feat: AdGuard Home LXC setup script for Proxmox migration

2026-05-27 10:57:50 +10:00
parent 6d52be5c13
commit 45b513fe44
1 changed files with 192 additions and 0 deletions
@@ -0,0 +1,192 @@
+#!/bin/bash
+# =====================================================================
+# AdGuard Home LXC Setup for Proxmox
+# =====================================================================
+# Migrates AdGuard Home from a Home Assistant add-on to a dedicated
+# lightweight LXC container on Proxmox. This eliminates DNS dependency
+# on HA stability.
+#
+# Run this script on the Proxmox host (HAL-HOST) as root.
+#
+# Network assumptions (based on your setup):
+#   - Proxmox host:     10.0.0.x
+#   - HAOS VM:          10.0.0.55
+#   - OPNsense:         10.0.0.254
+#   - NPM LXC:          10.0.0.54
+#   - AdGuard LXC:      10.0.0.53 (new - adjust if taken)
+#   - Gateway:          10.0.0.254
+#   - DNS (current):    10.0.0.55 (will change to 10.0.0.53)
+#
+# After setup, update OPNsense DHCP to hand out 10.0.0.53 as DNS.
+# =====================================================================
+
+set -euo pipefail
+
+# --- Configuration ---
+CT_ID="${1:-120}"
+CT_NAME="adguard"
+CT_IP="10.0.0.53/24"
+CT_GW="10.0.0.254"
+CT_STORAGE="local-lvm"
+CT_TEMPLATE="local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
+CT_MEMORY=256
+CT_SWAP=128
+CT_CORES=1
+CT_DISK="2"
+BRIDGE="vmbr0"
+
+echo "============================================"
+echo " AdGuard Home LXC Setup"
+echo " Container ID: ${CT_ID}"
+echo " IP Address:   ${CT_IP}"
+echo "============================================"
+
+# --- Check if template exists, download if not ---
+if ! pveam list local | grep -q "debian-12-standard"; then
+    echo "[1/7] Downloading Debian 12 template..."
+    pveam download local debian-12-standard_12.7-1_amd64.tar.zst
+else
+    echo "[1/7] Debian 12 template already available"
+fi
+
+# --- Create the container ---
+echo "[2/7] Creating LXC container ${CT_ID}..."
+pct create "${CT_ID}" "${CT_TEMPLATE}" \
+    --hostname "${CT_NAME}" \
+    --memory "${CT_MEMORY}" \
+    --swap "${CT_SWAP}" \
+    --cores "${CT_CORES}" \
+    --rootfs "${CT_STORAGE}:${CT_DISK}" \
+    --net0 "name=eth0,bridge=${BRIDGE},ip=${CT_IP},gw=${CT_GW},firewall=0" \
+    --nameserver "1.1.1.1" \
+    --onboot 1 \
+    --start 1 \
+    --unprivileged 1 \
+    --features "nesting=1" \
+    --startup "order=1,up=10"
+
+echo "[3/7] Waiting for container to start..."
+sleep 5
+
+# --- Install AdGuard Home inside the container ---
+echo "[4/7] Installing AdGuard Home..."
+pct exec "${CT_ID}" -- bash -c '
+    apt-get update -qq && apt-get upgrade -y -qq
+    apt-get install -y -qq curl ca-certificates
+    curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
+    systemctl enable AdGuardHome
+    systemctl start AdGuardHome
+'
+
+# --- Configure AdGuard Home initial setup ---
+echo "[5/7] Configuring AdGuard Home..."
+pct exec "${CT_ID}" -- bash -c '
+    systemctl stop AdGuardHome
+    sleep 2
+
+    cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF"
+http:
+  pprof:
+    port: 6060
+    enabled: false
+  address: 0.0.0.0:80
+  session_ttl: 720h
+users:
+  - name: admin
+    password: "$2y$10$CHANGE_THIS_AFTER_SETUP"
+auth_attempts: 5
+block_auth_min: 15
+language: en
+theme: auto
+dns:
+  bind_hosts:
+    - 0.0.0.0
+  port: 53
+  ratelimit: 0
+  refuse_any: true
+  upstream_dns:
+    - https://dns.cloudflare.com/dns-query
+    - https://dns.google/dns-query
+    - 1.1.1.1
+    - 8.8.8.8
+  bootstrap_dns:
+    - 1.1.1.1
+    - 8.8.8.8
+  upstream_mode: parallel
+  cache_size: 4194304
+  cache_optimistic: true
+  enable_dnssec: true
+  max_goroutines: 300
+  serve_plain_dns: true
+  hostsfile_enabled: true
+tls:
+  enabled: false
+querylog:
+  interval: 24h
+  size_memory: 1000
+  enabled: true
+  file_enabled: true
+statistics:
+  interval: 168h
+  enabled: true
+filters:
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
+    name: AdGuard DNS filter
+    id: 1
+  - enabled: true
+    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
+    name: AdAway Default Blocklist
+    id: 2
+dhcp:
+  enabled: false
+filtering:
+  blocked_services:
+    schedule:
+      time_zone: Australia/Melbourne
+    ids: []
+  safe_search:
+    enabled: false
+  blocking_mode: default
+  parental_enabled: true
+  safebrowsing_enabled: true
+  filtering_enabled: true
+  parental_block_host: family-block.dns.adguard.com
+  safebrowsing_block_host: standard-block.dns.adguard.com
+log:
+  enabled: true
+  max_size: 100
+  max_age: 3
+schema_version: 29
+ADGEOF
+
+    systemctl start AdGuardHome
+'
+
+echo "[6/7] Verifying AdGuard Home is running..."
+sleep 3
+pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -15
+
+echo "[7/7] Testing DNS resolution..."
+pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)"
+
+CT_IP_CLEAN=$(echo "${CT_IP}" | cut -d'/' -f1)
+
+echo ""
+echo "============================================"
+echo " AdGuard Home LXC setup complete!"
+echo "============================================"
+echo ""
+echo " Web UI:  http://${CT_IP_CLEAN}:80"
+echo " DNS:     ${CT_IP_CLEAN}:53"
+echo ""
+echo " MIGRATION STEPS:"
+echo " 1. Access AdGuard web UI at http://${CT_IP_CLEAN}:80"
+echo "    Complete the initial setup wizard"
+echo " 2. Export config from HA AdGuard add-on and import here"
+echo " 3. Test: nslookup google.com ${CT_IP_CLEAN}"
+echo " 4. Update OPNsense DHCP DNS from 10.0.0.55 to ${CT_IP_CLEAN}"
+echo " 5. After 24hrs stability, stop HA AdGuard add-on"
+echo " 6. Optional: re-add HA AdGuard integration -> ${CT_IP_CLEAN}"
+echo " 7. Optional: NPM proxy adguard.hideawaygaming.com.au -> ${CT_IP_CLEAN}:80"
+echo "============================================"