From 496b3c185d0662fdcd236aa04adadef87906394a Mon Sep 17 00:00:00 2001 From: Benoit S Date: Mon, 6 Sep 2021 18:23:50 +0900 Subject: [PATCH] Move AdGuard config to git-crypted version --- .gitattributes | 2 + deploy.py | 4 +- files/AdGuardHome.yaml | Bin 0 -> 4261 bytes group_data/all.py | 10 -- templates/AdGuardHome.yaml.j2 | 174 ---------------------------------- 5 files changed, 4 insertions(+), 186 deletions(-) create mode 100644 .gitattributes create mode 100644 files/AdGuardHome.yaml delete mode 100644 templates/AdGuardHome.yaml.j2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..7a0bff3 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +files/AdGuardHome.yaml filter=git-crypt diff=git-crypt + diff --git a/deploy.py b/deploy.py index 82fff4a..63cd72f 100644 --- a/deploy.py +++ b/deploy.py @@ -126,9 +126,9 @@ files.put( mode='644', ) -files.template( +files.put( name='Push AdGuardHome config', - src='templates/AdGuardHome.yaml.j2', + src='files/AdGuardHome.yaml', dest='/home/adguard/AdGuardHome/AdGuardHome.yaml', mode='640', user='adguard', diff --git a/files/AdGuardHome.yaml b/files/AdGuardHome.yaml new file mode 100644 index 0000000000000000000000000000000000000000..52ed30ab8cd6f9f946cf71cb998fb48f23aa518e GIT binary patch literal 4261 zcmV;W5L)j5M@dveQdv+`02ilz$Qa0|X(p}654U`RXdR4tofvGzVFkJm@e4U?m2-RE zPcNW|h6SDFtK5WZv)v3UikF9h)2PQTVHU4>`IcIB=mFr@{*531!pgi=)o8UVAU)z% z5d137=$&L@D4T?E5lyCT6NRTvm38JB6$f-mD_urbMh)@o6QHO&K@sg06I_cHJ23vc z4(QqKc;S3&{GPRZXHlUUfsrJ$LKtDV41y>s?w-Dug%Z9`iw_sgJYwI+C zuc!!qOrTxF*xFlC=1%{P7`&0KSP)NOf{3)gc}0T1Ojb+*0KkLLei)=57sj#rMB{ZD zeyDRe#byvRS&(a=ER*Au9o~u}kBnjEi$`V&$T@vySgBoy!>-oWAwq^ewZGS&ay>8C zYK_JB_LhTy-rdtw`5ty3(Wf^b!k^G{l6*~>+c<8sddwGU%K#fR2Gj>wpx`f~=uwYc zA+`ierl=kk9IuGE>wpW}rDTftRIz6Fq%H$Jz$wtii?4)t`FK(4rTvj$UXTkR#dOLH zfP7LUKlMh=C1uje9IU1uwyjgodlYN5sFBOF?~`-3vb@Kyl_Y z$WvJEo#=pD(B?iq3F8x$s5g6Q%qtk{>`M^pz#KT6eC$Ji4WT}Gzb`zsxh%xaf07(>Qg zQcvU5-asLdZ3_$vpe+AecN;4j-3jAqfxt;5P z@vqmmIwV1k;WYFvTJB%^x+!)ZLQNhJsV2Od9l=IOb5`Un3qk{=0)pw#W`x8Np9vs? zdabUM-m{BpczaLf78HRVC>=dXwvE?#)Z`2*Mgn2d=cUXT$(cxIu$Ii=7vYf|V$sZ% z!TP<_D%Y+A|KSn5nsmAqZ9I}$(b!J*_@i)hiX+8So>h7g{}bJeZ?|OtXgDLQ#7&7o zQiWEsZflT=CxfSaVHETkYK~}YfBFaKal+C9_M>ZU06drUxyt3|_%y9xN3XBwd>mTh z<17sTsIq)g0my-{0PNZKGC!_b;jZ76j7y=SmQ$92l^xJNXn3HHDl9R0GVLnpaInzF zaAfXhlcH5G{=r!D|3zm#8$P6cbffje)sVCzDD`Wd4e$KY^nNs^W32eqj6kR^IeqL) zP>g%V;+0YrlBTBZvI$knP`3b8a@`sIUQ@UZ{4eMeOVUU4ChDM(0xQ2?d-H;kCFEmh zlq91(YH_bL@F}ioF!6>)CrxVDzJV3q?Xp>}1+>r^lP9%+iP>Jj{|5!