1 -- Copyright 2017 Dirk Brenken (dev@brenken.org)
2 -- This is free software, licensed under the Apache License, Version 2.0
4 local fs = require("nixio.fs")
5 local uci = require("luci.model.uci").cursor()
6 local util = require("luci.util")
7 local date = require("luci.http.protocol.date")
8 local res_input = "/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
9 local dump = util.ubus("network.interface", "dump", {})
10 local plug_cnt = tonumber(luci.sys.exec("env -i /usr/sbin/dnscrypt-proxy --version | grep 'Support for plugins: present' | wc -l"))
12 local url = "https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv"
14 if not fs.access(res_input) then
15 luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
18 for line in io.lines(res_input) do
19 local name = line:match("^[%w_.-]*")
20 res_list[#res_list + 1] = { name = name }
23 m = Map("dnscrypt-proxy", translate("DNSCrypt-Proxy"),
24 translate("Configuration of the DNSCrypt-Proxy package. ")
25 .. translate("Keep in mind to configure Dnsmasq as well. ")
26 .. translatef("For further information "
27 .. "<a href=\"%s\" target=\"_blank\">"
28 .. "see the wiki online</a>", "https://wiki.openwrt.org/inbox/dnscrypt"))
30 function m.on_after_commit(self)
31 luci.sys.call("env -i /etc/init.d/dnsmasq restart >/dev/null 2>&1")
32 luci.sys.call("env -i /etc/init.d/dnscrypt-proxy restart >/dev/null 2>&1")
37 s = m:section(TypedSection, "global", "General options")
40 -- Main dnscrypt-proxy resource list
42 o1 = s:option(DummyValue, "", translate("Default Resolver List"))
43 o1.template = "dnscrypt-proxy/res_options"
46 o2 = s:option(DummyValue, "", translate("File Date"))
47 o2.template = "dnscrypt-proxy/res_options"
48 o2.value = date.to_http(nixio.fs.stat(res_input).mtime)
50 o3 = s:option(DummyValue, "", translate("File Checksum"))
51 o3.template = "dnscrypt-proxy/res_options"
52 o3.value = luci.sys.exec("sha256sum " .. res_input .. " | awk '{print $1}'")
54 btn = s:option(Button, "", translate("Refresh Resolver List"))
55 btn.inputtitle = translate("Refresh List")
56 btn.inputstyle = "apply"
58 function btn.write(self, section, value)
59 luci.sys.call("env -i /bin/uclient-fetch --no-check-certificate -O " .. res_input .. " " .. url .. " >/dev/null 2>&1")
60 luci.http.redirect(luci.dispatcher.build_url("admin", "services", "dnscrypt-proxy"))
65 t = s:option(DynamicList, "procd_trigger", "Startup Trigger",
66 translate("By default the DNSCrypt-Proxy startup will be triggered by ifup events of multiple network interfaces. ")
67 .. translate("To restrict the trigger, add only the relevant network interface(s). ")
68 .. translate("Usually the 'wan' interface should work for most users."))
71 for i, v in ipairs(dump.interface) do
72 if v.interface ~= "loopback" then
79 -- Mandatory options per instance
81 s = m:section(TypedSection, "dnscrypt-proxy", "Instance options")
85 o1 = s:option(Value, "address", translate("IP Address"),
86 translate("The local IP address."))
87 o1.datatype = "ip4addr"
88 o1.default = address or "127.0.0.1"
91 o2 = s:option(Value, "port", translate("Port"),
92 translate("The listening port for DNS queries."))
97 o3 = s:option(ListValue, "resolver", translate("Resolver"),
98 translate("Name of the remote DNS service for resolving queries."))
99 o3.datatype = "hostname"
102 for i, v in ipairs(res_list) do
103 if v.name ~= "Name" then
107 o3.default = resolver
110 -- Extra options per instance
112 e1 = s:option(Value, "resolvers_list", translate("Alternate Resolver List"),
113 translate("Specify a non-default Resolver List."))
117 e2 = s:option(Value, "ephemeral_keys", translate("Ephemeral Keys"),
118 translate("Improve privacy by using an ephemeral public key for each query. ")
119 .. translate("This option requires extra CPU cycles and is useless with most DNSCrypt server."))
125 e3 = s:option(DynamicList, "blacklist", translate("Blacklist"),
126 translate("Local blacklists allow you to block abuse sites by domains or ip addresses. ")
127 .. translate("The value for this property is the blocklist type and path to the file, e.g.'domains:/path/to/dbl.txt' or 'ips:/path/to/ipbl.txt'."))
130 e4 = s:option(Value, "block_ipv6", translate("Block IPv6"),
131 translate("Disable IPv6 to speed up DNSCrypt-Proxy."))
136 e5 = s:option(Value, "local_cache", translate("Local Cache"),
137 translate("Enable Caching to speed up DNSCcrypt-Proxy."))
142 e6 = s:option(Value, "query_log_file", translate("DNS Query Logfile"),
143 translate("Log the received DNS queries to a file, so you can watch in real-time what is happening on the network."))