sirkirby · December 19, 2024 20:21
diff --git a/AdGuardHome.yaml b/AdGuardHome.yaml
 bind_host: 0.0.0.0
 bind_port: 3000
 # I recommend adding a user account, but this is optional
 # requires hashed password htpasswd -B -n -b <USERNAME> <PASSWORD>
 users:
  - name: admin
    password: XXXXXXXXXXXXXXXXXXXXXXXX
 auth_attempts: 5
 block_auth_min: 15
 http_proxy: ""
 language: ""
 theme: auto
 debug_pprof: false
 web_session_ttl: 720
 dns:
  bind_hosts:
    - 0.0.0.0
  port: 53
  enable_doh_json: true
  enable_doh: true
  doh_port: 3000
  doh_path: "/dns-query"
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 50
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - https://cloudflare-dns.com/dns-query
    - https://dns.google/dns-query
  upstream_dns_file: ""
  bootstrap_dns:
    - 1.1.1.1
    - 8.8.8.8
    - 2606:4700:4700::1111
  all_servers: false
  fastest_addr: true
  fastest_timeout: 2s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
  cache_size: 8388608
  cache_ttl_min: 60
  cache_ttl_max: 3600
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: true
  edns_client_subnet:
    custom_ip: ""
    enabled: true
    use_custom: false
  max_goroutines: 1000
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites:
    - domain: k3s.chriskirby.net
      answer: 10.100.1.45
    - domain: nas.chriskirby.net
      answer: 10.100.1.10
    - domain: mypods.chriskirby.net
      answer: k3s.chriskirby.net
    - domain: files.chriskirby.net
      answer: nas.chriskirby.net
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams: []
  use_dns64: false
  dns64_prefixes: []
  serve_http3: true
  use_http3_upstreams: true
  querylog_enabled: true
 http:
  address: 0.0.0.0:3000
  session_ttl: 720h
  enable_json_api: true
 tls:
  enabled: true
  server_name: "adguard.chriskirby.net"
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  allow_unencrypted_doh: false
  # A path accessible to the container or installation directory
  certificate_path: /opt/adguardhome/conf/tls/fullchain.pem
  private_key_path: /opt/adguardhome/conf/tls/privkey.pem
  strict_sni_check: false
 querylog:
  enabled: true
  file_enabled: true
  interval: 2160h
  size_memory: 2000
  ignored: []
 statistics:
  enabled: true
  interval: 1
  ignored: []
 # abbreviated list of filters
 filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    name: Filter 1
    id: 1
  - enabled: true
    url: https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
    name: Filter 2
    id: 2
  - enabled: true
    url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
    name: Filter 3
    id: 3
  - enabled: true
    url: https://v.firebog.net/hosts/static/w3kbl.txt
    name: Filter 4
    id: 4
  - enabled: true
    url: https://adaway.org/hosts.txt
    name: Filter 5
    id: 5
  - enabled: true
    url: https://v.firebog.net/hosts/AdguardDNS.txt
    name: Filter 6
    id: 6
  - enabled: true
    url: https://v.firebog.net/hosts/Admiral.txt
    name: Filter 7
    id: 7
  - enabled: true
    url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
    name: Filter 8
    id: 8
  - enabled: true
    url: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
    name: Filter 9
    id: 9
  - enabled: true
    url: https://v.firebog.net/hosts/Easylist.txt
    name: Filter 10
    id: 10
 whitelist_filters: []
 user_rules:
  - '@@||0.client-channel.google.com^$important # In order for users on your network to access Google Drive and Google Docs editors this domain must be whitelisted - https://support.google.com/a/answer/2589954?hl=en'
  - '@@||1drv.com^$important # It is actually a legitimate Microsoft owned domain and used as a short link for OneDrive documents.'
  - '@@||2.android.pool.ntp.org^$important # This domain is a part of The pool.ntp.org project which is a big virtual cluster of timeservers providing reliable time. This domain is used in Android devices'
  - '@@||akamaihd.net^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
  - '@@||akamaitechnologies.com^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
  - '@@||akamaized.net^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
  - '@@||amazonaws.com^$important # Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs. This domain is used to serve files and other static resources which are hosted on Amazon AWS'
  - '@@||android.clients.google.com^$important # Google Play Store and few devices (especially Android One devices) depends on this domain for system updates.'
