fix: update IPs to .224, add SSH-based config migration (no GUI export)

setup-adguard-lxc.sh

@@ -6,35 +6,38 @@
 # lightweight LXC container on Proxmox. This eliminates DNS dependency
 # on HA stability.
 #
-# Run this script on the Proxmox host (HAL-HOST) as root.
+# Run this script on the Proxmox host (HAL-HOST / 10.0.0.240) as root.
 #
-# Network assumptions (based on your setup):
-#   - Proxmox host:     10.0.0.x
+# Network:
+#   - Proxmox host:     10.0.0.240
 #   - HAOS VM:          10.0.0.55
 #   - OPNsense:         10.0.0.254
-#   - NPM LXC:          10.0.0.54
-#   - AdGuard LXC:      10.0.0.224 (new - adjust if taken)
-#   - Gateway:          10.0.0.254
-#   - DNS (current):    10.0.0.55 (will change to 10.0.0.53)
+#   - AdGuard LXC:      10.0.0.224 (CT 120)
+#   - Guacamole LXC:    10.0.0.225 (CT 121)
+#   - NPM LXC:          10.0.0.226 (CT 122)
 #
-# After setup, update OPNsense DHCP to hand out 10.0.0.53 as DNS.
+# Since AdGuard has NO GUI export, this script includes steps to
+# migrate the config via SSH from the HAOS addon data directory.
 # =====================================================================
 
 set -euo pipefail
 
 # --- Configuration ---
-CT_ID="${1:-120}"
+CT_ID="120"
 CT_NAME="adguard"
 CT_IP="10.0.0.224/24"
 CT_GW="10.0.0.254"
 CT_STORAGE="local-lvm"
 CT_TEMPLATE="local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
-CT_MEMORY=1024
-CT_SWAP=256
+CT_MEMORY=256
+CT_SWAP=128
 CT_CORES=1
 CT_DISK="2"
 BRIDGE="vmbr0"
 
+HAOS_IP="10.0.0.55"
+ADDON_SLUG="a0d7b954_adguard"
+
 echo "============================================"
 echo " AdGuard Home LXC Setup"
 echo " Container ID: ${CT_ID}"
@@ -43,14 +46,14 @@ echo "============================================"
 
 # --- Check if template exists, download if not ---
 if ! pveam list local | grep -q "debian-12-standard"; then
-    echo "[1/7] Downloading Debian 12 template..."
+    echo "[1/8] Downloading Debian 12 template..."
     pveam download local debian-12-standard_12.7-1_amd64.tar.zst
 else
-    echo "[1/7] Debian 12 template already available"
+    echo "[1/8] Debian 12 template already available"
 fi
 
 # --- Create the container ---
-echo "[2/7] Creating LXC container ${CT_ID}..."
+echo "[2/8] Creating LXC container ${CT_ID}..."
 pct create "${CT_ID}" "${CT_TEMPLATE}" \
     --hostname "${CT_NAME}" \
     --memory "${CT_MEMORY}" \
@@ -65,11 +68,11 @@ pct create "${CT_ID}" "${CT_TEMPLATE}" \
     --features "nesting=1" \
     --startup "order=1,up=10"
 
-echo "[3/7] Waiting for container to start..."
+echo "[3/8] Waiting for container to start..."
 sleep 5
 
 # --- Install AdGuard Home inside the container ---
-echo "[4/7] Installing AdGuard Home..."
+echo "[4/8] Installing AdGuard Home..."
 pct exec "${CT_ID}" -- bash -c '
     apt-get update -qq && apt-get upgrade -y -qq
     apt-get install -y -qq curl ca-certificates
@@ -78,22 +81,72 @@ pct exec "${CT_ID}" -- bash -c '
     systemctl start AdGuardHome
 '
 
-# --- Configure AdGuard Home initial setup ---
-echo "[5/7] Configuring AdGuard Home..."
-pct exec "${CT_ID}" -- bash -c '
-    systemctl stop AdGuardHome
+# --- Attempt to migrate config from HA addon ---
+echo "[5/8] Attempting to migrate config from HA addon..."
+echo "      Trying SSH to HAOS at ${HAOS_IP}..."
+
+MIGRATED=false
+if ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${HAOS_IP} "test -d /addon_data/${ADDON_SLUG}" 2>/dev/null; then
+    echo "      Found addon data directory. Copying config..."
+
+    # Stop AdGuard on new LXC before overwriting config
+    pct exec "${CT_ID}" -- systemctl stop AdGuardHome
+
+    # Copy the entire addon data directory
+    TMPDIR=$(mktemp -d)
+    scp -r -o StrictHostKeyChecking=no root@${HAOS_IP}:/addon_data/${ADDON_SLUG}/ "${TMPDIR}/" 2>/dev/null
+
+    if [ -f "${TMPDIR}/${ADDON_SLUG}/AdGuardHome.yaml" ] || [ -f "${TMPDIR}/${ADDON_SLUG}/data/AdGuardHome.yaml" ]; then
+        # Find the yaml config
+        CONFIG_SRC=$(find "${TMPDIR}" -name "AdGuardHome.yaml" -type f | head -1)
+        if [ -n "${CONFIG_SRC}" ]; then
+            echo "      Found config at: ${CONFIG_SRC}"
+            # Copy config into the LXC
+            pct push "${CT_ID}" "${CONFIG_SRC}" /opt/AdGuardHome/AdGuardHome.yaml
+
+            # Update the bind address to listen on all interfaces
+            pct exec "${CT_ID}" -- sed -i 's/address: .*/address: 0.0.0.0:80/' /opt/AdGuardHome/AdGuardHome.yaml
+
+            # Copy filter data if it exists
+            DATA_DIR=$(dirname "${CONFIG_SRC}")/data
+            if [ -d "${DATA_DIR}" ]; then
+                echo "      Copying filter data, query logs, and stats..."
+                for f in "${DATA_DIR}"/*; do
+                    [ -f "$f" ] && pct push "${CT_ID}" "$f" "/opt/AdGuardHome/data/$(basename "$f")" 2>/dev/null || true
+                done
+            fi
+
+            MIGRATED=true
+            echo "      Config migration successful!"
+        fi
+    fi
+    rm -rf "${TMPDIR}"
+
+    if [ "$MIGRATED" = false ]; then
+        echo "      Could not locate AdGuardHome.yaml in addon data."
+        echo "      Will use default config instead."
+    fi
+else
+    echo "      Could not SSH to HAOS at ${HAOS_IP}."
+    echo "      Make sure the Terminal & SSH addon is installed and"
+    echo "      SSH access is enabled (port 22222 or 22)."
+    echo "      Will use default config instead."
+fi
+
+# --- If migration failed, write default config ---
+if [ "$MIGRATED" = false ]; then
+    echo "[6/8] Writing default AdGuard Home config..."
+    pct exec "${CT_ID}" -- systemctl stop AdGuardHome
     sleep 2
 
