Add a role for Adguard Home
This commit is contained in:
parent
914204fb70
commit
77ee7ef98c
19
roles/adguardhome/defaults/main.yml
Normal file
19
roles/adguardhome/defaults/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
adguardhome_version: v0.103.3
|
||||
adguardhome_tarball_armv7l: AdGuardHome_linux_armv7.tar.gz
|
||||
adguardhome_tarball_armv7l_sha256: c1a6028568440803126dd35e0d4324784eee6e350b2dc85890e36ae037449b16
|
||||
adguardhome_tarball_x86_64: AdGuardHome_linux_amd64.tar.gz
|
||||
adguardhome_tarball_x86_64_sha256: 077fb5262129535f3fdc47379fdd573a68aade62cdbdac02919b69de777df3ea
|
||||
|
||||
adguardhome_tarball: "{{ lookup('vars', 'adguardhome_tarball_'+ansible_architecture|lower, default=adguardhome_tarball_x86_64) }}"
|
||||
adguardhome_tarball_sha256: "{{ lookup('vars', 'adguardhome_tarball_'+ansible_architecture|lower+'_sha256', default=adguardhome_tarball_x86_64_sha256) }}"
|
||||
|
||||
adguardhome_download_url: "https://github.com/AdguardTeam/AdGuardHome/releases/download/{{ adguardhome_version }}/{{ adguardhome_tarball }}"
|
||||
|
||||
adguardhome_dir: /srv/AdGuardHome
|
||||
adguardhome_file_version_dir: "{{ adguardhome_dir }}/version"
|
||||
|
||||
adguardhome_user: admin
|
||||
adguardhome_password: changeme
|
||||
|
||||
adguardhome_bind_host: 0.0.0.0
|
11
roles/adguardhome/handlers/main.yml
Normal file
11
roles/adguardhome/handlers/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
- name: systemctl daemon-reload
|
||||
systemd:
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
||||
- name: systemctl restart adguardhome
|
||||
systemd:
|
||||
name: adguardhome.service
|
||||
state: restarted
|
||||
become: true
|
93
roles/adguardhome/tasks/main.yml
Normal file
93
roles/adguardhome/tasks/main.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
---
|
||||
- name: ensure adguardhome group exits
|
||||
group:
|
||||
name: adguardhome
|
||||
become: true
|
||||
|
||||
- name: ensure adguardhome user exists and has restrictive settings
|
||||
user:
|
||||
name: adguardhome
|
||||
groups: adguardhome
|
||||
password: "*"
|
||||
shell: /usr/sbin/nologin
|
||||
become: true
|
||||
|
||||
- name: ensure that the directory where we deploy AdGuard Home exists
|
||||
file:
|
||||
path: "{{ adguardhome_dir }}"
|
||||
state: directory
|
||||
owner: adguardhome
|
||||
group: adguardhome
|
||||
mode: "0750"
|
||||
become: true
|
||||
|
||||
# TODO: download only if not installed or a new version.
|
||||
|
||||
- name: download locally AdGuard Home in /tmp
|
||||
get_url:
|
||||
url: "{{ adguardhome_download_url }}"
|
||||
dest: /tmp
|
||||
checksum: "sha256:{{ adguardhome_tarball_sha256 }}"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: unarchive locally AdGuard Home
|
||||
unarchive:
|
||||
src: "/tmp/{{ adguardhome_tarball }}"
|
||||
dest: /tmp
|
||||
remote_src: true
|
||||
delegate_to: localhost
|
||||
|
||||
- name: copy AdGuard Home binary
|
||||
copy:
|
||||
src: /tmp/AdGuardHome/AdGuardHome
|
||||
dest: "{{ adguardhome_dir }}"
|
||||
owner: adguardhome
|
||||
group: adguardhome
|
||||
mode: "0750"
|
||||
become: true
|
||||
|
||||
# NOTE: python3-passlib must be installed or this will fail silently.
|
||||
- name: set the AdGuardHome config file
|
||||
template:
|
||||
src: templates/AdGuardHome.yaml.j2
|
||||
dest: "{{ adguardhome_dir }}/AdGuardHome.yaml"
|
||||
owner: adguardhome
|
||||
group: adguardhome
|
||||
mode: 0640
|
||||
become: true
|
||||
notify: systemctl restart adguardhome
|
||||
|
||||
- name: set cap_net_bind_service=+ep on AdGuardHome binary
|
||||
capabilities:
|
||||
path: "{{ adguardhome_dir }}/AdGuardHome"
|
||||
capability: cap_net_bind_service=+ep
|
||||
become: true
|
||||
|
||||
- name: write AdGuard Home version file
|
||||
copy:
|
||||
content: "{{ adguardhome_version }}"
|
||||
dest: "{{ adguardhome_file_version_dir }}"
|
||||
owner: adguardhome
|
||||
group: adguardhome
|
||||
mode: "0640"
|
||||
become: true
|
||||
|
||||
- name: install adguardhome systemd unit file
|
||||
template:
|
||||
src: etc/systemd/system/adguardhome.service.j2
|
||||
dest: /etc/systemd/system/adguardhome.service
|
||||
notify:
|
||||
- systemctl daemon-reload
|
||||
become: true
|
||||
|
||||
- name: systemctl enable adguardhome
|
||||
systemd:
|
||||
name: adguardhome
|
||||
enabled: true
|
||||
become: true
|
||||
|
||||
- name: ensure AdGuard Home is running
|
||||
systemd:
|
||||
name: adguardhome
|
||||
state: started
|
||||
become: true
|
127