(drzKzGv(-JXa3Oo_LUs;{ zI(HH>#)Z~QGWJ2O+gYmZp=BDii-PB|)kVN&sZL!WQ<&`idgR}+6buFr* zRG-1|CfMZrq*Zo}?`$|+Fz#fO?Rvb?!Q zcP+oPf%S<|zV% z-JSp%Qm}h#;Gdz4mEgJn&EY%UpT@=sKU6&kEV5u~m!VX^MfbRA=k|^-sj3A_%PHUs zc_=`s0N!hfeyMrj69~KJfU{b%Ik0BH!CqKePXkC>QJ()y%jSxI=ddB{nPX*Q9;n;w zm4qL|qp0SXJ`qy-4wc^udd2M2zj;*U@Ex5#4khY5*Sc4NZgZ}SqMO!T&G7;-By4S* zTC~kNl#%R57#H|5sdA**7Ws-6QOI%H53gVAyDmsXq^M1fN;?zQrTC$)u%`Z1!K?=$ zmv~NELa!=%+{D+@+EQ45Y>VuX^ZhcQUy5Jsf~`vEn;9`rOe%sWGy!a>$%Pdp`KB76 ztrwc6);$U<|L#2@UVq|l+BADxeSbm+O-h{Ie4w^ASPr$Fai)T}Y&$&TZ1T@s2I}Ou zegKGJr7rrI)%PiG(9t=AWSx?ImLxMnF(xW-V`S!05pObQYLiUZR^ibib^umKYjX3+ zd2%QLs)A{yjGQ7dXU#7Ab33kf;y5*-D27XX97|Xs7=_|wgDx^nhoJAW_@KAY{rvH>WUwb^Q%w#5KzBl=`&6-mV z?c$wRnzpgv$Ph4mwCez!psv4E{uJaE+qD(LX+*yH|#VT$e?7&(TcB@!~ zdvI)i@&^@%U{FYY;}!%nHeO-rX@ssrTJ+vc8`g3M*6vKA(z006LX!9vY^LsjijtbW zTm(qpO~wcE4OrsG!$qm_j72wa+zUW35^icvU8+)D8rJ0iS+ zfvln=E8geKYO)(B&r4Nyt|zfR-v&4?tTox=EY(sF)8Gus_e5vZ3tGU{jO25xsOeZY z2qe;shoC=G+$h5Y!(T-%X+i7m@F)2Ts2ucMsJ-Ok$KuSieI*_q3qAaoKt-fm|j1B5_VTRZcN22N+WUGMVSjT~Z zRld-`CJ~mGZFe#B&D1eqU@|r@oii#mgjwr$H%zR}+El3D$tAY-OQuqjXPRUZce6A> ziOx!ib%ad48P87r#!Tm6Hy!`$Y;+U&OfO~AhW+*0c#xE-8qk_>j&8!0|p6em`I zBw00qUv+wJoUb*3FEfO_-AFT%cWOe$w}Qp=D$cpHW){ZU-0fXBRGQ~#-K9%BYh-W~ z1Uq0KJ+@na!UiwA)8QL1+K1>^=8Hb*AyEEX++MK*v?zNK3`(h3jlx8jytEHZ<4LU> zy;U1-22+=@GI^XFX;6=u4Wvrj=Z#j6@x9)2;7Q3}q&avkuuOxV6hQ$=yre+On9y+T z`*)X|?8kAKcIaK)&Y=p=gvqo=T)7>qy0ZahTHvQjU#Fmho|(AZA7R~t_5rYcV1C<#XlH45ozCZ4xd89H)Szw)34ATa`0l@z zDS_Dj!H~AkdOzOT(E3>#d0Rm%`X6b83!#ebv^fE=@-j9gFcAgf zq(S9LzId@czGY`<3oPRAj+4c&*mrXW8-(5E5+rS+xQusZ)@#EE<^SGTGpz7)7ntHv{4Jc~frSU|ub8!R3jjuPd;|Vr4b>SeW#r4&v;??qLpMdOCPzMy%=K)?xTjbgow{08{L70-0L@w1eEn`N%(uvJ z1n9l&C&uz00(*N3L7LwxGoel8GJmN%cM3iH_~eoz9N*9S%O^yAF)e+X+4RIqUSdSM3DWCuHI3QEPWBr?b?k6w1 zV~k)4{td~4=;dX1mX!&BgP6fza4JWjk&p9<1Wz@~KD+(|h>SxzbU-c8D97?<7C3_b zEDT03pWYYAc(cn^5Bp2+;K=k0MFW^qDTx+nb%n=$YOUTILlen_n}%2$Yk=AFfan*| zHg+mfz_Hb1cv+F=K6y1(2bZdQI_BQfl@zg)V!(3ZsGqONm##P!HmAm1e>#Fb-Zv~H zYU9|x3RYxff{5&6dfKxa0rB7b;@Fvuk)TptdI^by{B}mKzJSwNiOz+VvMOMYKL+3S z4eYVng)I+q$+na=?sL>i!