hassio-addons/addon-adguard-home
1
0
Fork 0
mirror of https://github.com/hassio-addons/addon-adguard-home.git synced 2025-05-03 18:51:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Initial add-on code (#1)

Browse source 
* 🎉 Initial add-on code

* 🔒 Adds support for the authentication API

* 🚑 Removes duplicate daemon statement from NGinx configuration

* 🚑 🔒 Fixes authentication bypass vulnerability

* 🔥 Removes BountySource links

* 🔥 Removes Anchore.io links

* 🎆 Updates maintenance year to 2019

* ⬆️ Upgrades nginx to 1.14.2-r0

* ⬆️ Upgrades nginx-mod-http-lua to 1.14.2-r0

* ⬆️ Upgrades AdGuard Home to 0.92

* 🎆 Updates maintenance year to 2019

* 🚜 🚀 Refactor of GitLab CI

* ⬆️ Upgrades AdGuard Home to v0.92-hotfix1

* Current status
This commit is contained in:
Franck Nijhof 2019-01-09 00:06:57 +01:00 committed by GitHub
parent 3f0795ebf6
commit a57a270e85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 983 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.editorconfig Executable file
View file

@ -0,0 +1,19 @@
root = true
[*]
charset = utf-8
end_of_line = lf
indent_style = space
insert_final_newline = true
trim_trailing_whitespace = true
ident_size = 4
[*.md]
ident_size = 2
trim_trailing_whitespace = false
[*.json]
ident_size = 2
[{.gitignore,.gitkeep,.editorconfig}]
ident_size = 2

0
.gitignore vendored Normal file
View file

14
.gitlab-ci.yml Normal file
View file

@ -0,0 +1,14 @@
---
include: https://raw.githubusercontent.com/hassio-addons/organization/master/gitlabci/addon.yml
variables:
ADDON_GITHUB_REPO: "hassio-addons/addon-adguard-home"
ADDON_SLUG: "adguard"
ADDON_TARGET: "adguard"
ADDON_ARMV7: "false"
ADDON_AARCH64_BASE: "hassioaddons/base-aarch64:2.3.1"
ADDON_AMD64_BASE: "hassioaddons/base-amd64:2.3.1"
ADDON_ARMHF_BASE: "hassioaddons/base-armhf:2.3.1"
ADDON_I386_BASE: "hassioaddons/base-i386:2.3.1"

1
.mdlrc Normal file
View file

@ -0,0 +1 @@
rules "~MD024"

66
.yamllint Normal file
View file

@ -0,0 +1,66 @@
---
rules:
braces:
level: error
min-spaces-inside: 0
max-spaces-inside: 1
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
brackets:
level: error
min-spaces-inside: 0
max-spaces-inside: 0
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
colons:
level: error
max-spaces-before: 0
max-spaces-after: 1
commas:
level: error
max-spaces-before: 0
min-spaces-after: 1
max-spaces-after: 1
comments:
level: error
require-starting-space: true
min-spaces-from-content: 2
comments-indentation:
level: error
document-end:
level: error
present: false
document-start:
level: error
present: true
empty-lines:
level: error
max: 1
max-start: 0
max-end: 1
hyphens:
level: error
max-spaces-after: 1
indentation:
level: error
spaces: 2
indent-sequences: true
check-multi-line-strings: false
key-duplicates:
level: error
line-length:
ignore: |
.github/support.yml
level: warning
max: 120
allow-non-breakable-words: true
allow-non-breakable-inline-mappings: true
new-line-at-end-of-file:
level: error
new-lines:
level: error
type: unix
trailing-spaces:
level: error
truthy:
level: error

74
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,74 @@
# Code of conduct
## Our pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
nationality, personal appearance, race, religion, or sexual identity and
orientation.
## Our standards
Examples of behavior that contributes to creating a positive environment
include:
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
- The use of sexualized language or imagery and unwelcome sexual attention
or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or
electronic address, without explicit permission
- Other conduct which could reasonably be considered inappropriate
in a professional setting
## Our responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project lead at frenck@addons.community. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project lead is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/

29
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,29 @@
# Contributing
When contributing to this repository, please first discuss the change you wish
to make via issue, email, or any other method with the owners of this repository
before making a change.
Please note we have a code of conduct, please follow it in all your interactions
with the project.
## Issues and feature requests
You've found a bug in the source code, a mistake in the documentation or maybe
you'd like a new feature? You can help us by submitting an issue to our
[GitHub Repository][github]. Before you create an issue, make sure you search
the archive, maybe your question was already answered.
Even better: You could submit a pull request with a fix / new feature!
## Pull request process
1. Search our repository for open or closed [pull requests][prs] that relates
to your submission. You don't want to duplicate effort.
1. You may merge the pull request in once you have the sign-off of two other
developers, or if you do not have permission to do that, you may request
the second reviewer to merge it for you.
[github]: https://github.com/hassio-addons/addon-adguard-home/issues
[prs]: https://github.com/hassio-addons/addon-adguard-home/pulls

21
LICENSE.md Normal file
View file

@ -0,0 +1,21 @@
# MIT License
Copyright (c) 2019 Franck Nijhof
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

225
README.md Normal file
View file

@ -0,0 +1,225 @@
# Community Hass.io Add-ons: AdGuard Home
[![GitHub Release][releases-shield]][releases]
![Project Stage][project-stage-shield]
[![License][license-shield]](LICENSE.md)
[![GitLab CI][gitlabci-shield]][gitlabci]
![Project Maintenance][maintenance-shield]
[![GitHub Activity][commits-shield]][commits]
[![Discord][discord-shield]][discord]
[![Community Forum][forum-shield]][forum]
[![Buy me a coffee][buymeacoffee-shield]][buymeacoffee]
[![Support my work on Patreon][patreon-shield]][patreon]
Network-wide ads & trackers blocking DNS server.
![The AdGuard Home Hass.io add-on](images/screenshot.png)
## About
Lorem ipsum.
## Installation
The installation of this add-on is pretty straightforward and not different in
comparison to installing any other Hass.io add-on.
1. [Add our Hass.io add-ons repository][repository] to your Hass.io instance.
1. Install the "AdGuard Home" add-on.
1. Start the "AdGuard Home" add-on.
1. Check the logs of the "AdGuard Home" to see if everything went well.
1. Click the "OPEN WEB UI" button and log in with your Home Assistant account.
1. Ready to go!
**NOTE**: Do not add this repository to Hass.io, please use:
`https://github.com/hassio-addons/repository`.
## Docker status
![Supports armhf Architecture][armhf-shield]
![Supports aarch64 Architecture][aarch64-shield]
![Supports amd64 Architecture][amd64-shield]
![Supports i386 Architecture][i386-shield]
[![Docker Layers][layers-shield]][microbadger]
[![Docker Pulls][pulls-shield]][dockerhub]
## Configuration
**Note**: _Remember to restart the add-on when the configuration is changed._
Example add-on configuration:
```json
{
"log_level": "info",
"ssl": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
}
```
**Note**: _This is just an example, don't copy and paste it! Create your own!_
### Option: `log_level`
The `log_level` option controls the level of log output by the addon and can
be changed to be more or less verbose, which might be useful when you are
dealing with an unknown issue. Possible values are:
- `trace`: Show every detail, like all called internal functions.
- `debug`: Shows detailed debug information.
- `info`: Normal (usually) interesting events.
- `warning`: Exceptional occurrences that are not errors.
- `error`: Runtime errors that do not require immediate action.
- `fatal`: Something went terribly wrong. Add-on becomes unusable.
Please note that each level automatically includes log messages from a
more severe level, e.g., `debug` also shows `info` messages. By default,
the `log_level` is set to `info`, which is the recommended setting unless
you are troubleshooting.
### Option: `ssl`
Enables/Disables SSL (HTTPS) on the add-on. Set it `true` to enable it,
`false` otherwise.
### Option: `certfile`
The certificate file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is default for Hass.io_
