From 0edba2490bbf9eaafe3f81884c0bb0555457205c Mon Sep 17 00:00:00 2001 From: Kaito Ii Date: Wed, 27 Dec 2023 19:44:37 +0900 Subject: [PATCH] add adguard home --- mycluster/adguard/conf/AdGuardHome.yaml | 180 ++++++++++++++++++++++++ mycluster/adguard/deployment.yaml | 53 +++++++ mycluster/adguard/kustomization.yaml | 14 ++ mycluster/adguard/namespace.yaml | 4 + mycluster/adguard/pvc.yaml | 12 ++ mycluster/adguard/service.yaml | 23 +++ mycluster/kustomization.yaml | 1 + 7 files changed, 287 insertions(+) create mode 100644 mycluster/adguard/conf/AdGuardHome.yaml create mode 100644 mycluster/adguard/deployment.yaml create mode 100644 mycluster/adguard/kustomization.yaml create mode 100644 mycluster/adguard/namespace.yaml create mode 100644 mycluster/adguard/pvc.yaml create mode 100644 mycluster/adguard/service.yaml diff --git a/mycluster/adguard/conf/AdGuardHome.yaml b/mycluster/adguard/conf/AdGuardHome.yaml new file mode 100644 index 0000000..767c520 --- /dev/null +++ b/mycluster/adguard/conf/AdGuardHome.yaml @@ -0,0 +1,180 @@ +http: + pprof: + port: 6060 + enabled: false + address: 0.0.0.0:80 + session_ttl: 720h +users: + - name: ii + password: $2a$10$tnf8mhQC8uYDZwq0WX6TMezKKzpX.cQnYnO5ZMFcr8m4r58rjYox. +auth_attempts: 5 +block_auth_min: 15 +http_proxy: "" +language: en +theme: auto +dns: + bind_hosts: + - 0.0.0.0 + port: 53 + anonymize_client_ip: false + ratelimit: 20 + ratelimit_subnet_len_ipv4: 24 + ratelimit_subnet_len_ipv6: 56 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - tcp://1.1.1.1 + - tcp://8.8.8.8 + - https://dns10.quad9.net/dns-query + upstream_dns_file: "" + bootstrap_dns: + - 9.9.9.10 + - 149.112.112.10 + - 2620:fe::10 + - 2620:fe::fe:10 + fallback_dns: [] + all_servers: false + fastest_addr: false + fastest_timeout: 1s + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: + - version.bind + - id.server + - hostname.bind + trusted_proxies: + - 127.0.0.0/8 + - ::1/128 + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + cache_optimistic: false + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: + custom_ip: "" + enabled: false + use_custom: false + max_goroutines: 300 + handle_ddr: true + ipset: [] + ipset_file: "" + bootstrap_prefer_ipv6: false + upstream_timeout: 10s + private_networks: [] + use_private_ptr_resolvers: true + local_ptr_upstreams: [] + use_dns64: false + dns64_prefixes: [] + serve_http3: false + use_http3_upstreams: false + serve_plain_dns: true +tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 853 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + strict_sni_check: false +querylog: + ignored: [] + interval: 2160h + size_memory: 1000 + enabled: true + file_enabled: true +statistics: + ignored: [] + interval: 24h + enabled: true +filters: + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt + name: AdGuard DNS filter + id: 1 + - enabled: false + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt + name: AdAway Default Blocklist + id: 2 + - enabled: true + url: https://raw.githubusercontent.com/tofukko/filter/master/Adblock_Plus_list.txt + name: tofu + id: 3 +whitelist_filters: [] +user_rules: [] +dhcp: + enabled: false + interface_name: "" + local_domain_name: lan + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false +filtering: + blocking_ipv4: "" + blocking_ipv6: "" + blocked_services: + schedule: + time_zone: UTC + ids: [] + protection_disabled_until: null + safe_search: + enabled: true + bing: true + duckduckgo: true + google: true + pixabay: true + yandex: true + youtube: true + blocking_mode: default + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + rewrites: [] + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + filters_update_interval: 24 + blocked_response_ttl: 10 + filtering_enabled: true + parental_enabled: false + safebrowsing_enabled: false + protection_enabled: true +clients: + runtime_sources: + whois: true + arp: true + rdns: false + dhcp: true + hosts: true + persistent: [] +log: + file: "" + max_backups: 0 + max_size: 100 + max_age: 3 + compress: false + local_time: false + verbose: false +os: + group: "" + user: "" + rlimit_nofile: 0 +schema_version: 27 diff --git a/mycluster/adguard/deployment.yaml b/mycluster/adguard/deployment.yaml new file mode 100644 index 0000000..f73b0fe --- /dev/null +++ b/mycluster/adguard/deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguard-deployment + namespace: adguard +spec: + replicas: 1 + selector: + matchLabels: + app: adguard + template: + metadata: + labels: + app: adguard + spec: + initContainers: + - name: init + image: busybox + command: ["sh", "-c", "mkdir -p /opt/adguardhome/conf && cp /tmp/AdGuardHome.yaml /opt/adguardhome/conf/"] + volumeMounts: + - name: adguard-conf + mountPath: /opt/adguardhome/conf + - name: adguard-config + mountPath: /tmp + containers: + - name: adguard-home + image: adguard/adguardhome:v0.107.43 + ports: + - containerPort: 53 #dns + name: dns + protocol: UDP + - containerPort: 3000 #initial setup + name: http-initial + - containerPort: 80 #web gui + name: http + protocol: TCP + volumeMounts: + - name: adguard-data + mountPath: /opt/adguardhome/work + - name: adguard-conf + mountPath: /opt/adguardhome/conf + volumes: + - name: adguard-data + persistentVolumeClaim: + claimName: adguard-pvc + - name: adguard-config + configMap: + name: adguard-config + items: + - key: AdGuardHome.yaml + path: AdGuardHome.yaml + - name: adguard-conf + emptyDir: diff --git a/mycluster/adguard/kustomization.yaml b/mycluster/adguard/kustomization.yaml new file mode 100644 index 0000000..39fa4ae --- /dev/null +++ b/mycluster/adguard/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- namespace.yaml +- pvc.yaml +- service.yaml +- deployment.yaml + +configMapGenerator: +- name: adguard-config + files: + - conf/AdGuardHome.yaml + options: + disableNameSuffixHash: true diff --git a/mycluster/adguard/namespace.yaml b/mycluster/adguard/namespace.yaml new file mode 100644 index 0000000..659575d --- /dev/null +++ b/mycluster/adguard/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: adguard diff --git a/mycluster/adguard/pvc.yaml b/mycluster/adguard/pvc.yaml new file mode 100644 index 0000000..ee18042 --- /dev/null +++ b/mycluster/adguard/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: adguard-pvc + namespace: adguard +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: "longhorn" diff --git a/mycluster/adguard/service.yaml b/mycluster/adguard/service.yaml new file mode 100644 index 0000000..f0ffd52 --- /dev/null +++ b/mycluster/adguard/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-service + namespace: adguard +spec: + selector: + app: adguard + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + name: http-initial + - protocol: TCP + port: 80 + targetPort: 80 + name: http + - protocol: UDP + port: 53 + targetPort: 53 + name: dns + type: LoadBalancer + loadBalancerIP: 192.168.11.205 diff --git a/mycluster/kustomization.yaml b/mycluster/kustomization.yaml index fe683b0..e40ca2a 100644 --- a/mycluster/kustomization.yaml +++ b/mycluster/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- adguard - cert-manager - flagger - flux-system