Replacing pihole with adguard. - selfhost - Incus configurations for my self-hosted setup.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit f8d072f34847716840713281d2a0fd4866f733e4
(DIR) parent b3613cb818921bdd51c75ffa05bd1452e10a71b7
(HTM) Author: Jay Scott <me@jay.scot>
Date: Fri, 14 Jun 2024 19:18:13 +0100
Replacing pihole with adguard.
Diffstat:
A .gitignore | 1 +
A adguard/adguard.yaml | 23 +++++++++++++++++++++++
A adguard/files/AdGuardHome.yaml | 431 +++++++++++++++++++++++++++++++
A adguard/init.sh | 18 ++++++++++++++++++
D pi-hole/files/15-pihole-admin.conf | 67 -------------------------------
D pi-hole/files/custom.list | 3 ---
D pi-hole/files/setupVars.conf | 17 -----------------
D pi-hole/init.sh | 22 ----------------------
D pi-hole/pihole.yaml | 22 ----------------------
9 files changed, 473 insertions(+), 131 deletions(-)
---
(DIR) diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+adguard/install.sh
(DIR) diff --git a/adguard/adguard.yaml b/adguard/adguard.yaml
@@ -0,0 +1,23 @@
+devices:
+ certs:
+ path: /certs
+ source: /srv/certs
+ type: disk
+ shift: true
+
+config:
+ cloud-init.network-config: |
+ version: 2
+ ethernets:
+ eth0:
+ addresses:
+ - 192.168.2.10/24
+ gateway4: 192.168.2.1
+ cloud-init.user-data: |
+ #cloud-config
+ package_upgrade: true
+ hostname: adguard.jay.scot
+ timezone: Europe/London
+ manage_resolv_conf: true
+ resolv_conf:
+ nameservers: ['192.168.2.10', '1.1.1.1']
(DIR) diff --git a/adguard/files/AdGuardHome.yaml b/adguard/files/AdGuardHome.yaml
@@ -0,0 +1,431 @@
+http:
+ pprof:
+ port: 6060
+ enabled: false
+ address: 0.0.0.0:80
+ session_ttl: 720h
+users:
+ - name: jay
+ password: $2a$10$.EuQlNc66Fx4NaH5jn7AC.jUyOJToWTIc7xAaY8Me3j5vFyhwD8H6
+auth_attempts: 5
+block_auth_min: 15
+http_proxy: ""
+language: en
+theme: dark
+dns:
+ bind_hosts:
+ - 0.0.0.0
+ port: 53
+ anonymize_client_ip: false
+ ratelimit: 20
+ ratelimit_subnet_len_ipv4: 24
+ ratelimit_subnet_len_ipv6: 56
+ ratelimit_whitelist: []
+ refuse_any: true
+ upstream_dns:
+ - https://dns.quad9.net/dns-query
+ upstream_dns_file: ""
+ bootstrap_dns:
+ - 9.9.9.10
+ - 149.112.112.10
+ - 2620:fe::10
+ - 2620:fe::fe:10
+ fallback_dns: []
+ upstream_mode: load_balance
+ fastest_timeout: 1s
+ allowed_clients: []
+ disallowed_clients: []
+ blocked_hosts:
+ - version.bind
+ - id.server
+ - hostname.bind
+ trusted_proxies:
+ - 127.0.0.0/8
+ - ::1/128
+ cache_size: 4194304
+ cache_ttl_min: 0
+ cache_ttl_max: 0
+ cache_optimistic: false
+ bogus_nxdomain: []
+ aaaa_disabled: false
+ enable_dnssec: false
+ edns_client_subnet:
+ custom_ip: ""
+ enabled: false
+ use_custom: false
+ max_goroutines: 300
+ handle_ddr: true
+ ipset: []
+ ipset_file: ""
+ bootstrap_prefer_ipv6: false
+ upstream_timeout: 10s
+ private_networks: []
+ use_private_ptr_resolvers: true
+ local_ptr_upstreams: []
+ use_dns64: false
+ dns64_prefixes: []
+ serve_http3: false
+ use_http3_upstreams: false
+ serve_plain_dns: true
+ hostsfile_enabled: true
+tls:
+ enabled: true
+ server_name: adguard.jay.scot
+ force_https: true
+ port_https: 443
+ port_dns_over_tls: 853
+ port_dns_over_quic: 853
+ port_dnscrypt: 0
+ dnscrypt_config_file: ""
+ allow_unencrypted_doh: false
+ certificate_chain: ""
+ private_key: ""
+ certificate_path: /certs/fullchain.cer
+ private_key_path: /certs/jay.scot.key
+ strict_sni_check: false
+querylog:
+ dir_path: ""
+ ignored:
+ - adguard.jay.scot
+ interval: 2160h
+ size_memory: 1000
+ enabled: true
+ file_enabled: true
+statistics:
+ dir_path: ""
+ ignored:
+ - adguard.jay.scot
+ interval: 24h
+ enabled: true
+filters:
+ - enabled: true
+ url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
+ name: AdGuard DNS filter
+ id: 1
+ - enabled: false
+ url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
+ name: AdAway Default Blocklist
+ id: 2
+whitelist_filters: []
+user_rules: []
+dhcp:
+ enabled: false
+ interface_name: ""
+ local_domain_name: lan
+ dhcpv4:
+ gateway_ip: ""
+ subnet_mask: ""
+ range_start: ""
+ range_end: ""
+ lease_duration: 86400
+ icmp_timeout_msec: 1000
+ options: []
+ dhcpv6:
+ range_start: ""
+ lease_duration: 86400
+ ra_slaac_only: false
+ ra_allow_slaac: false
+filtering:
+ blocking_ipv4: ""
+ blocking_ipv6: ""
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ protection_disabled_until: null
+ safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocking_mode: default
+ parental_block_host: family-block.dns.adguard.com
+ safebrowsing_block_host: standard-block.dns.adguard.com
+ rewrites:
+ - domain: meshtastic.jay.scot
+ answer: 192.168.1.100
+ - domain: dashboard.jay.scot
+ answer: 192.168.2.11
+ - domain: git.jay.scot
+ answer: 192.168.2.12
+ - domain: docs.jay.scot
+ answer: 192.168.2.13
+ - domain: adguard.jay.scot
+ answer: 192.168.2.10
+ safebrowsing_cache_size: 1048576
+ safesearch_cache_size: 1048576
+ parental_cache_size: 1048576
+ cache_time: 30
+ filters_update_interval: 24
+ blocked_response_ttl: 10
+ filtering_enabled: true
+ parental_enabled: false
+ safebrowsing_enabled: false
+ protection_enabled: true
+clients:
+ runtime_sources:
+ whois: true
+ arp: true
+ rdns: true
+ dhcp: true
+ hosts: true
+ persistent:
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: amazon-firestick
+ ids:
+ - 192.168.1.103
+ tags: []
+ upstreams: []
+ uid: 019017dd-3802-7202-8435-fd10d1ff7f9c
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: desktop-jay
+ ids:
+ - 192.168.1.111
+ tags: []
+ upstreams: []
+ uid: 019017dc-72f5-7eb7-8f47-a091aeaff387
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: google-chromecast-gym
+ ids:
+ - 192.168.1.101
+ tags: []
+ upstreams: []
+ uid: 019017dd-9652-7438-8c83-b7283d9fb811
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: google-mini-gym
+ ids:
+ - 192.168.1.102
+ tags: []
+ upstreams: []
+ uid: 019017de-04b8-76c9-9caa-1a4c57c143a1
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: laptop-kristen
+ ids:
+ - 192.168.1.106
+ tags: []
+ upstreams: []
+ uid: 019017df-f088-7c13-945a-b6dacdff62b3
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: laptop-work-jay
+ ids:
+ - 192.168.1.146
+ tags: []
+ upstreams: []
+ uid: 019017e0-5cf9-7bbe-bdf5-dbb1c93f0cc5
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: lora-attic
+ ids:
+ - 192.168.1.100
+ tags: []
+ upstreams: []
+ uid: 019017de-93dc-76dd-82b5-ad1f715fe761
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: motorola-jay
+ ids:
+ - 192.168.1.104
+ tags: []
+ upstreams: []
+ uid: 019017df-12a1-76c4-948d-7a811e4d8310
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+ - safe_search:
+ enabled: false
+ bing: true
+ duckduckgo: true
+ google: true
+ pixabay: true
+ yandex: true
+ youtube: true
+ blocked_services:
+ schedule:
+ time_zone: Local
+ ids: []
+ name: samsung-kristen
+ ids:
+ - 192.168.1.105
+ tags: []
+ upstreams: []
+ uid: 019017df-8fec-7748-b0cd-619e19da922f
+ upstreams_cache_size: 0
+ upstreams_cache_enabled: false
+ use_global_settings: true
+ filtering_enabled: false
+ parental_enabled: false
+ safebrowsing_enabled: false
+ use_global_blocked_services: true
+ ignore_querylog: false
+ ignore_statistics: false
+log:
+ file: ""
+ max_backups: 0
+ max_size: 100
+ max_age: 3
+ compress: false
+ local_time: false
+ verbose: false
+os:
+ group: ""
+ user: ""
+ rlimit_nofile: 0
+schema_version: 28
(DIR) diff --git a/adguard/init.sh b/adguard/init.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+HOST=adguard
+
+incus stop $HOST
+incus delete $HOST
+incus launch images:alpine/3.20/cloud $HOST < $HOST.yaml
+
+curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh -o install.sh
+incus file push ./install.sh $HOST/tmp/ -pv --mode 755
+
+incus exec $HOST -- cloud-init status --wait
+incus exec $HOST -- sh -c /tmp/install.sh
+
+incus file push ./files/AdGuardHome.yaml $HOST/opt/AdGuardHome/ -pv --mode 644
+incus exec $HOST -- rc-service AdGuardHome restart
