Move AdGuard config to git-crypted version

2021-09-06 18:23:50 +09:00 · 2021-09-06 18:23:50 +09:00 · 496b3c185d
commit 496b3c185d
parent 754f0555c4
5 changed files with 4 additions and 186 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+files/AdGuardHome.yaml filter=git-crypt diff=git-crypt
+
--- a/deploy.py
+++ b/deploy.py
@ -126,9 +126,9 @@ files.put(
    mode='644',
 )

-files.template(
+files.put(
    name='Push AdGuardHome config',
-    src='templates/AdGuardHome.yaml.j2',
+    src='files/AdGuardHome.yaml',
    dest='/home/adguard/AdGuardHome/AdGuardHome.yaml',
    mode='640',
    user='adguard',
--- a/files/AdGuardHome.yaml
+++ b/files/AdGuardHome.yaml
--- a/group_data/all.py
+++ b/group_data/all.py
@ -1,12 +1,2 @@
-from getpass import getpass
-
-import privy
-
-def get_secret(adguard_password):
-    password = getpass('Please provide the secret password: ')
-    return privy.peek(adguard_password, password)
-
-b_app_password = get_secret(b'1$2$LlFa8G5qg1DQqboBzagJywm5bayJ5CRDbVOeXrTPPKU=$Z0FBQUFBQmdDQlotZmYtd183cEE1MHpsbl9IaWlLNUlOdXBkMzhsdzQ0SUNhNXhiMDEwbUJfeUJIT2ctM1JFWm5oMW9IN1pocVFDSDIxN0dSSVRaSzdJdzJNQURPM3hyYVlWOUwxR09aOU9ubU1GbjNvNS1NdFNkWFhsS2tjcTNES0ZRYURjUkhWRGVpQkVuMmo0NTdrck9VTWRfaVVHUmZ3PT0=')
-app_password = b_app_password.decode('utf-8')
 app_user = 'adguard'
 app_dir = '/home/adguard'
--- a/templates/AdGuardHome.yaml.j2
+++ b/templates/AdGuardHome.yaml.j2
@ -1,174 +0,0 @@
-bind_host: 0.0.0.0
-bind_port: 80
-beta_bind_port: 0
-users:
- name: benpro
-  password: {{ host.data.app_password }}
-http_proxy: ""
-language: ""
-rlimit_nofile: 0
-debug_pprof: false
-web_session_ttl: 720
-dns:
-  bind_host: 0.0.0.0
-  port: 1053
-  statistics_interval: 90
-  querylog_enabled: true
-  querylog_file_enabled: true
-  querylog_interval: 90
-  querylog_size_memory: 1000
-  anonymize_client_ip: true
-  protection_enabled: true
-  blocking_mode: nxdomain
-  blocking_ipv4: ""
-  blocking_ipv6: ""
-  blocked_response_ttl: 10
-  parental_block_host: family-block.dns.adguard.com
-  safebrowsing_block_host: standard-block.dns.adguard.com
-  ratelimit: 20
-  ratelimit_whitelist: []
-  refuse_any: true
-  upstream_dns:
-  - https://dns11.quad9.net/dns-query
-  - https://dns.cloudflare.com/dns-query
-  - tls://dns-unfiltered.adguard.com
-  - quic://dns-unfiltered.adguard.com:784
-  - tls://dns.google
-  - tls://public.dns.iij.jp
-  - tls://dns.nextdns.io
-  - https://doh.mullvad.net/dns-query
-  upstream_dns_file: ""
-  bootstrap_dns:
-  - 94.140.14.140
-  all_servers: false
-  fastest_addr: false
-  allowed_clients: []
-  disallowed_clients: []
-  blocked_hosts:
-  - version.bind
-  - id.server
-  - hostname.bind
-  cache_size: 4194304
-  cache_ttl_min: 0
-  cache_ttl_max: 0
-  bogus_nxdomain: []
-  aaaa_disabled: false
-  enable_dnssec: true
-  edns_client_subnet: true
-  max_goroutines: 50
-  ipset: []
-  filtering_enabled: true
-  filters_update_interval: 24
-  parental_enabled: false
-  safesearch_enabled: false
-  safebrowsing_enabled: false
-  safebrowsing_cache_size: 1048576
-  safesearch_cache_size: 1048576
-  parental_cache_size: 1048576
-  cache_time: 30
-  rewrites: []
-  blocked_services:
-  - facebook
-  - twitter
-  - snapchat
-  - origin
-  - epic_games
-  - vk
-  - mail_ru
-  - discord
-  - ok
-  - tiktok
-  - 9gag
-  - hulu
-  - whatsapp
-  - wechat
-  - tinder
-  - skype
-  - pinterest
-  - disneyplus
-  - qq
-  - weibo
-  customresolver: null
-tls:
-  enabled: true
-  server_name: dns.benpro.fr
-  force_https: true
-  port_https: 443
-  port_dns_over_tls: 853
-  port_dns_over_quic: 784
-  port_dnscrypt: 0
-  dnscrypt_config_file: ""
-  allow_unencrypted_doh: false
-  strict_sni_check: false
-  certificate_chain: ""
-  private_key: ""
-  certificate_path: /home/adguard/fullchain.pem
-  private_key_path: /home/adguard/privkey.pem
-filters:
- enabled: true
-  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
-  name: AdGuard DNS filter
-  id: 1
- enabled: true
-  url: https://www.malwaredomainlist.com/hostslist/hosts.txt
-  name: MalwareDomainList.com Hosts List
-  id: 4
- enabled: true
-  url: https://280blocker.net/files/280blocker_domain.txt
-  name: 'JPN: 280blocker adblock domain lists'
-  id: 1598087712
- enabled: true
-  url: https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt
-  name: AdAway default blocklist
-  id: 1598087713
- enabled: true
-  url: https://raw.githubusercontent.com/notracking/hosts-blocklists/master/adblock/adblock.txt
-  name: notracking
-  id: 1598087714
- enabled: true
-  url: https://logroid.github.io/adaway-hosts/hosts.txt
-  name: AdAway Blocking Hosts File for Japan
-  id: 1598087715
- enabled: true
-  url: https://sebsauvage.net/hosts/hosts-adguard
-  name: Sebsauvage
-  id: 1598087716
-whitelist_filters: []
-user_rules:
- '@@||links.eml.atlassian.com^$important'
- '@@||t.paypal.com^$important'
- '@@||email.strava.com^$important'
- '||disqus.com^$important'
- '@@||api2.branch.io^$important'
- '@@||www.navitime.co.jp^$important'
- '@@||minexmr.com^$important'
- '@@||secure.rat.rakuten.co.jp^$important'
- '@@||searchapi.agoda.com^$important'
- '@@||analytics.agoda.com^$important'
- '@@||go.menu.jp^$important'
- ""
-dhcp:
-  enabled: false
-  interface_name: ""
-  dhcpv4:
-    gateway_ip: ""
-    subnet_mask: ""
-    range_start: ""
-    range_end: ""
-    lease_duration: 86400
-    icmp_timeout_msec: 1000
-    options: []
-  dhcpv6:
-    range_start: ""
-    lease_duration: 86400
-    ra_slaac_only: false
-    ra_allow_slaac: false
-clients: []
-log_compress: false
-log_localtime: false
-log_max_backups: 0
-log_max_size: 100
-log_max_age: 3
-log_file: ""
-verbose: false
-schema_version: 7
				`@ -0,0 +1,2 @@`
				`files/AdGuardHome.yaml filter=git-crypt diff=git-crypt`