  - '@@||api.ipify.org^$important # It is used to get your public IP address programmatically. ipify is completely opensource.'
  - '@@||app-api.ted.com^$important # Used by ted.com streams.'
  - '@@||api.rlje.net^$important # Used to deliver contents on video straming apps on hulu etc.'
  - '@@||appleid.apple.com^$important # Used to sign in t your Apple account.'
  - '@@||apps.skype.com^$important # Used to make group calls, group chats etc. on Skype.'
  - '@@||appsbackup-pa.clients6.google.com^$important # Used to backup device settings and app data.'
  - '@@||appsbackup-pa.googleapis.com^$important # Used to backup device settings and app data.'
 dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
 clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
 log_file: ""
 log_max_backups: 0
 log_max_size: 100
 log_max_age: 3
 log_compress: false
 log_localtime: true
 verbose: false
 os:
  group: ""
  user: ""
  rlimit_nofile: 0
 schema_version: 17
	bind_host: 0.0.0.0
	bind_port: 3000
	# I recommend adding a user account, but this is optional
	# requires hashed password htpasswd -B -n -b <USERNAME> <PASSWORD>
	users:
	- name: admin
	password: XXXXXXXXXXXXXXXXXXXXXXXX
	auth_attempts: 5
	block_auth_min: 15
	http_proxy: ""
	language: ""
	theme: auto
	debug_pprof: false
	web_session_ttl: 720
	dns:
	bind_hosts:
	- 0.0.0.0
	port: 53
	enable_doh_json: true
	enable_doh: true
	doh_port: 3000
	doh_path: "/dns-query"
	anonymize_client_ip: false
	protection_enabled: true
	blocking_mode: default
	blocking_ipv4: ""
	blocking_ipv6: ""
	blocked_response_ttl: 10
	parental_block_host: family-block.dns.adguard.com
	safebrowsing_block_host: standard-block.dns.adguard.com
	ratelimit: 50
	ratelimit_whitelist: []
	refuse_any: true
	upstream_dns:
	- https://cloudflare-dns.com/dns-query
	- https://dns.google/dns-query
	upstream_dns_file: ""
	bootstrap_dns:
	- 1.1.1.1
	- 8.8.8.8
	- 2606:4700:4700::1111
	all_servers: false
	fastest_addr: true
	fastest_timeout: 2s
	allowed_clients: []
	disallowed_clients: []
	blocked_hosts:
	- version.bind
	- id.server
	- hostname.bind
	trusted_proxies:
	- 127.0.0.0/8
	- ::1/128
	- 10.0.0.0/8
	- 172.16.0.0/12
	- 192.168.0.0/16
	cache_size: 8388608
	cache_ttl_min: 60
	cache_ttl_max: 3600
	cache_optimistic: true
	bogus_nxdomain: []
	aaaa_disabled: false
	enable_dnssec: true
	edns_client_subnet:
	custom_ip: ""
	enabled: true
	use_custom: false
	max_goroutines: 1000
	handle_ddr: true
	ipset: []
	ipset_file: ""
	filtering_enabled: true
	filters_update_interval: 24
	parental_enabled: false
	safesearch_enabled: false
	safebrowsing_enabled: false
	safebrowsing_cache_size: 1048576
	safesearch_cache_size: 1048576
	parental_cache_size: 1048576
	cache_time: 30
	rewrites:
	- domain: k3s.chriskirby.net
	answer: 10.100.1.45
	- domain: nas.chriskirby.net
	answer: 10.100.1.10
	- domain: mypods.chriskirby.net
	answer: k3s.chriskirby.net
	- domain: files.chriskirby.net
	answer: nas.chriskirby.net
	blocked_services: []
	upstream_timeout: 10s
	private_networks: []
	use_private_ptr_resolvers: true
	local_ptr_upstreams: []
	use_dns64: false
	dns64_prefixes: []
	serve_http3: true
	use_http3_upstreams: true
	querylog_enabled: true
	http:
	address: 0.0.0.0:3000
	session_ttl: 720h
	enable_json_api: true
	tls:
	enabled: true
	server_name: "adguard.chriskirby.net"
	force_https: false
	port_https: 443
	port_dns_over_tls: 853
	port_dns_over_quic: 853
	allow_unencrypted_doh: false
	# A path accessible to the container or installation directory
	certificate_path: /opt/adguardhome/conf/tls/fullchain.pem
	private_key_path: /opt/adguardhome/conf/tls/privkey.pem
	strict_sni_check: false
	querylog:
	enabled: true
	file_enabled: true
	interval: 2160h
	size_memory: 2000
	ignored: []
	statistics:
