From f54dad6c2271c79343e90a50aa0e908dc94817ba Mon Sep 17 00:00:00 2001 From: nold Date: Mon, 3 Apr 2023 21:51:30 +0200 Subject: [PATCH] change(adguard): use lib42 chart --- projects/adguard/project.yml | 6 +- projects/adguard/values/adguard.yaml | 281 +++++++++++++++------------ 2 files changed, 163 insertions(+), 124 deletions(-) diff --git a/projects/adguard/project.yml b/projects/adguard/project.yml index 90631708..9d3190c0 100644 --- a/projects/adguard/project.yml +++ b/projects/adguard/project.yml @@ -3,9 +3,9 @@ config: apps: - name: adguard - repoURL: https://k8s-at-home.com/charts - chart: adguard-home - targetRevision: 5.5.2 + repoURL: https://github.com/lib42/charts + path: charts/adguard-home + targetRevision: add/adguard-home #include: #- noRoot #- tmpdirs diff --git a/projects/adguard/values/adguard.yaml b/projects/adguard/values/adguard.yaml index b8300144..83f00da3 100644 --- a/projects/adguard/values/adguard.yaml +++ b/projects/adguard/values/adguard.yaml @@ -49,124 +49,163 @@ service: targetPort: 5353 externalTrafficPolicy: Local -config: | - bind_host: 0.0.0.0 - bind_port: 3000 - beta_bind_port: 0 - users: [] - auth_attempts: 5 - block_auth_min: 15 - http_proxy: "" - language: en - rlimit_nofile: 0 - debug_pprof: false - web_session_ttl: 720 - dns: - bind_hosts: - - 0.0.0.0 - port: 5353 - statistics_interval: 1 - querylog_enabled: true - querylog_file_enabled: true - querylog_interval: 90 - querylog_size_memory: 1000 - anonymize_client_ip: false - protection_enabled: true - blocking_mode: default - blocking_ipv4: "" - blocking_ipv6: "" - blocked_response_ttl: 10 - parental_block_host: family-block.dns.adguard.com - safebrowsing_block_host: standard-block.dns.adguard.com - ratelimit: 0 - ratelimit_whitelist: [] - refuse_any: true - upstream_dns: - - 192.168.1.1 - #- https://dns10.quad9.net/dns-query - upstream_dns_file: "" - bootstrap_dns: - - 192.168.1.1 - all_servers: false - fastest_addr: false - allowed_clients: [] - disallowed_clients: [] - blocked_hosts: [] - cache_size: 4194304 - cache_ttl_min: 0 - cache_ttl_max: 0 - bogus_nxdomain: [] - aaaa_disabled: false - enable_dnssec: false - edns_client_subnet: false - max_goroutines: 300 - ipset: [] - filtering_enabled: true - filters_update_interval: 24 - parental_enabled: false - safesearch_enabled: false - safebrowsing_enabled: false - safebrowsing_cache_size: 1048576 - safesearch_cache_size: 1048576 - parental_cache_size: 1048576 - cache_time: 30 - rewrites: [] - blocked_services: [] - local_domain_name: lan - resolve_clients: true - local_ptr_upstreams: [] - tls: - enabled: false - server_name: "" - force_https: false - port_https: 443 - port_dns_over_tls: 853 - port_dns_over_quic: 784 - port_dnscrypt: 0 - dnscrypt_config_file: "" - allow_unencrypted_doh: false - strict_sni_check: false - certificate_chain: "" - private_key: "" - certificate_path: "" - private_key_path: "" - filters: - - enabled: true - url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt - name: AdGuard DNS filter - id: 1 - - enabled: false - url: https://adaway.org/hosts.txt - name: AdAway - id: 2 - - enabled: false - url: https://www.malwaredomainlist.com/hostslist/hosts.txt - name: MalwareDomainList.com Hosts List - id: 4 - whitelist_filters: [] - user_rules: [] - dhcp: - enabled: false - interface_name: "" - dhcpv4: - gateway_ip: "" - subnet_mask: "" - range_start: "" - range_end: "" - lease_duration: 86400 - icmp_timeout_msec: 1000 - options: [] - dhcpv6: - range_start: "" - lease_duration: 86400 - ra_slaac_only: false - ra_allow_slaac: false - clients: [] - log_compress: false - log_localtime: false - log_max_backups: 0 - log_max_size: 100 - log_max_age: 3 - log_file: "" - verbose: false - schema_version: 10 +configMaps: + config: + enabled: true + data: + AdGuardHome.yaml: | + bind_host: 0.0.0.0 + bind_port: 3000 + beta_bind_port: 0 + users: [] + auth_attempts: 5 + block_auth_min: 15 + http_proxy: "" + language: en + rlimit_nofile: 0 + debug_pprof: false + web_session_ttl: 720 + dns: + bind_hosts: + - 0.0.0.0 + port: 5353 + statistics_interval: 1 + querylog_enabled: true + querylog_file_enabled: true + querylog_interval: 90 + querylog_size_memory: 1000 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 0 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - 192.168.1.1 + #- https://dns10.quad9.net/dns-query + upstream_dns_file: "" + bootstrap_dns: + - 192.168.1.1 + all_servers: false + fastest_addr: false + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: [] + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: false + max_goroutines: 300 + ipset: [] + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] + local_domain_name: lan + resolve_clients: true + local_ptr_upstreams: [] + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 784 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + strict_sni_check: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard DNS filter + id: 1 + - enabled: false + url: https://adaway.org/hosts.txt + name: AdAway + id: 2 + - enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + whitelist_filters: [] + user_rules: [] + dhcp: + enabled: false + interface_name: "" + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false + clients: [] + log_compress: false + log_localtime: false + log_max_backups: 0 + log_max_size: 100 + log_max_age: 3 + log_file: "" + verbose: false + schema_version: 10 + + # When using adguard-exporter: +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9617" + prometheus.io/path: "/metrics" +# See: https://github.com/ebrianne/adguard-exporter +additionalContainers: + adguard-exporter: + image: ebrianne/adguard-exporter:latest + env: + - name: adguard_protocol + value: "http" + - name: adguard_hostname + value: '127.0.0.1' + - name: adguard_username + value: "" + - name: adguard_password + value: "" + - name: adguard_port + value: "3000" + - name: interval + value: "10s" + - name: log_limit + value: "10000" + - name: server_port + value: 9617 + securityContext: + # runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL