feat: Moving AdGuard to a different machine

szinn · Feb 22, 2025 · fe74d02 · fe74d02
1 parent 7f44bf4
commit fe74d02
Show file tree

Hide file tree

Showing 3 changed files with 354 additions and 1 deletion.
diff --git a/.taskfiles/Machine/Taskfile.yaml b/.taskfiles/Machine/Taskfile.yaml
@@ -101,3 +101,10 @@ tasks:
       - scp "{{.FILES_DIR}}/certificates/certificate.key" root@{{.MACHINE}}.zinn.tech:/data/unifi-core/config/unifi-core.key
       - ssh root@{{.MACHINE}}.zinn.tech chmod u+rw,g-wx,o-wx /data/unifi-core/config/unifi-core.key
       - ssh root@{{.MACHINE}}.zinn.tech systemctl restart unifi-core
+
+  update-artemis-configuration:
+    desc: Update Artemis configuration
+    cmds:
+      - scp "{{.FILES_DIR}}/artemis/AdGuardHome.yaml" [email protected]:/opt/AdGuardHome/AdGuardHome.yaml
+      - ssh [email protected] chmod og-rwx /opt/AdGuardHome/AdGuardHome.yaml
+      - ssh [email protected] systemctl restart AdGuardHome
diff --git a/.taskfiles/Machine/files/artemis/AdGuardHome.yaml b/.taskfiles/Machine/files/artemis/AdGuardHome.yaml
@@ -0,0 +1,346 @@
+http:
+  pprof:
+    port: 6060
+    enabled: false
+  address: 10.0.0.8:3000
+  session_ttl: 720h
+users:
+  - name: admin
+    password: $2y$05$YG8EzZEcoNPWI59fcg715OhF4uMmZQSLS75VNg0FiQXFgvOKGuE02
+auth_attempts: 3
+block_auth_min: 3600
+http_proxy: ""
+language: ""
+theme: auto
+dns:
+  bind_hosts:
+    - 0.0.0.0
+  port: 53
+  anonymize_client_ip: false
+  ratelimit: 200
+  ratelimit_subnet_len_ipv4: 24
+  ratelimit_subnet_len_ipv6: 56
+  ratelimit_whitelist: []
+  refuse_any: true
+  upstream_dns:
+    - '[/zinn.ca/]10.0.0.1:53'
+    - '[/zinn.tech/]10.0.0.1:53'
+    - '[/10.in-addr.arpa/]10.0.0.1:53'
+    - '[/1.168.192.in-addr.arpa/]10.0.0.1:53'
+    - https://dns.cloudflare.com/dns-query
+    - https://dns.quad9.net/dns-query
+  upstream_dns_file: ""
+  bootstrap_dns:
+    - 1.1.1.1
+    - 1.0.0.1
+    - 9.9.9.9
+  fallback_dns: []
+  upstream_mode: load_balance
+  fastest_timeout: 1s
+  allowed_clients: []
+  disallowed_clients: []
+  blocked_hosts: []
+  trusted_proxies:
+    - 127.0.0.0/8
+    - ::1/128
+  cache_size: 100000000
+  cache_ttl_min: 30
+  cache_ttl_max: 60
+  cache_optimistic: true
+  bogus_nxdomain: []
+  aaaa_disabled: true
+  enable_dnssec: true
+  edns_client_subnet:
+    custom_ip: ""
+    enabled: true
+    use_custom: false
+  max_goroutines: 300
+  handle_ddr: true
+  ipset: []
+  ipset_file: ""
+  bootstrap_prefer_ipv6: false
+  upstream_timeout: 10s
+  private_networks: []
+  use_private_ptr_resolvers: true
+  local_ptr_upstreams:
+    - 10.0.0.1:53
+  use_dns64: false
+  dns64_prefixes: []
+  serve_http3: false
+  use_http3_upstreams: false
+  serve_plain_dns: true
+  hostsfile_enabled: true
+tls:
+  enabled: false
+  server_name: ""
+  force_https: false
+  port_https: 443
+  port_dns_over_tls: 853
+  port_dns_over_quic: 853
+  port_dnscrypt: 0
+  dnscrypt_config_file: ""
+  allow_unencrypted_doh: false
+  certificate_chain: ""
+  private_key: ""
+  certificate_path: ""
+  private_key_path: ""
+  strict_sni_check: false
+querylog:
+  dir_path: ""
+  ignored: []
+  interval: 2160h
+  size_memory: 1000
+  enabled: true
+  file_enabled: true
+statistics:
+  dir_path: ""
+  ignored: []
+  interval: 24h
+  enabled: true
+filters:
+  - enabled: true
+    url: https://raw.githubusercontent.com/szinn/nix-config/refs/heads/main/hosts/titan/config/local-whitelist-filter.txt
+    name: Local allowed list
+    id: 1
+  - enabled: true
+    url: https://github.com/szinn/k8s-homelab/releases/download/adguard/hosts-adguard.blacklist
+    name: Homelab block list
+    id: 2
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
+    name: AdGuard DNS filter
+    id: 3
+  - enabled: true
+    url: https://blocklistproject.github.io/Lists/adguard/malware-ags.txt
+    name: BlockListProject - Malware List
+    id: 4
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt
+    name: 1Hosts Lite
+    id: 5
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt
+    name: phishing army
+    id: 6
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_48.txt
+    name: hagezi multi pro
+    id: 7
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
+    name: Big OSID
+    id: 8
+  - enabled: true
+    url: https://raw.githubusercontent.com/szinn/nix-config/main/hosts/titan/config/local-custom-filter.txt
+    name: Local block list
+    id: 9
+whitelist_filters: []
+user_rules: []
+dhcp:
+  enabled: false
+  interface_name: ""
+  local_domain_name: lan
+  dhcpv4:
+    gateway_ip: ""
+    subnet_mask: ""
+    range_start: ""
+    range_end: ""
+    lease_duration: 86400
+    icmp_timeout_msec: 1000
+    options: []
+  dhcpv6:
+    range_start: ""
+    lease_duration: 86400
+    ra_slaac_only: false
+    ra_allow_slaac: false
+filtering:
+  blocking_ipv4: ""
+  blocking_ipv6: ""
+  blocked_services:
+    schedule:
+      time_zone: Local
+    ids: []
+  protection_disabled_until: null
+  safe_search:
+    enabled: false
+    bing: true
+    duckduckgo: true
+    ecosia: true
+    google: true
+    pixabay: true
+    yandex: true
+    youtube: true
+  blocking_mode: default
+  parental_block_host: family-block.dns.adguard.com
+  safebrowsing_block_host: standard-block.dns.adguard.com
+  rewrites: []
+  safe_fs_patterns: []
+  safebrowsing_cache_size: 1048576
+  safesearch_cache_size: 1048576
+  parental_cache_size: 1048576
+  cache_time: 30
+  filters_update_interval: 24
+  blocked_response_ttl: 10
+  filtering_enabled: true
+  parental_enabled: false
+  safebrowsing_enabled: false
+  protection_enabled: true
+clients:
+  runtime_sources:
+    whois: true
+    arp: true
+    rdns: true
+    dhcp: true
+    hosts: true
+  persistent:
+    - safe_search:
+        enabled: false
+        bing: false
+        duckduckgo: false
+        ecosia: false
+        google: false
+        pixabay: false
+        yandex: false
+        youtube: false
+      blocked_services:
+        schedule:
+          time_zone: Local
+        ids: []
+      name: Scotte
+      ids:
+        - 10.20.0.32
+        - 10.20.0.33
+        - 10.20.0.34
+        - 10.20.0.35
+        - 10.20.0.36
+        - 10.20.0.37
+        - 10.21.0.2
+        - 10.21.0.3
+        - 10.21.0.4
+      tags:
+        - user_admin
+      upstreams: []
+      uid: 01952351-afc2-7209-a724-e2f91158a9ff
+      upstreams_cache_size: 0
+      upstreams_cache_enabled: false
+      use_global_settings: true
+      filtering_enabled: true
+      parental_enabled: false
+      safebrowsing_enabled: false
+      use_global_blocked_services: false
+      ignore_querylog: false
+      ignore_statistics: false
+    - safe_search:
+        enabled: false
+        bing: false
+        duckduckgo: false
+        ecosia: false
+        google: false
+        pixabay: false
+        yandex: false
+        youtube: false
+      blocked_services:
+        schedule:
+          time_zone: Local
+        ids: []
+      name: Sophie
+      ids:
+        - 10.20.0.16
+        - 10.20.0.18
+        - 10.20.0.19
+        - 10.20.0.20
+      tags:
+        - user_regular
+      upstreams: []
+      uid: 01952351-afc2-721a-ac64-74edb4729bad
+      upstreams_cache_size: 0
+      upstreams_cache_enabled: false
+      use_global_settings: false
+      filtering_enabled: false
+      parental_enabled: false
+      safebrowsing_enabled: false
+      use_global_blocked_services: false
+      ignore_querylog: false
+      ignore_statistics: false
+    - safe_search:
+        enabled: false
+        bing: false
+        duckduckgo: false
+        ecosia: false
+        google: false
+        pixabay: false
+        yandex: false
+        youtube: false
+      blocked_services:
+        schedule:
+          time_zone: Local
+        ids: []
+      name: k8s-main
+      ids:
+        - 10.11.0.16
+        - 10.11.0.17
+        - 10.11.0.18
+        - 10.11.0.19
+        - 10.11.0.20
+        - 10.11.0.21
+      tags:
+        - user_regular
+      upstreams: []
+      uid: 01952351-afc2-7224-8052-98c9258999ec
+      upstreams_cache_size: 0
+      upstreams_cache_enabled: false
+      use_global_settings: true
+      filtering_enabled: true
+      parental_enabled: false
+      safebrowsing_enabled: false
+      use_global_blocked_services: false
+      ignore_querylog: false
+      ignore_statistics: false
+    - safe_search:
+        enabled: false
+        bing: false
+        duckduckgo: false
+        ecosia: false
+        google: false
+        pixabay: false
+        yandex: false
+        youtube: false
+      blocked_services:
+        schedule:
+          time_zone: Local
+        ids: []
+      name: k8s-staging
+      ids:
+        - 10.12.0.16
+        - 10.12.0.17
+        - 10.12.0.18
+        - 10.12.0.19
+        - 10.12.0.20
+        - 10.12.0.21
+      tags:
+        - user_regular
+      upstreams: []
+      uid: 01952351-afc2-722d-bd72-1f9f3acb3c36
+      upstreams_cache_size: 0
+      upstreams_cache_enabled: false
+      use_global_settings: true
+      filtering_enabled: true
+      parental_enabled: false
+      safebrowsing_enabled: false
+      use_global_blocked_services: false
+      ignore_querylog: false
+      ignore_statistics: false
+log:
+  enabled: true
+  file: ""
+  max_backups: 0
+  max_size: 100
+  max_age: 3
+  compress: false
+  local_time: false
+  verbose: false
+os:
+  group: ""
+  user: ""
+  rlimit_nofile: 0
+schema_version: 29
diff --git a/kubernetes/main/apps/networking/external-services/external-adguard.yaml b/kubernetes/main/apps/networking/external-services/external-adguard.yaml
@@ -23,7 +23,7 @@ ports:
     port: 3000
 endpoints:
   - addresses:
-      - "10.0.0.7"
+      - "10.0.0.8"
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress