diff --git a/library/ix-dev/community/adguard-home/Chart.lock b/library/ix-dev/community/adguard-home/Chart.lock new file mode 100644 index 0000000000..f6cdf0a11f --- /dev/null +++ b/library/ix-dev/community/adguard-home/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.0.3 +digest: sha256:1a090020cfa582aff29906320874ffe9b543fcc6c2423c281f434514f2653e02 +generated: "2023-04-06T19:01:50.673798323+03:00" diff --git a/library/ix-dev/community/adguard-home/Chart.yaml b/library/ix-dev/community/adguard-home/Chart.yaml new file mode 100644 index 0000000000..3698135643 --- /dev/null +++ b/library/ix-dev/community/adguard-home/Chart.yaml @@ -0,0 +1,25 @@ +name: adguard-home +description: Free and open source, powerful network-wide ads & trackers blocking DNS server. +annotations: + title: AdGuard Home +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: 'v0.107.26' +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ +dependencies: + - name: common + repository: file://../../../common + version: 1.0.3 +home: https://github.com/AdguardTeam/AdGuardHome +icon: https://github.com/AdguardTeam/AdGuardHome/raw/master/doc/adguard_home_darkmode.svg +sources: + - https://github.com/AdguardTeam/AdGuardHome + - https://github.com/truenas/charts/tree/master/library/ix-dev/community/adguard-home + - https://hub.docker.com/r/adguard/adguardhome +keywords: + - dns + - adblock diff --git a/library/ix-dev/community/adguard-home/README.md b/library/ix-dev/community/adguard-home/README.md new file mode 100644 index 0000000000..24a6191698 --- /dev/null +++ b/library/ix-dev/community/adguard-home/README.md @@ -0,0 +1,12 @@ +# AdGuard Home + +During the setup wizard, AdGuard Home presents an option to select on which port the web interface will be available. +(Defaults to 80. Which is a privileged port and also usually the TrueNAS SCALE UI uses that port) +Because of that, App will force the webUI to listen to port 30000 (or the port selected by user in the TrueNAS SCALE UI). + +If you select a different port in the wizard, the Dashboard will not work initially but +after a couple of minutes container will automatically restart and the Dashboard will +be available on the port you selected on the TrueNAS SCALE UI. + +> - AdGuard runs as `root` user. +> - AdGuard runs with host networking enabled. diff --git a/library/ix-dev/community/adguard-home/app-readme.md b/library/ix-dev/community/adguard-home/app-readme.md new file mode 100644 index 0000000000..24a6191698 --- /dev/null +++ b/library/ix-dev/community/adguard-home/app-readme.md @@ -0,0 +1,12 @@ +# AdGuard Home + +During the setup wizard, AdGuard Home presents an option to select on which port the web interface will be available. +(Defaults to 80. Which is a privileged port and also usually the TrueNAS SCALE UI uses that port) +Because of that, App will force the webUI to listen to port 30000 (or the port selected by user in the TrueNAS SCALE UI). + +If you select a different port in the wizard, the Dashboard will not work initially but +after a couple of minutes container will automatically restart and the Dashboard will +be available on the port you selected on the TrueNAS SCALE UI. + +> - AdGuard runs as `root` user. +> - AdGuard runs with host networking enabled. diff --git a/library/ix-dev/community/adguard-home/charts/common-1.0.3.tgz b/library/ix-dev/community/adguard-home/charts/common-1.0.3.tgz new file mode 100644 index 0000000000..9b2580e5d1 Binary files /dev/null and b/library/ix-dev/community/adguard-home/charts/common-1.0.3.tgz differ diff --git a/library/ix-dev/community/adguard-home/ci/basic-values.yaml b/library/ix-dev/community/adguard-home/ci/basic-values.yaml new file mode 100644 index 0000000000..2ff4aa4e79 --- /dev/null +++ b/library/ix-dev/community/adguard-home/ci/basic-values.yaml @@ -0,0 +1,7 @@ +adguardStorage: + work: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/work + conf: + type: hostPath + hostPath: /mnt/{{ .Release.Name }}/conf diff --git a/library/ix-dev/community/adguard-home/item.yaml b/library/ix-dev/community/adguard-home/item.yaml new file mode 100644 index 0000000000..37bf743b48 --- /dev/null +++ b/library/ix-dev/community/adguard-home/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://github.com/AdguardTeam/AdGuardHome/raw/master/doc/adguard_home_darkmode.svg +categories: + - dns + - adblock diff --git a/library/ix-dev/community/adguard-home/questions.yaml b/library/ix-dev/community/adguard-home/questions.yaml new file mode 100644 index 0000000000..cb2919ed05 --- /dev/null +++ b/library/ix-dev/community/adguard-home/questions.yaml @@ -0,0 +1,181 @@ +groups: + - name: AdGuard Home Configuration + description: Configure AdGuard Home + # - name: User and Group Configuration + # description: Configure User and Group for AdGuard Home + - name: Network Configuration + description: Configure Network for AdGuard Home + - name: Storage Configuration + description: Configure Storage for AdGuard Home + - name: Resources Configuration + description: Configure Resources for AdGuard Home + +portals: + web_portal: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" + +questions: + # - variable: adguardRunAs + # label: "" + # group: User and Group Configuration + # schema: + # type: dict + # attrs: + # - variable: user + # label: User ID + # description: The user id that AdGuard Home will run as. + # schema: + # type: int + # min: 1 + # default: 568 + # required: true + # - variable: group + # label: Group ID + # description: The group id that AdGuard Home will run as. + # schema: + # type: int + # min: 1 + # default: 568 + # required: true + + - variable: adguardNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: webPort + label: Web Port + description: | + The port for the AdGuard Home WebUI. Set the same during the setup wizard. + In case you set a different port, you will need to stop/start the app for the + port set here to take effect. (Or wait for the container to restart automatically) + schema: + type: int + default: 30000 + min: 9000 + max: 65535 + required: true + - variable: enableDHCP + label: Enable DHCP + description: | + This will only append the needed capabilities for DHCP to work
+ The configuration for DHCP is done in the AdGuard Home WebUI + schema: + type: boolean + default: false + + - variable: adguardStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: work + label: AdGuard Home Data Storage + description: The path to store AdGuard Home work. + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: work + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + - variable: conf + label: AdGuard Home Configuration Storage + description: The path to store AdGuard Home configuration + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: datasetName + label: Dataset Name + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + hidden: true + immutable: true + default: conf + $ref: + - "normalize/ixVolume" + - variable: hostPath + label: Host Path + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + immutable: true + required: true + + - variable: resources + label: "" + group: Resources Configuration + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for AdGuard Home. + schema: + type: string + default: 4000m + required: true + - variable: memory + label: Memory + description: Memory limit for AdGuard Home. + schema: + type: string + default: 8Gi + required: true diff --git a/library/ix-dev/community/adguard-home/templates/NOTES.txt b/library/ix-dev/community/adguard-home/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/community/adguard-home/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/community/adguard-home/templates/_adguard.tpl b/library/ix-dev/community/adguard-home/templates/_adguard.tpl new file mode 100644 index 0000000000..98b3adbf19 --- /dev/null +++ b/library/ix-dev/community/adguard-home/templates/_adguard.tpl @@ -0,0 +1,105 @@ +{{- define "adguard.workload" -}} +workload: + adguard: + enabled: true + primary: true + type: Deployment + podSpec: + # Host network is pretty much a requirement for apps like this. + # Because NodePort can't bind ports like 53(DNS) or 67(DHCP) + # and the majority of devices do not have option to change the port. + hostNetwork: true + containers: + adguard: + enabled: true + primary: true + imageSelector: image + # Args are copied from the official docker image + # So we can also specify the port. + # If we dont specify the port here, AdGuardHome + # will start initially at port 3000 and after + # the setup wizard is completed it will switch + # to user specified port. + args: + - --no-check-update + - --host + - "0.0.0.0" + - --config + - /opt/adguardhome/conf/AdGuardHome.yaml + - --work-dir + - /opt/adguardhome/work + - --port + - {{ .Values.adguardNetwork.webPort | quote }} + # Setup wizard shows an option to select the port that AdGuardHome + # Web UI will listen on. If the user selects anything other than the `webPort`, + # container will reload its new configuration and listen to the user specified port. + # But user won't have access to it because the port is not exposed. Few seconds later + # probes will kill the container and restart it with the correct `webPort` port. + securityContext: + # FIXME: It might be able to run rootless, probably blocked by: + # https://github.com/AdguardTeam/AdGuardHome/issues/4681 + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + capabilities: + add: + - NET_BIND_SERVICE + {{ if .Values.adguardNetwork.enableDHCP }} + - NET_RAW + {{ end }} + # FIXME: Switch to exec probe after this issue is solved, also note that healthcheck + # is only available on "edge" tag, as of 27/03/2023 + # https://github.com/AdguardTeam/AdGuardHome/issues/3290#issuecomment-1485451976 + probes: + liveness: + enabled: true + type: http + path: / + port: {{ .Values.adguardNetwork.webPort }} + readiness: + enabled: true + type: http + path: / + port: {{ .Values.adguardNetwork.webPort }} + startup: + enabled: true + type: http + path: / + port: {{ .Values.adguardNetwork.webPort }} + {{/* # FIXME: Disabled until it can run as non-root + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" .Values.ipfsRunAs.user + "GID" .Values.ipfsRunAs.group + "type" "install") | nindent 8 }} + */}} + +{{/* Persistence */}} +persistence: + work: + enabled: true + type: {{ .Values.adguardStorage.work.type }} + datasetName: {{ .Values.adguardStorage.work.datasetName | default "" }} + hostPath: {{ .Values.adguardStorage.work.hostPath | default "" }} + targetSelector: + adguard: + adguard: + mountPath: /opt/adguardhome/work + {{/* # FIXME: See above + 01-permissions: + mountPath: /mnt/directories/work + */}} + conf: + enabled: true + type: {{ .Values.adguardStorage.conf.type }} + datasetName: {{ .Values.adguardStorage.conf.datasetName | default "" }} + hostPath: {{ .Values.adguardStorage.conf.hostPath | default "" }} + targetSelector: + adguard: + adguard: + mountPath: /opt/adguardhome/conf + {{/* # FIXME: See above + 01-permissions: + mountPath: /mnt/directories/conf + */}} +{{- end -}} diff --git a/library/ix-dev/community/adguard-home/templates/_portal.tpl b/library/ix-dev/community/adguard-home/templates/_portal.tpl new file mode 100644 index 0000000000..cce8ce8915 --- /dev/null +++ b/library/ix-dev/community/adguard-home/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "adguard.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: / + port: {{ .Values.adguardNetwork.webPort | quote }} + protocol: http + host: $node_ip +{{- end -}} diff --git a/library/ix-dev/community/adguard-home/templates/common.yaml b/library/ix-dev/community/adguard-home/templates/common.yaml new file mode 100644 index 0000000000..c0da7005d8 --- /dev/null +++ b/library/ix-dev/community/adguard-home/templates/common.yaml @@ -0,0 +1,9 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "adguard.workload" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "adguard.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/community/adguard-home/upgrade_strategy b/library/ix-dev/community/adguard-home/upgrade_strategy new file mode 100755 index 0000000000..ca1d31c97f --- /dev/null +++ b/library/ix-dev/community/adguard-home/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +RE_STABLE_VERSION = re.compile(r'v[0-9]+\.[0-9]+\.[0-9]+') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/community/adguard-home/values.yaml b/library/ix-dev/community/adguard-home/values.yaml new file mode 100644 index 0000000000..296e86c8fa --- /dev/null +++ b/library/ix-dev/community/adguard-home/values.yaml @@ -0,0 +1,28 @@ +image: + repository: adguard/adguardhome + tag: v0.107.26 + pullPolicy: IfNotPresent + +resources: + limits: + cpu: 4000m + memory: 8Gi + +adguardNetwork: + webPort: 30000 + enableDHCP: false + +# FIXME: See _adguard.tpl +# adguardRunAs: +# user: 568 +# group: 568 + +adguardStorage: + work: + type: ixVolume + hostPath: "" + datasetName: work + conf: + type: ixVolume + hostPath: "" + datasetName: conf