Last active
October 5, 2025 17:29
-
-
Save ascopes/078f6a13de650488bde61c9338e65e81 to your computer and use it in GitHub Desktop.
Adguard Home Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: adguard | |
| --- | |
| apiVersion: policy/v1 | |
| kind: PodDisruptionBudget | |
| metadata: | |
| name: adguard | |
| namespace: adguard | |
| spec: | |
| maxSurge: 1 | |
| maxUnavailable: 0 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/name: adguard | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| name: adguard-https | |
| namespace: adguard | |
| spec: | |
| rules: | |
| - host: $$HOSTNAME$$ | |
| http: | |
| paths: | |
| - path: / | |
| pathType: ImplementationSpecific | |
| backend: | |
| service: | |
| name: adguard-http | |
| port: | |
| number: 80 | |
| --- | |
| apiVersion: helm.cattle.io/v1 | |
| kind: HelmChart | |
| metadata: | |
| name: adguard | |
| namespace: adguard | |
| spec: | |
| repo: https://helm-charts.rm3l.org | |
| chart: adguard-home | |
| version: 0.20.1 | |
| targetNamespace: adguard | |
| valuesContent: |- | |
| # See https://github.com/rm3l/helm-charts/blob/main/charts/adguard-home/README.md | |
| # See https://github.com/AdguardTeam/Adguardhome/wiki/Configuration for bootstrapConfig | |
| backup: | |
| aws: | |
| enabled: false | |
| bootstrapConfig: | |
| dns: | |
| aaaa_disabled: true | |
| all_servers: true | |
| bootstrap_dns: | |
| - 1.1.1.2 # CloudFlare, block Malware | |
| - 1.0.0.2 # CloudFlare, block Malware | |
| - 9.9.9.9 # Quad9, block Malware | |
| - 149.112.112.112 # Quad9, block Malware | |
| local_domain_name: "ronova.lan" | |
| upstream_dns: | |
| - https://1.1.1.2/dns-query # CloudFlare, block Malware, DoH | |
| - https://1.0.0.2/dns-query # CloudFlare, block Malware, DoH | |
| - https://dns.quad9.net/dns-query # CloudFlare, block Malware, DoH | |
| rewrites: | |
| - domain: $$HOSTNAME$$ | |
| answer: $$CLUSTER_IP$$ | |
| - domain: $$CLUSTER_HOSTNAME$$ | |
| answer: $$CLUSTER_IP$$ | |
| filters: | |
| - id: 100 | |
| name: EasyList | |
| url: https://v.firebog.net/hosts/Easylist.txt | |
| enabled: true | |
| ################################################ | |
| ### https://github.com/hagezi/dns-blocklists ### | |
| ################################################ | |
| - id: 200 | |
| name: Hagezi // AdBlock General | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/pro.txt | |
| enabled: true | |
| - id: 300 | |
| name: Hagezi // AdBlock Popup Ads | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/popupads.txt | |
| enabled: true | |
| - id: 400 | |
| name: Hagezi // Threat Intelligence Feed | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/tif.txt | |
| enabled: true | |
| - id: 500 | |
| name: Hagezi // DoH and VPN proxy bypass (Firefox, Opera, etc) | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/doh-vpn-proxy-bypass.txt | |
| enabled: true | |
| - id: 600 | |
| name: Hagezi // Malicious DDNS services | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/dyndns.txt | |
| enabled: true | |
| - id: 700 | |
| name: Hagezi // Microsoft Windows and Office 365 Trackers | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.winoffice.txt | |
| enabled: true | |
| - id: 800 | |
| name: Hagezi // Apple Trackers | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.apple.txt | |
| enabled: true | |
| - id: 900 | |
| name: Hagezi // Amazon Trackers | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.amazon.txt | |
| enabled: true | |
| - id: 1000 | |
| name: Hagezi // Samsung Trackers | |
| url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/native.samsung.txt | |
| enabled: true | |
| ################################################################################################## | |
| ### https://discourse.pi-hole.net/t/adlist-sites-to-use-march-2024-what-is-recommended/69082/2 ### | |
| ################################################################################################## | |
| - id: 1100 | |
| name: DeveloperDan // Ads and Tracking, extended | |
| url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt | |
| enabled: true | |
| - id: 1200 | |
| name: Phishing Army // Phishing blocklist | |
| url: https://phishing.army/download/phishing_army_blocklist.txt | |
| enabled: true | |
| tls: | |
| server_name: $$HOSTNAME$$ | |
| user_rules: | |
| # Needed for Opera VPN | |
| - '@@||api2.sec-tunnel.com^' | |
| #image: | |
| # tag: 'v0.107.67' | |
| nameOverride: adguard | |
| nodeSelector: | |
| # Must schedule on a specific node in multi-node setups since only a | |
| # single known IP address is exposed to the network. If we used DHCP here | |
| # then we would still have the same issue. | |
| # Note that this must NOT have a TLD... it must exactly match the system hostname. | |
| kubernetes.io/hostname: $$CLUSTER_NAME$$ | |
| securityContext: | |
| allowPrivilegeEscalation: false | |
| readOnlyRootFilesystem: false | |
| runAsGroup: 1000 | |
| runAsUser: 1000 | |
| resources: | |
| limits: | |
| cpu: 500m | |
| memory: 350Mi | |
| requests: | |
| cpu: 100m | |
| memory: 128Mi | |
| services: | |
| dns: | |
| enabled: true | |
| loadBalancerIP: $$CLUSTER_IP$$ | |
| udp: | |
| port: 53 | |
| tcp: | |
| port: 53 | |
| type: LoadBalancer | |
| dnscrypt: | |
| enabled: false | |
| dnsOverQuic: | |
| enabled: false | |
| http: | |
| enabled: true | |
| type: ClusterIP | |
| https: | |
| # Enable if ingress is roasted again. | |
| enabled: false | |
| loadBalancerIP: $$CLUSTER_IP$$ | |
| port: 8888 | |
| type: LoadBalancer |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment