diff --git a/adguard/config.yaml b/adguard/config.yaml new file mode 100644 index 0000000..7d6897a --- /dev/null +++ b/adguard/config.yaml @@ -0,0 +1,146 @@ +apiVersion: v1 +data: + AdGuardHome.yaml: | + bind_host: 0.0.0.0 + bind_port: 3000 + users: + - name: $USER_NAME + password: $2a$10$$USER_PASSWORD + auth_attempts: 5 + block_auth_min: 15 + http_proxy: "" + web_session_ttl: 720 + dns: + bind_hosts: + - 0.0.0.0 + port: 53 + statistics_interval: 1 + querylog_enabled: true + querylog_file_enabled: true + querylog_interval: 24h + querylog_size_memory: 1000 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - https://dns10.quad9.net/dns-query + - 8.8.8.8 + - 8.8.4.4 + - 1.1.1.1 + upstream_dns_file: "" + bootstrap_dns: + - 9.9.9.10 + - 149.112.112.10 + - 2620:fe::10 + - 2620:fe::fe:10 + all_servers: true + fastest_addr: false + fastest_timeout: 1s + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: + - version.bind + - id.server + - hostname.bind + trusted_proxies: + - 127.0.0.0/8 + - ::1/128 + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + cache_optimistic: false + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: false + max_goroutines: 300 + ipset: [] + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: $DNS_REWRITES + blocked_services: + - tiktok + upstream_timeout: 10s + local_domain_name: lan + resolve_clients: true + use_private_ptr_resolvers: true + local_ptr_upstreams: [] + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 784 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + strict_sni_check: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard DNS filter + id: 1 + - enabled: true + url: https://adaway.org/hosts.txt + name: AdAway Default Blocklist + id: 2 + - enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + whitelist_filters: [] + user_rules: + - '@@||v.oui.sncf^$important' + dhcp: + enabled: false + interface_name: "" + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false + clients: [] + log_compress: false + log_localtime: false + log_max_backups: 0 + log_max_size: 100 + log_max_age: 3 + log_file: "" + verbose: false + os: + group: "" + user: "" + rlimit_nofile: 0 + schema_version: 12 +kind: ConfigMap +metadata: + name: adguard-config + namespace: default diff --git a/adguard/deployment.yaml b/adguard/deployment.yaml index 5a6e8bc..8d88ce2 100644 --- a/adguard/deployment.yaml +++ b/adguard/deployment.yaml @@ -12,6 +12,15 @@ spec: labels: app: adguard spec: + initContainers: + - name: config-binder + image: alpine + command: ["sh", "-c", "mkdir -p /adguard/conf && cp /binder/AdGuardHome.yaml /adguard/conf/AdGuardHome.yaml"] + volumeMounts: + - name: adguard-config-volume + mountPath: /binder + - name: adguard-data + mountPath: /adguard containers: - name: adguard image: adguard/adguardhome @@ -22,3 +31,17 @@ spec: protocol: TCP - containerPort: 3000 protocol: TCP + volumeMounts: + - name: adguard-data + mountPath: /opt/adguardhome/conf + subPath: conf + - name: adguard-data + mountPath: /opt/adguardhome/work + subPath: work + volumes: + - name: adguard-config-volume + configMap: + name: adguard-config + - name: adguard-data + persistentVolumeClaim: + claimName: adguard-pvc diff --git a/adguard/ingress.yaml b/adguard/ingress.yaml index e8fef29..25de926 100644 --- a/adguard/ingress.yaml +++ b/adguard/ingress.yaml @@ -1,23 +1,12 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: stripprefix-adguard -spec: - stripPrefix: - prefixes: - - / - ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: adguard-ingress annotations: kubernetes.io/ingress.class: "traefik" - traefik.ingress.kubernetes.io/router.middlewares: "default-stripprefix-adguard@kubernetescrd" spec: rules: - - host: adguard.localhost + - host: adguard.k3s.beta http: paths: - path: / @@ -27,12 +16,3 @@ spec: name: adguard-svc port: number: 80 - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: adguard-dns - port: - number: 53 diff --git a/adguard/pvc.yaml b/adguard/pvc.yaml new file mode 100644 index 0000000..6aefd7f --- /dev/null +++ b/adguard/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: adguard-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/adguard/service.yaml b/adguard/service.yaml index a349362..6d5dc30 100644 --- a/adguard/service.yaml +++ b/adguard/service.yaml @@ -18,4 +18,5 @@ spec: # # Only exposing the DNS server as the dashboard only listens to the specified # hostname (cf ingress file) - - 192.168.43.161 + - 10.11.0.1 +