Release v8.0 (#5146)

.conf/dps_121/roonbridge.service

@@ -1,13 +1,12 @@
 [Unit]
 Description=Roon Bridge (DietPi)
 Wants=network-online.target
-After=network-online.target dietpi-boot.service sound.target
+After=network-online.target sound.target
 
 [Service]
-Group=dietpi
+SyslogIdentifier=Roon Bridge
 Environment=ROON_DATAROOT=/mnt/dietpi_userdata/roon
 Environment=ROON_ID_DIR=/mnt/dietpi_userdata/roon
-SyslogIdentifier=roonbridge
 ExecStart=/etc/roonbridge/start.sh
 Restart=on-abort
 

.conf/dps_93/apache.pihole.conf

@@ -12,19 +12,18 @@
 	Header set X-Pi-hole "The Pi-hole Web interface is working!"
 	Header set X-Frame-Options "DENY"
 
-	# Allow access to local fonts
-	<Files ~ "\.(eot|otf|tt[cf]|woff2?)$">
-		Header set Access-Control-Allow-Origin "*"
-	</Files>	
+	# Allow teleporter and API QR code iframes on settings page
+	<FilesMatch "^(teleporter|api_token)\.php$">
+		Header set X-Frame-Options "SAMEORIGIN" "expr=%{HTTP_REFERER} =~ m#/admin/settings\.php#"
+	</FilesMatch>
 
 	# Block . files from being served, such as .git, .github, .gitignore
-	<Files ~ "^\.">
+	<FilesMatch "^\.">
 		Require all denied
-	</Files>
-
+	</FilesMatch>
 </Directory>
 
 # Block public access to 404 page
 <Directory ~ /var/www(/html)?/pihole>
-	Require ip 127 192.168 10 172.16.0.0/12
+	Require ip 127 192.168 10 172.16.0.0/12 ::1/128 fe80::/10 fc00::/7
 </Directory>

.conf/dps_93/lighttpd.pihole.conf

@@ -8,9 +8,11 @@ $HTTP["url"] =~ "^(/html)?/admin/" {
 		"X-Frame-Options" => "DENY"
 	)
 
-	# Allow admin panel access to local fonts
-	$HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" {
-		setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
+	# Allow teleporter and API QR code iframes on settings page
+	$HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
+		$HTTP["referer"] =~ "/admin/settings\.php" {
+			setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
+		}
 	}
 }
 
@@ -21,7 +23,7 @@ $HTTP["url"] =~ "^(/html)?/admin/\." {
 
 # Block public access to 404 page
 $HTTP["url"] =~ "^(/html)?/pihole/" {
-	$HTTP["remoteip"] !~ "^1(27|92\.168|0|72\.(1[6-9]|2[0-9]|3[0-1]))\." {
+	$HTTP["remoteip"] !~ "^(1(27|92\.168|0|72\.(1[6-9]|2[0-9]|3[0-1]))\.|::1|fe[89ab].:|f[cd]..:)" {
 		url.access-deny = ("")
 	}
 }

.conf/dps_93/nginx.pihole.conf

@@ -1,5 +1,20 @@
 # Based on: https://github.com/pi-hole/pi-hole/blob/master/advanced/lighttpd.conf.debian
 
+# Allow teleporter and API QR code iframes on settings page
+location ~ ^(?:/html|)/admin/scripts/pi-hole/php/(?:teleporter|api_token)\.php$ {
+	# PHP handler block
+	fastcgi_pass php;
+	include snippets/fastcgi-php.conf;
+
+	if ($http_referer !~ /admin/settings\.php) {
+		add_header X-Frame-Options "DENY";
+	}
+	if ($http_referer ~ /admin/settings\.php) {
+		add_header X-Frame-Options "SAMEORIGIN";
+	}
+}
+
+
 # Admin panel
 location ~ ^(?:/html|)/admin(?:$|/) {
 	# Block public access to admin page, if enabled
@@ -16,11 +31,6 @@ location ~ ^(?:/html|)/admin(?:$|/) {
 	add_header X-Pi-hole "The Pi-hole Web interface is working!";
 	add_header X-Frame-Options "DENY";
 
-	# Allow access to local fonts
-	location ~ \.(?:eot|otf|tt[cf]|woff2?)$ {
-		add_header Access-Control-Allow-Origin "*";
-	}	
-
 	# Standard PHP handler block
 	try_files $uri $uri/ =404;
 	location ~ ^(?:/html|)/admin/.+\.php(?:$|/) {
@@ -36,6 +46,9 @@ location ~ ^(?:/html|)/pihole(?:$|/) {
 	allow 192.168.0.0/16;
 	allow 10.0.0.0/8;
 	allow 172.16.0.0/12;
+	allow ::1/128;
+	allow fe80::/10;
+	allow fc00::/7;
 	deny all;
 
 	# Standard PHP handler block