From 16ce86b252c33f594c9f2deffc422f2e78048667 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 20:28:59 +0100 Subject: [PATCH 01/12] Update changelog to 0.2.0 --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a92f4b..eaf397f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,10 +4,11 @@ All notable changes to this project will be documented in this file. ## Release -### [v0.1.1](https://github.com/shoddyguard/Puppet-Adguard/tree/v0.1.1) (2020-04-01) +### [v0.2.0](https://github.com/shoddyguard/Puppet-Adguard/tree/v0.2.0) (2020-04-01) **Features** - Moved several complex types into their own definitions rather than defining them in the parameters of the main class. +- Added a new function for validating TLS options - Moved default parameter declarations from hiera into the manifests. This allows Puppet-Strings to extract default values into documentaion and makes things easier to locate. - Tidied up documentation and added some more examples - Expanded acceptance testing slightly From 957d93bfddf7f7b8a523eeeefc29a83f93521115 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 20:44:07 +0100 Subject: [PATCH 02/12] Stop changing my quotes!! --- .rufo | 1 + 1 file changed, 1 insertion(+) create mode 100644 .rufo diff --git a/.rufo b/.rufo new file mode 100644 index 0000000..c0f958c --- /dev/null +++ b/.rufo @@ -0,0 +1 @@ +quote_style :single \ No newline at end of file From eeb419cf7629bb60980dd72fbb67935f92e32f85 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 20:44:41 +0100 Subject: [PATCH 03/12] add a basic test for DHCP --- spec/acceptance/dhcp_spec.rb | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 spec/acceptance/dhcp_spec.rb diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb new file mode 100644 index 0000000..82412f0 --- /dev/null +++ b/spec/acceptance/dhcp_spec.rb @@ -0,0 +1,34 @@ +# Tests applying adguard with basic DHCP options +require 'spec_helper_acceptance' + +pp_dhcp = <<-MANIFEST + class {'adguard': + users => [ + { + username => 'user', + password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe', + }], + enable_dhcp => true, + dhcp_interface => 'eth0', + dhcp_v4_options => { + gateway_ip => '192.168.1.1', + subnet_mask => '255.255.255.0', + range_start => '192.168.1.2', + range_end => '192.168.1.20', + lease_duration => 86400, + } + } +MANIFEST + +idempotent_apply(pp_dhcp) + +describe 'adguard_dhcp' do + context service('AdGuardHome') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + context file('/opt/AdGuardHome/AdGuardHome.yaml') do + it { is_expected.to be_file } + its(:content) { is_expected.to match(%r{gateway_ip: 192.168.1.1}).and match(%r{subnet_mask: 255.255.255.0}) } + end +end From b622661626405a78f8ab92c8cad8cad3cb12f6ef Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 20:56:12 +0100 Subject: [PATCH 04/12] make test a bit easier to read --- spec/acceptance/dhcp_spec.rb | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb index 82412f0..7f81431 100644 --- a/spec/acceptance/dhcp_spec.rb +++ b/spec/acceptance/dhcp_spec.rb @@ -21,14 +21,17 @@ class {'adguard': MANIFEST idempotent_apply(pp_dhcp) - describe 'adguard_dhcp' do - context service('AdGuardHome') do + describe service('AdGuardHome') do it { is_expected.to be_enabled } it { is_expected.to be_running } end - context file('/opt/AdGuardHome/AdGuardHome.yaml') do + + describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - its(:content) { is_expected.to match(%r{gateway_ip: 192.168.1.1}).and match(%r{subnet_mask: 255.255.255.0}) } + it { is_expected.to contain %r{gateway_ip: 192.168.1.1} } + it { is_expected.to contain %r{subnet_mask: 255.255.255.0} } + it { is_expected.to contain %r{range_start: 192.168.1.2} } + it { is_expected.to contain %r{range_end: 192.168.1.20} } end end From 8e5c2df624b3926860700e705fcad0e16430cf70 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 21:08:03 +0100 Subject: [PATCH 05/12] wrong method --- spec/acceptance/dhcp_spec.