freekers / ansible-adguard Goto Github PK
View Code? Open in Web Editor NEWAnsible playbook to setup AdGuard Home with Unbound, including DoH, DoT & Let's Encrypt, based on Docker
License: GNU Affero General Public License v3.0
Ansible playbook to setup AdGuard Home with Unbound, including DoH, DoT & Let's Encrypt, based on Docker
License: GNU Affero General Public License v3.0
Nice to see you hopping onto adguard as well, may I ask what your reasons are :)?
I did try and install it on Oracle Cloud but I am getting an error:
TASK [Prepare Docker for IPv6] **************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check 'ansible_default_ipv6.address | length > 0' failed. The error was: error while evaluating conditional (ansible_default_ipv6.address | length > 0): 'dict object' has no attribute 'address'\n\nThe error appears to be in '/home/ubuntu/ansible-adguard/playbook.yml': line 86, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Prepare Docker for IPv6\n ^ here\n"}
I never used ansible before but it appears that this recurring line is failing:
when: ansible_default_ipv6.address | length > 0
Hey, thanks for this cool project! I'm trying to execute the playbook on Ubuntu 20.04.6 LTS and ran into the following problems:
TASK [robertdebock.selinux : assert | Test if selinux_reboot is set correctly] *****************************************
fatal: [127.0.0.1 -> localhost]: FAILED! => {"msg": "The conditional check 'selinux_reboot is boolean' failed. The error was: template error while templating string: no test named 'boolean'. String: {% if selinux_reboot is boolean %} True {% else %} False {% endif %}"}
I temporarily removed the role to be able to proceed.
failed: [127.0.0.1] (item={'username': '<removed>', 'name': '<removed>', 'email': '<removed>', 'groups': 'sudo, adm, ubuntu'}) => {"ansible_loop_var": "item", "changed": false, "item": {"email": "<removed>", "groups": "sudo, adm, ubuntu", "name": "<removed>", "username": "<removed>"}, "msg": "Group ubuntu does not exist"}
To fix this, I removed the ubuntu group under user-management.yml
.
TASK [user-management : Add authorized keys] ***************************************************************************
[WARNING]: Unable to find 'ssh-keys/DevSecNinja.key.pub' in expected paths (use -vvvvv to see paths)
fatal: [127.0.0.1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: ssh-keys/DevSecNinja.key.pub. could not locate file in lookup: ssh-keys/DevSecNinja.key.pub"}
Added my public key to the ssh-keys folder. Might be useful to document this in the readme.
It seems DNS is broken here since I can't resolve any domains like google.com anymore:
TASK [geerlingguy.docker : Ensure dependencies are installed.] *********************************************************
fatal: [127.0.0.1]: FAILED! => {"cache_update_time": 1688294248, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'apt-transport-https'' failed: E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "rc": 100, "stderr": "E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "stderr_lines": ["E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'", "E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n apt-transport-https\n0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 1,704 B of archives.\nAfter this operation, 162 kB of additional disk space will be used.\nErr:1 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.9\n Temporary failure resolving 'azure.archive.ubuntu.com'\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " apt-transport-https", "0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.", "Need to get 1,704 B of archives.", "After this operation, 162 kB of additional disk space will be used.", "Err:1 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.9", " Temporary failure resolving 'azure.archive.ubuntu.com'"]}
I guess this comes from the name: Disable internal DNS
task since it disables the stub listener. Would it be better to install the packages before disabling the stub listener? Or disabling it just before the Deploy Stack using Docker Compose
task to get the port 53 binding to work. Although that task also needs DNS to function since it needs to pull containers.
Host became unreachable after this step (both SSH and HTTPS). Even after a reboot, I couldn't connect anymore (connection refused on SSH):
TASK [cleanup : Remove dependencies that are no longer required Debian]
Hope this helps!
After some small hints like:
ansibleUserName ALL=(ALL) NOPASSWD:ALL)
it is now finally running ... halfway
... unfortunately some things still do not work and slowly, I begin to despair.
What is not working:
I cant understand why (traefik) in this project is not working like a normal reverse proxy with x-forwarded-for enabled
Adguard needs the real IP for blocking unwanted clients.
br,
rowie
Experiencing this error after running ansible-playbook playbook.yml --ask-become-pass
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/home/pirate/ansible-adguard/playbook.yml': line 216, column 5, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Deploy Stack using Docker Compose
^ here
Running:
Raspbian GNU/Linux 10 (buster)
Docker version 20.10.2, build 2291f61
docker-compose version 1.26.1, build 634eb50
I followed the instructions and am not able to connect to the adguard interface after initial setup. Certificates were successfully created but every time I visit adguard.mydomain.com I get the Cloudflare notice saying web server down, any ideas as to why? Pretty new to this sorry if this is a noob mistake.
Hi,
did you test your new stuff?
1st of all your howto is wrong:
ansible-playbook --connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=adguard.website.com emailaddress=[email protected]"
cause the correct filename is ansible-playbook.yaml
2nd.
packages doesn´t exist in /roles .... next error
3rd:
what is the correct url for cloning the repo?
https://github.com/Freekers/ansible-adguard.git ??
https://github.com/bruvv/ansible-adguard-unbound.git ??
Maybe i am to stupid to run your commands as described but when i try it like your howto nothing is working. New ubuntu server 22.04 --- clean and open as described!
When having a public DNS server it's important to have it setup relative save.
That can be done with 3 easy iptable commands:
iptables -A INPUT -p udp --dport 53 -m string --from 40 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery
iptables -A INPUT -p udp --dport 53 -m string --from 40 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 3 -j DROP
iptables -A INPUT -p tcp --dport 53 -m string --from 52 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery
iptables -A INPUT -p tcp --dport 53 -m string --from 52 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 3 -j DROP
More info from your website ;)
https://freek.ws/2017/03/18/blocking-dns-amplification-attacks-using-iptables/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.