-    cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF"
+    pct exec "${CT_ID}" -- bash -c 'cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF"
 http:
   pprof:
     port: 6060
     enabled: false
   address: 0.0.0.0:80
   session_ttl: 720h
-users:
-  - name: admin
-    password: "$2y$10$CHANGE_THIS_AFTER_SETUP"
+users: []
 auth_attempts: 5
 block_auth_min: 15
 language: en
@@ -158,17 +211,19 @@ log:
   max_size: 100
   max_age: 3
 schema_version: 29
-ADGEOF
+ADGEOF'
+else
+    echo "[6/8] Config already migrated from HA, skipping default config."
+fi
 
-    systemctl start AdGuardHome
-'
-
-echo "[6/7] Verifying AdGuard Home is running..."
+# --- Start AdGuard ---
+echo "[7/8] Starting AdGuard Home..."
+pct exec "${CT_ID}" -- systemctl start AdGuardHome
 sleep 3
-pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -15
+pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -10
 
-echo "[7/7] Testing DNS resolution..."
-pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)"
+echo "[8/8] Testing DNS resolution..."
+pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils 2>/dev/null && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)"
 
 CT_IP_CLEAN=$(echo "${CT_IP}" | cut -d'/' -f1)
 
@@ -180,13 +235,35 @@ echo ""
 echo " Web UI:  http://${CT_IP_CLEAN}:80"
 echo " DNS:     ${CT_IP_CLEAN}:53"
 echo ""
-echo " MIGRATION STEPS:"
-echo " 1. Access AdGuard web UI at http://${CT_IP_CLEAN}:80"
-echo "    Complete the initial setup wizard"
-echo " 2. Export config from HA AdGuard add-on and import here"
-echo " 3. Test: nslookup google.com ${CT_IP_CLEAN}"
-echo " 4. Update OPNsense DHCP DNS from 10.0.0.55 to ${CT_IP_CLEAN}"
-echo " 5. After 24hrs stability, stop HA AdGuard add-on"
-echo " 6. Optional: re-add HA AdGuard integration -> ${CT_IP_CLEAN}"
-echo " 7. Optional: NPM proxy adguard.hideawaygaming.com.au -> ${CT_IP_CLEAN}:80"
+if [ "$MIGRATED" = true ]; then
+    echo " Config was migrated from HA addon."
+    echo " Your filter lists, DNS rewrites, and"
+    echo " parental controls should already be there."
+else
+    echo " Using DEFAULT config (migration failed)."
+    echo " Complete the setup wizard at http://${CT_IP_CLEAN}:80"
+    echo ""
+    echo " MANUAL CONFIG MIGRATION:"
+    echo " Since there is no export option in AdGuard GUI,"
+    echo " copy the config manually via HA Terminal & SSH:"
+    echo ""
+    echo "   # From the HAOS SSH terminal:"
+    echo "   scp /addon_data/${ADDON_SLUG}/AdGuardHome.yaml \\"
+    echo "       root@10.0.0.240:/tmp/adguard-config.yaml"
+    echo ""
+    echo "   # Then on Proxmox (10.0.0.240):"
+    echo "   pct push ${CT_ID} /tmp/adguard-config.yaml \\"
+    echo "       /opt/AdGuardHome/AdGuardHome.yaml"
+    echo "   pct exec ${CT_ID} -- systemctl restart AdGuardHome"
+fi
+echo ""
+echo " NEXT STEPS:"
+echo " 1. Test: nslookup google.com ${CT_IP_CLEAN}"
+echo " 2. Update OPNsense DHCP DNS: 10.0.0.55 -> ${CT_IP_CLEAN}"
+echo "    Services > DHCPv4 > [LAN] > DNS servers"
+echo " 3. Wait 24hrs, confirm stability"
+echo " 4. Stop HA AdGuard add-on"
+echo " 5. Optional: re-add HA integration -> ${CT_IP_CLEAN}"
+echo " 6. Optional: NPM proxy adguard.hideawaygaming.com.au"
+echo "    -> http://${CT_IP_CLEAN}:80"
 echo "============================================"