Add Pi-hole adblocking DNS server and configure VPN to use it

Author: dan-v

README.md

@@ -1,50 +1,19 @@
-One click personal VPN server on [DigitalOcean](https://digitalocean.com) with automated OSX setup. The deployed VPN server includes automated updates of both the OS and VPN software, so you don't need to worry about managing a server.
+One click personal VPN server on [DigitalOcean](https://digitalocean.com) with automated OSX setup and DNS adblocking. The deployed VPN server includes automated updates of both the OS and software, so you don't need to worry about managing a server.
 
 ![](/static/overview.gif?raw=true)
 
 ## Features
 * Personal IPSec VPN ([strongSwan](https://www.strongswan.org/)) deployed on DigitalOcean.
-* Graphical deployment with automated OSX VPN setup.
-* No separate software required - uses native OSX built in VPN.
-* Set it and forget it. Automated OS and VPN software updates.
-* Downloadable config file that can be used to setup VPN on other computers
+* Adblocking DNS ([Pi-hole](https://pi-hole.net/)) setup by default.
+* Web based deployment with automated OSX VPN setup.
+* No additional software required - uses native OSX VPN.
+* Automated OS and software updates.
+* Downloadable mobileconfig file for sharing access to this VPN with other computers and devices.
 
-## Installation
-
-### Binary
-The easiest way is to download a pre-built binary from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. This is a packaged OSX app.
-
-### Source
-1. Fetch the project with `go get`:
-
-  ```sh
-  go get github.com/dan-v/dosxvpn
-  cd $GOPATH/src/github.com/dan-v/dosxvpn
-  ```
-  
-2. Run make to build (will need to install [platypus cli](http://www.sveinbjorn.org/platypus)). CLI and OSX app can then be found under build/osx/x86-64.
-
-  ```sh
-  make
-  ```
-
-## CLI Usage
-
-```bash
-go install github.com/dan-v/dosxvpn/cmd/...
-DIGITALOCEAN_ACCESS_TOKEN=... dosxvpn -cli
-```
-
-Prints output like:
-```
-2017/04/05 15:58:57 Created DigitalOcean droplet 44882920
-2017/04/05 15:58:57 Waiting for SSH to start...
-2017/04/05 15:59:32 Getting VPN details...
-2017/04/05 15:59:51 Adding VPN to OSX...
-2017/04/05 15:59:55 ##############################
-2017/04/05 15:59:55 VPN IP: 10.10.10.10
-2017/04/05 15:59:55 ##############################
-```
+## Usage
+1. Download the latest pre-built binary from the [GitHub Releases](https://github.com/dan-v/dosxvpn/releases) page. This is a packaged OSX app.
+2. Open the app and run through the web based installation wizard to setup the VPN.
+3. Visit http://pi.hole/admin/ (password=dosxvpn) in your browser to modify DNS adblocking settings.
 
 ## How it works
 A web server is started on application launch and directs you to your web browser. It uses client OAuth authentication to request access to your DigitalOcean account (this permission is revoked after deployment). Once authenticated, a 512MB droplet is deployed running CoreOS that is configured to auto update on new releases. The OS is configured to launch a container ([dosxvpn/strongswan](https://hub.docker.com/r/dosxvpn/strongswan/)) on boot running [strongSwan](https://www.strongswan.org/). 
@@ -61,3 +30,17 @@ A web server is started on application launch and directs you to your web browse
 * [jbowens/dochaincore](https://github.com/jbowens/dochaincore) - Deployment code was borrowed from this project
 * [vimagick/strongswan](https://github.com/vimagick/dockerfiles/tree/master/strongswan) - Using forked version of this docker image for VPN
 * [platypus](http://www.sveinbjorn.org/platypus) - Used to generate OSX app 
+
+### Building yourself
+1. Fetch the project with `go get`:
+
+  ```sh
+  go get github.com/dan-v/dosxvpn
+  cd $GOPATH/src/github.com/dan-v/dosxvpn
+  ```
+  
+2. Run make to build (will need to install [platypus cli](http://www.sveinbjorn.org/platypus)). CLI and OSX app can then be found under build/osx/x86-64.
+
+  ```sh
+  make
+  ```

userdata.go

@@ -48,12 +48,22 @@ coreos:
 
         [Timer]
         OnCalendar=*-*-* 0/12:00:00
+    - name: dummy-interface.service
+      command: start
+      content: |
+        [Unit]
+        Description=Creates a dummy local interface
+
+        [Service]
+        User=root
+        Type=oneshot
+        ExecStart=/bin/sh -c "modprobe dummy; ip link set dummy0 up; ifconfig dummy0 1.1.1.1/32; echo 1.1.1.1         pi.hole >> /etc/hosts"
     - name: dosxvpn.service
       command: start
       content: |
         [Unit]
         Description=dosxvpn
-        After=docker.service
+        After=docker.service,dummy-interface.service
 
         [Service]
         User=core
@@ -64,8 +74,26 @@ coreos:
         ExecStartPre=-/usr/bin/docker kill dosxvpn
         ExecStartPre=-/usr/bin/docker rm dosxvpn
         ExecStartPre=/usr/bin/docker pull dosxvpn/strongswan
-        ExecStart=/usr/bin/docker run --name dosxvpn --privileged -p 500:500/udp -p 4500:4500/udp -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan
+        ExecStart=/usr/bin/docker run --name dosxvpn --privileged --net=host -v ipsec.d:/etc/ipsec.d -v strongswan.d:/etc/strongswan.d -v /lib/modules:/lib/modules -v /etc/localtime:/etc/localtime -e VPN_DNS=1.1.1.1 -e VPN_DOMAIN=$public_ipv4 dosxvpn/strongswan
         ExecStop=/usr/bin/docker stop dosxvpn
+    - name: pihole.service
+      command: start
+      content: |
+        [Unit]
+        Description=pihole
+        After=docker.service,dummy-interface.service
+
+        [Service]
+        User=core
+        Restart=always
+        TimeoutStartSec=0
+        KillMode=none
+        EnvironmentFile=/etc/environment
+        ExecStartPre=-/usr/bin/docker kill pihole
+        ExecStartPre=-/usr/bin/docker rm pihole
+        ExecStartPre=/usr/bin/docker pull diginc/pi-hole:alpine
+        ExecStart=/usr/bin/docker run --name pihole --net=host -e ServerIP=1.1.1.1 -e WEBPASSWORD=dosxvpn diginc/pi-hole:alpine
+        ExecStop=/usr/bin/docker stop pihole
 `
 
 type userDataParams struct {