Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'shoddyguard-adguard', '0.2.0'Learn more about managing modules with a PuppetfileDocumentation
Puppet-Adguard
A Puppet module for installing and managing AdGuard Home
Module description
This module will install and configure AdGuard Home on a node, it largely uses the defaults provided by AdGuard Home in a typical installation.
This module manages AdGuard by manipulating the AdGuardHome.yaml file.
This module has been tested on the following platforms:
- Ubuntu 20.04
- Ubuntu 18.04
- Debian 9
Setup
The below demonstrates a minimum configuration:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}]
}
This will download AdGuardHome and install it with default parameters and provide access to the user user with a password of password.
Note: AdGuard requires the password to be in BCrypt-encrypted format, to get a compatible string you can run the following from a terminal:
htpasswd -bnBC 10 "" MY_NEW_PASS | tr -d ':'
Usage
Configuring listeners
By default the WebUI is configured to listen on port 80 and DNS on port 53, they are also both bound to listen on all interfaces (0.0.0.0)
You may wish to change this to suit your needs:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
webui_interface => '192.168.33.33',
webui_port => 3000,
dns_interface => '127.0.0.1',
dns_port => 5353,
}
This would configure the webui to be available on port 3000 on interface 192.168.33.33, meaning to get to the WebUI you would need to visit http://192.168.33.33:3000.
It would also configure the DNS server to listen on port 5353 on localhost only, meaning you would only be able to query DNS locally on this node and would need to specify port 5353 (eg 127.0.0.1#5353)
Managing filters
By default this module configures the standard AdGuard filter entries:
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txthttps://adaway.org/hosts.txthttps://www.malwaredomainlist.com/hostslist/hosts.txt
However you may wish to set your own:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
filters =>
[
{
name => 'My Custom List',
url => 'https://example.com/hosts.txt',
enable => true,
},
{
name => 'Another Custom List',
url => 'https://foo.com/list.txt',
enable => true,
}
]
}
A hiera example:
adguard::filters:
- name: 'My Custom List'
url: 'https://example.com/hosts.txt'
enable: true
- name: 'Another Custom List'
url: https://foo.com/list.txt'
enable: true
Note: defining your own lists will replace all the default entries, if you wish to keep them make sure to specify them in your configuration.
Setting upstream DNS
By default the module configures the following upstream DNS server:
https://dns10.quad9.net/dns-query
You may wish to change this to your liking:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
upstream_dns => ['9.9.9.9','8.8.8.8']
or via hiera:
adguard::upstream_dns:
- '9.9.9.9'
- '8.8.8.8'
Note: when specifying HTTP(S) servers AdGuard may need to call out to a bootstrap server to be able to resolve the IP address for the upstream server.
By default the following bootstrap servers are configured:
- '9.9.9.10'
- '149.112.112.10'
- '2620:fe::10'
- '2620:fe::fe:10'
These can be changed by changing the bootstrap_dns parameter.
Configuring client overrides
You may wish to have some clients get a different set of settings rather than the global defaults, you can use the adguard::clinets parameter to specify these:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
clients => [{
name => 'My Laptop',
tags => ['my_tag'],
ids => ['00:1B:44:11:3A:B7'],
use_global_settings => false,
filtering_enabled => true,
parental_enabled => false,
safesearch_enabled => false,
use_global_blocked_services => false,
blocked_services => ['Facebook'],
upstreams => ['8.8.8.8']
}]
For more information on this please see the official AdGuard documentation
Configuring DHCP
AdGuard Home supports acting as a DHCP server and as of v0.2.0 this module allows for configuration of those options.
To enable DHCP you would need to set enable_dhcp to true, specify a dhcp_interface and then specify your dhcp_v4_options/dhcp_v6_options
Example:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
enable_dhcp => true,
dhcp_interface => 'eth0',
dhcp_v4_options => {
gateway_ip => '192.168.1.1',
subnet_mask => '255.255.255.0',
range_start => '192.168.1.2',
range_end => '192.168.1.20',
lease_duration => 86400, # in seconds
}
If you'd like to enable special DHCP options this can be done via the options parameter, these should be given as CODE hex HEX_VALUE (eg 6 hex 0102030401020305).
