Replacing AdGuard with Blocky, adding README. - selfhost - Incus configurations for my self-hosted setup.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit fcebb4eb3163de03350fcaae3c8890aea49489ca
(DIR) parent 18a2986c240172f8fec1fdd2496ab281883abf4e
(HTM) Author: Jay Scott <me@jay.scot>
Date: Sat, 13 Jul 2024 19:28:19 +0100
Replacing AdGuard with Blocky, adding README.
Diffstat:
A README | 15 +++++++++++++++
D adguard/adguard.yaml | 23 -----------------------
D adguard/files/AdGuardHome.yaml | 189 -------------------------------
D adguard/init.sh | 18 ------------------
A blocky/blocky.yaml | 52 +++++++++++++++++++++++++++++++
A blocky/init.sh | 7 +++++++
6 files changed, 74 insertions(+), 230 deletions(-)
---
(DIR) diff --git a/README b/README
@@ -0,0 +1,15 @@
+ __ ___ ___ __ __ ___
+/__` |__ | |__ |__| / \ /__` |
+.__/ |___ |___ | | | \__/ .__/ |
+
+---
+
+
+ blocky ... Network DNS and Ad blocking
+ git ... SSH only Git server
+ ytdl-sub ... Offline YouTube downloader
+ jellyfin ... Media Streaming
+ nas ... Samba fileshare
+ sfeed ... RSS feed manager
+ local ... Static file serving
+
(DIR) diff --git a/adguard/adguard.yaml b/adguard/adguard.yaml
@@ -1,23 +0,0 @@
-devices:
- certs:
- path: /certs
- source: /srv/certs
- type: disk
- shift: true
-
-config:
- cloud-init.network-config: |
- version: 2
- ethernets:
- eth0:
- addresses:
- - 192.168.2.10/24
- gateway4: 192.168.2.1
- cloud-init.user-data: |
- #cloud-config
- package_upgrade: true
- hostname: adguard.jay.scot
- timezone: Europe/London
- manage_resolv_conf: true
- resolv_conf:
- nameservers: ['192.168.2.10', '1.1.1.1']
(DIR) diff --git a/adguard/files/AdGuardHome.yaml b/adguard/files/AdGuardHome.yaml
@@ -1,189 +0,0 @@
-http:
- pprof:
- port: 6060
- enabled: false
- address: 0.0.0.0:80
- session_ttl: 720h
-users:
- - name: jay
- password: $2y$10$mr.QdvENDEApcFtnoXMjneax79u42dhq8heltpjLusD4nuk2R2iiq
-auth_attempts: 5
-block_auth_min: 15
-http_proxy: ""
-language: en
-theme: dark
-dns:
- bind_hosts:
- - 0.0.0.0
- port: 53
- anonymize_client_ip: false
- ratelimit: 20
- ratelimit_subnet_len_ipv4: 24
- ratelimit_subnet_len_ipv6: 56
- ratelimit_whitelist: []
- refuse_any: true
- upstream_dns:
- - https://dns.quad9.net/dns-query
- upstream_dns_file: ""
- bootstrap_dns:
- - 9.9.9.10
- - 149.112.112.10
- - 2620:fe::10
- - 2620:fe::fe:10
- fallback_dns: []
- upstream_mode: load_balance
- fastest_timeout: 1s
- allowed_clients: []
- disallowed_clients: []
- blocked_hosts:
- - version.bind
- - id.server
- - hostname.bind
- trusted_proxies:
- - 127.0.0.0/8
- - ::1/128
- cache_size: 4194304
- cache_ttl_min: 0
- cache_ttl_max: 0
- cache_optimistic: false
- bogus_nxdomain: []
- aaaa_disabled: false
- enable_dnssec: false
- edns_client_subnet:
- custom_ip: ""
- enabled: false
- use_custom: false
- max_goroutines: 300
- handle_ddr: true
- ipset: []
- ipset_file: ""
- bootstrap_prefer_ipv6: false
- upstream_timeout: 10s
- private_networks: []
- use_private_ptr_resolvers: true
- local_ptr_upstreams: []
- use_dns64: false
- dns64_prefixes: []
- serve_http3: false
- use_http3_upstreams: false
- serve_plain_dns: true
- hostsfile_enabled: true
-tls:
- enabled: true
- server_name: adguard.jay.scot
- force_https: true
- port_https: 443
- port_dns_over_tls: 853
- port_dns_over_quic: 853
- port_dnscrypt: 0
- dnscrypt_config_file: ""
- allow_unencrypted_doh: false
- certificate_chain: ""
- private_key: ""
- certificate_path: /certs/fullchain.cer
- private_key_path: /certs/jay.scot.key
- strict_sni_check: false
-querylog:
- dir_path: ""
- ignored:
- - '*.jay.scot'
- interval: 6h
- size_memory: 1000
- enabled: true
- file_enabled: true
-statistics:
- dir_path: ""
- ignored:
- - adguard.jay.scot
- interval: 24h
- enabled: true
-filters:
