hosting/mash-playbook
1
0
Fork 0
Code Pull requests Activity

Add Adguard Home service

Browse source
This commit is contained in:
Slavi Pantaleev 2023-03-24 18:01:21 +02:00
parent 0193adc69c
commit 7bad3491b7
5 changed files with 122 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
docs/services/adguard-home.md Normal file
View file

@ -0,0 +1,78 @@
# AdGuard Home
[AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) is a network-wide DNS software for blocking ads & tracking.
**Warning**: running a public DNS server is not advisable. You'd better install AdGuard Home in a trusted local network, or adjust its network interfaces and port exposure (via the variables in the [Networking](#networking) configuration section below) so that you don't expose your DNS server publicly to the whole world. If you're exposing your DNS server publicly, consider restricting who can use it by adjusting the **Allowed clients** setting in the **Access settings** section of **Settings** -> **DNS settings**.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: true
adguard_home_hostname: mash.example.com
# Hosting under a subpath sort of works, but is not ideal
# (see the URL section below for details).
# Consider using a dedicated hostname and removing the line below.
adguard_home_path_prefix: /adguard-home
########################################################################
# #
# /adguard-home #
# #
########################################################################
```
### URL
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/adguard-home`.
You can remove the `adguard_home_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
When **hosting under a subpath**, you may hit [this bug](https://github.com/AdguardTeam/AdGuardHome/issues/5478), which causes these **annoyances**:
- upon initial usage, you will be redirected to `/install.html` and would need to manually adjust this URL to something like `/adguard-home/install.html` (depending on your `adguard_home_path_prefix`). After the installation wizard completes, you'd be redirected to `/index.html` incorrectly as well.
- every time you hit the homepage and you're not logged in, you will be redirected to `/login.html` and would need to manually adjust this URL to something like `/adguard-home/login.html` (depending on your `adguard_home_path_prefix`)
### Networking
By default, the following ports will be exposed by the container on **all network interfaces**:
- `53` over **TCP**, controlled by `adguard_home_container_dns_tcp_bind_port` - used for DNS over TCP
- `53` over **UDP**, controlled by `adguard_home_container_dns_udp_bind_port` - used for DNS over UDP
Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it.
To expose these ports only on **some** network interfaces, you can use additional configuration like this:
```yaml
# Expose only on 192.168.1.15
adguard_home_container_dns_tcp_bind_port: '192.168.1.15:53'
adguard_home_container_dns_udp_bind_port: '192.168.1.15:53'
```
## Usage
After installation, you can go to the AdGuard Home URL, as defined in `adguard_home_hostname` and `adguard_home_path_prefix`.
As mentioned in the [URL](#url) section above, you may hit some annoyances when hosting under a subpath.
The first time you visit the AdGuard Home pages, you'll go through a setup wizard **make sure to set the HTTP port to `3000`**. This is the in-container port that our Traefik setup expects and uses for serving the install wizard to begin with. If you go with the default (`80`), the web UI will stop working after the installation wizard completes.

1
docs/supported-services.md
View file

@ -3,6 +3,7 @@
| Name | Description | Documentation |
| ------------------------------ | ------------------------------------- | ------------- |
| [AUX](https://github.com/mother-of-all-self-hosting/ansible-role-aux) | Auxiliary file/directory management on your server via Ansible | [Link](services/aux.md) |
| [AdGuard Home](https://adguard.com/en/adguard-home/overview.html/) | A network-wide DNS software for blocking ads & tracking | [Link](services/adguard-home.md) |
| [Collabora Online](https://www.collaboraoffice.com/) | Your Private Office Suite In The Cloud | [Link](services/collabora-online.md) |
| [Docker](https://www.docker.com/) | Open-source software for deploying containerized applications | [Link](services/docker.md) |
| [Docker Registry](https://docs.docker.com/registry/) | A container image distribution registry | [Link](services/docker-registry.md) |

37
group_vars/mash_servers
View file

@ -63,6 +63,8 @@ system_swap_enabled: false
devture_systemd_service_manager_services_list_auto: |
{{
([{'name': (adguard_home_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'adguard-home']}] if adguard_home_enabled else [])
+
([{'name': (collabora_online_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'collabora-online']}] if collabora_online_enabled else [])
+
([{'name': (devture_postgres_identifier + '.service'), 'priority': 500, 'groups': ['mash', 'postgres']}] if devture_postgres_enabled else [])
@ -382,6 +384,41 @@ devture_timesync_installation_enabled: false
# #
########################################################################
########################################################################
# #
# adguard-home #
# #
########################################################################
adguard_home_enabled: false
adguard_home_identifier: "{{ mash_playbook_service_identifier_prefix }}adguard-home"
adguard_home_uid: "{{ mash_playbook_uid }}"
adguard_home_gid: "{{ mash_playbook_gid }}"
adguard_home_base_path: "{{ mash_playbook_base_path }}/adguard-home"
adguard_home_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
adguard_home_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
adguard_home_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
adguard_home_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
adguard_home_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /adguard-home #
# #
########################################################################
########################################################################
# #
# collabora-online #

4
requirements.yml
View file

@ -75,6 +75,10 @@
- src: git+https://gitlab.com/etke.cc/roles/redmine.git
version: v5.0.5-1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-adguard-home.git
name: adguard_home
version: v0.107.26-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
name: aux
version: v1.0.0-0

2
setup.yml
View file

@ -54,6 +54,8 @@
- role: galaxy/com.devture.ansible.role.traefik
- role: galaxy/adguard_home
- role: galaxy/collabora_online
- role: galaxy/docker_registry