>V}P#Pe6L<5oSsy8jA`(n+Ud``6RXAyoa^D0DJiq4sgA zLmGCmVjZJyibAjUB{&B!4ztTJ7jlccWf HHo5oUxI|?! literal 0 HcmV?d00001 diff --git a/group_data/all.py b/group_data/all.py index aa3e6c5..400267b 100644 --- a/group_data/all.py +++ b/group_data/all.py @@ -1,12 +1,2 @@ -from getpass import getpass - -import privy - -def get_secret(adguard_password): - password = getpass('Please provide the secret password: ') - return privy.peek(adguard_password, password) - -b_app_password = get_secret(b'1$2$LlFa8G5qg1DQqboBzagJywm5bayJ5CRDbVOeXrTPPKU=$Z0FBQUFBQmdDQlotZmYtd183cEE1MHpsbl9IaWlLNUlOdXBkMzhsdzQ0SUNhNXhiMDEwbUJfeUJIT2ctM1JFWm5oMW9IN1pocVFDSDIxN0dSSVRaSzdJdzJNQURPM3hyYVlWOUwxR09aOU9ubU1GbjNvNS1NdFNkWFhsS2tjcTNES0ZRYURjUkhWRGVpQkVuMmo0NTdrck9VTWRfaVVHUmZ3PT0=') -app_password = b_app_password.decode('utf-8') app_user = 'adguard' app_dir = '/home/adguard' diff --git a/templates/AdGuardHome.yaml.j2 b/templates/AdGuardHome.yaml.j2 deleted file mode 100644 index 63fb1aa..0000000 --- a/templates/AdGuardHome.yaml.j2 +++ /dev/null @@ -1,174 +0,0 @@ -bind_host: 0.0.0.0 -bind_port: 80 -beta_bind_port: 0 -users: -- name: benpro - password: {{ host.data.app_password }} -http_proxy: "" -language: "" -rlimit_nofile: 0 -debug_pprof: false -web_session_ttl: 720 -dns: - bind_host: 0.0.0.0 - port: 1053 - statistics_interval: 90 - querylog_enabled: true - querylog_file_enabled: true - querylog_interval: 90 - querylog_size_memory: 1000 - anonymize_client_ip: true - protection_enabled: true - blocking_mode: nxdomain - blocking_ipv4: "" - blocking_ipv6: "" - blocked_response_ttl: 10 - parental_block_host: family-block.dns.adguard.com - safebrowsing_block_host: standard-block.dns.adguard.com - ratelimit: 20 - ratelimit_whitelist: [] - refuse_any: true - upstream_dns: - - https://dns11.quad9.net/dns-query - - https://dns.cloudflare.com/dns-query - - tls://dns-unfiltered.adguard.com - - quic://dns-unfiltered.adguard.com:784 - - tls://dns.google - - tls://public.dns.iij.jp - - tls://dns.nextdns.io - - https://doh.mullvad.net/dns-query - upstream_dns_file: "" - bootstrap_dns: - - 94.140.14.140 - all_servers: false - fastest_addr: false - allowed_clients: [] - disallowed_clients: [] - blocked_hosts: - - version.bind - - id.server - - hostname.bind - cache_size: 4194304 - cache_ttl_min: 0 - cache_ttl_max: 0 - bogus_nxdomain: [] - aaaa_disabled: false - enable_dnssec: true - edns_client_subnet: true - max_goroutines: 50 - ipset: [] - filtering_enabled: true - filters_update_interval: 24 - parental_enabled: false - safesearch_enabled: false - safebrowsing_enabled: false - safebrowsing_cache_size: 1048576 - safesearch_cache_size: 1048576 - parental_cache_size: 1048576 - cache_time: 30 - rewrites: [] - blocked_services: - - facebook - - twitter - - snapchat - - origin - - epic_games - - vk - - mail_ru - - discord - - ok - - tiktok - - 9gag - - hulu - - whatsapp - - wechat - - tinder - - skype - - pinterest - - disneyplus - - qq - - weibo - customresolver: null -tls: - enabled: true - server_name: dns.benpro.fr - force_https: true - port_https: 443 - port_dns_over_tls: 853 - port_dns_over_quic: 784 - port_dnscrypt: 0 - dnscrypt_config_file: "" - allow_unencrypted_doh: false - strict_sni_check: false - certificate_chain: "" - private_key: "" - certificate_path: /home/adguard/fullchain.pem - private_key_path: /home/adguard/privkey.pem -filters: -- enabled: true - url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt - name: AdGuard DNS filter - id: 1 -- enabled: true - url: https://www.malwaredomainlist.com/hostslist/hosts.txt - name: MalwareDomainList.com Hosts List - id: 4 -- enabled: true - url: https://280blocker.net/files/280blocker_domain.txt - name: 'JPN: 280blocker adblock domain lists' - id: 1598087712 -- enabled: true - url: https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt - name: AdAway default blocklist - id: 1598087713 -- enabled: true - url: https://raw.githubusercontent.com/notracking/hosts-blocklists/master/adblock/adblock.txt - name: notracking - id: 1598087714 -- enabled: true - url: https://logroid.github.io/adaway-hosts/hosts.txt - name: AdAway Blocking Hosts File for Japan - id: 1598087715 -- enabled: true - url: https://sebsauvage.net/hosts/hosts-adguard - name: Sebsauvage - id: 1598087716 -whitelist_filters: [] -user_rules: -- '@@||links.eml.atlassian.com^$important' -- '@@||t.paypal.com^$important' -- '@@||email.strava.com^$important' -- '||disqus.com^$important' -- '@@||api2.branch.io^$important' -- '@@||www.navitime.co.jp^$important' -- '@@||minexmr.com^$important' -- '@@||secure.rat.rakuten.co.jp^$important' -- '@@||searchapi.agoda.com^$important' -- '@@||analytics.agoda.com^$important' -- '@@||go.menu.jp^$important' -- "" -dhcp: - enabled: false - interface_name: "" - dhcpv4: - gateway_ip: "" - subnet_mask: "" - range_start: "" - range_end: "" - lease_duration: 86400 - icmp_timeout_msec: 1000 - options: [] - dhcpv6: - range_start: "" - lease_duration: 86400 - ra_slaac_only: false - ra_allow_slaac: false -clients: [] -log_compress: false -log_localtime: false -log_max_backups: 0 -log_max_size: 100 -log_max_age: 3 -log_file: "" -verbose: false -schema_version: 7