From f33d19e156e75dfa39c6d395a99ee230f71deb33 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 8 Jan 2024 21:45:28 +0000
Subject: [PATCH] Move AdGuardHome configuration to Terraform

https://git.theorangeone.net/systems/adguardhome
---
 README.md                                     |   6 +
 .../roles/adguardhome/files/adguardhome.yml   | 176 ------------------
 ansible/roles/adguardhome/handlers/main.yml   |   7 -
 ansible/roles/adguardhome/tasks/main.yml      |  13 --
 ansible/roles/adguardhome/vars/vault.yml      |  10 -
 5 files changed, 6 insertions(+), 206 deletions(-)
 delete mode 100644 ansible/roles/adguardhome/files/adguardhome.yml
 delete mode 100644 ansible/roles/adguardhome/vars/vault.yml

diff --git a/README.md b/README.md
index 780529f..3b3d9d3 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,9 @@ Terraform secrets are stored in `terraform/.env`, and provisioned using `just up
 
 - `just ansible-deploy`
 - `juts terraform apply`
+
+## External configuration
+
+This repository contains most of my infrastructure configuration, but not everything is configured here. Some things are external, for various reasons.
+
+- [AdGuardHome](https://git.theorangeone.net/systems/adguardhome)
diff --git a/ansible/roles/adguardhome/files/adguardhome.yml b/ansible/roles/adguardhome/files/adguardhome.yml
deleted file mode 100644
index d218a22..0000000
--- a/ansible/roles/adguardhome/files/adguardhome.yml
+++ /dev/null
@@ -1,176 +0,0 @@
-http:
-  pprof:
-    port: 6060
-    enabled: false
-  address: 0.0.0.0:80
-  session_ttl: 720h
-users:
-  - name: jake
-    password: "{{ vault_adguardhome_password | password_hash('bcrypt', 'A' * 22) }}"
-auth_attempts: 5
-block_auth_min: 15
-http_proxy: ""
-language: en
-theme: auto
-dns:
-  bind_hosts:
-    - 0.0.0.0
-  port: 53
-  anonymize_client_ip: false
-  ratelimit: 50
-  ratelimit_subnet_len_ipv4: 22
-  ratelimit_subnet_len_ipv6: 56
-  ratelimit_whitelist: []
-  refuse_any: true
-  upstream_dns:
-    - https://dns10.quad9.net:443/dns-query
-    - '[/theorangeone.net/]127.0.0.53:5353'
-    - '[/jakehoward.tech/]127.0.0.53:5353'
-  upstream_dns_file: ""
-  bootstrap_dns:
-    - 9.9.9.10
-    - 149.112.112.10
-    - 2620:fe::10
-    - 2620:fe::fe:10
-  fallback_dns: []
-  all_servers: false
-  fastest_addr: false
-  fastest_timeout: 1s
-  allowed_clients: []
-  disallowed_clients: []
-  blocked_hosts:
-    - version.bind
-    - id.server
-    - hostname.bind
-  trusted_proxies:
-    - 127.0.0.0/8
-    - ::1/128
-  cache_size: 4194304
-  cache_ttl_min: 0
-  cache_ttl_max: 0
-  cache_optimistic: false
-  bogus_nxdomain: []
-  aaaa_disabled: false
-  enable_dnssec: false
-  edns_client_subnet:
-    custom_ip: ""
-    enabled: false
-    use_custom: false
-  max_goroutines: 300
-  handle_ddr: true
-  ipset: []
-  ipset_file: ""
-  bootstrap_prefer_ipv6: false
-  upstream_timeout: 10s
-  private_networks: []
-  use_private_ptr_resolvers: true
-  local_ptr_upstreams: []
-  use_dns64: false
-  dns64_prefixes: []
-  serve_http3: false
-  use_http3_upstreams: false
-  serve_plain_dns: true
-tls:
-  enabled: false
-  server_name: ""
-  force_https: false
-  port_https: 443
-  port_dns_over_tls: 853
-  port_dns_over_quic: 853
-  port_dnscrypt: 0
-  dnscrypt_config_file: ""
-  allow_unencrypted_doh: false
-  certificate_chain: ""
-  private_key: ""
-  certificate_path: ""
-  private_key_path: ""
-  strict_sni_check: false
-querylog:
-  ignored: []
-  interval: 168h
-  size_memory: 1000
-  enabled: true
-  file_enabled: true
-statistics:
-  ignored: []
-  interval: 168h
-  enabled: true
-filters:
-  - enabled: true
-    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
-    name: AdGuard DNS filter