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
enable_dhcp => true,
dhcp_interface => 'eth0',
dhcp_v4_options => {
gateway_ip => '192.168.1.1',
subnet_mask => '255.255.255.0',
range_start => '192.168.1.2',
range_end => '192.168.1.20',
lease_duration => 86400, # in seconds
options => [
'6 hex 0102030401020305'
],
}
For more information see the official AdGuard documentation
TLS Configuration
As of v0.2.0 this module now supports setting the TLS settings in Adguard. This remains largely untested so use with caution and please report any issues on the module repository.
A basic configuration would look like:
class {'adguard':
users => [{
username => 'user',
password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe',
}],
enable_tls => true,
tls_options => {
server_name => 'adguard-test.com',
force_https => false,
port_https => 443,
port_dns_over_tls => 853,
port_dns_over_quic => 784,
port_dnscrypt => 0,
allow_unencrypted_doh => false,
strict_sni_check => false,
certificate_path => '/root/cert.pem',
private_key_path => '/root/key.pem',
}
More information on these settings can be found in the official AdGuard docs
Know Limitations
Configuration overwriting itself/Disabling configuration file management
Due to the fact this module manages configuration of AdGuard by manipulating the AdGuardHome.yaml file there may be instances where Puppet fights against AdGuard Home with both trying to change the contents of the file.
This is only likely to happen when AdGuard have made changes to the way in which the configuration file is constructed (for example a new parameter has been added, or an existing one modified during an update).
To get around this you can disable management of the AdGuardHome.yaml file:
class {'adguard':
manage_config => false,
}
This will stop Puppet from modifing the configuration file and allow AdGuard to manage the file.
You may also wish to disable configuration file managment if you prefer to use to the WebUI to configure AdGuard, or you wish to manage AdGuard's configuration manually.
Note: Puppet will create the configuration file if it is missing with the values you have specified in your manifests and/or hiera.
If your configuration file has been overwritten Puppet will back it up before overwritting it, it will be stored in the same directory as the configuration file with a .puppet extension.
Systemd/Resolvd and AdGuard
By default Resolvd will claim port 53 for DNSStubListener meaning AdGuard will fail to start when bound to port 53.
In these cases this module will disable DNSStubListener in /etc/systemd/resolved.conf which WILL BREAK local DNS lookups if AdGuard is ever removed and the setting is not changed back manually.
Reference
Table of Contents
Classes
Public Classes
adguard: Manages an Adguard Home installation
Private Classes
adguard::params: Private class for managing some of the more complex default parameters
Functions
adguard::validate_tls_options: This function ensures that the TLS config is valid before applying it.
Data types
Adguard::Blocked_service: A list of services that AdGuard Home is able to block out of the box.Adguard::Client: Provides a structure for defining client overrides.Adguard::Config_file: Simple regex check for the AdGuard config fileAdguard::Dhcp_option: Ensures correct input for DHCP optionsAdguard::Dhcp_v4_options: A structured hash used to supply DHCP options for IPV4Adguard::Dhcp_v6_options: A structured hash for sepcifying DHCP options for IPV6Adguard::Dns_server: Valid DNS server typesAdguard::Filter: Used to manage filters in AdguardAdguard::Http_proxy: Very basic validation to ensure the proxy type is sensibleAdguard::Ipv4_port: Accepts an IPV4 address with a port (eg 192.168.1.1:8080)Adguard::Log_file: Supported log file typesAdguard::Rewrite: Stuctured hash for managing rewritesAdguard::Tls_options: Configures TLS options in AdGuard HomeAdguard::User: A structed hash for providing users for the adguard web UI.
Classes
adguard
Manages an Adguard Home installation
Examples
Basic usage
class {'adguard':
users => [{
username => 'user',
password => '$2a$10$DBX2KdCRP6JKS8TqvkVWTOjUgUQLtlWGkxkZAuiUZGTURhorjlX6K'
}],
}
Parameters
The following parameters are available in the adguard class:
webui_interfacewebui_portusershttp_proxyrlimit_nofiledebug_pprofweb_session_ttldns_interfacedns_portstatistics_intervalquerylog_enabledquerylog_file_enabledquerylog_intervalquerylog_size_memoryanonymize_client_ipprotection_enabledblocking_modeblocking_ipv4blocking_ipv6blocked_response_ttlparental_block_hostsafebrowsing_block_hostratelimitratelimit_whitelistrefuse_anyupstream_dnsupstream_dns_filebootstrap_dnsall_serversfastest_addrallowed_clientsdisallowed_clientsblocked_hostsdns_cache_sizedns_cache_ttl_mindns_cache_ttl_maxbogus_nxdomainaaaa_disabledenable_dnssecedns_client_subnetmax_goroutinesipset_rulesfiltering_enabledfilters_update_intervalparental_enabledsafesearch_enabledsafebrowsing_enabledsafebrowsing_cache_sizesafesearch_cache_sizeparental_cache_sizecache_timerewritesblocked_servicesenable_tlstls_optionsfilterswhitelist_filtersuser_rulesenable_dhcpdhcp_interfacedhcp_v4_optionsdhcp_v6_optionsclientslog_compresslog_localtimelog_max_backupslog_max_sizelog_max_agelog_fileverbose_loggingadguard_pathmanage_configconfiguration_fileservice_nameversion
webui_interface
Data type: Stdlib::IP::Address::V4::Nosubnet
The interface to bind the WebUI to.
Default value: '0.0.0.0'
webui_port
Data type: Stdlib::Port
The port to bind the WebUI to.
Default value: 80
users
Data type: Array[Adguard::User]
The users to add to allow access to the WebUI. Note: the password needs to be in BCrypt-encrypted format.
http_proxy
Data type: Optional[Adguard::Http_proxy]
Define an optional http_proxy. While adguard supports SOCKS5 alongside HTTP/S, this is not supported in the Puppet module at this time.
Default value: undef
rlimit_nofile
Data type: Integer
Limit on the maximum number of open files for server process (Linux).
Default value: 0
debug_pprof
Data type: Boolean
Enable pprof HTTP server listening on port 6060 for debugging.
Default value: false
web_session_ttl
Data type: Integer
Web session TTL (in hours) a web user will stay signed in for this amount of time.
Default value: 8
dns_interface
Data type: Stdlib::IP::Address::V4::Nosubnet
The interface to bind to for DNS.
Default value: '0.0.0.0'
dns_port
Data type: Stdlib::Port
The port to bind dns to
Default value: 53
statistics_interval
Data type: Integer
Time interval for statistics (in days).
Default value: 1
querylog_enabled
Data type: Boolean
Query logging (also used to calculate top 50 clients, blocked domains and requested domains for statistical purposes).
Default value: true
querylog_file_enabled
Data type: Boolean
Write query logs to a file.
Default value: true
querylog_interval
Data type: Integer
Time interval for query log (in days).
Default value: 90
querylog_size_memory
Data type: Integer
Number of entries kept in memory before they are flushed to disk.
Default value: 1000
anonymize_client_ip
Data type: Boolean
If true, anonymize clients' IP addresses in logs and stats.
Default value: false
protection_enabled
Data type: Boolean
Whether any kind of filtering and protection should be done, when off it works as a plain dns forwarder.
Default value: true
blocking_mode
Data type: Enum['default','null_ip','custom_ip']
Specifies how to block DNS requests. Valid options:
- default (respond with NXDOMAIN status)
- null_ip (respond with the unspecified IP address (0.0.0.0))
- custom_ip (respond with blocking_ipv4 or blocking_ipv6 address)
Default value: 'default'
blocking_ipv4
Data type: Optional[Stdlib::IP::Address::V4::Nosubnet]
IP address to be returned for a blocked A request if blocking_mode is set to custom_ip.
Default value: undef
blocking_ipv6
Data type: Optional[Stdlib::IP::Address::V6]
IP address to be returned for a blocked AAAA request if blocking_mode is set to custom_ip.
Default value: undef
blocked_response_ttl
Data type: Integer
For how many seconds the clients should cache a filtered response. Low values are useful on LAN if you change filters very often, high values are useful to increase performance and save traffic.
Default value: 10
parental_block_host
Data type: Variant[Stdlib::Fqdn,Stdlib::IP::Address]
IP (or domain name) which is used to respond to DNS requests blocked by parental control.
Default value: 'family-block.dns.adguard.com'
safebrowsing_block_host
Data type: Variant[Stdlib::Fqdn,Stdlib::IP::Address]
IP (or domain name) which is used to respond to DNS requests blocked by safe-browsing.
Default value: 'standard-block.dns.adguard.com'
ratelimit
Data type: Integer
DDoS protection, specifies in how many packets per second a client should receive. Anything above that is silently dropped. To disable set 0, default is 20. Safe to disable if DNS server is not available from internet.
Default value: 20
ratelimit_whitelist
Data type: Optional[Array[Stdlib::IP::Address]]
An array of ip addresses to whitelist from ratelimiting.
