diff --git a/setup-adguard-lxc.sh b/setup-adguard-lxc.sh index 4e16e36..b92b6c1 100644 --- a/setup-adguard-lxc.sh +++ b/setup-adguard-lxc.sh @@ -6,35 +6,38 @@ # lightweight LXC container on Proxmox. This eliminates DNS dependency # on HA stability. # -# Run this script on the Proxmox host (HAL-HOST) as root. +# Run this script on the Proxmox host (HAL-HOST / 10.0.0.240) as root. # -# Network assumptions (based on your setup): -# - Proxmox host: 10.0.0.x +# Network: +# - Proxmox host: 10.0.0.240 # - HAOS VM: 10.0.0.55 # - OPNsense: 10.0.0.254 -# - NPM LXC: 10.0.0.54 -# - AdGuard LXC: 10.0.0.224 (new - adjust if taken) -# - Gateway: 10.0.0.254 -# - DNS (current): 10.0.0.55 (will change to 10.0.0.53) +# - AdGuard LXC: 10.0.0.224 (CT 120) +# - Guacamole LXC: 10.0.0.225 (CT 121) +# - NPM LXC: 10.0.0.226 (CT 122) # -# After setup, update OPNsense DHCP to hand out 10.0.0.53 as DNS. +# Since AdGuard has NO GUI export, this script includes steps to +# migrate the config via SSH from the HAOS addon data directory. # ===================================================================== set -euo pipefail # --- Configuration --- -CT_ID="${1:-120}" +CT_ID="120" CT_NAME="adguard" CT_IP="10.0.0.224/24" CT_GW="10.0.0.254" CT_STORAGE="local-lvm" CT_TEMPLATE="local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" -CT_MEMORY=1024 -CT_SWAP=256 +CT_MEMORY=256 +CT_SWAP=128 CT_CORES=1 CT_DISK="2" BRIDGE="vmbr0" +HAOS_IP="10.0.0.55" +ADDON_SLUG="a0d7b954_adguard" + echo "============================================" echo " AdGuard Home LXC Setup" echo " Container ID: ${CT_ID}" @@ -43,14 +46,14 @@ echo "============================================" # --- Check if template exists, download if not --- if ! pveam list local | grep -q "debian-12-standard"; then - echo "[1/7] Downloading Debian 12 template..." + echo "[1/8] Downloading Debian 12 template..." pveam download local debian-12-standard_12.7-1_amd64.tar.zst else - echo "[1/7] Debian 12 template already available" + echo "[1/8] Debian 12 template already available" fi # --- Create the container --- -echo "[2/7] Creating LXC container ${CT_ID}..." +echo "[2/8] Creating LXC container ${CT_ID}..." pct create "${CT_ID}" "${CT_TEMPLATE}" \ --hostname "${CT_NAME}" \ --memory "${CT_MEMORY}" \ @@ -65,11 +68,11 @@ pct create "${CT_ID}" "${CT_TEMPLATE}" \ --features "nesting=1" \ --startup "order=1,up=10" -echo "[3/7] Waiting for container to start..." +echo "[3/8] Waiting for container to start..." sleep 5 # --- Install AdGuard Home inside the container --- -echo "[4/7] Installing AdGuard Home..." +echo "[4/8] Installing AdGuard Home..." pct exec "${CT_ID}" -- bash -c ' apt-get update -qq && apt-get upgrade -y -qq apt-get install -y -qq curl ca-certificates @@ -78,22 +81,72 @@ pct exec "${CT_ID}" -- bash -c ' systemctl start AdGuardHome ' -# --- Configure AdGuard Home initial setup --- -echo "[5/7] Configuring AdGuard Home..." -pct exec "${CT_ID}" -- bash -c ' - systemctl stop AdGuardHome +# --- Attempt to migrate config from HA addon --- +echo "[5/8] Attempting to migrate config from HA addon..." +echo " Trying SSH to HAOS at ${HAOS_IP}..." + +MIGRATED=false +if ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${HAOS_IP} "test -d /addon_data/${ADDON_SLUG}" 2>/dev/null; then + echo " Found addon data directory. Copying config..." + + # Stop AdGuard on new LXC before overwriting config + pct exec "${CT_ID}" -- systemctl stop AdGuardHome + + # Copy the entire addon data directory + TMPDIR=$(mktemp -d) + scp -r -o StrictHostKeyChecking=no root@${HAOS_IP}:/addon_data/${ADDON_SLUG}/ "${TMPDIR}/" 2>/dev/null + + if [ -f "${TMPDIR}/${ADDON_SLUG}/AdGuardHome.yaml" ] || [ -f "${TMPDIR}/${ADDON_SLUG}/data/AdGuardHome.yaml" ]; then + # Find the yaml config + CONFIG_SRC=$(find "${TMPDIR}" -name "AdGuardHome.yaml" -type f | head -1) + if [ -n "${CONFIG_SRC}" ]; then + echo " Found config at: ${CONFIG_SRC}" + # Copy config into the LXC + pct push "${CT_ID}" "${CONFIG_SRC}" /opt/AdGuardHome/AdGuardHome.yaml + + # Update the bind address to listen on all interfaces + pct exec "${CT_ID}" -- sed -i 's/address: .