Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DietPi-DDNS | Allow to update IPv4 as well as IPv6 #7309

Merged
merged 3 commits into from
Dec 15, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ New images:
- NanoPi M6 | Support for this FriendlyELEC SBC with RK3588 SoC has been added to DietPi.

Enhancements:
- DietPi-DDNS | The "IPv6or4" option to update IPv6 only, if supported by server, network and provider, has been replaced with "IPv4and6". A server being reachable via IPv6 only is rarely wanted, as many networks do not support it. Instead, usually one will want to have it reachable via both, IPv4 as well as IPv6, which is now possible when using DietPi-DDNS, and the new default. If, e.g. for security reason, IPv6 only is wanted, this option of course remains available, like before. Many thanks to @LOGIN-TB for doing this suggestion: https://github.com/MichaIng/DietPi/issues/7278
- DietPi-DDNS | The cron job does now log server response messages and connection errors separately with respective severities. Some DDNS providers do not return an HTTP error code, but an error text embedded into a regular HTTP 200 response. This, as well as success responses can now be seen via "journalctl -t dietpi-ddns". Many thanks to @jtmoon79 for doing this suggestion: https://github.com/MichaIng/DietPi/issues/5954
- DietPi-Services | "dietpi-services start" will not start disabled services anymore. This aligns with the behaviour of the "restart" command, which as well skips disabled services. The script is used within other DietPi scripts to (re)start services after maintenance operations, and it is unexpected when services, who were not running before, but explicitly disabled, are running afterwards. To manually start/stop individual services from the console, we recommend using "systemctl" directly, like on any other Linux distribution with systemd. Many thanks to @intiplink for reporting this unexpected behaviour while using dietpi-drive_manager: https://github.com/MichaIng/DietPi/issues/7302
- DietPi-Software | NFS Server: The "fsid=0" option has been removed from the /mnt/dietpi_userdata default export. As it is uncommon and not respected in "showmount -e" export lists, it caused confusion and issues.
- DietPi-Software | YaCy: The latest YaCy version will now be installed, and the global software password will be set as default admin password on fresh installs.
Expand Down
97 changes: 67 additions & 30 deletions dietpi/dietpi-ddns
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,9 @@ Available options:
-p <password> Password or token, depending on provider
In combination with a custom provider, this is used for HTTP authentication.
-t <timespan> Duration between DDNS updates in minutes (optional, defaults to 10)
-4 Force IPv4 usage for the DDNS update (optional, the default)
-6 Force IPv6 usage for the DDNS update (optional)
-6or4 Do not force any IP family for the DDNS update (optional)
IPv6 is then used, if enabled on this server and if the DDNS provider is
reachable via IPv6, else IPv4 is used.
-4and6 Update IPv4 and IPv6 addresses for your DDNS (optional, the default)
-4 Update only the IPv4 address for your DDNS (optional)
-6 Update only the IPv6 address for your DDNS (optional)
Available providers:
<custom> Full URL to update against a custom DDNS provider
Use the "-u" and "-p" options if HTTP authentication is required.
Expand Down Expand Up @@ -73,10 +71,10 @@ Input()
'-u') shift; USERNAME=$1;;
'-p') shift; PASSWORD=$1;;
'-t') shift; TIMESPAN=$1;;
'-'[46]|'-6or4') IPFAMILY=$1;;
'-'[46]|'-4and6') IPFAMILY=$1;;
'apply') COMMAND=$1; shift; PROVIDER=$1;;
'remove') COMMAND=$1;;
*) G_DIETPI-NOTIFY 1 "Invalid input ($1). Aborting...$USAGE"; exit 1;;
*) G_DIETPI-NOTIFY 1 "Invalid input ($1). Aborting ...$USAGE"; exit 1;;
esac
shift
done
Expand Down Expand Up @@ -144,8 +142,24 @@ Read()
fi

# IP family
[[ $IPFAMILY ]] || IPFAMILY=${command#curl } IPFAMILY=${IPFAMILY%% *}
[[ $IPFAMILY == '-'[46] ]] || IPFAMILY='-6or4'
if [[ ! $IPFAMILY ]]
then
if grep -q 'curl -4 ' /var/lib/dietpi/dietpi-ddns/update.sh
then
if grep -q 'curl -6 ' /var/lib/dietpi/dietpi-ddns/update.sh
then
IPFAMILY='-4and6'
else
IPFAMILY='-4'
fi

elif grep -q 'curl -6 ' /var/lib/dietpi/dietpi-ddns/update.sh
then
IPFAMILY='-6'
else
IPFAMILY='-4and6' # Pre-v9.9
fi
fi

# Time span
[[ ! $TIMESPAN && -f '/var/spool/cron/crontabs/dietpi-ddns' ]] || return
Expand All @@ -157,8 +171,8 @@ Read()
Apply()
{
# Generate URL and set HTTP authentication flag based on provider
local url http_auth=1 ipfamily=${IPFAMILY:--4}
[[ $ipfamily == '-6or4' ]] && ipfamily=
local url http_auth=1
[[ $IPFAMILY ]] || IPFAMILY='-4and6'
# - DuckDNS
if [[ $PROVIDER == 'DuckDNS' ]]
then
Expand Down Expand Up @@ -200,7 +214,7 @@ Apply()
fi

# Create DietPi-DDNS group
G_DIETPI-NOTIFY 2 'Preparing unprivileged DietPi-DDNS UNIX group...'
G_DIETPI-NOTIFY 2 'Preparing unprivileged DietPi-DDNS UNIX group ...'
if getent group dietpi-ddns > /dev/null
then
G_EXEC groupmod -p '!' dietpi-ddns
Expand All @@ -209,7 +223,7 @@ Apply()
fi

# Create DietPi-DDNS user
G_DIETPI-NOTIFY 2 'Preparing unprivileged DietPi-DDNS UNIX user...'
G_DIETPI-NOTIFY 2 'Preparing unprivileged DietPi-DDNS UNIX user ...'
if getent passwd dietpi-ddns > /dev/null
then
G_EXEC usermod -g 'dietpi-ddns' -G '' -d '/nonexistent' -s '/usr/sbin/nologin' -p '!' dietpi-ddns
Expand All @@ -218,10 +232,10 @@ Apply()
fi

# Test DDNS update
G_DIETPI-NOTIFY 2 'Testing DDNS update...'
G_DIETPI-NOTIFY 2 'Testing DDNS update ...'
local result
# shellcheck disable=SC2086
if ! result=$(curl $ipfamily -sSfL ${http_auth:+ -u "$USERNAME:$PASSWORD"} "$url" 2>&1) ||
if ! result=$(curl "${IPFAMILY%and6}" -sSfL ${http_auth:+ -u "$USERNAME:$PASSWORD"} "$url" 2>&1) ||
[[ $PROVIDER == 'DuckDNS' && $result == 'KO' ]] ||
[[ $PROVIDER == 'YDNS' && $result != 'good'* && $result != 'nochg'* ]] ||
[[ $PROVIDER == 'Dynu' && $result != 'good'* && $result != 'nochg'* ]]
Expand All @@ -231,13 +245,32 @@ Apply()
return 1
else
STATUS="DDNS update test succeeded${result:+:\n$result}"
G_DIETPI-NOTIFY 2 "$STATUS"
G_DIETPI-NOTIFY 0 "$STATUS"

# Test IPv6 as well if both are enabled
if [[ $IPFAMILY == '-4and6' ]]
then
G_DIETPI-NOTIFY 2 'Testing IPv6 DDNS update ...'
local status6
if ! result=$(curl "${IPFAMILY/4and}" -sSfL ${http_auth:+ -u "$USERNAME:$PASSWORD"} "$url" 2>&1) ||
[[ $PROVIDER == 'DuckDNS' && $result == 'KO' ]] ||
[[ $PROVIDER == 'YDNS' && $result != 'good'* && $result != 'nochg'* ]] ||
[[ $PROVIDER == 'Dynu' && $result != 'good'* && $result != 'nochg'* ]]
then
status6="IPv6 DDNS update test failed. Your server, network or DDNS provider might not support IPv6${result:+:\n$result}"
G_DIETPI-NOTIFY 1 "$status6"
else
status6="IPv6 DDNS update test succeeded${result:+:\n$result}"
G_DIETPI-NOTIFY 0 "$status6"
fi
STATUS+="\n\n$status6"
fi
fi

# Check and in case remove obsolete No-IP client
if command -v noip2 > /dev/null
then
G_DIETPI-NOTIFY 2 'Removing obsolete No-IP client from your system...'
G_DIETPI-NOTIFY 2 'Removing obsolete No-IP client from your system ...'
if [[ -f '/etc/systemd/system/noip2.service' ]]
then
G_EXEC systemctl disable --now noip2
Expand All @@ -262,10 +295,12 @@ Apply()
G_EXEC chown dietpi-ddns:dietpi-ddns /var/lib/dietpi/dietpi-ddns/update.sh
# Shellcheck false positive: https://github.com/koalaman/shellcheck/issues/2168
# shellcheck disable=SC2016
echo "curl${ipfamily:+ $ipfamily} -sSfL${http_auth:+ -u '$USERNAME:$PASSWORD'} '$url' 2>&1 > /dev/null | logger -t dietpi-ddns -p 3" >> /var/lib/dietpi/dietpi-ddns/update.sh
echo "{ curl ${IPFAMILY%and6} -sSfL${http_auth:+ -u '$USERNAME:$PASSWORD'} '$url' | logger -t dietpi-ddns -p 6; } 2>&1 | logger -t dietpi-ddns -p 3" >> /var/lib/dietpi/dietpi-ddns/update.sh
# shellcheck disable=SC2016
[[ $IPFAMILY == '-4and6' ]] && echo "{ curl ${IPFAMILY/4and} -sSfL${http_auth:+ -u '$USERNAME:$PASSWORD'} '$url' | logger -t dietpi-ddns -p 6; } 2>&1 | logger -t dietpi-ddns -p 3" >> /var/lib/dietpi/dietpi-ddns/update.sh