### Option: `keyfile`
The private key file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is default for Hass.io_
### Option: `leave_front_door_open`
Adding this option to the add-on configuration allows you to disable
authentication on the AdGuard Home by setting it to `true`.
**Note**: _We STRONGLY suggest, not to use this, even if this add-on is
only exposed to your internal network. USE AT YOUR OWN RISK!_
## Known issues and limitations
- Lorem ipsum.
## Changelog & Releases
This repository keeps a change log using [GitHub's releases][releases]
functionality. The format of the log is based on
[Keep a Changelog][keepchangelog].
Releases are based on [Semantic Versioning][semver], and use the format
of ``MAJOR.MINOR.PATCH``. In a nutshell, the version will be incremented
based on the following:
- ``MAJOR``: Incompatible or major changes.
- ``MINOR``: Backwards-compatible new features and enhancements.
- ``PATCH``: Backwards-compatible bugfixes and package updates.
## Support
Got questions?
You have several options to get them answered:
- The [Community Hass.io Add-ons Discord chat server][discord] for add-on
support and feature requests.
- The [Home Assistant Discord chat server][discord-ha] for general Home
Assistant discussions and questions.
- The Home Assistant [Community Forum][forum].
- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit]
You could also [open an issue here][issue] GitHub.
## Contributing
This is an active open-source project. We are always open to people who want to
use the code or contribute to it.
We have set up a separate document containing our
[contribution guidelines](CONTRIBUTING.md).
Thank you for being involved! :heart_eyes:
## Authors & contributors
The original setup of this repository is by [Franck Nijhof][frenck].
For a full list of all authors and contributors,
check [the contributor's page][contributors].
## We have got some Hass.io add-ons for you
Want some more functionality to your Hass.io Home Assistant instance?
We have created multiple add-ons for Hass.io. For a full list, check out
our [GitHub Repository][repository].
## License
MIT License
Copyright (c) 2019 Franck Nijhof
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
[armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg
[buymeacoffee-shield]: https://www.buymeacoffee.com/assets/img/guidelines/download-assets-sm-2.svg
[buymeacoffee]: https://www.buymeacoffee.com/frenck
[commits-shield]: https://img.shields.io/github/commit-activity/y/hassio-addons/addon-adguard-home.svg
[commits]: https://github.com/hassio-addons/addon-adguard-home/commits/master
[contributors]: https://github.com/hassio-addons/addon-adguard-home/graphs/contributors
[discord-ha]: https://discord.gg/c5DvZ4e
[discord-shield]: https://img.shields.io/discord/478094546522079232.svg
[discord]: https://discord.me/hassioaddons
[dockerhub]: https://hub.docker.com/r/hassioaddons/adguard
[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
[forum]: https://community.home-assistant.io/?u=frenck
[frenck]: https://github.com/frenck
[gitlabci-shield]: https://gitlab.com/hassio-addons/addon-adguard-home/badges/master/pipeline.svg
[gitlabci]: https://gitlab.com/hassio-addons/addon-adguard-home/pipelines
[home-assistant]: https://home-assistant.io
[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
[issue]: https://github.com/hassio-addons/addon-adguard-home/issues
[keepchangelog]: http://keepachangelog.com/en/1.0.0/
[layers-shield]: https://images.microbadger.com/badges/image/hassioaddons/adguard.svg
[license-shield]: https://img.shields.io/github/license/hassio-addons/addon-adguard-home.svg
[maintenance-shield]: https://img.shields.io/maintenance/yes/2019.svg
[microbadger]: https://microbadger.com/images/hassioaddons/adguard
[patreon-shield]: https://www.frenck.nl/images/patreon.png
[patreon]: https://www.patreon.com/frenck
[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
[pulls-shield]: https://img.shields.io/docker/pulls/hassioaddons/adguard.svg
[reddit]: https://reddit.com/r/homeassistant
[releases-shield]: https://img.shields.io/github/release/hassio-addons/addon-adguard-home.svg
[releases]: https://github.com/hassio-addons/addon-adguard-home/releases
[repository]: https://github.com/hassio-addons/repository
[semver]: http://semver.org/spec/v2.0.0.htm

