AdGuard Home - Network Wide Ad-Block
AdGuard Home - Ad-Blocking is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
Previously as i was using a ISP router i had multiple instances of AdGuard Home to ensure redudancy/HA however since i have now replaced my router with a Flint 2 (GL-MT6000) running OpenWRT i now run AdGuard Home directly on the router. although this is not HA, if the router is down, DNS would be the last of my issues.
Kubernetes Adguard Home Manifest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: adguard
app.kubernetes.io/instance: adguard
app.kubernetes.io/name: adguard
name: adguard
namespace: adguard
spec:
replicas: 3
selector:
matchLabels:
app: adguard
serviceName: adguard
template:
metadata:
labels:
app: adguard
app.kubernetes.io/name: adguard
spec:
nodeSelector:
worker: "true"
containers:
- image: adguard/adguardhome
name: adguard
ports:
- containerPort: 53
name: dns-udp
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 784
name: dns-quic
protocol: UDP
- containerPort: 853
name: dns-tls
protocol: TCP
- containerPort: 3000
name: http-initial
- containerPort: 80
name: http
protocol: TCP
volumeMounts:
- mountPath: /opt/adguardhome/work
name: config
subPath: "work"
- mountPath: /opt/adguardhome/conf
name: config
subPath: "conf"
restartPolicy: Always
volumeClaimTemplates:
- metadata:
name: config
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "longhorn"
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguard
name: adguard-primary
namespace: adguard
spec:
type: LoadBalancer
loadBalancerIP: 10.0.10.248
selector:
app: adguard
externalTrafficPolicy: Local
internalTrafficPolicy: Local
ports:
- protocol: UDP
port: 53
targetPort: 53
name: dns-udp
- protocol: TCP
port: 53
targetPort: 53
name: dns-tcp
- protocol: UDP
port: 784
targetPort: 784
name: dns-quic
- protocol: TCP
port: 853
targetPort: 853
name: dns-tls
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguard
name: adguard-secondary
namespace: adguard
spec:
type: LoadBalancer
loadBalancerIP: 10.0.10.249
selector:
app: adguard
externalTrafficPolicy: Local
internalTrafficPolicy: Local
ports:
- protocol: UDP
port: 53
targetPort: 53
name: dns-udp
- protocol: TCP
port: 53
targetPort: 53
name: dns-tcp
- protocol: UDP
port: 784
targetPort: 784
name: dns-quic
- protocol: TCP
port: 853
targetPort: 853
name: dns-tls
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguard-web
name: adguard-web
namespace: adguard
spec:
selector:
statefulset.kubernetes.io/pod-name: adguard-0
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguard-web1
name: adguard-web1
namespace: adguard
spec:
selector:
statefulset.kubernetes.io/pod-name: adguard-1
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguard-web2
name: adguard-web2
namespace: adguard
spec:
selector:
statefulset.kubernetes.io/pod-name: adguard-2
ports:
- protocol: TCP
port: 80
targetPort: 80
name: http
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: adguard
namespace: adguard
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`adguard.f9.casa`)
kind: Rule
services:
- name: adguard-web
port: 80
middlewares:
- name: default-headers
namespace: default
- name: authentik
namespace: authentik
- match: Host(`adguard0.f9.casa`)
kind: Rule
services:
- name: adguard-web
port: 80
middlewares:
- name: default-headers
namespace: default
- name: authentik
namespace: authentik
- match: Host(`adguard1.f9.casa`)
kind: Rule
services:
- name: adguard-web1
port: 80
middlewares:
- name: default-headers
namespace: default
- name: authentik
namespace: authentik
- match: Host(`adguard2.f9.casa`)
kind: Rule
services:
- name: adguard-web1
port: 80
middlewares:
- name: default-headers
namespace: default
tls:
secretName: f9-casa-tls
Kubernetes AdguardHome Sync Manifest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: adguardhome-sync
app.kubernetes.io/instance: adguardhome-sync
