# # Cookbook:: esh_adguard # Recipe:: default # # Copyright:: 2023, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. group 'adguard' do system true action :create end user 'adguard' do comment 'adguard system user' gid 'adguard' home '/var/lib/adguard' manage_home true shell '/usr/bin/bash' system true action :create end directory '/etc/adguard' do owner 'adguard' group 'adguard' mode '0750' action :create end %w(/var/log/AdGuardHome.out /var/log/AdGuardHome.err).each do |log| file log do owner 'adguard' group 'adguard' mode '0640' action :create end end version = node['esh']['adguard']['version'] url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v#{version}/AdGuardHome_linux_amd64.tar.gz" remote_file "adguard.#{version}.tar.gz" do source url path "#{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz" notifies :run, 'execute[extract adguard]', :immediately end execute 'extract adguard' do command <<~EOT tar -zxvf \ #{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz \ -C /var/lib/adguard \ --strip-components=2 ./AdGuardHome chown -R adguard: /var/lib/adguard chmod 750 /var/lib/adguard/AdGuardHome EOT action :nothing notifies :restart, 'service[AdGuardHome]', :delayed end username = node['esh']['adguard']['cert_auth'].split(':')[0] password = node['esh']['adguard']['cert_auth'].split(':')[1] auth_string = Base64.strict_encode64("#{username}:#{password}") remote_file '/etc/adguard/fullchain.pem' do source node['esh']['adguard']['cert_pub'] headers({ 'Authorization' => "Basic #{auth_string}" }) owner 'adguard' group 'adguard' mode '0400' action :create end remote_file '/etc/adguard/privkey.pem' do source node['esh']['adguard']['cert_priv'] headers({ 'Authorization' => "Basic #{auth_string}" }) owner 'adguard' group 'adguard' mode '0400' action :create end execute 'setcap AdGuardHome' do command "setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /var/lib/adguard/AdGuardHome" not_if 'getcap /var/lib/adguard/AdGuardHome | grep -q cap_net_bind_service,cap_net_raw=eip' action :run end execute 'adguard service' do command '/var/lib/adguard/AdGuardHome -s install' not_if { ::File.exist?('/etc/systemd/system/AdGuardHome.service') } action :run end directory '/etc/systemd/system/AdGuardHome.service.d' do owner 'root' group 'root' mode '0755' action :create end file '/etc/systemd/system/AdGuardHome.service.d/override.conf' do content <<~EOT [Service] User=adguard Group=adguard EOT owner 'root' group 'root' mode '0644' action :create notifies :run, 'execute[systemctl daemon-reload]', :immediately end execute 'systemctl daemon-reload' do command 'systemctl daemon-reload' action :nothing end file '/var/lib/adguard/AdGuardHome.yaml' do content node['esh']['adguard']['config'] owner 'adguard' group 'adguard' mode '0640' action :create notifies :restart, 'service[AdGuardHome]', :immediately end service 'AdGuardHome' do action :nothing end