-    id: 1
-  - enabled: true
-    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
-    name: AdAway Default Blocklist
-    id: 2
-whitelist_filters: []
-user_rules: []
-dhcp:
-  enabled: true
-  interface_name: enp2s0
-  local_domain_name: lan
-  dhcpv4:
-    gateway_ip: 192.168.1.1
-    subnet_mask: 255.255.252.0
-    range_start: 192.168.1.10
-    range_end: 192.168.1.199
-    lease_duration: 86400
-    icmp_timeout_msec: 1000
-    options: []
-  dhcpv6:
-    range_start: ""
-    lease_duration: 86400
-    ra_slaac_only: false
-    ra_allow_slaac: false
-filtering:
-  blocking_ipv4: ""
-  blocking_ipv6: ""
-  blocked_services:
-    schedule:
-      time_zone: Local
-    ids: []
-  protection_disabled_until: null
-  safe_search:
-    enabled: false
-    bing: true
-    duckduckgo: true
-    google: true
-    pixabay: true
-    yandex: true
-    youtube: true
-  blocking_mode: default
-  parental_block_host: family-block.dns.adguard.com
-  safebrowsing_block_host: standard-block.dns.adguard.com
-  rewrites: []
-  safebrowsing_cache_size: 1048576
-  safesearch_cache_size: 1048576
-  parental_cache_size: 1048576
-  cache_time: 30
-  filters_update_interval: 24
-  blocked_response_ttl: 30
-  filtering_enabled: true
-  parental_enabled: false
-  safebrowsing_enabled: false
-  protection_enabled: true
-clients:
-  runtime_sources:
-    whois: true
-    arp: true
-    rdns: true
-    dhcp: true
-    hosts: true
-  persistent: []
-log:
-  file: ""
-  max_backups: 0
-  max_size: 100
-  max_age: 3
-  compress: false
-  local_time: false
-  verbose: false
-os:
-  group: ""
-  user: ""
-  rlimit_nofile: 0
-schema_version: 27
diff --git a/ansible/roles/adguardhome/handlers/main.yml b/ansible/roles/adguardhome/handlers/main.yml
index 8d1940b..15db069 100644
--- a/ansible/roles/adguardhome/handlers/main.yml
+++ b/ansible/roles/adguardhome/handlers/main.yml
@@ -1,10 +1,3 @@
-- name: restart adguardhome
-  service:
-    name: adguardhome
-    state: restarted
-    enabled: true
-  become: true
-
 - name: restart coredns
   service:
     name: coredns
diff --git a/ansible/roles/adguardhome/tasks/main.yml b/ansible/roles/adguardhome/tasks/main.yml
index 4be0a12..2fafc00 100644
--- a/ansible/roles/adguardhome/tasks/main.yml
+++ b/ansible/roles/adguardhome/tasks/main.yml
@@ -1,21 +1,8 @@
-- name: Include vault
-  include_vars: vault.yml
-
 - name: Install adguardhome
   kewlfft.aur.aur:
     name: adguardhome-bin
   become: true
 
-- name: Install config file
-  template:
-    src: files/adguardhome.yml
-    dest: /var/lib/adguardhome/AdGuardHome.yaml
-    validate: /var/lib/adguardhome/AdGuardHome --check-config --config %s
-    owner: root
-    mode: "0600"
-  notify: restart adguardhome
-  become: true
-
 - name: Install coredns
   kewlfft.aur.aur:
     name: coredns
diff --git a/ansible/roles/adguardhome/vars/vault.yml b/ansible/roles/adguardhome/vars/vault.yml
deleted file mode 100644
index 2395852..0000000
--- a/ansible/roles/adguardhome/vars/vault.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-33623662646661366339613865663836343531336662626131323033666535636165333961646439
-3764313866316331343539663336346263633236663135340a383262396663356635656439346563
-63376662386539373639656237353964626534376536363832303764643565396635663536663938
-3935363734393839610a353862623739396336323030373539363963616232663130336262316365
-34653237383665343063666437653633363134336638346338326366363934613334666663383762
-32633964376464613163376363326465353939623838333033363038323235623035396661323963
-39646161623333386237393433376438363962643064363730336530313462323638646332353535
-37623132616563373737633066303664376361613032366230353662393161356463316234363366
-6433