Add adguard configuration with proper env variable sourcing

This commit is contained in:
Tanguy Herbron 2022-06-01 23:45:57 +02:00
parent 332b047937
commit b0a532b2a2
5 changed files with 183 additions and 22 deletions

146
adguard/config.yaml Normal file
View File

@ -0,0 +1,146 @@
apiVersion: v1
data:
AdGuardHome.yaml: |
bind_host: 0.0.0.0
bind_port: 3000
users:
- name: $USER_NAME
password: $2a$10$$USER_PASSWORD
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
web_session_ttl: 720
dns:
bind_hosts:
- 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 24h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
- 8.8.8.8
- 8.8.4.4
- 1.1.1.1
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: true
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
max_goroutines: 300
ipset: []
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: $DNS_REWRITES
blocked_services:
- tiktok
upstream_timeout: 10s
local_domain_name: lan
resolve_clients: true
use_private_ptr_resolvers: true
local_ptr_upstreams: []
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway Default Blocklist
id: 2
- enabled: false
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
whitelist_filters: []
user_rules:
- '@@||v.oui.sncf^$important'
dhcp:
enabled: false
interface_name: ""
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: false
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 12
kind: ConfigMap
metadata:
name: adguard-config
namespace: default

View File

@ -12,6 +12,15 @@ spec:
labels:
app: adguard
spec:
initContainers:
- name: config-binder
image: alpine
command: ["sh", "-c", "mkdir -p /adguard/conf && cp /binder/AdGuardHome.yaml /adguard/conf/AdGuardHome.yaml"]
volumeMounts:
- name: adguard-config-volume
mountPath: /binder
- name: adguard-data
mountPath: /adguard
containers:
- name: adguard
image: adguard/adguardhome
@ -22,3 +31,17 @@ spec:
protocol: TCP
- containerPort: 3000
protocol: TCP
volumeMounts:
- name: adguard-data
mountPath: /opt/adguardhome/conf
subPath: conf
- name: adguard-data
mountPath: /opt/adguardhome/work
subPath: work
volumes:
- name: adguard-config-volume
configMap:
name: adguard-config
- name: adguard-data
persistentVolumeClaim:
claimName: adguard-pvc

View File

@ -1,23 +1,12 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix-adguard
spec:
stripPrefix:
prefixes:
- /
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: adguard-ingress
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.middlewares: "default-stripprefix-adguard@kubernetescrd"
spec:
rules:
- host: adguard.localhost
- host: adguard.k3s.beta
http:
paths:
- path: /
@ -27,12 +16,3 @@ spec:
name: adguard-svc
port:
number: 80
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: adguard-dns
port:
number: 53

11
adguard/pvc.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: adguard-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi

View File

@ -18,4 +18,5 @@ spec:
#
# Only exposing the DNS server as the dashboard only listens to the specified
# hostname (cf ingress file)
- 192.168.43.161
- 10.11.0.1