- - enabled: true
- url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
- name: AdGuard DNS filter
- id: 1
- - enabled: false
- url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
- name: AdAway Default Blocklist
- id: 2
-whitelist_filters: []
-user_rules: []
-dhcp:
- enabled: false
- interface_name: ""
- local_domain_name: lan
- dhcpv4:
- gateway_ip: ""
- subnet_mask: ""
- range_start: ""
- range_end: ""
- lease_duration: 86400
- icmp_timeout_msec: 1000
- options: []
- dhcpv6:
- range_start: ""
- lease_duration: 86400
- ra_slaac_only: false
- ra_allow_slaac: false
-filtering:
- blocking_ipv4: ""
- blocking_ipv6: ""
- blocked_services:
- schedule:
- time_zone: Local
- ids: []
- protection_disabled_until: null
- safe_search:
- enabled: false
- bing: true
- duckduckgo: true
- google: true
- pixabay: true
- yandex: true
- youtube: true
- blocking_mode: default
- parental_block_host: family-block.dns.adguard.com
- safebrowsing_block_host: standard-block.dns.adguard.com
- rewrites:
- - domain: git.jay.scot
- answer: 192.168.2.12
- - domain: adguard.jay.scot
- answer: 192.168.2.10
- - domain: nas.jay.scot
- answer: 192.168.2.14
- - domain: jellyfin.jay.scot
- answer: 192.168.2.15
- - domain: local.jay.scot
- answer: 192.168.2.11
- safebrowsing_cache_size: 1048576
- safesearch_cache_size: 1048576
- parental_cache_size: 1048576
- cache_time: 30
- filters_update_interval: 24
- blocked_response_ttl: 10
- filtering_enabled: true
- parental_enabled: false
- safebrowsing_enabled: false
- protection_enabled: true
-clients:
- runtime_sources:
- whois: true
- arp: true
- rdns: true
- dhcp: true
- hosts: true
- persistent: []
-log:
- enabled: true
- file: ""
- max_backups: 0
- max_size: 100
- max_age: 3
- compress: false
- local_time: false
- verbose: false
-os:
- group: ""
- user: ""
- rlimit_nofile: 0
-schema_version: 28
(DIR) diff --git a/adguard/init.sh b/adguard/init.sh
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-HOST=adguard
-
-incus stop $HOST
-incus delete $HOST
-incus launch images:alpine/3.20/cloud $HOST < $HOST.yaml
-
-curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh -o install.sh
-incus file push ./install.sh $HOST/tmp/ -pv --mode 755
-
-incus exec $HOST -- cloud-init status --wait
-incus exec $HOST -- sh -c /tmp/install.sh
-
-incus file push ./files/AdGuardHome.yaml $HOST/opt/AdGuardHome/ -pv --mode 644
-incus exec $HOST -- rc-service AdGuardHome restart
-
-rm install.sh
(DIR) diff --git a/blocky/blocky.yaml b/blocky/blocky.yaml
@@ -0,0 +1,52 @@
+config:
+ cloud-init.network-config: |
+ version: 2
+ ethernets:
+ eth0:
+ addresses:
+ - 192.168.2.10/24
+ gateway4: 192.168.2.1
+ cloud-init.user-data: |
+ #cloud-config
+ package_upgrade: true
+ hostname: blocky.jay.scot
+ timezone: Europe/London
+ manage_resolv_conf: true
+ resolv_conf:
+ nameservers: ['192.168.2.10', '1.1.1.1']
+ packages:
+ - blocky
+ runcmd:
+ - rc-service blocky start
+ write_files:
+ - path: /etc/blocky/config.yml
+ permissions: '0644'
+ defer: true
+ content: |
+ upstreams:
+ groups:
+ default:
+ - https://dns.quad9.net/dns-query
+ - https://anycast.uncensoreddns.org/dns-query
+ - 94.140.14.14
+
+ blocking:
+ blackLists:
+ ads:
+ - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+ clientGroupsBlock:
+ default:
+ - ads
+
+ ports:
+ dns: 53
+
+ customDNS:
+ customTTL: 5m
+ filterUnmappedTypes: true
+ mapping:
+ blocky.jay.scot: 192.168.2.10
+ local.jay.scot: 192.168.2.11
+ git.jay.scot: 192.168.2.12
+ nas.jay.scot: 192.168.2.14
+ jellyfin.jay.scot: 192.168.2.15
(DIR) diff --git a/blocky/init.sh b/blocky/init.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+HOST=blocky
+
+incus stop $HOST
+incus delete $HOST
+incus launch images:alpine/3.20/cloud $HOST < $HOST.yaml