Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2023-01-22 Pi-hole admin password changes - master branch - PR 1 of 3 #648

Merged
merged 1 commit into from
Jan 26, 2023
Merged

2023-01-22 Pi-hole admin password changes - master branch - PR 1 of 3 #648

merged 1 commit into from
Jan 26, 2023

Conversation

Paraphraser
Copy link

Circa July 9, 2022 docker-pi-hole PR 1106 made some significant changes to how the admin password is handled. The only documentation for this change was in
Changelog 2022.07:

Always use WEBPASSWORD env var if set by @rdwebdesign in #1106

This change was reported on Discord.

To summarise the new behaviour:

  1. If WEBPASSWORD is not set on first launch, a random password is generated.
  2. If WEBPASSWORD is not set on second-or-subsequent launch, whatever password was already in effect is re-used. This also applies when there is no admin password.
  3. If WEBPASSWORD is defined but has a null value, any pre-existing password is cleared and the Web UI bypasses the login screen.
  4. If WEBPASSWORD is defined and has a value, that value is always used to update the admin password stored internally.

This PR adjusts the IOTstack Pi-hole template to default to the third option above (ie no admin password). This avoids the need for any "build" process and the need to set/generate any password, and obviates the need for the associated Python scripts which have been removed.

A comment is added to the service definition template directing users to the IOTstack wiki page where the behaviour of WEBPASSWORD is documented in full.

This change should only affect new users.

Any existing users who had followed the previous procedure of selecting Pi-hole, choosing a password or allowing one to be generated, and bringing up the container would have an admin password matching the value of WEBPASSWORD.

Any existing users who had reset their password via:

$ docker exec pihole pihole -a -p myNewPassword

will either have:

  1. Changed their service definition to match. The July 9 2022 changes would already be enforcing WEBPASSWORD on each launch.
  2. Not changed their service definition to match. The July 9 2022 changes would already have reverted to the value of WEBPASSWORD.
  3. Removed WEBPASSWORD from their list of environment variables. The July 9 2022 changes would continue to use the existing password.

This PR also takes the opportunity to:

  1. Re-align the service definition entries.
  2. Adopt new-style TZ which either accepts a value from ~/IOTstack/.env or defaults to Etc/UTC.
  3. Add a comment pointing to the Pi-hole documentation for its supported environment variables.

IOTstack Pi-hole documentation updated.

Signed-off-by: Phill Kelley [email protected]

@Paraphraser
2023-01-22 Pi-hole admin password changes - master branch - PR 1 of 3
3ee797f 
Circa July 9, 2022 [docker-pi-hole PR 1106](pi-hole/docker-pi-hole#1106)
made some significant changes to how the admin password is handled. The
only documentation for this change was in
[Changelog 2022.07](https://github.com/pi-hole/docker-pi-hole/releases/tag/2022.07):

> Always use WEBPASSWORD env var if set by @rdwebdesign in #1106

This change was reported on [Discord](https://discord.com/channels/638610460567928832/638610461109256194/1066408650077388860).

To summarise the new behaviour:

1. If `WEBPASSWORD` is not set on first launch, a random password is
generated.
2. If `WEBPASSWORD` is not set on second-or-subsequent launch, whatever
password was already in effect is re-used. This also applies when there
is no admin password.
3. If `WEBPASSWORD` is defined but has a null value, any pre-existing
password is cleared and the Web UI bypasses the login screen.
4. If `WEBPASSWORD` is defined and has a value, that value is always
used to update the admin password stored internally.

This PR adjusts the IOTstack Pi-hole template to default to the third
option above (ie no admin password). This avoids the need for any
"build" process and the need to set/generate any password, and obviates
the need for the associated Python scripts which have been removed.

A comment is added to the service definition template directing users
to the IOTstack wiki page where the behaviour of `WEBPASSWORD` is
documented in full.

This change should only affect new users.

Any existing users who had followed the previous procedure of selecting
Pi-hole, choosing a password or allowing one to be generated, and
bringing up the container would have an admin password matching the
value of `WEBPASSWORD`.

Any existing users who had reset their password via:

```
$ docker exec pihole pihole -a -p myNewPassword
```

will either have:

1. Changed their service definition to match. The July 9 2022 changes
would already be enforcing  `WEBPASSWORD` on each launch.
2. Not changed their service definition to match. The July 9 2022
changes would already have reverted to the value of `WEBPASSWORD`.
3. Removed `WEBPASSWORD` from their list of environment variables. The
July 9 2022 changes would continue to use the existing password.

This PR also takes the opportunity to:

1. Re-align the service definition entries.
2. Adopt new-style TZ which either accepts a value from `~/IOTstack/.env`
or defaults to `Etc/UTC`.
3. Add a comment pointing to the Pi-hole documentation for its supported
environment variables.

IOTstack Pi-hole documentation updated.

Signed-off-by: Phill Kelley <[email protected]>
Paraphraser added a commit to Paraphraser/IOTstack that referenced this pull request Jan 22, 2023
@Paraphraser
2023-01-22 Pi-hole admin password changes - old-menu branch - PR 2 of 3
a93e619 
See SensorsIot#648 for background to this PR.

Consequential changes:

* harmonises template service definition by removing reference to port
443 but does not re-align other entries (did not seem worthwhile).
* harmonises default environment variables file so it is identical to
the inline environment variables on master branch. This includes
new-style TZ syntax and comments directing users to IOTstack wiki doco
on the admin password, and Pi-hole doco on supported environment
variables.

Signed-off-by: Phill Kelley <[email protected]>
@Paraphraser Paraphraser mentioned this pull request Jan 22, 2023
Merged
Paraphraser added a commit to Paraphraser/IOTstack that referenced this pull request Jan 22, 2023
@Paraphraser
2023-01-22 Pi-hole admin password changes - experimental branch - PR …
422374d 
…3 of 3

See SensorsIot#648 for background to this PR.

Consequential changes:

* harmonises template service definition by removing reference to port
443 and re-aligning entries.
* harmonises default environment variables to be the same as master
branch (including comments).
* removes obsolete `networks:` clause.
* removes handling for `TZ`, `WEBPASSWORD`, `DNS1` and `DNS2` from the
modifiable environment. The DNS pair are a consequence of overall
harmonisation.

Signed-off-by: Phill Kelley <[email protected]>
This was referenced Jan 22, 2023
Merged
Open
@Slyke Slyke merged commit c7eae7a into SensorsIot:master Jan 26, 2023
@Paraphraser Paraphraser deleted the 20230122-pihole-master branch January 26, 2023 22:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Slyke Slyke Slyke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Paraphraser @Slyke