From 2f66651744e11d77cc09eda22e6aba261b52a810 Mon Sep 17 00:00:00 2001 From: nold Date: Tue, 4 Apr 2023 14:32:06 +0200 Subject: [PATCH] feat(adguard): complete bootstrap configmap --- projects/adguard/values/adguard.yaml | 368 +++++++++++++++++---------- 1 file changed, 240 insertions(+), 128 deletions(-) diff --git a/projects/adguard/values/adguard.yaml b/projects/adguard/values/adguard.yaml index 83f00da3..254bd8de 100644 --- a/projects/adguard/values/adguard.yaml +++ b/projects/adguard/values/adguard.yaml @@ -49,137 +49,11 @@ service: targetPort: 5353 externalTrafficPolicy: Local -configMaps: - config: - enabled: true - data: - AdGuardHome.yaml: | - bind_host: 0.0.0.0 - bind_port: 3000 - beta_bind_port: 0 - users: [] - auth_attempts: 5 - block_auth_min: 15 - http_proxy: "" - language: en - rlimit_nofile: 0 - debug_pprof: false - web_session_ttl: 720 - dns: - bind_hosts: - - 0.0.0.0 - port: 5353 - statistics_interval: 1 - querylog_enabled: true - querylog_file_enabled: true - querylog_interval: 90 - querylog_size_memory: 1000 - anonymize_client_ip: false - protection_enabled: true - blocking_mode: default - blocking_ipv4: "" - blocking_ipv6: "" - blocked_response_ttl: 10 - parental_block_host: family-block.dns.adguard.com - safebrowsing_block_host: standard-block.dns.adguard.com - ratelimit: 0 - ratelimit_whitelist: [] - refuse_any: true - upstream_dns: - - 192.168.1.1 - #- https://dns10.quad9.net/dns-query - upstream_dns_file: "" - bootstrap_dns: - - 192.168.1.1 - all_servers: false - fastest_addr: false - allowed_clients: [] - disallowed_clients: [] - blocked_hosts: [] - cache_size: 4194304 - cache_ttl_min: 0 - cache_ttl_max: 0 - bogus_nxdomain: [] - aaaa_disabled: false - enable_dnssec: false - edns_client_subnet: false - max_goroutines: 300 - ipset: [] - filtering_enabled: true - filters_update_interval: 24 - parental_enabled: false - safesearch_enabled: false - safebrowsing_enabled: false - safebrowsing_cache_size: 1048576 - safesearch_cache_size: 1048576 - parental_cache_size: 1048576 - cache_time: 30 - rewrites: [] - blocked_services: [] - local_domain_name: lan - resolve_clients: true - local_ptr_upstreams: [] - tls: - enabled: false - server_name: "" - force_https: false - port_https: 443 - port_dns_over_tls: 853 - port_dns_over_quic: 784 - port_dnscrypt: 0 - dnscrypt_config_file: "" - allow_unencrypted_doh: false - strict_sni_check: false - certificate_chain: "" - private_key: "" - certificate_path: "" - private_key_path: "" - filters: - - enabled: true - url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt - name: AdGuard DNS filter - id: 1 - - enabled: false - url: https://adaway.org/hosts.txt - name: AdAway - id: 2 - - enabled: false - url: https://www.malwaredomainlist.com/hostslist/hosts.txt - name: MalwareDomainList.com Hosts List - id: 4 - whitelist_filters: [] - user_rules: [] - dhcp: - enabled: false - interface_name: "" - dhcpv4: - gateway_ip: "" - subnet_mask: "" - range_start: "" - range_end: "" - lease_duration: 86400 - icmp_timeout_msec: 1000 - options: [] - dhcpv6: - range_start: "" - lease_duration: 86400 - ra_slaac_only: false - ra_allow_slaac: false - clients: [] - log_compress: false - log_localtime: false - log_max_backups: 0 - log_max_size: 100 - log_max_age: 3 - log_file: "" - verbose: false - schema_version: 10 - - # When using adguard-exporter: podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9617" prometheus.io/path: "/metrics" + # See: https://github.com/ebrianne/adguard-exporter additionalContainers: adguard-exporter: @@ -202,10 +76,248 @@ additionalContainers: - name: server_port value: 9617 securityContext: - # runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL + +configMaps: + config: + enabled: true + data: + AdGuardHome.yaml: | + bind_host: 0.0.0.0 + bind_port: 3000 + users: [] + auth_attempts: 5 + block_auth_min: 15 + http_proxy: "" + language: en + theme: auto + debug_pprof: false + web_session_ttl: 720 + dns: + bind_hosts: + - 0.0.0.0 + port: 5353 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 0 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - 192.168.1.1 + upstream_dns_file: "" + bootstrap_dns: + - 192.168.1.1 + all_servers: false + fastest_addr: false + fastest_timeout: 1s + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: + - version.bind + - id.server + - hostname.bind + trusted_proxies: + - 127.0.0.0/8 + - ::1/128 + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + cache_optimistic: false + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: + custom_ip: "" + enabled: false + use_custom: false + max_goroutines: 300 + handle_ddr: true + ipset: [] + ipset_file: "" + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] + upstream_timeout: 10s + private_networks: [] + use_private_ptr_resolvers: true + local_ptr_upstreams: [] + use_dns64: false + dns64_prefixes: [] + serve_http3: false + use_http3_upstreams: false + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 784 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + strict_sni_check: false + querylog: + enabled: true + file_enabled: true + interval: 168h + size_memory: 1000 + ignored: [] + statistics: + enabled: true + interval: 7 + ignored: [] + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard DNS filter + id: 1 + - enabled: true + url: https://adaway.org/hosts.txt + name: AdAway + id: 2 + - enabled: true + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + - enabled: false + url: https://github.com/ppfeufer/adguard-filter-list/blob/master/blocklist?raw=true) + name: ppfeufer/adguard-filter-list + id: 1680552054 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt + name: AdAway Default Blocklist + id: 1680552055 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt + name: AdGuard DNS filter + id: 1680552056 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt + name: Dan Pollock's List + id: 1680552057 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt + name: The NoTracking blocklist + id: 1680552058 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt + name: WindowsSpyBlocker - Hosts spy rules + id: 1680552059 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt + name: Phishing URL Blocklist (PhishTank and OpenPhish) + id: 1680552060 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt + name: Dandelion Sprout's Anti-Malware List + id: 1680552061 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt + name: Perflyst and Dandelion Sprout's Smart-TV Blocklist + id: 1680552062 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt + name: Scam Blocklist by DurableNapkin + id: 1680552063 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt + name: The Big List of Hacked Malware Web Sites + id: 1680552064 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt + name: Stalkerware Indicators List + id: 1680552065 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt + name: Malicious URL Blocklist (URLHaus) + id: 1680552066 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt + name: Steven Black's List + id: 1680552067 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt + name: Peter Lowe's Blocklist + id: 1680552068 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt + name: OISD Blocklist Basic + id: 1680552069 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt + name: Dandelion Sprout's Game Console Adblock List + id: 1680552070 + - enabled: false + url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/playstation.txt + name: Playstation Network + id: 1680552071 + - enabled: true + url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/xbox.txt + name: Xbox + id: 1680552072 + - enabled: false + url: https://git.nold.in/nold/dns-whitelist/raw/branch/master/blacklists/nintendont.txt + name: Nintendont + id: 1680552073 + whitelist_filters: [] + user_rules: [] + dhcp: + enabled: false + interface_name: "" + local_domain_name: lan + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false + clients: + runtime_sources: + whois: true + arp: true + rdns: true + dhcp: true + hosts: true + persistent: [] + log_file: "" + log_max_backups: 0 + log_max_size: 100 + log_max_age: 3 + log_compress: false + log_localtime: false + verbose: false + os: + group: "" + user: "" + rlimit_nofile: 0 + schema_version: 17