roles/adguardhome/templates/AdGuardHome.yaml.j2
Normal file
127
roles/adguardhome/templates/AdGuardHome.yaml.j2
Normal file
|
@ -0,0 +1,127 @@
|
|||
bind_host: {{ adguardhome_bind_host }}
|
||||
bind_port: 80
|
||||
users:
|
||||
- name: {{ adguardhome_user }}
|
||||
password: {{ adguardhome_password | password_hash('bcrypt') }}
|
||||
http_proxy: ""
|
||||
language: ""
|
||||
rlimit_nofile: 0
|
||||
debug_pprof: false
|
||||
web_session_ttl: 720
|
||||
dns:
|
||||
bind_host: {{ adguardhome_bind_host }}
|
||||
port: 53
|
||||
statistics_interval: 7
|
||||
querylog_enabled: true
|
||||
querylog_file_enabled: true
|
||||
querylog_interval: 90
|
||||
protection_enabled: true
|
||||
blocking_mode: null_ip
|
||||
blocking_ipv4: ""
|
||||
blocking_ipv6: ""
|
||||
blocked_response_ttl: 10
|
||||
parental_block_host: family-block.dns.adguard.com
|
||||
safebrowsing_block_host: standard-block.dns.adguard.com
|
||||
ratelimit: 20
|
||||
ratelimit_whitelist: []
|
||||
refuse_any: true
|
||||
upstream_dns:
|
||||
- tls://dns.quad9.net
|
||||
- tls://1.1.1.1
|
||||
bootstrap_dns:
|
||||
- 9.9.9.10
|
||||
- 149.112.112.10
|
||||
- 2620:fe::10
|
||||
- 2620:fe::fe:10
|
||||
all_servers: false
|
||||
fastest_addr: false
|
||||
allowed_clients: []
|
||||
disallowed_clients: []
|
||||
blocked_hosts: []
|
||||
cache_size: 4194304
|
||||
cache_ttl_min: 0
|
||||
cache_ttl_max: 0
|
||||
bogus_nxdomain: []
|
||||
aaaa_disabled: false
|
||||
enable_dnssec: false
|
||||
edns_client_subnet: false
|
||||
filtering_enabled: true
|
||||
filters_update_interval: 24
|
||||
parental_enabled: false
|
||||
safesearch_enabled: false
|
||||
safebrowsing_enabled: false
|
||||
safebrowsing_cache_size: 1048576
|
||||
safesearch_cache_size: 1048576
|
||||
parental_cache_size: 1048576
|
||||
cache_time: 30
|
||||
rewrites: []
|
||||
blocked_services: []
|
||||
tls:
|
||||
enabled: false
|
||||
server_name: ""
|
||||
force_https: false
|
||||
port_https: 443
|
||||
port_dns_over_tls: 853
|
||||
allow_unencrypted_doh: false
|
||||
strict_sni_check: false
|
||||
certificate_chain: ""
|
||||
private_key: ""
|
||||
certificate_path: ""
|
||||
private_key_path: ""
|
||||
filters:
|
||||
- enabled: true
|
||||
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
|
||||
name: AdGuard DNS filter
|
||||
id: 1
|
||||
- enabled: true
|
||||
url: https://adaway.org/hosts.txt
|
||||
name: AdAway
|
||||
id: 2
|
||||
- enabled: true
|
||||
url: https://hosts-file.net/ad_servers.txt
|
||||
name: hpHosts - Ad and Tracking servers only
|
||||
id: 3
|
||||
- enabled: true
|
||||
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
|
||||
name: MalwareDomainList.com Hosts List
|
||||
id: 4
|
||||
- enabled: true
|
||||
url: https://filters.adtidy.org/extension/chromium/filters/2.txt
|
||||
name: AdGuard Base filter
|
||||
id: 5
|
||||
- enabled: true
|
||||
url: https://filters.adtidy.org/extension/chromium/filters/3.txt
|
||||
name: AdGuard Tracking Protection filter
|
||||
id: 6
|
||||
- enabled: true
|
||||
url: https://filters.adtidy.org/extension/chromium/filters/4.txt
|
||||
name: AdGuard Social Media filter
|
||||
id: 7
|
||||
- enabled: true
|
||||
url: https://filters.adtidy.org/extension/chromium/filters/14.txt
|
||||
name: AdGuard Annoyances filter
|
||||
id: 8
|
||||
- enabled: true
|
||||
url: https://filters.adtidy.org/extension/chromium/filters/11.txt
|
||||
name: AdGuard Mobile Ads filter
|
||||
id: 9
|
||||
whitelist_filters: []
|
||||
user_rules: []
|
||||
dhcp:
|
||||
enabled: false
|
||||
interface_name: ""
|
||||
gateway_ip: ""
|
||||
subnet_mask: ""
|
||||
range_start: ""
|
||||
range_end: ""
|
||||
lease_duration: 86400
|
||||
icmp_timeout_msec: 1000
|
||||
clients: []
|
||||
log_compress: false
|
||||
log_localtime: false
|
||||
log_max_backups: 0
|
||||
log_max_size: 100
|
||||
log_max_age: 3
|
||||
log_file: ""
|
||||
verbose: false
|
||||
schema_version: 6
|
|
@ -0,0 +1,14 @@
|
|||
# Managed by Ansible
|
||||
[Unit]
|
||||
Description=AdGuard Home
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
ExecStart="{{ adguardhome_dir }}/AdGuardHome"
|
||||
User=adguardhome
|
||||
Group=adguardhome
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -21,3 +21,4 @@
|
|||
# Uncomment to test wikijs role: it's commented since the tarball that we
|
||||
# have to download is more than 60MB.
|
||||
# - {role: ../roles/wikijs, become: true, wikijs_db_type: sqlite}
|
||||
- {role: ../roles/adguardhome}
|
||||
|
|
Loading…
Reference in a new issue