app.kubernetes.io/name: adguardhome-sync
name: adguardhome-sync
namespace: adguard
spec:
replicas: 1
selector:
matchLabels:
app: adguardhome-sync
template:
metadata:
labels:
app: adguardhome-sync
app.kubernetes.io/name: adguardhome-sync
spec:
nodeSelector:
worker: "true"
containers:
- image: ghcr.io/bakito/adguardhome-sync
name: adguardhome-sync
env:
- name: API_PORT
value: "8080"
- name: CRON
value: '*/10 * * * *'
- name: ORIGIN_PASSWORD
value: [REDACTED]
- name: ORIGIN_URL
value: http://adguard-web.adguard.svc.cluster.local
- name: ORIGIN_USERNAME
value: admin
- name: REPLICA1_PASSWORD
value: [REDACTED]
- name: REPLICA1_URL
value: http://adguard-web1.adguard.svc.cluster.local
- name: REPLICA1_USERNAME
value: admin
- name: REPLICA2_PASSWORD
value: [REDACTED]
- name: REPLICA2_URL
value: http://adguard-web2.adguard.svc.cluster.local
- name: REPLICA2_USERNAME
value: admin
- name: API_DARK_MODE
value: "true"
- name: RUN_ON_START
value: "true"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: adguardhome-sync
name: adguardhome-sync
namespace: adguard
spec:
ports:
- name: web-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: adguardhome-sync
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: adguardhome-sync
namespace: adguard
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`adguard-sync.f9.casa`)
kind: Rule
services:
- name: adguardhome-sync
port: 8080
middlewares:
- name: default-headers
namespace: default
- name: authentik
namespace: authentik
tls:
secretName: f9-casa-tls
Docker Compose
I use port mode “host” so i can get the correct IP Address for AdGuard Home
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
version: '3.9'
services:
adguardhome:
image: adguard/adguardhome
hostname: "adguard-"
networks:
- traefik-public
ports:
- target: 53
published: 53
protocol: tcp
mode: host
- target: 53
published: 53
protocol: udp
mode: host
- target: 784
published: 784
protocol: udp
mode: host
- target: 853
published: 853
protocol: tcp
mode: host
- target: 80
published: 3000
protocol: tcp
mode: host
- target: 3000
published: 3001
protocol: tcp
mode: host
volumes:
- /opt/adguardhome/work:/opt/adguardhome/work
- /opt/adguardhome/conf:/opt/adguardhome/conf
cap_add:
- NET_ADMIN
deploy:
labels:
- homepage.group=Networking
- homepage.name=Adguard Home
- homepage.icon=adguard-home.png
- homepage.href=https://adguard.f9.casa
- homepage.description=Media server
- homepage.siteMonitor=http://adguard-swarm-01
- homepage.weight=10000
- homepage.widget.type=adguard
- homepage.widget.url=http://adguard-swarm-01
- homepage.widget.username=admin
- homepage.widget.password=[REDACTED]
mode: global
adguardhome-sync:
image: ghcr.io/bakito/adguardhome-sync
networks:
- traefik-public
ports:
- 9651:8080
environment:
- ORIGIN_URL=http://adguard-swarm-01
- ORIGIN_USERNAME=admin
- ORIGIN_PASSWORD=[REDACTED]
- REPLICA1_URL=http://adguard-swarm-02
- REPLICA1_USERNAME=admin
- REPLICA1_PASSWORD=[REDACTED]
- REPLICA2_URL=http://adguard-swarm-03
- REPLICA2_USERNAME=admin
- REPLICA2_PASSWORD=[REDACTED]
- REPLICA3_URL=http://10.0.10.10:8083
- REPLICA3_USERNAME=admin
- REPLICA3_PASSWORD=[REDACTED]
- CRON=*/10 * * * * # run every 1 minutes
- RUN_ON_START=true
# Configure sync features; by default all features are enabled.
# - FEATURES_GENERALSETTINGS=true
# - FEATURES_QUERYLOGCONFIG=true
# - FEATURES_STATSCONFIG=true
# - FEATURES_CLIENTSETTINGS=true
# - FEATURES_SERVICES=true
# - FEATURES_FILTERS=true
# - FEATURES_DHCP_SERVERCONFIG=true
# - FEATURES_DHCP_STATICLEASES=true
# - FEATURES_DNS_SERVERCONFIG=true
# - FEATURES_DNS_ACCESSLISTS=true
# - FEATURES_DNS_REWRITES=true
- API_PORT=8080
deploy:
mode: replicated
placement:
constraints: [node.role == manager]
networks:
default:
driver: overlay
attachable: true
traefik-public:
external: true
This post is licensed under CC BY 4.0 by the author.