hive-apps/projects/adguard/values/adguard.yaml

image:
  repository: adguard/adguardhome
  tag: v0.107.33

env:
  TZ: Europe/Amsterdam

ingress:
  main:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: vault-issuer
      traefik.ingress.kubernetes.io/router.tls: 'true'
    hosts:
    - host: adguard.dc
      paths:
      - path: /
        pathType: Prefix
    tls:
    - secretName: adguard-tls
      hosts:
      - adguard.dc

service:
  dns-tcp:
    enabled: true
    type: LoadBalancer
    annotations:
      metallb.universe.tf/address-pool: dns
      metallb.universe.tf/allow-shared-ip: adguard
    ports:
      dns-tcp:
        enabled: true
        port: 53
        protocol: TCP
        targetPort: 5353
    externalTrafficPolicy: Local
  dns-udp:
    enabled: true
    type: LoadBalancer
    annotations:
      metallb.universe.tf/address-pool: dns
      metallb.universe.tf/allow-shared-ip: adguard
    ports:
      dns-udp:
        enabled: true
        port: 53
        protocol: UDP
        targetPort: 5353
    externalTrafficPolicy: Local

podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "9617"
  prometheus.io/path: "/metrics"

# See: https://github.com/ebrianne/adguard-exporter
additionalContainers:
  adguard-exporter:
    image: ebrianne/adguard-exporter:latest
    env:
      - name: adguard_protocol
        value: "http"
      - name: adguard_hostname
        value: '127.0.0.1'
      - name: adguard_username
        value: ""
      - name: adguard_password
        value: ""
      - name: adguard_port
        value: "3000"
      - name: interval 
        value: "10s"
      - name: log_limit
        value: "10000"
      - name: server_port
        value: 9617
    securityContext:
      privileged: false
      readOnlyRootFilesystem: true
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL

configMaps: 
  config: 
    enabled: true
    data: 
      AdGuardHome.yaml: |
        bind_host: 0.0.0.0
        bind_port: 3000
        users: []
        auth_attempts: 5
        block_auth_min: 15
        http_proxy: ""
        language: en
        theme: auto
        debug_pprof: false
        web_session_ttl: 720
        dns:
          bind_hosts:
            - 0.0.0.0
          port: 5353
          anonymize_client_ip: false
          protection_enabled: true
          blocking_mode: default
          blocking_ipv4: ""
          blocking_ipv6: ""
          blocked_response_ttl: 10
          parental_block_host: family-block.dns.adguard.com
          safebrowsing_block_host: standard-block.dns.adguard.com
          ratelimit: 0
          ratelimit_whitelist: []
          refuse_any: true
          upstream_dns:
            - 192.168.1.1
          upstream_dns_file: ""
          bootstrap_dns:
            - 192.168.1.1
          all_servers: false
          fastest_addr: false
          fastest_timeout: 1s
          allowed_clients: []
          disallowed_clients: []
          blocked_hosts:
            - version.bind
            - id.server
            - hostname.bind
          trusted_proxies:
            - 127.0.0.0/8
            - ::1/128
          cache_size: 4194304
          cache_ttl_min: 0
          cache_ttl_max: 0
          cache_optimistic: false
          bogus_nxdomain: []
          aaaa_disabled: false
          enable_dnssec: false
          edns_client_subnet:
            custom_ip: ""
            enabled: false
            use_custom: false
          max_goroutines: 300
          handle_ddr: true
          ipset: []
          ipset_file: ""
          filtering_enabled: true
          filters_update_interval: 24
          parental_enabled: false
          safesearch_enabled: false
          safebrowsing_enabled: false
          safebrowsing_cache_size: 1048576
          safesearch_cache_size: 1048576
          parental_cache_size: 1048576
          cache_time: 30
          rewrites: []
          blocked_services: []
          upstream_timeout: 10s
          private_networks: []
          use_private_ptr_resolvers: true
          local_ptr_upstreams: []
          use_dns64: false
          dns64_prefixes: []
          serve_http3: false
          use_http3_upstreams: false
        tls:
          enabled: false
          server_name: ""
          force_https: false
          port_https: 443
          port_dns_over_tls: 853
          port_dns_over_quic: 784
          port_dnscrypt: 0
          dnscrypt_config_file: ""
          allow_unencrypted_doh: false
          certificate_chain: ""
          private_key: ""
          certificate_path: ""
          private_key_path: ""
          strict_sni_check: false
        querylog:
          enabled: true
          file_enabled: true
          interval: 168h
          size_memory: 1000
          ignored: []
        statistics:
          enabled: true
          interval: 7
          ignored: []
        filters:
          - enabled: true
            url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
            name: AdGuard DNS filter
            id: 1
          - enabled: true
            url: https://adaway.org/hosts.txt
            name: AdAway
            id: 2
          - enabled: true
            url: https://www.malwaredomainlist.com/hostslist/hosts.txt
            name: MalwareDomainList.com Hosts List
            id: 4
          - enabled: false
            url: https://github.com/ppfeufer/adguard-filter-list/blob/master/blocklist?raw=true)
            name: ppfeufer/adguard-filter-list
            id: 1680552054
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
            name: AdAway Default Blocklist
            id: 1680552055
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
            name: AdGuard DNS filter
            id: 1680552056
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt
            name: Dan Pollock's List
            id: 1680552057
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt
            name: The NoTracking blocklist
            id: 1680552058
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
            name: WindowsSpyBlocker - Hosts spy rules
            id: 1680552059
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
            name: Phishing URL Blocklist (PhishTank and OpenPhish)
            id: 1680552060
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
            name: Dandelion Sprout's Anti-Malware List
            id: 1680552061
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt
            name: Perflyst and Dandelion Sprout's Smart-TV Blocklist
            id: 1680552062
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
            name: Scam Blocklist by DurableNapkin
            id: 1680552063
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt
            name: The Big List of Hacked Malware Web Sites
            id: 1680552064
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt
            name: Stalkerware Indicators List
            id: 1680552065
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
            name: Malicious URL Blocklist (URLHaus)
            id: 1680552066
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt
            name: Steven Black's List
            id: 1680552067
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
            name: Peter Lowe's Blocklist
            id: 1680552068
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt
            name: OISD Blocklist Basic
            id: 1680552069
          - enabled: true
            url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt
            name: Dandelion Sprout's Game Console Adblock List
            id: 1680552070
          - enabled: false
            url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/playstation.txt
            name: Playstation Network
            id: 1680552071
          - enabled: true
            url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/xbox.txt
            name: Xbox
            id: 1680552072
          - enabled: false
            url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/nintendont.txt
            name: Nintendont
            id: 1680552073
        whitelist_filters: []
        user_rules: []
        dhcp:
          enabled: false
          interface_name: ""
          local_domain_name: lan
          dhcpv4:
            gateway_ip: ""
            subnet_mask: ""
            range_start: ""
            range_end: ""
            lease_duration: 86400
            icmp_timeout_msec: 1000
            options: []
          dhcpv6:
            range_start: ""
            lease_duration: 86400
            ra_slaac_only: false
            ra_allow_slaac: false
        clients:
          runtime_sources:
            whois: true
            arp: true
            rdns: true
            dhcp: true
            hosts: true
          persistent: []
        log_file: ""
        log_max_backups: 0
        log_max_size: 100
        log_max_age: 3
        log_compress: false
        log_localtime: false
        verbose: false
        os:
          group: ""
          user: ""
          rlimit_nofile: 0
        schema_version: 17
Add: adGuard Home 2022-01-30 08:16:23 +00:00			`image:`
			`repository: adguard/adguardhome`
chore(deps): update docker image adguard/adguardhome to v0.107.33 2023-07-04 00:15:06 +00:00			`tag: v0.107.33`
Add: adGuard Home 2022-01-30 08:16:23 +00:00
			`env:`
			`TZ: Europe/Amsterdam`

			`ingress:`
			`main:`
			`enabled: true`
			`annotations:`
			`cert-manager.io/cluster-issuer: vault-issuer`
			`traefik.ingress.kubernetes.io/router.tls: 'true'`
			`hosts:`
			`- host: adguard.dc`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`tls:`
			`- secretName: adguard-tls`
			`hosts:`
			`- adguard.dc`

