-
Notifications
You must be signed in to change notification settings - Fork 1.1k
-
As bad as it is from a security perspective, a curl | sh installer would probably take care of the majority of installation issues.
Only required for Linux. Installation issues on other platforms are statistically insignificant.
A curl | sh can download the correct binary for the platform, find what's already listening to port 53, check for the presence of an existing half-baked dnscrypt-proxy install and remove it, and carry on with a standard test and installation procedure.
The ability to revert to the initial state is probably also necessary, even though if we can only guarantee that it will properly work right after an install.
I'm probably going to need some help with that one, since I don't have much experience with Pi-Hole and never had to do any of the complicated things people reported in order to install it.
For the install to be safe, detection of the OS, architecture, and configuration (including things people may have installed such as an already running DNS cache, or firewall rules) should be reliable. Which means quite a bit of testing in different contexts.
But this is much needed. Even if everything is not automated, and requires user interactions. At least it will ensure that people end up with a default install that runs. They can then change the configuration as they want.
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 4 -
👎 1
Replies: 7 comments 1 reply
-
Take a look at Rclone install script https://rclone.org/install.sh
Beta Was this translation helpful? Give feedback.
All reactions
-
👎 1 -
👀 1
-
Take a look at Rclone install script https://rclone.org/install.sh
This is a really bad example.
Beta Was this translation helpful? Give feedback.
All reactions
-
👍 3 -
🚀 2
-
What is this? I click on the link and it just downloads a .zip file. No description, no url opening. Ya, I guess this is a bad example. An installation script should be a very small feat for the Linux initiated according to Jedi Sect. I know why I can't just find an install script which will actually work outta the box. This is because ( and this is the crux of the why not) the internet will actually be accessible without DNS f*cking. Getting dnscrypt-proxy to encrypt DNS and not have my ISP redirect my DNS queries involves configuring dnscrypt-proxy to listen on your VPN's interface. Wireguard is my choice. I've tried all kinds of different configs which I have to cherry pick from different sites. It comes down to a couple different key questions (of course it does! Hahaha!) Do I start dnscrypt-proxy as a .socket or .service. I've read a couple different reputable articles which stated if setting a listening address and port other than the default 127.0.0.1:53, ::1:53, one must activate the socket file and enter "systemctl edit dnscrypt-proxy.socket" to bind to my wireguard's interface address. The port variable however gets answered in the second crucial question. How does one configure dnscrypt-proxy to not conflict with systemd-resolved and consequently for another site altogether: how do I configure wireguard's wg0 file with the correct settings, if any, for the encryption of DNS resolutions to stay inside the tunnel. *Whew! Gotta smoke a cigarette after that one.
Beta Was this translation helpful? Give feedback.
All reactions
-
@jedisct1
Can I gather some expectations from you for this?
For example - I can imagine (and have seen) a simple idea that looks for apt/apk/pacman/yay/brew etc. selects the correct package manager and installs.
Good things about this approach are that it comes into the regular upgrade of the machine and is easy to maintain by the user with theri own package manager command. It'll handle cpu architectures for us nicely.
Against would be that we need to keep tabs on all package managers but that does seem achievable, and there will be inevitable delays to the 'latest' version (with the exception of some of the rolling release linuxes perhaps).
I think I can get a prototype going fairly quickly though.
Second we could build locally -- that's a big overhead if the user doesn't have golang installed ( and we'd need to uninstall the compiler ). User is left to upgrade manually, and there are a lot of potential variables to manage.
Third I think we have unpack from a github built package -- we'd have to detect architecture to pull the right zip, unpack for different OSs. I think maybe the architecture pick is the hard part of that... the rest should be scriptable.
DIsadvantage is that we'd have to make it work with an 'upgrade' function as well as an install ( and preserve config etc. ) and that would be a manual upgrade for the user.
However, the user can also trivially upgrade to the latest version...
Any other thoughts or unmentioned implementations that you had in mind?
Beta Was this translation helpful? Give feedback.
All reactions
-
👎 1
-
Option 1 would require a lot of work, and doesn't add much value over installing the package directly.
Option 2 would not be an option for e.g. routers running OpenWRT.
Option 3 is what I had in mind.
No matter what option is chosen, the trickiest part is safely changing the DNS configuration.
Beta Was this translation helpful? Give feedback.
All reactions
-
Agreed -- I think I like 3, and I think picking the arch is easier than I thought.
You're right about the changing the dns config post install... I'll do some research
Beta Was this translation helpful? Give feedback.
All reactions
-
Not sure if I've ever said, "I wish I had an sh installer.." I never keep the stock config.. but maybe that is just me..
they have an sh installer..
a few platforms/arch/revisions logic selection
Beta Was this translation helpful? Give feedback.
All reactions
-
Based on description above it seems easy, but more info would help, however if someone could confirm that's all needed, than could sketch and propose. Maybe someone could help and describe what should be best-practice based install? Writing a script is not that hard when you know what you writing about. :)
Beta Was this translation helpful? Give feedback.