*/address: 0.0.0.0:80/' /opt/AdGuardHome/AdGuardHome.yaml + + # Copy filter data if it exists + DATA_DIR=$(dirname "${CONFIG_SRC}")/data + if [ -d "${DATA_DIR}" ]; then + echo " Copying filter data, query logs, and stats..." + for f in "${DATA_DIR}"/*; do + [ -f "$f" ] && pct push "${CT_ID}" "$f" "/opt/AdGuardHome/data/$(basename "$f")" 2>/dev/null || true + done + fi + + MIGRATED=true + echo " Config migration successful!" + fi + fi + rm -rf "${TMPDIR}" + + if [ "$MIGRATED" = false ]; then + echo " Could not locate AdGuardHome.yaml in addon data." + echo " Will use default config instead." + fi +else + echo " Could not SSH to HAOS at ${HAOS_IP}." + echo " Make sure the Terminal & SSH addon is installed and" + echo " SSH access is enabled (port 22222 or 22)." + echo " Will use default config instead." +fi + +# --- If migration failed, write default config --- +if [ "$MIGRATED" = false ]; then + echo "[6/8] Writing default AdGuard Home config..." + pct exec "${CT_ID}" -- systemctl stop AdGuardHome sleep 2 - cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF" + pct exec "${CT_ID}" -- bash -c 'cat > /opt/AdGuardHome/AdGuardHome.yaml << "ADGEOF" http: pprof: port: 6060 enabled: false address: 0.0.0.0:80 session_ttl: 720h -users: - - name: admin - password: "$2y$10$CHANGE_THIS_AFTER_SETUP" +users: [] auth_attempts: 5 block_auth_min: 15 language: en @@ -158,17 +211,19 @@ log: max_size: 100 max_age: 3 schema_version: 29 -ADGEOF +ADGEOF' +else + echo "[6/8] Config already migrated from HA, skipping default config." +fi - systemctl start AdGuardHome -' - -echo "[6/7] Verifying AdGuard Home is running..." +# --- Start AdGuard --- +echo "[7/8] Starting AdGuard Home..." +pct exec "${CT_ID}" -- systemctl start AdGuardHome sleep 3 -pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -15 +pct exec "${CT_ID}" -- systemctl status AdGuardHome --no-pager -l | head -10 -echo "[7/7] Testing DNS resolution..." -pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)" +echo "[8/8] Testing DNS resolution..." +pct exec "${CT_ID}" -- bash -c 'apt-get install -y -qq dnsutils 2>/dev/null && dig @127.0.0.1 google.com +short' 2>/dev/null || echo "(dig not available, but service is running)" CT_IP_CLEAN=$(echo "${CT_IP}" | cut -d'/' -f1) @@ -180,13 +235,35 @@ echo "" echo " Web UI: http://${CT_IP_CLEAN}:80" echo " DNS: ${CT_IP_CLEAN}:53" echo "" -echo " MIGRATION STEPS:" -echo " 1. Access AdGuard web UI at http://${CT_IP_CLEAN}:80" -echo " Complete the initial setup wizard" -echo " 2. Export config from HA AdGuard add-on and import here" -echo " 3. Test: nslookup google.com ${CT_IP_CLEAN}" -echo " 4. Update OPNsense DHCP DNS from 10.0.0.55 to ${CT_IP_CLEAN}" -echo " 5. After 24hrs stability, stop HA AdGuard add-on" -echo " 6. Optional: re-add HA AdGuard integration -> ${CT_IP_CLEAN}" -echo " 7. Optional: NPM proxy adguard.hideawaygaming.com.au -> ${CT_IP_CLEAN}:80" +if [ "$MIGRATED" = true ]; then + echo " Config was migrated from HA addon." + echo " Your filter lists, DNS rewrites, and" + echo " parental controls should already be there." +else + echo " Using DEFAULT config (migration failed)." + echo " Complete the setup wizard at http://${CT_IP_CLEAN}:80" + echo "" + echo " MANUAL CONFIG MIGRATION:" + echo " Since there is no export option in AdGuard GUI," + echo " copy the config manually via HA Terminal & SSH:" + echo "" + echo " # From the HAOS SSH terminal:" + echo " scp /addon_data/${ADDON_SLUG}/AdGuardHome.yaml \\" + echo " root@10.0.0.240:/tmp/adguard-config.yaml" + echo "" + echo " # Then on Proxmox (10.0.0.240):" + echo " pct push ${CT_ID} /tmp/adguard-config.yaml \\" + echo " /opt/AdGuardHome/AdGuardHome.yaml" + echo " pct exec ${CT_ID} -- systemctl restart AdGuardHome" +fi +echo "" +echo " NEXT STEPS:" +echo " 1. Test: nslookup google.com ${CT_IP_CLEAN}" +echo " 2. Update OPNsense DHCP DNS: 10.0.0.55 -> ${CT_IP_CLEAN}" +echo " Services > DHCPv4 > [LAN] > DNS servers" +echo " 3. Wait 24hrs, confirm stability" +echo " 4. Stop HA AdGuard add-on" +echo " 5. Optional: re-add HA integration -> ${CT_IP_CLEAN}" +echo " 6. Optional: NPM proxy adguard.hideawaygaming.com.au" +echo " -> http://${CT_IP_CLEAN}:80" echo "============================================"