Benoit/esh
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
esh/esh_adguard/recipes/default.rb
Benoit 65be894048 Archive abandoned project
2025-02-15 01:05:58 +09:00

142 lines
3.5 KiB
Ruby
Raw Permalink Blame History

#
# Cookbook:: esh_adguard
# Recipe:: default
#
# Copyright:: 2023, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
group 'adguard' do
system true
action :create
end
user 'adguard' do
comment 'adguard system user'
gid 'adguard'
home '/var/lib/adguard'
manage_home true
shell '/usr/bin/bash'
system true
action :create
end
directory '/etc/adguard' do
owner 'adguard'
group 'adguard'
mode '0750'
action :create
end
%w(/var/log/AdGuardHome.out /var/log/AdGuardHome.err).each do |log|
file log do
owner 'adguard'
group 'adguard'
mode '0640'
action :create
end
end
version = node['esh']['adguard']['version']
url = "https://github.com/AdguardTeam/AdGuardHome/releases/download/v#{version}/AdGuardHome_linux_amd64.tar.gz"
remote_file "adguard.#{version}.tar.gz" do
source url
path "#{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz"
notifies :run, 'execute[extract adguard]', :immediately
end
execute 'extract adguard' do
command <<~EOT
tar -zxvf \
#{Chef::Config[:file_cache_path]}/adguard.#{version}.tar.gz \
-C /var/lib/adguard \
--strip-components=2 ./AdGuardHome
chown -R adguard: /var/lib/adguard
chmod 750 /var/lib/adguard/AdGuardHome
EOT
action :nothing
notifies :restart, 'service[AdGuardHome]', :delayed
end
username = node['esh']['adguard']['cert_auth'].split(':')[0]
password = node['esh']['adguard']['cert_auth'].split(':')[1]
auth_string = Base64.strict_encode64("#{username}:#{password}")
remote_file '/etc/adguard/fullchain.pem' do
source node['esh']['adguard']['cert_pub']
headers({ 'Authorization' => "Basic #{auth_string}" })
owner 'adguard'
group 'adguard'
mode '0400'
action :create
end
remote_file '/etc/adguard/privkey.pem' do
source node['esh']['adguard']['cert_priv']
headers({ 'Authorization' => "Basic #{auth_string}" })
owner 'adguard'
group 'adguard'
mode '0400'
action :create
end
execute 'setcap AdGuardHome' do
command "setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' /var/lib/adguard/AdGuardHome"
not_if 'getcap /var/lib/adguard/AdGuardHome | grep -q cap_net_bind_service,cap_net_raw=eip'
action :run
end
execute 'adguard service' do
command '/var/lib/adguard/AdGuardHome -s install'
not_if { ::File.exist?('/etc/systemd/system/AdGuardHome.service') }
action :run
end
directory '/etc/systemd/system/AdGuardHome.service.d' do
owner 'root'
group 'root'
mode '0755'
action :create
end
file '/etc/systemd/system/AdGuardHome.service.d/override.conf' do
content <<~EOT
[Service]
User=adguard
Group=adguard
EOT
owner 'root'
group 'root'
mode '0644'
action :create
notifies :run, 'execute[systemctl daemon-reload]', :immediately
end
execute 'systemctl daemon-reload' do
command 'systemctl daemon-reload'
action :nothing
end
file '/var/lib/adguard/AdGuardHome.yaml' do
content node['esh']['adguard']['config']
owner 'adguard'
group 'adguard'
mode '0640'
action :create
notifies :restart, 'service[AdGuardHome]', :immediately
end
service 'AdGuardHome' do
action :nothing
end
Reference in a new issue View git blame Copy permalink