Archive abandoned project

esh_adguard/recipes/default.rb

@@ -0,0 +1,142 @@
+#
+# Cookbook:: esh_adguard
+# Recipe:: default
+#
+# Copyright:: 2023, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+group 'adguard' do
+  system true
+  action :create
+end
+
+user 'adguard' do
+  comment 'adguard system user'
+  gid 'adguard'
+  home '/var/lib/adguard'
+  manage_home true
+  shell '/usr/bin/bash'
+  system true
+  action :create
+end
+
+directory '/etc/adguard' do
+  owner 'adguard'
+  group 'adguard'
+  mode '0750'
+  action :create
+end
+
+%w(/var/log/AdGuardHome.out /var/log/AdGuardHome.err).each do |log|
+  file log do
+    owner 'adguard'
+    group 'adguard'
+    mode '0640'
+    action :create
+  end
+end
+
+version = node['esh']['adguard']['version']
+url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v#{version}/AdGuardHome_linux_amd64.tar.gz"
+
+remote_file "adguard.#{version}.tar.gz" do
+  source url
+  path "#{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz"
+  notifies :run, 'execute[extract adguard]', :immediately
+end
+  
+execute 'extract adguard' do
+  command <<~EOT
+  tar -zxvf \
+    #{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz \
+    -C /var/lib/adguard \
+    --strip-components=2 ./AdGuardHome
+  chown -R adguard: /var/lib/adguard
+  chmod 750 /var/lib/adguard/AdGuardHome
+  EOT
+  action :nothing
+  notifies :restart, 'service[AdGuardHome]', :delayed
+end
+
+username = node['esh']['adguard']['cert_auth'].split(':')[0]
+password = node['esh']['adguard']['cert_auth'].split(':')[1]
+auth_string = Base64.strict_encode64("#{username}:#{password}")
+
+remote_file '/etc/adguard/fullchain.pem' do
+  source node['esh']['adguard']['cert_pub']
+  headers({ 'Authorization' => "Basic #{auth_string}" })
+  owner 'adguard'
+  group 'adguard'
+  mode '0400'
+  action :create
+end
+
+remote_file '/etc/adguard/privkey.pem' do
+  source node['esh']['adguard']['cert_priv']
+  headers({ 'Authorization' => "Basic #{auth_string}" })
+  owner 'adguard'
+  group 'adguard'
+  mode '0400'
+  action :create
+end
+
+execute 'setcap AdGuardHome' do
+  command "setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /var/lib/adguard/AdGuardHome"
+  not_if 'getcap /var/lib/adguard/AdGuardHome | grep -q cap_net_bind_service,cap_net_raw=eip'
+  action :run
+end
+
+execute 'adguard service' do
+  command '/var/lib/adguard/AdGuardHome -s install'
+  not_if { ::File.exist?('/etc/systemd/system/AdGuardHome.service') } 
+  action :run
+end
+
+directory '/etc/systemd/system/AdGuardHome.service.d' do
+  owner 'root'
+  group 'root'
+  mode '0755'
+  action :create
+end
+
+file '/etc/systemd/system/AdGuardHome.service.d/override.conf' do
+  content <<~EOT
+  [Service]
+  User=adguard
+  Group=adguard
+  EOT
+  owner 'root'
+  group 'root'
+  mode '0644'
+  action :create
+  notifies :run, 'execute[systemctl daemon-reload]', :immediately
+end
+
+execute 'systemctl daemon-reload' do
+  command 'systemctl daemon-reload'
+  action :nothing
+end
+
+file '/var/lib/adguard/AdGuardHome.yaml' do
+  content node['esh']['adguard']['config']
+  owner 'adguard'
+  group 'adguard'
+  mode '0640'
+  action :create
+  notifies :restart, 'service[AdGuardHome]', :immediately
+end
+
+service 'AdGuardHome' do
+  action :nothing
+end