70
adguard/.README.j2 Normal file
View file

@ -0,0 +1,70 @@
# Community Hass.io Add-ons: AdGuard Home
[![Release][release-shield]][release] ![Project Stage][project-stage-shield] ![Project Maintenance][maintenance-shield]
[![Discord][discord-shield]][discord] [![Community Forum][forum-shield]][forum]
[![Buy me a coffee][buymeacoffee-shield]][buymeacoffee]
[![Support my work on Patreon][patreon-shield]][patreon]
Network-wide ads & trackers blocking DNS server.
## About
Lorem ipsum.
[Click here for the full documentation][docs]
{% if channel == "edge" %}
## WARNING! THIS IS AN EDGE VERSION!
This Hass.io Add-ons repository contains edge builds of add-ons. Edge builds
add-ons are based upon the latest development version.
- They may not work at all.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
- Developers.
If you are more interested in stable releases of our add-ons:
<https://github.com/hassio-addons/repository>
{% endif %}
{% if channel == "beta" %}
## WARNING! THIS IS A BETA VERSION!
This Hass.io Add-ons repository contains beta releases of add-ons.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
If you are more interested in stable releases of our add-ons:
<https://github.com/hassio-addons/repository>
{% endif %}
[buymeacoffee-shield]: https://www.buymeacoffee.com/assets/img/guidelines/download-assets-sm-2.svg
[buymeacoffee]: https://www.buymeacoffee.com/frenck
[discord-shield]: https://img.shields.io/discord/478094546522079232.svg
[discord]: https://discord.me/hassioaddons
[docs]: {{ repo }}/blob/{{ version }}/README.md
[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
[forum]: https://community.home-assistant.io/?u=frenck
[maintenance-shield]: https://img.shields.io/maintenance/yes/2019.svg
[patreon-shield]: https://www.frenck.nl/images/patreon.png
[patreon]: https://www.patreon.com/frenck
[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
[release-shield]: https://img.shields.io/badge/version-{{ version }}-blue.svg
[release]: {{ repo }}/tree/{{ version }}

53
adguard/Dockerfile Executable file
View file

@ -0,0 +1,53 @@
ARG BUILD_FROM=hassioaddons/base:2.3.0
# hadolint ignore=DL3006
FROM ${BUILD_FROM}
# Set shell
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Setup base
ARG BUILD_ARCH=amd64
# hadolint ignore=DL3003
RUN \
apk add --no-cache \
lua-resty-http=0.12-r1 \
nginx-mod-http-lua=1.14.2-r0 \
nginx=1.14.2-r0 \
\
&& if [[ "${BUILD_ARCH}" = "aarch64" ]]; then ARCH="arm64"; fi \
&& if [[ "${BUILD_ARCH}" = "amd64" ]]; then ARCH="amd64"; fi \
&& if [[ "${BUILD_ARCH}" = "armhf" ]]; then ARCH="arm"; fi \
&& if [[ "${BUILD_ARCH}" = "i386" ]]; then ARCH="386"; fi \
\
&& mkdir /opt \
&& curl -L -s \
"https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.92-hotfix1/AdGuardHome_v0.92-hotfix1_linux_${ARCH}.tar.gz" \
| tar zxvf - -C /opt/ \
&& chmod a+x /opt/AdGuardHome/AdGuardHome
# Copy root filesystem
COPY rootfs /
# Build arugments
ARG BUILD_ARCH
ARG BUILD_DATE
ARG BUILD_REF
ARG BUILD_VERSION
# Labels
LABEL \
io.hass.name="AdGuard Home" \
io.hass.description="Network-wide ads & trackers blocking DNS server" \
io.hass.arch="${BUILD_ARCH}" \
io.hass.type="addon" \
io.hass.version=${BUILD_VERSION} \
maintainer="Franck Nijhof <frenck@addons.community>" \
org.label-schema.description="Network-wide ads & trackers blocking DNS server" \
org.label-schema.build-date=${BUILD_DATE} \
org.label-schema.name="Adguard Home" \
org.label-schema.schema-version="1.0" \
org.label-schema.url="https://community.home-assistant.io/?u=frenck" \
org.label-schema.usage="https://github.com/hassio-addons/addon-adguard-home/tree/master/README.md" \
org.label-schema.vcs-ref=${BUILD_REF} \
org.label-schema.vcs-url="https://github.com/hassio-addons/addon-adguard-home" \
org.label-schema.vendor="Community Hass.io Add-ons"

9
adguard/build.json Normal file
View file

@ -0,0 +1,9 @@
{
"build_from": {
"aarch64": "hassioaddons/base-aarch64:2.3.0",
"amd64": "hassioaddons/base-amd64:2.3.0",
"armhf": "hassioaddons/base-armhf:2.3.0",
"i386": "hassioaddons/base-i386:2.3.0"
},
"args": {}
}

44
adguard/config.json Executable file
View file

@ -0,0 +1,44 @@
{
"name": "AdGuard Home",
"version": "dev",
"slug": "adguard",
"description": "Network-wide ads & trackers blocking DNS server.",
"url": "https://github.com/hassio-addons/addon-adguard-home",
"webui": "[PROTO:ssl]://[HOST]:[PORT:3210]",
"startup": "services",
"arch": [
"aarch64",
"amd64",
"armhf",
"i386"
],
"boot": "auto",
"hassio_api": true,
"hassio_role": "default",
"auth_api": true,
"homeassistant_api": false,
"host_network": true,
"map": [
"ssl"
],
"options": {
"log_level": "info",
"dns_port": 53,
"admin_port": 3210,
"ssl": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"schema": {
"log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)",
"dns_port": "port",
"admin_port": "port",
"ssl": "bool",
"certfile": "str",
"keyfile": "str",
"leave_front_door_open": "bool?"
},
"environment": {
"LOG_FORMAT": "{LEVEL}: {MESSAGE}"
}
}

BIN
adguard/icon.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
adguard/logo.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 KiB

2
adguard/rootfs/etc/adguard/AdGuardHome.yaml Normal file
View file

@ -0,0 +1,2 @@
dns:
port: 53

9
adguard/rootfs/etc/cont-finish.d/20-binary.sh Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Remove executable from the data folder on shutdown.
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
rm -f /data/AdGuardHome

26
adguard/rootfs/etc/cont-init.d/10-requirements.sh Normal file
View file

@ -0,0 +1,26 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# This files check if all user configuration requirements are met
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
# Check SSL requirements, if enabled
if hass.config.true 'ssl'; then
if ! hass.config.has_value 'certfile'; then
hass.die 'SSL is enabled, but no certfile was specified'
fi
if ! hass.config.has_value 'keyfile'; then
hass.die 'SSL is enabled, but no keyfile was specified'
fi
if ! hass.file_exists "/ssl/$(hass.config.get 'certfile')"; then
hass.die 'The configured certfile is not found'
fi
if ! hass.file_exists "/ssl/$(hass.config.get 'keyfile')"; then
hass.die 'The configured keyfile is not found'
fi
fi

25
adguard/rootfs/etc/cont-init.d/11-nginx.sh Normal file
View file

@ -0,0 +1,25 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Configures NGINX for use with the AdGuard Home server
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
declare certfile
declare keyfile
declare port
if hass.config.true 'ssl'; then
rm /etc/nginx/nginx.conf
mv /etc/nginx/nginx-ssl.conf /etc/nginx/nginx.conf
certfile=$(hass.config.get 'certfile')
keyfile=$(hass.config.get 'keyfile')
sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/nginx.conf
sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/nginx.conf
fi
port=$(hass.config.get 'admin_port')
sed -i "s/%%adminport%%/${port}/g" /etc/nginx/nginx.conf

9
adguard/rootfs/etc/cont-init.d/20-binary.sh Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Place executable into the data folder on startup.
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
cp -f /opt/AdGuardHome/AdGuardHome /data/AdGuardHome

20
adguard/rootfs/etc/cont-init.d/21-config.sh Normal file
View file

@ -0,0 +1,20 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Handles configuration
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
readonly CONFIG="/data/AdGuardHome.yaml"
declare port
if ! hass.file_exists "${CONFIG}"; then
cp /etc/adguard/AdGuardHome.yaml "${CONFIG}"
fi
port=$(hass.config.get "dns_port")
yq write --inplace "${CONFIG}" \
'dns.port' "${port}" \
|| hass.die 'Failed updating AdGuardHome DNS port'

83
adguard/rootfs/etc/nginx/ha-auth.lua Normal file
View file

@ -0,0 +1,83 @@
local http = require "resty.http"
local auths = ngx.shared.auths
function authenticate()
--- Test Authentication header is set and with a value
local header = ngx.req.get_headers()['Authorization']
if header == nil or header:find(" ") == nil then
return false
end
local divider = header:find(' ')
if header:sub(0, divider-1) ~= 'Basic' then
return false
end
local auth = ngx.decode_base64(header:sub(divider+1))
if auth == nil or auth:find(':') == nil then
return false
end
divider = auth:find(':')
local username = auth:sub(0, divider-1)
local password = auth:sub(divider+1)
--- Check if authentication is cached
if auths:get(username) == password then
ngx.log(ngx.DEBUG, "Authenticated user against Home Assistant (cache).")
return true
end
--- HTTP request against Hassio API
local httpc = http.new()
local res, err = httpc:request_uri("http://hassio/auth", {
method = "POST",
body = ngx.encode_args({["username"]=username, ["password"]=password}),
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
["X-HASSIO-KEY"] = os.getenv("HASSIO_TOKEN"),
},
keepalive_timeout = 60,
keepalive_pool = 10
})
--- Error during API request
if err then
ngx.log(ngx.WARN, "Error during Hassio user authentication.", err)
return false
end
--- No result? Something went wrong...
if not res then
ngx.log(ngx.WARN, "Error during Hassio user authentication.")
return false
end
--- Valid response, the username/password is valid
if res.status == 200 then
ngx.log(ngx.INFO, "Authenticated user against Home Assistant.")
auths:set(username, password, 60)
return true
end
--- Whatever the response is, it is invalid
ngx.log(ngx.WARN, "Authentication against Home Assistant failed!")
return false
end
-- Only authenticate if its not disabled
if not os.getenv('DISABLE_HA_AUTHENTICATION') then
--- Try to authenticate against HA
local authenticated = authenticate()
--- If authentication failed, throw a basic auth
if not authenticated then
ngx.header.content_type = 'text/plain'
ngx.header.www_authenticate = 'Basic realm="Home Assistant"'
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say('401 Access Denied')
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
end