	enabled: true
	interval: 1
	ignored: []
	# abbreviated list of filters
	filters:
	- enabled: true
	url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
	name: AdGuard DNS filter
	id: 1
	- enabled: false
	url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
	name: AdAway Default Blocklist
	id: 2
	- enabled: true
	url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
	name: Filter 1
	id: 1
	- enabled: true
	url: https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt
	name: Filter 2
	id: 2
	- enabled: true
	url: https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
	name: Filter 3
	id: 3
	- enabled: true
	url: https://v.firebog.net/hosts/static/w3kbl.txt
	name: Filter 4
	id: 4
	- enabled: true
	url: https://adaway.org/hosts.txt
	name: Filter 5
	id: 5
	- enabled: true
	url: https://v.firebog.net/hosts/AdguardDNS.txt
	name: Filter 6
	id: 6
	- enabled: true
	url: https://v.firebog.net/hosts/Admiral.txt
	name: Filter 7
	id: 7
	- enabled: true
	url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
	name: Filter 8
	id: 8
	- enabled: true
	url: https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
	name: Filter 9
	id: 9
	- enabled: true
	url: https://v.firebog.net/hosts/Easylist.txt
	name: Filter 10
	id: 10
	whitelist_filters: []
	user_rules:
	- '@@\|\|0.client-channel.google.com^$important # In order for users on your network to access Google Drive and Google Docs editors this domain must be whitelisted - https://support.google.com/a/answer/2589954?hl=en'
	- '@@\|\|1drv.com^$important # It is actually a legitimate Microsoft owned domain and used as a short link for OneDrive documents.'
	- '@@\|\|2.android.pool.ntp.org^$important # This domain is a part of The pool.ntp.org project which is a big virtual cluster of timeservers providing reliable time. This domain is used in Android devices'
	- '@@\|\|akamaihd.net^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
	- '@@\|\|akamaitechnologies.com^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
	- '@@\|\|akamaized.net^$important # This domain is owned by Akamai Technologies which is a is a global content delivery network (CDN).'
	- '@@\|\|amazonaws.com^$important # Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs. This domain is used to serve files and other static resources which are hosted on Amazon AWS'
	- '@@\|\|android.clients.google.com^$important # Google Play Store and few devices (especially Android One devices) depends on this domain for system updates.'
	- '@@\|\|api.ipify.org^$important # It is used to get your public IP address programmatically. ipify is completely opensource.'
	- '@@\|\|app-api.ted.com^$important # Used by ted.com streams.'
	- '@@\|\|api.rlje.net^$important # Used to deliver contents on video straming apps on hulu etc.'
	- '@@\|\|appleid.apple.com^$important # Used to sign in t your Apple account.'
	- '@@\|\|apps.skype.com^$important # Used to make group calls, group chats etc. on Skype.'
	- '@@\|\|appsbackup-pa.clients6.google.com^$important # Used to backup device settings and app data.'
	- '@@\|\|appsbackup-pa.googleapis.com^$important # Used to backup device settings and app data.'
	dhcp:
	enabled: false
	interface_name: ""
	local_domain_name: lan
	dhcpv4:
	gateway_ip: ""
	subnet_mask: ""
	range_start: ""
	range_end: ""
	lease_duration: 86400
	icmp_timeout_msec: 1000
	options: []
	dhcpv6:
	range_start: ""
	lease_duration: 86400
	ra_slaac_only: false
	ra_allow_slaac: false
	clients:
	runtime_sources:
	whois: true
	arp: true
	rdns: true
	dhcp: true
	hosts: true
	persistent: []
	log_file: ""
	log_max_backups: 0
	log_max_size: 100
	log_max_age: 3
	log_compress: false
	log_localtime: true
	verbose: false
	os:
	group: ""
	user: ""
	rlimit_nofile: 0
	schema_version: 17