORWARDING_REVERSE" "$CONDITIONAL_FORWARDING_REVERSE"
-fi
-
-if [ -z "${PIHOLE_DNS_}" ]; then
-    # For backward compatibility, if DNS1 and/or DNS2 are set, but PIHOLE_DNS_ is not, convert them to
-    # a semi-colon delimited string and store in PIHOLE_DNS_
-    # They are not used anywhere if PIHOLE_DNS_ is set already
-    [ -n "${DNS1}" ] && echo "Converting DNS1 to PIHOLE_DNS_" && PIHOLE_DNS_="$DNS1"
-    [[ -n "${DNS2}" && "${DNS2}" != "no" ]] && echo "Converting DNS2 to PIHOLE_DNS_" && PIHOLE_DNS_="$PIHOLE_DNS_;$DNS2"
-fi
-
-# Parse the PIHOLE_DNS variable, if it exists, and apply upstream servers to Pi-hole config
-if [ -n "${PIHOLE_DNS_}" ]; then
-    echo "Setting DNS servers based on PIHOLE_DNS_ variable"
-    # Split into an array (delimited by ;)
-    PIHOLE_DNS_ARR=(${PIHOLE_DNS_//;/ })
-    count=1
-    for i in "${PIHOLE_DNS_ARR[@]}"; do
-        change_setting "PIHOLE_DNS_$count" "$i"
-        ((count=count+1))
-    done
-else
-    # Environment variable has not been set, but there may be existing values in an existing setupVars.conf
-    # if this is the case, we do not want to overwrite these with the defaults of 8.8.8.8 and 8.8.4.4
-    # Pi-hole can run with only one upstream configured, so we will just check for one.
-    setupVarsDNS="$(grep 'PIHOLE_DNS_' /etc/pihole/setupVars.conf || true)"
-
-    if [ -z "${setupVarsDNS}" ]; then
-      echo "Configuring default DNS servers: 8.8.8.8, 8.8.4.4"
-      change_setting "PIHOLE_DNS_1" "8.8.8.8"
-      change_setting "PIHOLE_DNS_2" "8.8.4.4"
-    else
-      echo "Existing DNS servers detected in setupVars.conf. Leaving them alone"
-    fi
-fi
-
-setup_web_port "$WEB_PORT"
-setup_web_password "$WEBPASSWORD"
-setup_temp_unit "$TEMPERATUREUNIT"
-setup_ui_layout "$WEBUIBOXEDLAYOUT"
-setup_admin_email "$ADMIN_EMAIL"
-setup_dnsmasq "$INTERFACE" "$DNSMASQ_LISTENING_BEHAVIOUR"
-setup_php_env
-setup_dnsmasq_hostnames "$ServerIP" "$ServerIPv6" "$HOSTNAME"
-setup_ipv4_ipv6
-setup_lighttpd_bind "$ServerIP"
-setup_blocklists
-test_configs
-
-[ -f /.piholeFirstBoot ] && rm /.piholeFirstBoot
-
-# Set QUERY_LOGGING value in setupVars to be that which the user has passed in as an ENV var (if they have)
-[ -n "${QUERY_LOGGING_OVERRIDE}" ] && change_setting "QUERY_LOGGING" "$QUERY_LOGGING_OVERRIDE"
-
-# Source setupVars.conf to get the true value of QUERY_LOGGING
-. ${setupVars}
-
-if [ ${QUERY_LOGGING} == "false" ]; then
-  echo "::: Disabling Query Logging"
-  pihole logging off
-else
-  # If it is anything other than false, set it to true
-  change_setting "QUERY_LOGGING" "true"
-  # Set pihole logging on for good measure
-  echo "::: Enabling Query Logging"
-  pihole logging on
-fi
-
-echo " ::: Docker start setup complete"

test/Dockerfile

@@ -0,0 +1,26 @@
+FROM python:3.10-slim-bullseye
+
+# Only works for docker CLIENT (bind mounted socket)
+COPY --from=docker:20.10.17 /usr/local/bin/docker /usr/local/bin/
+
+ARG packages
+RUN apt-get update && \
+    apt-get install -y python3-dev curl gcc make \
+        libffi-dev libssl-dev ${packages} \
+    && rm -rf /var/lib/apt/lists/* \
+    && pip3 install --no-cache-dir -U pip pipenv
+
+RUN curl -L https://github.com/docker/compose/releases/download/2.10.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && \
+    chmod +x /usr/local/bin/docker-compose
+
+COPY ./cmd.sh /usr/local/bin/
+COPY Pipfile* /root/
+WORKDIR /root
+
+RUN pipenv install --system \
+    && sed -i 's|/bin/sh|/bin/bash|g' /usr/local/lib/python3.10/site-packages/testinfra/backend/docker.py
+
+RUN echo "set -ex && cmd.sh && \$@" > /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT entrypoint.sh
+CMD cmd.sh

test/Pipfile

@@ -0,0 +1,15 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+pytest = "==7.1.3"
+pytest-xdist = "==2.5.0"
+pytest-testinfra = "==6.8.0"
+black = "==22.8.0"
+
+[requires]
+python_version = "3"

test/Pipfile.lock

@@ -0,0 +1,176 @@
+{
+    "_meta": {
+        "hash": {
+            "sha256": "7cd0c8140d8505e7613e9bf2a9853aaf7cb08a1f100f49db0bec1b94b93be3e1"
+        },
+        "pipfile-spec": 6,
+        "requires": {
+            "python_version": "3"
+        },
+        "sources": [
+            {
+                "name": "pypi",
+                "url": "https://pypi.org/simple",
+                "verify_ssl": true
+            }
+        ]
+    },
+    "default": {
+        "attrs": {
+            "hashes": [
+                "sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6",
+                "sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c"
+            ],
+            "markers": "python_version >= '3.5'",
+            "version": "==22.1.0"
+        },
+        "black": {
+            "hashes": [
+                "sha256:0a12e4e1353819af41df998b02c6742643cfef58282915f781d0e4dd7a200411",
+                "sha256:0ad827325a3a634bae88ae7747db1a395d5ee02cf05d9aa7a9bd77dfb10e940c",
+                "sha256:32a4b17f644fc288c6ee2bafdf5e3b045f4eff84693ac069d87b1a347d861497",
+                "sha256:3b2c25f8dea5e8444bdc6788a2f543e1fb01494e144480bc17f806178378005e",
+                "sha256:4a098a69a02596e1f2a58a2a1c8d5a05d5a74461af552b371e82f9fa4ada8342",
+                "sha256:5107ea36b2b61917956d018bd25129baf9ad1125e39324a9b18248d362156a27",
+                "sha256:53198e28a1fb865e9fe97f88220da2e44df6da82b18833b588b1883b16bb5d41",
+                "sha256:5594efbdc35426e35a7defa1ea1a1cb97c7dbd34c0e49af7fb593a36bd45edab",
+                "sha256:5b879eb439094751185d1cfdca43023bc6786bd3c60372462b6f051efa6281a5",
+                "sha256:78dd85caaab7c3153054756b9fe8c611efa63d9e7aecfa33e533060cb14b6d16",
+                "sha256:792f7eb540ba9a17e8656538701d3eb1afcb134e3b45b71f20b25c77a8db7e6e",
+                "sha256:8ce13ffed7e66dda0da3e0b2eb1bdfc83f5812f66e09aca2b0978593ed636b6c",
+                "sha256:a05da0430bd5ced89176db098567973be52ce175a55677436a271102d7eaa3fe",
+                "sha256:a983526af1bea1e4cf6768e649990f28ee4f4137266921c2c3cee8116ae42ec3",
+                "sha256:bc4d4123830a2d190e9cc42a2e43570f82ace35c3aeb26a512a2102bce5af7ec",
+                "sha256:c3a73f66b6d5ba7288cd5d6dad9b4c9b43f4e8a4b789a94bf5abfb878c663eb3",
+                "sha256:ce957f1d6b78a8a231b18e0dd2d94a33d2ba738cd88a7fe64f53f659eea49fdd",
+                "sha256:cea1b2542d4e2c02c332e83150e41e3ca80dc0fb8de20df3c5e98e242156222c",
+                "sha256:d2c21d439b2baf7aa80d6dd4e3659259be64c6f49dfd0f32091063db0e006db4",
+                "sha256:d839150f61d09e7217f52917259831fe2b689f5c8e5e32611736351b89bb2a90",
+                "sha256:dd82842bb272297503cbec1a2600b6bfb338dae017186f8f215c8958f8acf869",
+                "sha256:e8166b7bfe5dcb56d325385bd1d1e0f635f24aae14b3ae437102dedc0c186747",
+                "sha256:e981e20ec152dfb3e77418fb616077937378b322d7b26aa1ff87717fb18b4875"
+            ],
+            "index": "pypi",
+            "version": "==22.8.0"
+        },
+        "click": {
+            "hashes": [
+                "sha256:7682dc8afb30297001674575ea00d1814d808d6a36af415a82bd481d37ba7b8e",
+                "sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==8.1.3"
+        },
+        "execnet": {
+            "hashes": [
+                "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5",
+                "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "version": "==1.9.0"
+        },
+        "iniconfig": {
+            "hashes": [
+                "sha256:011e24c64b7f47f6ebd835bb12a743f2fbe9a26d4cecaa7f53bc4f35ee9da8b3",
+                "sha256:bc3af051d7d14b2ee5ef9969666def0cd1a000e121eaea580d4a313df4b37f32"
+            ],
+            "version": "==1.1.1"
+        },
+        "mypy-extensions": {
+            "hashes": [
+                "sha256:090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d",
+                "sha256:2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"
+            ],
+            "version": "==0.4.3"
+        },
+        "packaging": {
+            "hashes": [
+                "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb",
+                "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"
+            ],
+            "markers": "python_version >= '3.6'",
+            "version": "==21.3"
+        },
+        "pathspec": {
+            "hashes": [
+                "sha256:46846318467efc4556ccfd27816e004270a9eeeeb4d062ce5e6fc7a87c573f93",
+                "sha256:7ace6161b621d31e7902eb6b5ae148d12cfd23f4a249b9ffb6b9fee12084323d"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==0.10.1"
+        },
+        "platformdirs": {
+            "hashes": [
+                "sha256:027d8e83a2d7de06bbac4e5ef7e023c02b863d7ea5d079477e722bb41ab25788",
+                "sha256:58c8abb07dcb441e6ee4b11d8df0ac856038f944ab98b7be6b27b2a3c7feef19"
+            ],
+            "markers": "python_version >= '3.7'",
+            "version": "==2.5.2"
+        },
+        "pluggy": {
+            "hashes": [
+                "sha256:4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159",
+                "sha256:74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"
+            ],
+            "markers": "python_version >= '3.6'",
+            "version": "==1.0.0"
+        },
+        "py": {
+            "hashes": [
+                "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719",
+                "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "version": "==1.11.0"
+        },
+        "pyparsing": {
+            "hashes": [
+                "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb",
+                "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"
+            ],
+            "markers": "python_full_version >= '3.6.8'",
+            "version": "==3.0.9"
+        },
+        "pytest": {
+            "hashes": [
+                "sha256:1377bda3466d70b55e3f5cecfa55bb7cfcf219c7964629b967c37cf0bda818b7",
+                "sha256:4f365fec2dff9c1162f834d9f18af1ba13062db0c708bf7b946f8a5c76180c39"
+            ],
+            "index": "pypi",
+            "version": "==7.1.3"
+        },
+        "pytest-forked": {
+            "hashes": [
+                "sha256:8b67587c8f98cbbadfdd804539ed5455b6ed03802203485dd2f53c1422d7440e",
+                "sha256:bbbb6717efc886b9d64537b41fb1497cfaf3c9601276be8da2cccfea5a3c8ad8"
+            ],
+            "markers": "python_version >= '3.6'",
+            "version": "==1.4.0"
+        },
+        "pytest-testinfra": {
+            "hashes": [
+                "sha256:07c8c2c472aca7d83099ebc5f850d383721cd654b66c60ffbb145e45e584ff99",
+                "sha256:56ac1dfc61342632a1189091473e253db1a3cdcecce0d49d6a769f33cd264814"
+            ],
+            "index": "pypi",
+            "version": "==6.8.0"
+        },
+        "pytest-xdist": {
+            "hashes": [
+                "sha256:4580deca3ff04ddb2ac53eba39d76cb5dd5edeac050cb6fbc768b0dd712b4edf",
+                "sha256:6fe5c74fec98906deb8f2d2b616b5c782022744978e7bd4695d39c8f42d0ce65"
+            ],
+            "index": "pypi",
+            "version": "==2.5.0"
+        },
+        "tomli": {
+            "hashes": [
+                "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc",
+                "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"
+            ],
+            "markers": "python_full_version < '3.11.0a7'",
+            "version": "==2.0.1"
+        }
+    },
+    "develop": {}
+}