ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
82c5f35eda
ansible/roles/adguard-home/defaults/main.yaml
ace 82c5f35eda
add short names 
add publish conditions for services

use official gitea helm chart
2021-01-25 21:04:57 +03:00

278 lines
8.1 KiB
YAML
Raw Blame History

adguard_enabled: false
adguard_publish: false
adguard_short_name: "adguard"
adguard_default_values:
# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: RollingUpdate
configAsCode:
enabled: true
resources: {}
# requests:
# memory: 128Mi
# cpu: 100m
image:
repository: busybox
tag: latest
pullPolicy: Always
config:
bind_host: 0.0.0.0
bind_port: 3000
users:
- name: admin
password: "{{ adguard_admin_htpasswd_hash }}"
http_proxy: ""
language: "en"
rlimit_nofile: 0
debug_pprof: false
web_session_ttl: 720
dns:
bind_host: 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_interval: 90
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 0
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
allowed_clients: []
# - 10.0.0.1
# - 10.0.1.1/24
disallowed_clients: []
# - 10.0.1.1
# - 10.0.11.1/24
blocked_hosts: []
# - example.org
# - '*.example.org'
# - '||example.org^'
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
filtering_enabled: true
filters_update_interval: 8
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
# - domain: example.org
# answer: 127.0.0.1
# - domain: '*.example.org'
# answer: 127.0.0.1
blocked_services:
- facebook
- origin
- twitter
- snapchat
- skype
- whatsapp
- instagram
- youtube
- netflix
- twitch
- discord
- amazon
- ebay
- cloudflare
- steam
- epic_games
- reddit
- ok
- vk
- mail_ru
- tiktok
tls:
enabled: true
server_name: "{{ adguard_dns_name | default('dns.' + domain) }}"
force_https: false
port_https: 443
port_dns_over_tls: 853
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: ""
private_key: ""
certificate_path: "/certs/tls.crt"
private_key_path: "/certs/tls.key"
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: false
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
whitelist_filters: []
# - enabled: true
# url: https://easylist-downloads.adblockplus.org/exceptionrules.txt
# name: Allow nonintrusive advertising
# id: 1595760241
user_rules: []
# - '||example.org^'
# - '@@||example.org^'
# - 127.0.0.1 example.org
# - '! Here goes a comment'
# - '# Also a comment'
dhcp:
enabled: false
interface_name: ""
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
# - name: myuser
# tags:
# - user_admin
# ids:
# - 192.168.91.1
# use_global_settings: true
# filtering_enabled: false
# parental_enabled: false
# safesearch_enabled: false
# safebrowsing_enabled: false
# use_global_blocked_services: true
# blocked_services: []
# upstreams: []
log_file: ""
verbose: false
schema_version: 6
tlsSecretName: "{{ adguard_dns_name | default('dns.' + domain) }}-secret"
timezone: "UTC"
ingress:
enabled: true
annotations:
cert-manager.io/acme-challenge-type: dns01
cert-manager.io/acme-dns01-provider: rfc2136
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}"
kubernetes.io/tls-acme: "true"
path: /
hosts:
- "{{ adguard_short_name }}.{{ domain }}"
tls:
- secretName: "{{ adguard_short_name }}.{{ domain }}-tls"
hosts:
- "{{ adguard_short_name }}adguard.{{ domain }}"
service:
type: ClusterIP
# externalTrafficPolicy: Local
# externalIPs: []
# loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations:
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceTCP:
enabled: true
type: LoadBalancer
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: "{{ adguard_loadbalancer_ip }}"
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations:
# metallb.universe.tf/address-pool: network-services
metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceUDP:
enabled: true
type: LoadBalancer
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: "{{ adguard_loadbalancer_ip }}"
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations:
# metallb.universe.tf/address-pool: network-services
metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverTLS:
enabled: true
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: LoadBalancer
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: "{{ adguard_loadbalancer_ip }}"
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations:
# metallb.universe.tf/address-pool: network-services
metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverHTTPS:
enabled: true
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: LoadBalancer
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: "{{ adguard_loadbalancer_ip }}"
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations:
# metallb.universe.tf/address-pool: network-services
metallb.universe.tf/allow-shared-ip: adguard-home-svc
external-dns.alpha.kubernetes.io/hostname: "{{ adguard_dns_name | default('dns.' + domain) }}"
serviceDHCP:
enabled: false
## Enable if you use AdGuard as a DHCP Server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
persistence:
config:
enabled: true
accessMode: "{{ adguard_config_storage_mode | default('ReadWriteMany') }}"
size: "{{ adguard_config_size | default('20Mi') }}"
storageClass: "{{ adguard_config_storage | default('nfs-ssd') }}"
## Do not delete the pvc upon helm uninstall
skipuninstall: false
work:
enabled: true
accessMode: "{{ adguard_work_storage_mode | default('ReadWriteMany') }}"
size: "{{ adguard_work_size | default('10Gi') }}"
storageClass: "{{ adguard_work_storage | default('nfs-ssd') }}"
## Do not delete the pvc upon helm uninstall
skipuninstall: false
Reference in New Issue View Git Blame Copy Permalink