+
+rm install.sh
(DIR) diff --git a/pi-hole/files/15-pihole-admin.conf b/pi-hole/files/15-pihole-admin.conf
@@ -1,67 +0,0 @@
-server.errorlog := "/var/log/lighttpd/error-pihole.log"
-
-$HTTP["url"] =~ "^/admin/" {
- server.document-root = "/var/www/html"
- server.stream-response-body = 1
- accesslog.filename = "/var/log/lighttpd/access-pihole.log"
- accesslog.format = "%{%s}t|%h|%V|%r|%s|%b"
-
- fastcgi.server = (
- ".php" => (
- "localhost" => (
- "socket" => "/run/lighttpd/pihole-php-fastcgi.socket",
- "bin-path" => "/usr/bin/php-cgi",
- "min-procs" => 1,
- "max-procs" => 1,
- "bin-environment" => (
- "PHP_FCGI_CHILDREN" => "4",
- "PHP_FCGI_MAX_REQUESTS" => "10000",
- ),
- "bin-copy-environment" => (
- "PATH", "SHELL", "USER"
- ),
- "broken-scriptfilename" => "enable",
- )
- )
- )
-
- setenv.add-response-header = (
- "X-Pi-hole" => "The Pi-hole Web interface is working!",
- "X-Frame-Options" => "DENY",
- "X-XSS-Protection" => "0",
- "X-Content-Type-Options" => "nosniff",
- "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
- "X-Permitted-Cross-Domain-Policies" => "none",
- "Referrer-Policy" => "same-origin"
- )
-
- $HTTP["url"] =~ "^/admin/\." {
- url.access-deny = ("")
- }
-
- $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
- $HTTP["referer"] =~ "/admin/settings\.php" {
- setenv.set-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
- }
- }
-}
-else $HTTP["url"] == "/admin" {
- url.redirect = ("" => "/admin/")
-}
-
-$HTTP["host"] == "pi.hole" {
- $HTTP["url"] == "/" {
- url.redirect = ("" => "/admin/")
- }
-}
-
-$HTTP["host"] == "pihole.jay.scot" {
- $HTTP["url"] == "/" {
- url.redirect = ("" => "/admin/")
- }
-}
-
-
-
-# (keep this on one line for basic-install.sh filtering during install)
-server.modules += ( "mod_access", "mod_accesslog", "mod_redirect", "mod_fastcgi", "mod_setenv" )
(DIR) diff --git a/pi-hole/files/custom.list b/pi-hole/files/custom.list
@@ -1,3 +0,0 @@
-192.168.1.100 meshtastic.jay.scot
-192.168.2.11 dashboard.jay.scot
-192.168.2.10 pihole.jay.scot
(DIR) diff --git a/pi-hole/files/setupVars.conf b/pi-hole/files/setupVars.conf
@@ -1,17 +0,0 @@
-PIHOLE_INTERFACE=eth0
-QUERY_LOGGING=true
-INSTALL_WEB_SERVER=true
-INSTALL_WEB_INTERFACE=true
-LIGHTTPD_ENABLED=true
-CACHE_SIZE=10000
-DNS_FQDN_REQUIRED=true
-DNS_BOGUS_PRIV=true
-DNSMASQ_LISTENING=single
-WEBPASSWORD=974e6d8bfdeb7de0495e90f30ecca7fbfd0ce54998fe4b4aa54686d1732b9f6d
-BLOCKING_ENABLED=true
-PIHOLE_DNS_1=1.1.1.1
-PIHOLE_DNS_2=1.0.0.1
-DNSSEC=false
-REV_SERVER=false
-WEBUIBOXEDLAYOUT=boxed
-WEBTHEME=default-darker
(DIR) diff --git a/pi-hole/init.sh b/pi-hole/init.sh
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-HOST=pihole
-
-set -x
-
-incus stop $HOST
-incus delete $HOST
-incus launch images:ubuntu/23.10/cloud $HOST < $HOST.yaml
-
-curl -fsSL https://install.pi-hole.net -o basic-install.sh
-
-incus file push ./files/setupVars.conf $HOST/etc/pihole/ -pv --mode 644
-incus file push ./files/custom.list $HOST/etc/pihole/ -pv --mode 644
-incus file push ./basic-install.sh $HOST/tmp/basic-install.sh -pv --mode 755
-
-incus exec $HOST -- bash -c /tmp/basic-install.sh --unattended
-
-incus file push ./files/15-pihole-admin.conf $HOST/etc/lighttpd/conf-enabled/15-pihole-admin.conf -pv --mode 644
-
-incus exec $HOST -- systemctl restart pihole-FTL
-incus exec $HOST -- systemctl restart lighttpd.service
(DIR) diff --git a/pi-hole/pihole.yaml b/pi-hole/pihole.yaml
@@ -1,22 +0,0 @@
-config:
- cloud-init.network-config: |
- version: 2
- ethernets:
- eth0:
- addresses:
- - 192.168.2.10/24
- gateway4: 192.168.2.1
- cloud-init.user-data: |
- #cloud-config
- package_upgrade: true
- hostname: hole.jay.scot
- timezone: Europe/London
- users:
- - name: jay
- groups: sudo
- sudo: ALL=(ALL) NOPASSWD:ALL
- ssh_authorized_keys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLmKYxwXTbyRWLG0S24RTpyfyBO6AL8Dcy0XvVZ97Do
- packages:
- - git
- - curl