avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-01-10 18:01:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

adguard removal

Browse Source
This commit is contained in:
Alexandre
2021-01-07 09:27:37 +01:00
parent ca5b864291
commit 164a60c2eb
32 changed files with 0 additions and 828 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
adguard/.README.j2
View File

@@ -1,76 +0,0 @@
# Home Assistant Community Add-on: AdGuard Home
[![Release][release-shield]][release] ![Project Stage][project-stage-shield] ![Project Maintenance][maintenance-shield]
[![Discord][discord-shield]][discord] [![Community Forum][forum-shield]][forum]
[![Sponsor Frenck via GitHub Sponsors][github-sponsors-shield]][github-sponsors]
[![Support Frenck on Patreon][patreon-shield]][patreon]
Network-wide ads & trackers blocking DNS server.
## About
AdGuard Home is a network-wide ad-and-tracker blocking DNS server with
parental control (adult content blocking) capabilities. Its purpose is to let
you control your entire network and all your devices, and it does not require
using a client-side program.
AdGuard Home provides a beautiful, easy and feature-rich web interface to
easily manage the filtering process and its settings.
![AdGuard Home in the Home Assistant frontend][screenshot]
{% if channel == "edge" %}
## WARNING! THIS IS AN EDGE VERSION!
This Home Assistant Add-ons repository contains edge builds of add-ons.
Edge builds add-ons are based upon the latest development version.
- They may not work at all.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
- Developers.
If you are more interested in stable releases of our add-ons:
<https://github.com/hassio-addons/repository>
{% endif %}
{% if channel == "beta" %}
## WARNING! THIS IS A BETA VERSION!
This Home Assistant Add-ons repository contains beta releases of add-ons.
- They might stop working at any time.
- They could have a negative impact on your system.
This repository was created for:
- Anybody willing to test.
- Anybody interested in trying out upcoming add-ons or add-on features.
If you are more interested in stable releases of our add-ons:
<https://github.com/hassio-addons/repository>
{% endif %}
[discord-shield]: https://img.shields.io/discord/478094546522079232.svg
[discord]: https://discord.me/hassioaddons
[forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg
[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-adguard-home/90684?u=frenck
[github-sponsors-shield]: https://frenck.dev/wp-content/uploads/2019/12/github_sponsor.png
[github-sponsors]: https://github.com/sponsors/frenck
[maintenance-shield]: https://img.shields.io/maintenance/yes/2020.svg
[patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png
[patreon]: https://www.patreon.com/frenck
[project-stage-shield]: https://img.shields.io/badge/project%20stage-production%20ready-brightgreen.svg
[release-shield]: https://img.shields.io/badge/version-{{ version }}-blue.svg
[release]: {{ repo }}/tree/{{ version }}
[screenshot]: {{ repo }}/raw/{{ version }}/images/screenshot.png

165
adguard/DOCS.md
View File

@@ -1,165 +0,0 @@
# Home Assistant Community Add-on: AdGuard Home
AdGuard Home is a network-wide ad-and-tracker blocking DNS server with
parental control (adult content blocking) capabilities. Its purpose is to let
you control your entire network and all your devices, and it does not require
using a client-side program.
AdGuard Home provides a beautiful, easy and feature-rich web interface to
easily manage the filtering process and its settings.
## Installation
The installation of this add-on is pretty straightforward and not different in
comparison to installing any other Home Assistant add-on.
1. **Ensure your Home Assistant device has a
[static IP and static external DNS servers!](https://github.com/home-assistant/hassos/blob/dev/Documentation/network.md#static-ip)**
This is important! You **WILL** end up having issues if you skip this step.
Also, please note, setting a fixed IP in your router is **NOT** static.
1. Search for the "AdGuard Home" add-on in the Supervisor add-on store and
install it.
1. Start the "AdGuard Home" add-on.
1. Check the logs of the "AdGuard Home" to see if everything went well.
1. Click the "OPEN WEB UI" button and log in with your Home Assistant account.
1. Ready to go!
## Configuration
**Note**: _Remember to restart the add-on when the configuration is changed._
Example add-on configuration:
```yaml
log_level: info
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
```
**Note**: _This is just an example, don't copy and paste it! Create your own!_
### Option: `log_level`
The `log_level` option controls the level of log output by the addon and can
be changed to be more or less verbose, which might be useful when you are
dealing with an unknown issue. Possible values are:
- `trace`: Show every detail, like all called internal functions.
- `debug`: Shows detailed debug information.
- `info`: Normal (usually) interesting events.
- `warning`: Exceptional occurrences that are not errors.
- `error`: Runtime errors that do not require immediate action.
- `fatal`: Something went terribly wrong. Add-on becomes unusable.
Please note that each level automatically includes log messages from a
more severe level, e.g., `debug` also shows `info` messages. By default,
the `log_level` is set to `info`, which is the recommended setting unless
you are troubleshooting.
### Option: `ssl`
Enables/Disables SSL (HTTPS) on the add-on. Set it `true` to enable it,
`false` otherwise.
**Note**: _The SSL settings only apply to direct access and has no effect
on the Ingress service._
### Option: `certfile`
The certificate file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `keyfile`
The private key file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `leave_front_door_open`
Adding this option to the add-on configuration allows you to disable
authentication on the AdGuard Home by setting it to `true`.
**Note**: _We STRONGLY suggest, not to use this, even if this add-on is
only exposed to your internal network. USE AT YOUR OWN RISK!_
## Encryption Settings (Advanced Usage)
Adguard allows the configuration of running DNS-over-HTTPS and DNS-over-
TLS locally. If you configure these options please ensure to restart the
addon afterwards. Also to use DNS-over-HTTPS correctly please ensure to
configure SSL on the addon as well as in Adguard itself. Also consider
that the addon and Adguard cannot use the same port for SSL.
## Changelog & Releases
This repository keeps a change log using [GitHub's releases][releases]
functionality. The format of the log is based on
[Keep a Changelog][keepchangelog].
Releases are based on [Semantic Versioning][semver], and use the format
of ``MAJOR.MINOR.PATCH``. In a nutshell, the version will be incremented
based on the following:
- ``MAJOR``: Incompatible or major changes.
- ``MINOR``: Backwards-compatible new features and enhancements.
- ``PATCH``: Backwards-compatible bugfixes and package updates.
## Support
Got questions?
You have several options to get them answered:
- The [Home Assistant Community Add-ons Discord chat server][discord] for add-on
support and feature requests.
- The [Home Assistant Discord chat server][discord-ha] for general Home
Assistant discussions and questions.
- The Home Assistant [Community Forum][forum].
- Join the [Reddit subreddit][reddit] in [/r/homeassistant][reddit]
You could also [open an issue here][issue] GitHub.
## Authors & contributors
The original setup of this repository is by [Franck Nijhof][frenck].
For a full list of all authors and contributors,
check [the contributor's page][contributors].
## License
MIT License
Copyright (c) 2019-2020 Franck Nijhof
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
[contributors]: https://github.com/hassio-addons/addon-adguard-home/graphs/contributors
[discord-ha]: https://discord.gg/c5DvZ4e
[discord]: https://discord.me/hassioaddons
[forum]: https://community.home-assistant.io/t/home-assistant-community-add-on-adguard-home/90684?u=frenck
[frenck]: https://github.com/frenck
[issue]: https://github.com/hassio-addons/addon-adguard-home/issues
[keepchangelog]: http://keepachangelog.com/en/1.0.0/
[reddit]: https://reddit.com/r/homeassistant
[releases]: https://github.com/hassio-addons/addon-adguard-home/releases
[semver]: http://semver.org/spec/v2.0.0.htm

78
adguard/Dockerfile
View File

@@ -1,78 +0,0 @@
ARG BUILD_FROM=hassioaddons/base:8.0.6
# hadolint ignore=DL3006
FROM ${BUILD_FROM}
# Copy yq
ARG BUILD_ARCH=amd64
COPY bin/yq_${BUILD_ARCH} /usr/bin/yq
# Set shell
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Setup base
# hadolint ignore=DL3003,SC2155
RUN \
apk add --no-cache --virtual .build-dependencies \
gnupg=2.2.23-r0 \
\
&& apk add --no-cache \
lua-resty-http=0.15-r0 \
nginx-mod-http-lua=1.18.0-r1 \
nginx=1.18.0-r1 \
\
&& if [[ "${BUILD_ARCH}" = "aarch64" ]]; then ARCH="arm64"; fi \
&& if [[ "${BUILD_ARCH}" = "amd64" ]]; then ARCH="amd64"; fi \
&& if [[ "${BUILD_ARCH}" = "armhf" ]]; then ARCH="armv6"; fi \
&& if [[ "${BUILD_ARCH}" = "armv7" ]]; then ARCH="armv7"; fi \
&& if [[ "${BUILD_ARCH}" = "i386" ]]; then ARCH="386"; fi \
\
&& curl -L -s \
"https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.105.0-beta.2/AdGuardHome_linux_${ARCH}.tar.gz" \
| tar zxvf - -C /opt/ \
\
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg \
--batch \
--keyserver pgp.key-server.io \
--recv-keys "58D6AD46BC509C6181A22C5F9A6F0EB91222CCA0" \
&& gpg \
--batch \
--verify /opt/AdGuardHome/AdGuardHome.sig /opt/AdGuardHome/AdGuardHome \
&& { command -v gpgconf > /dev/null && gpgconf --kill all || :; } \
\
&& chmod a+x /opt/AdGuardHome/AdGuardHome \
\
&& apk del --no-cache --purge .build-dependencies \
&& rm -fr \
"$GNUPGHOME" \
/etc/nginx \
/tmp/*
# Copy root filesystem
COPY rootfs /
# Build arguments
ARG BUILD_ARCH
ARG BUILD_DATE
ARG BUILD_REF
ARG BUILD_VERSION
# Labels
LABEL \
io.hass.name="AdGuard Home" \
io.hass.description="Network-wide ads & trackers blocking DNS server" \
io.hass.arch="${BUILD_ARCH}" \
io.hass.type="addon" \
io.hass.version=${BUILD_VERSION} \
maintainer="Franck Nijhof <frenck@addons.community>" \
org.opencontainers.image.title="AdGuard Home" \
org.opencontainers.image.description="Network-wide ads & trackers blocking DNS server" \
org.opencontainers.image.vendor="Home Assistant Community Add-ons" \
org.opencontainers.image.authors="Franck Nijhof <frenck@addons.community>" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.url="https://addons.community" \
org.opencontainers.image.source="https://github.com/hassio-addons/addon-adguard-home" \
org.opencontainers.image.documentation="https://github.com/hassio-addons/addon-adguard-home/blob/master/README.md" \
org.opencontainers.image.created=${BUILD_DATE} \
org.opencontainers.image.revision=${BUILD_REF} \
org.opencontainers.image.version=${BUILD_VERSION}

BIN
adguard/bin/yq_aarch64
View File

Binary file not shown.

BIN
adguard/bin/yq_amd64
View File

Binary file not shown.

BIN
adguard/bin/yq_armhf
View File

Binary file not shown.

BIN
adguard/bin/yq_armv7
View File

Binary file not shown.

BIN
adguard/bin/yq_i386
View File

Binary file not shown.

10
adguard/build.json
View File

@@ -1,10 +0,0 @@
{
"build_from": {
"aarch64": "hassioaddons/base-aarch64:8.0.6",
"amd64": "hassioaddons/base-amd64:8.0.6",
"armhf": "hassioaddons/base-armhf:8.0.6",
"armv7": "hassioaddons/base-armv7:8.0.6",
"i386": "hassioaddons/base-i386:8.0.6"
},
"args": {}
}

42
adguard/config.json
View File

@@ -1,42 +0,0 @@
{
"name": "AdGuard Home",
"version": "v0.105.0-beta.2",
"slug": "adguard",
"description": "Network-wide ads & trackers blocking DNS server",
"url": "https://github.com/hassio-addons/addon-adguard-home",
"webui": "[PROTO:ssl]://[HOST]:[PORT:80]",
"ingress": true,
"ingress_port": 0,
"panel_icon": "mdi:shield-check",
"startup": "services",
"homeassistant": "0.113.2",
"arch": ["aarch64", "amd64", "armhf", "armv7", "i386"],
"init": false,
"ports": {
"53/udp": 53,
"80/tcp": null
},
"ports_description": {
"53/udp": "DNS server port",
"80/tcp": "Web interface (Not required for Ingress)"
},
"discovery": ["adguard"],
"boot": "auto",
"hassio_api": true,
"hassio_role": "default",
"auth_api": true,
"host_network": true,
"map": ["ssl"],
"options": {
"ssl": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"schema": {
"log_level": "list(trace|debug|info|notice|warning|error|fatal)?",
"ssl": "bool",
"certfile": "str",
"keyfile": "str",
"leave_front_door_open": "bool?"
}
}

BIN
adguard/icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

BIN
adguard/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

3
adguard/rootfs/etc/adguard/AdGuardHome.yaml
View File

@@ -1,3 +0,0 @@
dns:
port: 53
bootstrap_dns: 1.1.1.1:53

17
adguard/rootfs/etc/cont-init.d/adguard.sh
View File

@@ -1,17 +0,0 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Handles configuration
# ==============================================================================
readonly CONFIG="/data/adguard/AdGuardHome.yaml"
declare port
if ! bashio::fs.file_exists "${CONFIG}"; then
mkdir -p /data/adguard
cp /etc/adguard/AdGuardHome.yaml "${CONFIG}"
fi
port=$(bashio::addon.port "53/udp")
yq write --inplace "${CONFIG}" \
'dns.port' "${port}" \
|| hass.exit.nok 'Failed updating AdGuardHome DNS port'

18
adguard/rootfs/etc/cont-init.d/discovery.sh
View File

@@ -1,18 +0,0 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Sends discovery information to Home Assistant.
# ==============================================================================
declare config
config=$(\
bashio::var.json \
host "127.0.0.1" \
port "^45158" \
)
if bashio::discovery "adguard" "${config}" > /dev/null; then
bashio::log.info "Successfully send discovery information to Home Assistant."
else
bashio::log.error "Discovery message to Home Assistant failed!"
fi

54
adguard/rootfs/etc/cont-init.d/nginx.sh
View File

@@ -1,54 +0,0 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Configures NGINX for use with the AdGuard Home server
# ==============================================================================
declare adguard_port=45158
declare adguard_protocol=http
declare admin_port
declare certfile
declare dns_host
declare ingress_interface
declare ingress_port
declare keyfile
declare tls_port
if bashio::var.true "$(yq read /data/adguard/AdGuardHome.yaml tls.enabled)";
then
tls_port=$(yq read /data/adguard/AdGuardHome.yaml tls.port_https)
if bashio::var.has_value "${tls_port}" && [[ "${tls_port}" -ne 0 ]]; then
adguard_port="${tls_port}"
adguard_protocol=https
fi
fi
sed -i "s#%%port%%#${adguard_port}#g" /etc/nginx/includes/upstream.conf
sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/ingress.conf
admin_port=$(bashio::addon.port 80)
if bashio::var.has_value "${admin_port}"; then
bashio::config.require.ssl
if bashio::config.true 'ssl'; then
certfile=$(bashio::config 'certfile')
keyfile=$(bashio::config 'keyfile')
mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf
sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf
else
mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
fi
sed -i "s/%%port%%/${admin_port}/g" /etc/nginx/servers/direct.conf
sed -i "s#%%protocol%%#${adguard_protocol}#g" /etc/nginx/servers/direct.conf
fi
ingress_port=$(bashio::addon.ingress_port)
ingress_interface=$(bashio::addon.ip_address)
sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
dns_host=$(bashio::dns.host)
sed -i "s/%%dns_host%%/${dns_host}/g" /etc/nginx/includes/resolver.conf

96
adguard/rootfs/etc/nginx/includes/mime.types
View File

@@ -1,96 +0,0 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

15
adguard/rootfs/etc/nginx/includes/proxy_params.conf
View File

@@ -1,15 +0,0 @@
proxy_http_version 1.1;
proxy_ignore_client_abort off;
proxy_read_timeout 86400s;
proxy_redirect off;
proxy_send_timeout 86400s;
proxy_max_temp_file_size 0;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;

1
adguard/rootfs/etc/nginx/includes/resolver.conf
View File

@@ -1 +0,0 @@
resolver %%dns_host%%;

6
adguard/rootfs/etc/nginx/includes/server_params.conf
View File

@@ -1,6 +0,0 @@
root /dev/null;
server_name $hostname;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

9
adguard/rootfs/etc/nginx/includes/ssl_params.conf
View File

@@ -1,9 +0,0 @@
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;

3
adguard/rootfs/etc/nginx/includes/upstream.conf
View File

@@ -1,3 +0,0 @@
upstream backend {
server 127.0.0.1:%%port%%;
}

83
adguard/rootfs/etc/nginx/lua/ha-auth.lua
View File

@@ -1,83 +0,0 @@
local http = require "resty.http"
local auths = ngx.shared.auths
function authenticate()
--- Test Authentication header is set and with a value
local header = ngx.req.get_headers()['Authorization']
if header == nil or header:find(" ") == nil then
return false
end
local divider = header:find(' ')
if header:sub(0, divider-1) ~= 'Basic' then
return false
end
local auth = ngx.decode_base64(header:sub(divider+1))
if auth == nil or auth:find(':') == nil then
return false
end
divider = auth:find(':')
local username = auth:sub(0, divider-1)
local password = auth:sub(divider+1)
--- Check if authentication is cached
if auths:get(username) == password then
ngx.log(ngx.DEBUG, "Authenticated user against Home Assistant (cache).")
return true
end
--- HTTP request against the Supervisor API
local httpc = http.new()
local res, err = httpc:request_uri("http://supervisor.local.hass.io/auth", {
method = "POST",
body = ngx.encode_args({["username"]=username, ["password"]=password}),
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
["X-Supervisor-Token"] = os.getenv("SUPERVISOR_TOKEN"),
},
keepalive_timeout = 60,
keepalive_pool = 10
})
--- Error during API request
if err then
ngx.log(ngx.WARN, "Error during Home Assistant user authentication.", err)
return false
end
--- No result? Something went wrong...
if not res then
ngx.log(ngx.WARN, "Error during Home Assistant user authentication.")
return false
end
--- Valid response, the username/password is valid
if res.status == 200 then
ngx.log(ngx.INFO, "Authenticated user against Home Assistant.")
auths:set(username, password, 60)
return true
end
--- Whatever the response is, it is invalid
ngx.log(ngx.WARN, "Authentication against Home Assistant failed!")
return false
end
-- Only authenticate if its not disabled
if not os.getenv('DISABLE_HA_AUTHENTICATION') then
--- Try to authenticate against HA
local authenticated = authenticate()
--- If authentication failed, throw a basic auth
if not authenticated then
ngx.header.content_type = 'text/plain'
ngx.header.www_authenticate = 'Basic realm="Home Assistant"'
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say('401 Access Denied')
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
end

1
adguard/rootfs/etc/nginx/modules/ndk_http.conf
View File

@@ -1 +0,0 @@
load_module "/usr/lib/nginx/modules/ndk_http_module.so";

