# HG changeset patch # User Luke Hoersten # Date 1593352794 18000 # Node ID 15edca738a317ee159bfab33983d875ff06f445f # Parent 05924a38d51f4bc8aaf4dfb195e3790643997a93 Added AdGuard Home role. diff -r 05924a38d51f -r 15edca738a31 adguard-home/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/adguard-home/defaults/main.yaml Sun Jun 28 08:59:54 2020 -0500 @@ -0,0 +1,5 @@ +--- + +adguard_home_arch: "arm" +adguard_home_tar: "https://static.adguard.com/adguardhome/release/AdGuardHome_linux_{{adguard_home_arch}}.tar.gz" +adguard_home_data_dir: "/var/lib/AdGuardHome" diff -r 05924a38d51f -r 15edca738a31 adguard-home/handlers/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/adguard-home/handlers/main.yaml Sun Jun 28 08:59:54 2020 -0500 @@ -0,0 +1,5 @@ +--- + +- name: restart adguard home + become: yes + systemd: name="AdGuardHome.service" enabled="yes" daemon_reload="yes" diff -r 05924a38d51f -r 15edca738a31 adguard-home/tasks/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/adguard-home/tasks/main.yaml Sun Jun 28 08:59:54 2020 -0500 @@ -0,0 +1,49 @@ +--- + +- name: unarchive adguard home + become: yes + unarchive: + remote_src: yes + src: "{{adguard_home_tar}}" + dest: "/tmp/" + creates: "/tmp/AdGuardHome/" + owner: "root" + group: "root" + +- name: install adguard home binary + become: yes + copy: + src: "/tmp/AdGuardHome/AdGuardHome" + dest: "/usr/local/bin/" + remote_src: yes + owner: "root" + group: "root" + mode: "0755" + notify: restart adguard home + +- name: create dirs + become: yes + file: + path: "{{item}}" + state: "directory" + owner: "root" + group: "root" + mode: "0755" + loop: + - "/etc/AdGuardHome" + - "{{adguard_home_data_dir}}" + notify: restart adguard home + +- name: configure adguard home service + become: yes + template: src="AdGuardHome.service.j2" dest="/etc/systemd/system/AdGuardHome.service" + notify: restart adguard home + +- name: configure adguard home + become: yes + template: src="AdGuardHome.yaml.j2" dest="/etc/AdGuardHome/AdGuardHome.yaml" + notify: restart adguard home + +- name: ensure adguard home is started + become: yes + systemd: name="AdGuardHome.service" enabled="yes" state="started" diff -r 05924a38d51f -r 15edca738a31 adguard-home/templates/AdGuardHome.service.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/adguard-home/templates/AdGuardHome.service.j2 Sun Jun 28 08:59:54 2020 -0500 @@ -0,0 +1,19 @@ +[Unit] +Description=AdGuard Home: Network-level blocker +After=syslog.target network-online.target + +[Service] +StartLimitInterval=5 +StartLimitBurst=10 +ExecStart=/usr/local/bin/AdGuardHome -c /etc/AdGuardHome/AdGuardHome.yaml -w {{adguard_home_data_dir}} + +WorkingDirectory={{adguard_home_data_dir}} + +StandardOutput=file:/var/log/AdGuardHome.out +StandardError=file:/var/log/AdGuardHome.err +Restart=always +RestartSec=10 +EnvironmentFile=-/etc/sysconfig/AdGuardHome + +[Install] +WantedBy=multi-user.target diff -r 05924a38d51f -r 15edca738a31 adguard-home/templates/AdGuardHome.yaml.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/adguard-home/templates/AdGuardHome.yaml.j2 Sun Jun 28 08:59:54 2020 -0500 @@ -0,0 +1,98 @@ +bind_host: 0.0.0.0 +bind_port: 80 +users: +- name: admin + password: $2a$10$Zs3krtMBhUxje0yHHIA/neADb56jsC/QlJHcjSxNVNtF72bBONJMW +http_proxy: "" +language: "" +rlimit_nofile: 0 +debug_pprof: false +web_session_ttl: 720 +dns: + bind_host: 0.0.0.0 + port: 53 + statistics_interval: 1 + querylog_enabled: true + querylog_interval: 90 + querylog_size_memory: 1000 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - https://dns10.quad9.net/dns-query + bootstrap_dns: + - 9.9.9.10 + - 149.112.112.10 + - 2620:fe::10 + - 2620:fe::fe:10 + all_servers: false + fastest_addr: false + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: [] + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: false + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] +tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + allow_unencrypted_doh: false + strict_sni_check: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" +filters: +- enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard Simplified Domain Names filter + id: 1 +- enabled: false + url: https://adaway.org/hosts.txt + name: AdAway + id: 2 +- enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 +whitelist_filters: [] +user_rules: [] +dhcp: + enabled: false + interface_name: "" + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 +clients: [] +log_file: "" +verbose: false +schema_version: 6