freekers / ansible-adguard Goto Github PK
View Code? Open in Web Editor NEWAnsible playbook to setup AdGuard Home with Unbound, including DoH, DoT & Let's Encrypt, based on Docker
License: GNU Affero General Public License v3.0
ansible-adguard's People
Contributors
Stargazers
Watchers
Forkers
jure-ve t-abraham saambd 0xb33 ansell kasperskytte gairxx nooproblem cyberz0mbie fharni iamgrewal marcus-arcadius rowie bruvv maksvet leonzeb lkskrn devsecninja jmlapidoansible-adguard's Issues
"The conditional check 'ansible_default_ipv6.address | length > 0' failed.
Nice to see you hopping onto adguard as well, may I ask what your reasons are :)?
I did try and install it on Oracle Cloud but I am getting an error:
TASK [Prepare Docker for IPv6] **************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check 'ansible_default_ipv6.address | length > 0' failed. The error was: error while evaluating conditional (ansible_default_ipv6.address | length > 0): 'dict object' has no attribute 'address'\n\nThe error appears to be in '/home/ubuntu/ansible-adguard/playbook.yml': line 86, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: Prepare Docker for IPv6\n ^ here\n"}
I never used ansible before but it appears that this recurring line is failing:
when: ansible_default_ipv6.address | length > 0
Couple of issues installing on Ubuntu 20.04.6 LTS
Hey, thanks for this cool project! I'm trying to execute the playbook on Ubuntu 20.04.6 LTS and ran into the following problems:
TASK [robertdebock.selinux : assert | Test if selinux_reboot is set correctly] *****************************************
fatal: [127.0.0.1 -> localhost]: FAILED! => {"msg": "The conditional check 'selinux_reboot is boolean' failed. The error was: template error while templating string: no test named 'boolean'. String: {% if selinux_reboot is boolean %} True {% else %} False {% endif %}"}
I temporarily removed the role to be able to proceed.
failed: [127.0.0.1] (item={'username': '<removed>', 'name': '<removed>', 'email': '<removed>', 'groups': 'sudo, adm, ubuntu'}) => {"ansible_loop_var": "item", "changed": false, "item": {"email": "<removed>", "groups": "sudo, adm, ubuntu", "name": "<removed>", "username": "<removed>"}, "msg": "Group ubuntu does not exist"}
To fix this, I removed the ubuntu group under user-management.yml.
TASK [user-management : Add authorized keys] ***************************************************************************
[WARNING]: Unable to find 'ssh-keys/DevSecNinja.key.pub' in expected paths (use -vvvvv to see paths)
fatal: [127.0.0.1]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: ssh-keys/DevSecNinja.key.pub. could not locate file in lookup: ssh-keys/DevSecNinja.key.pub"}
Added my public key to the ssh-keys folder. Might be useful to document this in the readme.
It seems DNS is broken here since I can't resolve any domains like google.com anymore:
TASK [geerlingguy.docker : Ensure dependencies are installed.] *********************************************************
fatal: [127.0.0.1]: FAILED! => {"cache_update_time": 1688294248, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'apt-transport-https'' failed: E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "rc": 100, "stderr": "E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "stderr_lines": ["E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/pool/universe/a/apt/apt-transport-https_2.0.9_all.deb Temporary failure resolving 'azure.archive.ubuntu.com'", "E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n apt-transport-https\n0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 1,704 B of archives.\nAfter this operation, 162 kB of additional disk space will be used.\nErr:1 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.9\n Temporary failure resolving 'azure.archive.ubuntu.com'\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " apt-transport-https", "0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.", "Need to get 1,704 B of archives.", "After this operation, 162 kB of additional disk space will be used.", "Err:1 http://azure.archive.ubuntu.com/ubuntu focal-updates/universe amd64 apt-transport-https all 2.0.9", " Temporary failure resolving 'azure.archive.ubuntu.com'"]}
I guess this comes from the name: Disable internal DNS task since it disables the stub listener. Would it be better to install the packages before disabling the stub listener? Or disabling it just before the Deploy Stack using Docker Compose task to get the port 53 binding to work. Although that task also needs DNS to function since it needs to pull containers.
Host became unreachable after this step (both SSH and HTTPS). Even after a reboot, I couldn't connect anymore (connection refused on SSH):
TASK [cleanup : Remove dependencies that are no longer required Debian]
Hope this helps!
a short summary
After some small hints like:
- errors in documentation (wrong path for example)
- problems with using sudo
(sudo visudo
And append a line as follows:
ansibleUserName ALL=(ALL) NOPASSWD:ALL)
- adding my IP to whitelist (middlewares.yml ) for portainer
- changing the hostname from adfree to adguard (AdGuardHome.yaml)
- make a uniform formating in the docker-compose.yml
- and some other small things ...
it is now finally running ... halfway
... unfortunately some things still do not work and slowly, I begin to despair.
What is not working:
- traefik dashbord - 404 page not found
- DoT (enabled on my android mobilephone - Private DNS) seams to be working, but its shown as simple DNS request in Adguard.
- The thing with the proxy IP is for me critical, cause all the deny list are useless when the container only sees the docker ip
I cant understand why (traefik) in this project is not working like a normal reverse proxy with x-forwarded-for enabled
Adguard needs the real IP for blocking unwanted clients.
br,
rowie
The conditional check 'ansible_default_ipv6.address
Hi, I am having a problem with the installation.
I don't have IPv6 in my cloud VM and once the playbook fails to check IPv6 it does not proceed further.
VM arch: KVM
OS: Ubuntu 20.04 LTS
Ansible Version: 2.9.6
Ansible Playbook Error
Experiencing this error after running ansible-playbook playbook.yml --ask-become-pass
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/home/pirate/ansible-adguard/playbook.yml': line 216, column 5, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Deploy Stack using Docker Compose
^ here
Running:
Raspbian GNU/Linux 10 (buster)
Docker version 20.10.2, build 2291f61
docker-compose version 1.26.1, build 634eb50
Ran playbook, no luck
I followed the instructions and am not able to connect to the adguard interface after initial setup. Certificates were successfully created but every time I visit adguard.mydomain.com I get the Cloudflare notice saying web server down, any ideas as to why? Pretty new to this sorry if this is a noob mistake.
Documentation improvements
Hi,
did you test your new stuff?
1st of all your howto is wrong:
ansible-playbook --connection=local --inventory 127.0.0.1, ansible-playbook.yml -e "hostname=adguard.website.com emailaddress=[email protected]"
cause the correct filename is ansible-playbook.yaml
2nd.
packages doesn´t exist in /roles .... next error
3rd:
what is the correct url for cloning the repo?
https://github.com/Freekers/ansible-adguard.git ??
https://github.com/bruvv/ansible-adguard-unbound.git ??
Maybe i am to stupid to run your commands as described but when i try it like your howto nothing is working. New ubuntu server 22.04 --- clean and open as described!
block DNS Amplification Attack by iptables
When having a public DNS server it's important to have it setup relative save.
That can be done with 3 easy iptable commands:
iptables -A INPUT -p udp --dport 53 -m string --from 40 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery
iptables -A INPUT -p udp --dport 53 -m string --from 40 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 3 -j DROP
iptables -A INPUT -p tcp --dport 53 -m string --from 52 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery
iptables -A INPUT -p tcp --dport 53 -m string --from 52 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 3 -j DROP
More info from your website ;)
https://freek.ws/2017/03/18/blocking-dns-amplification-attacks-using-iptables/
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.