1
adguard/rootfs/etc/nginx/modules/ngx_http_lua.conf
View File

@@ -1 +0,0 @@
load_module "/usr/lib/nginx/modules/ngx_http_lua_module.so";

59
adguard/rootfs/etc/nginx/nginx.conf
View File

@@ -1,59 +0,0 @@
# Run nginx in foreground.
daemon off;
# This is run inside Docker.
user root;
# Pid storage location.
pid /var/run/nginx.pid;
# Set number of worker processes.
worker_processes 1;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Write error log to the add-on log.
error_log /proc/1/fd/1 error;
# Load allowed environment vars
env SUPERVISOR_TOKEN;
env DISABLE_HA_AUTHENTICATION;
# Load dynamic modules.
include /etc/nginx/modules/*.conf;
# Max num of simultaneous connections by a worker process.
events {
worker_connections 512;
}
http {
include /etc/nginx/includes/mime.types;
log_format homeassistant '[$time_local] $status '
'$http_x_forwarded_for($remote_addr) '
'$request ($http_user_agent)';
access_log /proc/1/fd/1 homeassistant;
client_max_body_size 4G;
default_type application/octet-stream;
gzip on;
keepalive_timeout 65;
lua_load_resty_core off;
lua_shared_dict auths 16k;
sendfile on;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/includes/resolver.conf;
include /etc/nginx/includes/upstream.conf;
include /etc/nginx/servers/*.conf;
}

20
adguard/rootfs/etc/nginx/servers/direct-ssl.disabled
View File

@@ -1,20 +0,0 @@
server {
listen %%port%% default_server ssl http2;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/ssl_params.conf;
include /etc/nginx/includes/proxy_params.conf;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
location / {
access_by_lua_file /etc/nginx/lua/ha-auth.lua;
proxy_pass %%protocol%%://backend;
}
location /dns-query {
proxy_pass %%protocol%%://backend;
}
}

11
adguard/rootfs/etc/nginx/servers/direct.disabled
View File

@@ -1,11 +0,0 @@
server {
listen %%port%% default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location / {
access_by_lua_file /etc/nginx/lua/ha-auth.lua;
proxy_pass %%protocol%%://backend;
}
}

13
adguard/rootfs/etc/nginx/servers/ingress.conf
View File

@@ -1,13 +0,0 @@
server {
listen %%interface%%:%%port%% default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location / {
allow 172.30.32.2;
deny all;
proxy_pass %%protocol%%://backend;
}
}

21
adguard/rootfs/etc/services.d/adguard/run
View File

@@ -1,21 +0,0 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Runs the AdGuard Home server
# ==============================================================================
declare -a options
bashio::log.info "Starting AdGuard Home server..."
options+=(--port 45158)
options+=(--host 127.0.0.1)
options+=(--work-dir /data/adguard)
options+=(--no-check-update)
if bashio::debug; then
option+=(--verbose)
fi
# RUN AdGuard Home server
cd /opt/AdGuardHome || exit
exec ./AdGuardHome "${options[@]}"

9
adguard/rootfs/etc/services.d/nginx/finish
View File

@@ -1,9 +0,0 @@
#!/usr/bin/execlineb -S0
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Take down the S6 supervision tree when Nginx fails
# ==============================================================================
if { s6-test ${1} -ne 0 }
if { s6-test ${1} -ne 256 }
s6-svscanctl -t /var/run/s6/services

17
adguard/rootfs/etc/services.d/nginx/run
View File

@@ -1,17 +0,0 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: AdGuard Home
# Runs the Nginx daemon
# ==============================================================================
# Wait for adguard to become available
bashio::net.wait_for 45158 localhost 900
bashio::log.info "Starting NGinx..."
# Disable HA Authentication if front door is open
if bashio::config.true 'leave_front_door_open'; then
export DISABLE_HA_AUTHENTICATION=true
fi
exec nginx