Default value: undef
refuse_any
Data type: Boolean
Another DDoS protection mechanism. Requests of type ANY are rarely needed, so refusing to serve them mitigates against attackers trying to use your DNS as a reflection. Safe to disable if DNS server is not available from internet.
Default value: true
upstream_dns
Data type: Array[Adguard::Dns_server]
An array of upstream DNS servers. Can be a URL or IP.
Default value: ['https://dns10.quad9.net/dns-query']
upstream_dns_file
Data type: Optional[Stdlib::Unixpath]
Path to a file with the list of upstream DNS servers. If it is configured, the value of upstream_dns is ignored. Defaults to undef
Default value: undef
bootstrap_dns
Data type: Array[Stdlib::IP::Address]
List of DNS servers used for initial hostname resolution in case an upstream server name is a hostname.
Default value: [ '9.9.9.10', '149.112.112.10', '2620:fe::10', '2620:fe::fe:10' ]
all_servers
Data type: Boolean
Enables parallel queries to all configured upstream servers to speed up resolving. If disabled, the queries are sent to each upstream server one-by-one and then sorted by RTT.
Default value: false
fastest_addr
Data type: Boolean
Use Fastest Address algorithm. It finds an IP address with the lowest latency and returns this IP address in DNS response.
Default value: false
allowed_clients
Data type: Optional[Array[Stdlib::IP::Address]]
IP addresses of allowed clients.
Default value: undef
disallowed_clients
Data type: Optional[Array[Stdlib::IP::Address]]
IP addresses of disallowed clients.
Default value: undef
blocked_hosts
Data type: Array
An array of hosts to block.
Default value: [ 'version.bind', 'id.server', 'hostname.bind' ]
dns_cache_size
Data type: Integer
DNS cache size (in bytes).
Default value: 4194304
dns_cache_ttl_min
Data type: Integer[default,3600]
Override TTL value (minimum) received from upstream server. This value can't larger than 3600 (1 hour).
Default value: 0
dns_cache_ttl_max
Data type: Integer[default,3600]
Override TTL value (maximum) received from upstream server.
Default value: 0
bogus_nxdomain
Data type: Optional[Array[Adguard::Dns_server]]
Transform responses with these IP addresses to NXDOMAIN
Default value: undef
aaaa_disabled
Data type: Boolean
Respond with an empty answer to all AAAA requests
Default value: false
enable_dnssec
Data type: Boolean
Set DNSSEC flag in the outgoing DNS requests and check the result. Note if running an additional DNS server (such as Unbound or BIND) that uses DNSSEC you do not want DNSSEC on both as you will get erroes with legitimate DNS requests.
Default value: false
edns_client_subnet
Data type: Boolean
Enable EDNS Client Subnet option. If enabled, AdGuard Home will be sending ECS extension to the upstream DNS servers. Please note, that this will be done for clients with public IP addresses only.
Default value: false
max_goroutines
Data type: Integer
Max. number of parallel goroutines for processing incoming requests
Default value: 300
ipset_rules
Data type: Optional[Array]
Set ipset rules
Default value: undef
filtering_enabled
Data type: Boolean
Filtering of DNS requests based on filter lists.
Default value: true
filters_update_interval
Data type: Integer
How often the filters update (in hours).
Default value: 24
parental_enabled
Data type: Boolean
Parental control-based DNS requests filtering
Default value: false
safesearch_enabled
Data type: Boolean
Enforcing "Safe search" option for search engines, when possible.
Default value: false
safebrowsing_enabled
Data type: Boolean
Filtering of DNS requests based on safebrowsing
Default value: false
safebrowsing_cache_size
Data type: Integer
Safe Browsing cache size (in bytes).
Default value: 1048576
safesearch_cache_size
Data type: Integer
Safe Search cache size (in bytes).
Default value: 1048576
parental_cache_size
Data type: Integer
Parental Control cache size (in bytes).
Default value: 1048576
cache_time
Data type: Integer
Safe Browsing, Safe Search, Parental Control cache TTL.
Default value: 30
rewrites
Data type: Optional[Array[Adguard::Rewrite]]
An array of custom rewrite rules Format:
- domain: the domain to perform the rewrite on
- answer: the ip address to point to
Default value: undef
blocked_services
Data type: Optional[Array[Adguard::Blocked_service]]
An array of any services you wish to block.
Default value: undef
enable_tls
Data type: Boolean
EXPERIMENTAL: enable TLS. This workflow is largely untested, use with caution.
