1 -- Copyright 2017 Dirk Brenken (dev@brenken.org)
2 -- This is free software, licensed under the Apache License, Version 2.0
4 local fs = require("nixio.fs")
5 local uci = require("luci.model.uci").cursor()
6 local util = require("luci.util")
7 local date = require("luci.http.protocol.date")
8 local res_input = "/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
9 local dump = util.ubus("network.interface", "dump", {})
10 local plug_cnt = tonumber(luci.sys.exec("env -i /usr/sbin/dnscrypt-proxy --version | grep 'Support for plugins: present' | wc -l"))
12 local url = "https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv"
14 if not fs.access("/lib/libustream-ssl.so") then
15 m = SimpleForm("error", nil, translate("SSL support not available, please install an libustream-ssl variant to use this package."))
21 if not fs.access(res_input) then
22 luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
25 for line in io.lines(res_input) do
26 local name = line:match("^[%w_.-]*")
27 res_list[#res_list + 1] = { name = name }
30 m = Map("dnscrypt-proxy", translate("DNSCrypt-Proxy"),
31 translate("Configuration of the DNSCrypt-Proxy package. ")
32 .. translate("Keep in mind to configure Dnsmasq as well. ")
33 .. translatef("For further information "
34 .. "<a href=\"%s\" target=\"_blank\">"
35 .. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
37 function m.on_after_commit(self)
38 luci.sys.call("env -i /etc/init.d/dnsmasq restart >/dev/null 2>&1")
39 luci.sys.call("env -i /etc/init.d/dnscrypt-proxy restart >/dev/null 2>&1")
44 s = m:section(TypedSection, "global", translate("General options"))
47 -- Main dnscrypt-proxy resource list
49 o1 = s:option(DummyValue, "", translate("Default Resolver List"))
50 o1.template = "dnscrypt-proxy/res_options"
53 o2 = s:option(DummyValue, "", translate("File Date"))
54 o2.template = "dnscrypt-proxy/res_options"
55 o2.value = date.to_http(nixio.fs.stat(res_input).mtime)
57 o3 = s:option(DummyValue, "", translate("File Checksum"))
58 o3.template = "dnscrypt-proxy/res_options"
59 o3.value = luci.sys.exec("sha256sum " .. res_input .. " | awk '{print $1}'")
61 btn = s:option(Button, "", translate("Refresh Resolver List"))
62 btn.inputtitle = translate("Refresh List")
63 btn.inputstyle = "apply"
65 function btn.write(self, section, value)
66 luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
67 luci.http.redirect(luci.dispatcher.build_url("admin", "services", "dnscrypt-proxy"))
72 t = s:option(DynamicList, "procd_trigger", translate("Startup Trigger"),
73 translate("By default the DNSCrypt-Proxy startup will be triggered by ifup events of multiple network interfaces. ")
74 .. translate("To restrict the trigger, add only the relevant network interface(s). ")
75 .. translate("Usually the 'wan' interface should work for most users."))
78 for i, v in ipairs(dump.interface) do
79 if v.interface ~= "loopback" then
86 -- Mandatory options per instance
88 s = m:section(TypedSection, "dnscrypt-proxy", translate("Instance options"))
92 o1 = s:option(Value, "address", translate("IP Address"),
93 translate("The local IP address."))
94 o1.datatype = "ip4addr"
95 o1.default = address or "127.0.0.1"
98 o2 = s:option(Value, "port", translate("Port"),
99 translate("The listening port for DNS queries."))
104 o3 = s:option(ListValue, "resolver", translate("Resolver"),
105 translate("Name of the remote DNS service for resolving queries."))
106 o3.datatype = "hostname"
109 for i, v in ipairs(res_list) do
110 if v.name ~= "Name" then
114 o3.default = resolver
117 -- Extra options per instance
119 e1 = s:option(Value, "resolvers_list", translate("Alternate Resolver List"),
120 translate("Specify a non-default Resolver List."))
124 e2 = s:option(Value, "ephemeral_keys", translate("Ephemeral Keys"),
125 translate("Improve privacy by using an ephemeral public key for each query. ")
126 .. translate("This option requires extra CPU cycles and is useless with most DNSCrypt server."))
132 e3 = s:option(DynamicList, "blacklist", translate("Blacklist"),
133 translate("Local blacklists allow you to block abuse sites by domains or ip addresses. ")
134 .. translate("The value for this property is the blocklist type and path to the file, e.g.'domains:/path/to/dbl.txt' or 'ips:/path/to/ipbl.txt'."))
137 e4 = s:option(Value, "block_ipv6", translate("Block IPv6"),
138 translate("Disable IPv6 to speed up DNSCrypt-Proxy."))
143 e5 = s:option(Value, "local_cache", translate("Local Cache"),
144 translate("Enable Caching to speed up DNSCcrypt-Proxy."))
149 e6 = s:option(Value, "query_log_file", translate("DNS Query Logfile"),
150 translate("Log the received DNS queries to a file, so you can watch in real-time what is happening on the network."))