diff --git a/setup-adguard-lxc.sh b/setup-adguard-lxc.sh new file mode 100644 index 0000000..35f3385 --- /dev/null +++ b/setup-adguard-lxc.sh @@ -0,0 +1,192 @@ +#!/bin/bash +# ===================================================================== +# AdGuard Home LXC Setup for Proxmox +# ===================================================================== +# Migrates AdGuard Home from a Home Assistant add-on to a dedicated +# lightweight LXC container on Proxmox. This eliminates DNS dependency +# on HA stability. +# +# Run this script on the Proxmox host (HAL-HOST) as root. +# +# Network assumptions (based on your setup): +# - Proxmox host: 10.0.0.x +# - HAOS VM: 10.0.0.55 +# - OPNsense: 10.0.0.254 +# - NPM LXC: 10.0.0.54 +# - AdGuard LXC: 10.0.0.53 (new - adjust if taken) +# - Gateway: 10.0.0.254 +# - DNS (current): 10.0.0.55 (will change to 10.0.0.53) +# +# After setup, update OPNsense DHCP to hand out 10.0.0.53 as DNS. +# ===================================================================== + +set -euo pipefail + +# --- Configuration --- +CT_ID="${1:-120}" +CT_NAME="adguard" +CT_IP="10.0.0.53/24" +CT_GW="10.0.0.254" +CT_STORAGE="local-lvm" +CT_TEMPLATE="local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" +CT_MEMORY=256 +CT_SWAP=128 +CT_CORES=1 +CT_DISK="2" +BRIDGE="vmbr0" + +echo "============================================" +echo " AdGuard Home LXC Setup" +echo " Container ID: ${CT_ID}" +echo " IP Address: ${CT_IP}" +echo "============================================" + +# --- Check if template exists, download if not --- +if ! pveam list local | grep -q "debian-12-standard"; then + echo "[1/7] Downloading Debian 12 template..." + pveam download local debian-12-standard_12.7-1_amd64.tar.zst +else + echo "[1/7] Debian 12 template already available" +fi + +# --- Create the container --- +echo "[2/7] Creating LXC container ${CT_ID}..." +pct create "${CT_ID}" "${CT_TEMPLATE}" \ + --hostname "${CT_NAME}" \ + --memory "${CT_MEMORY}" \ + --swap "${CT_SWAP}" \ + --cores "${CT_CORES}" \ + --rootfs "${CT_STORAGE}:${CT_DISK}" \ + --net0 "name=eth0,bridge=${BRIDGE},ip=${CT_IP},gw=${CT_GW},firewall=0" \ + --nameserver "1.1.1.1" \ + --onboot 1 \ + --start 1 \ + --unprivileged 1 \ + --features "nesting=1" \ + --startup "order=1,up=10" + +echo "[3/7] Waiting for container to start..." +sleep 5 + +# --- Install AdGuard Home inside the container --- +echo "[4/7] Installing AdGuard Home..." +pct exec "${CT_ID}" -- bash -c ' + apt-get update -qq && apt-get upgrade -y -qq + apt-get install -y -qq curl ca-certificates + curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v + systemctl enable AdGuardHome + systemctl start AdGuardHome +' + +# --- Configure AdGuard Home initial setup --- +echo "[5/7] Configuring AdGuard Home..." +pct exec "${CT_ID}" -- bash -c ' + systemctl stop AdGuardHome + sleep 2 + + cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF" +http: + pprof: + port: 6060 + enabled: false + address: 0.0.0.0:80 + session_ttl: 720h +users: + - name: admin + password: "$2y$10$CHANGE_THIS_AFTER_SETUP" +auth_attempts: 5 +block_auth_min: 15 +language: en +theme: auto +dns: + bind_hosts: + - 0.0.0.0 + port: 53 + ratelimit: 0 + refuse_any: true + upstream_dns: + - https://dns.cloudflare.com/dns-query + - https://dns.google/dns-query + - 1.1.1.1 + - 8.8.8.8 + bootstrap_dns: + - 1.1.1.1 + - 8.8.8.8 + upstream_mode: parallel + cache_size: 4194304 + cache_optimistic: true + enable_dnssec: true + max_goroutines: 300 + serve_plain_dns: true + hostsfile_enabled: true +tls: + enabled: false +querylog: + interval: 24h + size_memory: 1000 + enabled: true + file_enabled: true +statistics: + interval: 168h + enabled: true +filters: + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt + name: AdGuard DNS filter + id: 1 + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt + name: AdAway Default Blocklist + id: 2 +dhcp: + enabled: false +filtering: + blocked_services: + schedule: + time_zone: Australia/Melbourne + ids: [] + safe_search: + enabled: false + blocking_mode: default + parental_enabled: true + safebrowsing_enabled: true + filtering_enabled: true + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com +log: + enabled: true + max_size: 100 + max_age: 3 +schema_version: 29 +ADGEOF + + systemctl start AdGuardHome +' + +echo "[6/7] Verifying AdGuard Home is running..." +sleep 3 +pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -15 + +echo "[7/7] Testing DNS resolution..." +pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)" + +CT_IP_CLEAN=$(echo "${CT_IP}" | cut -d'/' -f1) + +echo "" +echo "============================================" +echo " AdGuard Home LXC setup complete!" +echo "============================================" +echo "" +echo " Web UI: http://${CT_IP_CLEAN}:80" +echo " DNS: ${CT_IP_CLEAN}:53" +echo "" +echo " MIGRATION STEPS:" +echo " 1. Access AdGuard web UI at http://${CT_IP_CLEAN}:80" +echo " Complete the initial setup wizard" +echo " 2. Export config from HA AdGuard add-on and import here" +echo " 3. Test: nslookup google.com ${CT_IP_CLEAN}" +echo " 4. Update OPNsense DHCP DNS from 10.0.0.55 to ${CT_IP_CLEAN}" +echo " 5. After 24hrs stability, stop HA AdGuard add-on" +echo " 6. Optional: re-add HA AdGuard integration -> ${CT_IP_CLEAN}" +echo " 7. Optional: NPM proxy adguard.hideawaygaming.com.au -> ${CT_IP_CLEAN}:80" +echo "============================================"