Default value: false
tls_options
Data type: Optional[Adguard::Tls_options]
The TLS configuration options.
Default value: undef
filters
Data type: Array[Adguard::Filter]
An array of block filters to add. Will default to the standard list provided by AdGuard Format:
- name: the name for the filter (eg AdGuard Default)
- enabled: true/false
- url: the URL to point to
Default value: $adguard::params::filters
whitelist_filters
Data type: Optional[Array[Adguard::Filter]]
An array of whitelist filters to add. Format:
- name: the name for the filter (eg AdGuard Default)
- enabled: true/false
- url: the URL to point to
Default value: undef
user_rules
Data type: Optional[Array]
Any custom rules you'd like to define, optional.
Default value: undef
enable_dhcp
Data type: Boolean
EXPERIMENTAL: Enables the DHCP options within AdGuard.
Default value: false
dhcp_interface
Data type: Optional[String]
The network interface to enabled DHCP on (eg 'eth0')
Default value: undef
dhcp_v4_options
Data type: Optional[Adguard::Dhcp_v4_options]
The configuration options for IPV4 DHCP
Default value: undef
dhcp_v6_options
Data type: Optional[Adguard::Dhcp_v6_options]
The configuration options for IPV6 DHCP
Default value: undef
clients
Data type: Optional[Array[Adguard::Client]]
EXPERIMENTAL: Override global defaults for a given list of clients. See: https://github.com/AdguardTeam/AdGuardHome/wiki/Clients for details Not extensively tested, please report any issues on the project repo.
Default value: undef
log_compress
Data type: Boolean
Whether or not to compress the logs.
Default value: false
log_localtime
Data type: Boolean
Whether to format timestamps using computer's local time.
Default value: false
log_max_backups
Data type: Integer
Maximum number of old log files to retain (MaxAge may still cause them to get deleted) (default: 0, which retains all old log files)
Default value: 0
log_max_size
Data type: Integer
Maximum size in megabytes of the log file before it gets rotated.
Default value: 100
log_max_age
Data type: Integer
MaxAge is the maximum number of days to retain old log files.
Default value: 3
log_file
Data type: Adguard::Log_file
Path to the log file. If empty, writes to stdout, if syslog -- system log (or eventlog on Windows). Valid options are:
- unixpath
- undef
- syslog
Default value: undef
verbose_logging
Data type: Boolean
Enable or disable verbose logging. Defaults to false
Default value: false
adguard_path
Data type: Stdlib::Unixpath
The path to where you'd like AdGuard installed, defaults to /opt/AdGuardHome
Default value: '/opt/AdGuardHome'
manage_config
Data type: Boolean
Whether or not to manage the AdGuardHome.yaml file
Default value: true
configuration_file
Data type: Adguard::Config_file
The path to where you want to store the configuration file, must be the full path to AdGuardHome.yaml.
Default value: "${adguard_path}/AdGuardHome.yaml"
service_name
Data type: String
The name of the service to manage, defaults to AdGuardHome
Default value: 'AdGuardHome'
version
Data type: String
The version to install from the GitHub release
Default value: 'latest'
Functions
adguard::validate_tls_options
Type: Puppet Language
This function ensures that the TLS config is valid before applying it.
adguard::validate_tls_options(Adguard::Tls_options $tls_options)
The adguard::validate_tls_options function.
Returns: Boolean Returns true if the configuration is valid
tls_options
Data type: Adguard::Tls_options
Accepts a hash of tls_options
Data types
Adguard::Blocked_service
A list of services that AdGuard Home is able to block out of the box.
Alias of
Enum['9gag', 'amazon', 'cloudflare', 'dailymotion', 'discord', 'disneyplus', 'ebay', 'epic_games', 'facebook', 'hulu', 'imgur', 'instagram', 'mail_ru', 'netflix', 'ok', 'origin', 'pinterest', 'qq', 'reddit', 'skype', 'snapchat', 'spotify', 'steam', 'telegram', 'tiktok', 'tinder', 'twitch', 'twitter', 'viber', 'vimeo', 'vk', 'wechat', 'weibo', 'whatsapp', 'youtube']
Adguard::Client
Provides a structure for defining client overrides.
Alias of
Struct[{
name => String,
tags => Optional[Array],
ids => Array,
use_global_settings => Boolean,
filtering_enabled => Optional[Boolean],
parental_enabled => Optional[Boolean],
safesearch_enabled => Optional[Boolean],
use_global_blocked_services => Boolean,
blocked_services => Optional[Array[Adguard::Blocked_service]],
upstreams => Optional[Array]
}]
Adguard::Config_file
Simple regex check for the AdGuard config file
Alias of
Pattern[/(.*\/)(.*)(AdGuardHome.yaml$)/]
Adguard::Dhcp_option
Ensures correct input for DHCP options
Alias of
Variant[Pattern[/^(\d)* hex ([\da-fA-F]{2})([\da-fA-F]{2})([\da-fA-F]{2})*$/], Stdlib::IP::Address::V4::Nosubnet]
Adguard::Dhcp_v4_options
A structured hash used to supply DHCP options for IPV4
Alias of
Struct[{
gateway_ip => Stdlib::IP::Address::V4::Nosubnet,
subnet_mask => Stdlib::IP::Address::V4::Nosubnet,
range_start => Stdlib::IP::Address::V4::Nosubnet,
range_end => Stdlib::IP::Address::V4::Nosubnet,
lease_duration => Integer,
options => Optional[Array[Adguard::Dhcp_option]],
}]
Adguard::Dhcp_v6_options
A structured hash for sepcifying DHCP options for IPV6
Alias of
Struct[{
range_start => Stdlib::IP::Address::V6,
lease_duration => Integer,
ra_slaac_only => Boolean,
ra_allow_slaac => Boolean,
}]
Adguard::Dns_server
Valid DNS server types
Alias of
Variant[Stdlib::IP::Address, Stdlib::HTTPUrl, Adguard::Ipv4_port]
Adguard::Filter
Used to manage filters in Adguard
Alias of
Struct[{
name => String,
enabled => Boolean,
url => Stdlib::HTTPUrl,
}]
Adguard::Http_proxy
Very basic validation to ensure the proxy type is sensible
Alias of
Pattern[/^(http|https|socks5)\:\/\//]
Adguard::Ipv4_port
Accepts an IPV4 address with a port (eg 192.168.1.1:8080)
Alias of
Pattern[/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:[0-9]{1,5}/]
Adguard::Log_file
Supported log file types
Alias of
Variant[Stdlib::Unixpath, Enum['syslog'], Undef]
Adguard::Rewrite
Stuctured hash for managing rewrites
Alias of
Struct[{
domain => String,
answer => String,
}]
Adguard::Tls_options
Configures TLS options in AdGuard Home
Alias of
Struct[{
server_name => Stdlib::Host,
force_https => Boolean,
port_https => Stdlib::Port,
port_dns_over_tls => Stdlib::Port,
port_dns_over_quic => Stdlib::Port,
port_dnscrypt => Stdlib::Port,
dnscrypt_config_file => Optional[Stdlib::Unixpath],
allow_unencrypted_doh => Boolean,
strict_sni_check => Boolean,
certificate_chain => Optional[String],
private_key => Optional[String],
certificate_path => Optional[Stdlib::Unixpath],
private_key_path => Optional[Stdlib::Unixpath]
}]
Adguard::User
A structed hash for providing users for the adguard web UI.
Alias of
Struct[{
username => String,
password => String
}]
Changelog
All notable changes to this project will be documented in this file.
Release
v0.2.0 (2020-04-01)
Features
- Moved several complex types into their own definitions rather than defining them in the parameters of the main class.
- Added a new function for validating TLS options
- Moved default parameter declarations from hiera into the manifests. This allows Puppet-Strings to extract default values into documentaion and makes things easier to locate.
- Tidied up documentation and added some more examples
- Expanded acceptance testing slightly
- Adds support for DHCP on IPV4 and IPV6, IPV6 remains untested
- Adds experimental support for TLS/SSL
- Adds basic ipset support
Bugfixes
Partially fixed #10 whereby you could not specify port numbers when using IP addresses (eg 127.0.0.1:5353 would fail).
This is marked as partially fixed as it works for IPV4 addresses but not IPV6 addresses at present.
Will require more familiarity with IPV6 before that can be implemented.
Known Issues
v0.1.0 (2020-03-21)
Features Initial release
Bugfixes
Known Issues DHCP, IPSET and TLS/SSL not yet implemented
Dependencies
- puppetlabs/stdlib (>= 6.1.0 < 7.0.0)
- dodevops/githubreleases (>= 4.0.0 < 5.0.0)
- puppet/archive (>= 4.5.0 < 5.0.0)
- puppetlabs/inifile (>= 4.1.0 < 5.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.