# Apply Cron job
G_DIETPI-NOTIFY 2 'Applying DietPi-DDNS Cron job...'
G_DIETPI-NOTIFY 2 'Applying DietPi-DDNS Cron job ...'
crontab -u dietpi-ddns - <<< "*/${TIMESPAN:-10} * * * * /var/lib/dietpi/dietpi-ddns/update.sh"
}

Expand Down Expand Up @@ -372,15 +407,16 @@ Menu_Password()
Menu_IPfamily()
{
G_WHIP_MENU_ARRAY=(
'IPv4' ': Force IPv4 usage for the DDNS update (best compatibility)'
'IPv6or4' ': Do not force any IP family for the DDNS update'
'IPv6' ': Force IPv6 usage for the DDNS update (for modern clients)'
'IPv4and6' ': Update IPv4 and IPv6 addresses for your DDNS'
'IPv4' ': Update only the IPv4 address for your DDNS'
'IPv6' ': Update only the IPv6 address for your DDNS'
)
G_WHIP_DEFAULT_ITEM=${IPFAMILY:--4} G_WHIP_DEFAULT_ITEM=${G_WHIP_DEFAULT_ITEM/-/IPv}
G_WHIP_MENU 'Please select whether you want to force an IP family to associate with your DDNS domain.
\nFor best compatibility with all clients and networks, we recommend to use IPv4.
\nIf you do not force any IP family, IPv6 is used, if enabled on this server and if the DDNS provider is reachable via IPv6, else IPv4 is used.
\nIf IPv6 is used, only clients with IPv6 enabled and connected via networks which support IPv6 can reach your server.' || return 1
G_WHIP_DEFAULT_ITEM=${IPFAMILY/-/IPv}
G_WHIP_MENU 'Please select which IP family address to associate with your DDNS domain.
\nUsually one would want to update both, the IPv4 and IPv6 address, if your server has one.
\nIf you do not have a public IPv6 address, or want to keep the amount of DDNS requests low, update the IPv4 address only.
\nIf you have a public IPv6 address, want to support only clients with IPv6 enabled, and connected via networks which support IPv6, then you could update the IPv6 address only.
Choosing this could lower requests and attacks from random bots, which almost always try to connect via IPv4. But it can prevent your own/intended clients from being able to connect.' || return 1
IPFAMILY=${G_WHIP_RETURNED_VALUE/IPv/-}
}

Expand All @@ -405,7 +441,7 @@ Menu_Main()
[[ $PROVIDER == 'DuckDNS' || $PROVIDER == 'Dynu' || $PROVIDER == 'FreeDNS' || $PROVIDER == 'YDNS' ]] || G_WHIP_MENU_ARRAY+=("$username" ": [$USERNAME]")
G_WHIP_MENU_ARRAY+=(
"$password" ": [${PASSWORD//?/*}]"
'IP family' ": [${IPFAMILY:--4}]"
'IP family' ": [${IPFAMILY/-/IPv}]"
'Timespan' ": [${TIMESPAN:-10} minutes]"
'' '●─ Apply '
'Apply' ': Create or update Cron job with above settings'
Expand Down Expand Up @@ -447,18 +483,19 @@ then
then
Remove || exit 1
else
G_DIETPI-NOTIFY 1 "Input found but no command. Aborting...$USAGE"
G_DIETPI-NOTIFY 1 "Input found but no command. Aborting ...$USAGE"
exit 1
fi

# Menu
else
# Read current settings from existing Cron job
Read
[[ $IPFAMILY ]] || IPFAMILY='-4and6'

# Read status of existing Cron job via last two journal lines: "dietpi-ddns" tag shows curl errors, "cron" tag with "dietpi-ddns" string shows Cron job execution
STATUS='Manage DDNS settings to keep your dynamic IP with the static domain provided by your DDNS provider in sync'
[[ $PROVIDER ]] && STATUS="Last DietPi-DDNS logs:\n$(journalctl -r -t dietpi-ddns -t CRON | grep -m2 dietpi-ddns)"
[[ $PROVIDER ]] && STATUS="Last DietPi-DDNS logs:\n$(journalctl -r -t dietpi-ddns -t CRON | grep -m4 dietpi-ddns | sort)"

NEXT_MENU_START='Provider'
while Menu_Main; do :; done
Expand Down