			`service:`
			`dns-tcp:`
			`enabled: true`
			`type: LoadBalancer`
			`annotations:`
			`metallb.universe.tf/address-pool: dns`
			`metallb.universe.tf/allow-shared-ip: adguard`
			`ports:`
			`dns-tcp:`
			`enabled: true`
			`port: 53`
			`protocol: TCP`
			`targetPort: 5353`
			`externalTrafficPolicy: Local`
			`dns-udp:`
			`enabled: true`
			`type: LoadBalancer`
			`annotations:`
			`metallb.universe.tf/address-pool: dns`
			`metallb.universe.tf/allow-shared-ip: adguard`
			`ports:`
			`dns-udp:`
			`enabled: true`
			`port: 53`
			`protocol: UDP`
			`targetPort: 5353`
			`externalTrafficPolicy: Local`

feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`podAnnotations:`
			`prometheus.io/scrape: "true"`
			`prometheus.io/port: "9617"`
			`prometheus.io/path: "/metrics"`

			`# See: https://github.com/ebrianne/adguard-exporter`
			`additionalContainers:`
			`adguard-exporter:`
			`image: ebrianne/adguard-exporter:latest`
			`env:`
			`- name: adguard_protocol`
			`value: "http"`
			`- name: adguard_hostname`
			`value: '127.0.0.1'`
			`- name: adguard_username`
			`value: ""`
			`- name: adguard_password`
			`value: ""`
			`- name: adguard_port`
			`value: "3000"`
			`- name: interval`
			`value: "10s"`
			`- name: log_limit`
			`value: "10000"`
			`- name: server_port`
			`value: 9617`
			`securityContext:`
			`privileged: false`
			`readOnlyRootFilesystem: true`
			`allowPrivilegeEscalation: false`
			`capabilities:`
			`drop:`
			`- ALL`

change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`configMaps:`
			`config:`
			`enabled: true`
			`data:`
			`AdGuardHome.yaml: \|`
			`bind_host: 0.0.0.0`
			`bind_port: 3000`
			`users: []`
			`auth_attempts: 5`
			`block_auth_min: 15`
			`http_proxy: ""`
			`language: en`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`theme: auto`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`debug_pprof: false`
			`web_session_ttl: 720`
			`dns:`
			`bind_hosts:`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`- 0.0.0.0`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`port: 5353`
			`anonymize_client_ip: false`
			`protection_enabled: true`
			`blocking_mode: default`
			`blocking_ipv4: ""`
			`blocking_ipv6: ""`
			`blocked_response_ttl: 10`
			`parental_block_host: family-block.dns.adguard.com`
			`safebrowsing_block_host: standard-block.dns.adguard.com`
			`ratelimit: 0`
			`ratelimit_whitelist: []`
			`refuse_any: true`
			`upstream_dns:`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`- 192.168.1.1`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`upstream_dns_file: ""`
			`bootstrap_dns:`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`- 192.168.1.1`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`all_servers: false`
			`fastest_addr: false`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`fastest_timeout: 1s`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`allowed_clients: []`
			`disallowed_clients: []`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`blocked_hosts:`
			`- version.bind`
			`- id.server`
			`- hostname.bind`
			`trusted_proxies:`
			`- 127.0.0.0/8`
			`- ::1/128`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`cache_size: 4194304`
			`cache_ttl_min: 0`
			`cache_ttl_max: 0`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`cache_optimistic: false`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`bogus_nxdomain: []`
			`aaaa_disabled: false`
			`enable_dnssec: false`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`edns_client_subnet:`
			`custom_ip: ""`
			`enabled: false`
			`use_custom: false`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`max_goroutines: 300`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`handle_ddr: true`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`ipset: []`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`ipset_file: ""`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`filtering_enabled: true`
			`filters_update_interval: 24`
			`parental_enabled: false`
			`safesearch_enabled: false`
			`safebrowsing_enabled: false`
			`safebrowsing_cache_size: 1048576`
			`safesearch_cache_size: 1048576`
			`parental_cache_size: 1048576`
			`cache_time: 30`
			`rewrites: []`
			`blocked_services: []`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`upstream_timeout: 10s`
			`private_networks: []`
			`use_private_ptr_resolvers: true`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`local_ptr_upstreams: []`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`use_dns64: false`
			`dns64_prefixes: []`
			`serve_http3: false`
			`use_http3_upstreams: false`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`tls:`
			`enabled: false`
			`server_name: ""`
			`force_https: false`
			`port_https: 443`
			`port_dns_over_tls: 853`
			`port_dns_over_quic: 784`
			`port_dnscrypt: 0`
			`dnscrypt_config_file: ""`
			`allow_unencrypted_doh: false`
			`certificate_chain: ""`
			`private_key: ""`
			`certificate_path: ""`
			`private_key_path: ""`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`strict_sni_check: false`
			`querylog:`
			`enabled: true`
			`file_enabled: true`
			`interval: 168h`
			`size_memory: 1000`
			`ignored: []`
			`statistics:`
			`enabled: true`
			`interval: 7`
			`ignored: []`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`filters:`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`- enabled: true`
			`url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt`
			`name: AdGuard DNS filter`
			`id: 1`
			`- enabled: true`
			`url: https://adaway.org/hosts.txt`
			`name: AdAway`
			`id: 2`
			`- enabled: true`
			`url: https://www.malwaredomainlist.com/hostslist/hosts.txt`
			`name: MalwareDomainList.com Hosts List`
			`id: 4`
			`- enabled: false`
			`url: https://github.com/ppfeufer/adguard-filter-list/blob/master/blocklist?raw=true)`
			`name: ppfeufer/adguard-filter-list`
			`id: 1680552054`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt`
			`name: AdAway Default Blocklist`
			`id: 1680552055`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt`
			`name: AdGuard DNS filter`
			`id: 1680552056`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt`
			`name: Dan Pollock's List`
			`id: 1680552057`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt`
			`name: The NoTracking blocklist`
			`id: 1680552058`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt`
			`name: WindowsSpyBlocker - Hosts spy rules`
			`id: 1680552059`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt`
			`name: Phishing URL Blocklist (PhishTank and OpenPhish)`
			`id: 1680552060`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt`
			`name: Dandelion Sprout's Anti-Malware List`
			`id: 1680552061`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt`
			`name: Perflyst and Dandelion Sprout's Smart-TV Blocklist`
			`id: 1680552062`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt`
			`name: Scam Blocklist by DurableNapkin`
			`id: 1680552063`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt`
			`name: The Big List of Hacked Malware Web Sites`
			`id: 1680552064`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt`
			`name: Stalkerware Indicators List`
			`id: 1680552065`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt`
			`name: Malicious URL Blocklist (URLHaus)`
			`id: 1680552066`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt`
			`name: Steven Black's List`
			`id: 1680552067`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt`
			`name: Peter Lowe's Blocklist`
			`id: 1680552068`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt`
			`name: OISD Blocklist Basic`
			`id: 1680552069`
			`- enabled: true`
			`url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt`
			`name: Dandelion Sprout's Game Console Adblock List`
			`id: 1680552070`
			`- enabled: false`
			`url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/playstation.txt`
			`name: Playstation Network`
			`id: 1680552071`
			`- enabled: true`
			`url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/xbox.txt`
			`name: Xbox`
			`id: 1680552072`
			`- enabled: false`
			`url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/nintendont.txt`
			`name: Nintendont`
			`id: 1680552073`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`whitelist_filters: []`
			`user_rules: []`
			`dhcp:`
			`enabled: false`
			`interface_name: ""`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`local_domain_name: lan`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`dhcpv4:`
			`gateway_ip: ""`
			`subnet_mask: ""`
			`range_start: ""`
			`range_end: ""`
			`lease_duration: 86400`
			`icmp_timeout_msec: 1000`
			`options: []`
			`dhcpv6:`
			`range_start: ""`
			`lease_duration: 86400`
			`ra_slaac_only: false`
			`ra_allow_slaac: false`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`clients:`
			`runtime_sources:`
			`whois: true`
			`arp: true`
			`rdns: true`
			`dhcp: true`
			`hosts: true`
			`persistent: []`
			`log_file: ""`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`log_max_backups: 0`
			`log_max_size: 100`
			`log_max_age: 3`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`log_compress: false`
			`log_localtime: false`
change(adguard): use lib42 chart 2023-04-03 19:51:30 +00:00			`verbose: false`
feat(adguard): complete bootstrap configmap 2023-04-04 12:32:06 +00:00			`os:`
			`group: ""`
			`user: ""`
			`rlimit_nofile: 0`
			`schema_version: 17`