79
adguard/rootfs/etc/nginx/nginx-ssl.conf Normal file
View file

@ -0,0 +1,79 @@
worker_processes 1;
pid /var/run/nginx.pid;
error_log /dev/stdout info;
env HASSIO_TOKEN;
env DISABLE_HA_AUTHENTICATION;
load_module "/usr/lib/nginx/modules/ndk_http_module.so";
load_module "/usr/lib/nginx/modules/ngx_http_lua_module.so";
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
proxy_read_timeout 1200;
gzip on;
gzip_disable "msie6";
lua_shared_dict auths 16k;
resolver 172.30.32.2;
upstream adguard {
ip_hash;
server 127.0.0.1:37043;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen %%adminport%% default_server ssl;
server_name _;
access_log /dev/stdout combined;
client_max_body_size 4G;
keepalive_timeout 5;
ssl on;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
root /dev/null;
location / {
access_by_lua_file /etc/nginx/ha-auth.lua;
proxy_redirect off;
proxy_pass http://adguard;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
}

62
adguard/rootfs/etc/nginx/nginx.conf Normal file
View file

@ -0,0 +1,62 @@
worker_processes 1;
pid /var/run/nginx.pid;
error_log /dev/stdout info;
env HASSIO_TOKEN;
env DISABLE_HA_AUTHENTICATION;
load_module "/usr/lib/nginx/modules/ndk_http_module.so";
load_module "/usr/lib/nginx/modules/ngx_http_lua_module.so";
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
proxy_read_timeout 1200;
gzip on;
gzip_disable "msie6";
lua_shared_dict auths 16k;
resolver 172.30.32.2;
upstream adguard {
ip_hash;
server 127.0.0.1:37043;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen %%adminport%% default_server;
server_name _;
access_log /dev/stdout combined;
client_max_body_size 4G;
keepalive_timeout 5;
root /dev/null;
location / {
access_by_lua_file /etc/nginx/ha-auth.lua;
proxy_redirect off;
proxy_pass http://adguard;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
}

9
adguard/rootfs/etc/services.d/adguard/finish Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/execlineb -S0
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Take down the S6 supervision tree when AdGuard fails
# ==============================================================================
if -n { s6-test $# -ne 0 }
if -n { s6-test ${1} -eq 256 }
s6-svscanctl -t /var/run/s6/services

16
adguard/rootfs/etc/services.d/adguard/run Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Runs the AdGuard Homee server
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
declare -a options
options+=(--port 37043)
options+=(--host 127.0.0.1)
# RUN AdGuard Home server
cd /data || exit
exec ./AdGuardHome "${options[@]}"

9
adguard/rootfs/etc/services.d/nginx/finish Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/execlineb -S0
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Take down the S6 supervision tree when Nginx fails
# ==============================================================================
if -n { s6-test $# -ne 0 }
if -n { s6-test ${1} -eq 256 }
s6-svscanctl -t /var/run/s6/services

9
adguard/rootfs/etc/services.d/nginx/run Normal file
View file

@ -0,0 +1,9 @@
#!/usr/bin/with-contenv bash
# ==============================================================================
# Community Hass.io Add-ons: AdGuard Home
# Runs the Nginx daemon
# ==============================================================================
# shellcheck disable=SC1091
source /usr/lib/hassio-addons/base.sh
exec nginx -g "daemon off;"