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb index 7f81431..3f017a8 100644 --- a/spec/acceptance/dhcp_spec.rb +++ b/spec/acceptance/dhcp_spec.rb @@ -21,6 +21,7 @@ class {'adguard': MANIFEST idempotent_apply(pp_dhcp) + describe 'adguard_dhcp' do describe service('AdGuardHome') do it { is_expected.to be_enabled } @@ -29,9 +30,9 @@ class {'adguard': describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - it { is_expected.to contain %r{gateway_ip: 192.168.1.1} } - it { is_expected.to contain %r{subnet_mask: 255.255.255.0} } - it { is_expected.to contain %r{range_start: 192.168.1.2} } - it { is_expected.to contain %r{range_end: 192.168.1.20} } + it { is_expected.to match %r{gateway_ip: 192.168.1.1} } + it { is_expected.to match %r{subnet_mask: 255.255.255.0} } + it { is_expected.to match %r{range_start: 192.168.1.2} } + it { is_expected.to match %r{range_end: 192.168.1.20} } end end From 12d32dbd1cce1ce496ffb1231263c1bdd5468e59 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 21:21:58 +0100 Subject: [PATCH 06/12] retract that --- spec/acceptance/dhcp_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb index 3f017a8..57cefdd 100644 --- a/spec/acceptance/dhcp_spec.rb +++ b/spec/acceptance/dhcp_spec.rb @@ -30,9 +30,9 @@ class {'adguard': describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - it { is_expected.to match %r{gateway_ip: 192.168.1.1} } - it { is_expected.to match %r{subnet_mask: 255.255.255.0} } - it { is_expected.to match %r{range_start: 192.168.1.2} } - it { is_expected.to match %r{range_end: 192.168.1.20} } + it { is_expected.to contain %r{gateway_ip: 192.168.1.1} } + it { is_expected.to contain %r{subnet_mask: 255.255.255.0} } + it { is_expected.to contain %r{range_start: 192.168.1.2} } + it { is_expected.to contain %r{range_end: 192.168.1.20} } end end From d1594ded4955fd0fb946951b2ed91cbe78fbc4c1 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 21:31:44 +0100 Subject: [PATCH 07/12] whitespace seems to be counted --- spec/acceptance/dhcp_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb index 57cefdd..1f408b3 100644 --- a/spec/acceptance/dhcp_spec.rb +++ b/spec/acceptance/dhcp_spec.rb @@ -30,9 +30,9 @@ class {'adguard': describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - it { is_expected.to contain %r{gateway_ip: 192.168.1.1} } - it { is_expected.to contain %r{subnet_mask: 255.255.255.0} } - it { is_expected.to contain %r{range_start: 192.168.1.2} } - it { is_expected.to contain %r{range_end: 192.168.1.20} } + it { is_expected.to contain ' gateway_ip: 192.168.1.1' } + it { is_expected.to contain ' subnet_mask: 255.255.255.0' } + it { is_expected.to contain ' range_start: 192.168.1.2' } + it { is_expected.to contain ' range_end: 192.168.1.20' } end end From 24939c3f7afda6f836b93a27cedfcfb7f9ead4c2 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 22:21:01 +0100 Subject: [PATCH 08/12] fix broken spec tests --- spec/acceptance/dhcp_spec.rb | 19 ++++++++++-------- spec/acceptance/tls_spec.rb | 38 ++++++++++++++++++++---------------- 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/spec/acceptance/dhcp_spec.rb b/spec/acceptance/dhcp_spec.rb index 1f408b3..fb1bd5a 100644 --- a/spec/acceptance/dhcp_spec.rb +++ b/spec/acceptance/dhcp_spec.rb @@ -1,7 +1,9 @@ # Tests applying adguard with basic DHCP options require 'spec_helper_acceptance' -pp_dhcp = <<-MANIFEST +describe 'adguard_dhcp' do + it 'applies succesfully' do + dhcp_pp = <<-MANIFEST class {'adguard': users => [ { @@ -19,10 +21,9 @@ class {'adguard': } } MANIFEST + idempotent_apply(dhcp_pp) + end -idempotent_apply(pp_dhcp) - -describe 'adguard_dhcp' do describe service('AdGuardHome') do it { is_expected.to be_enabled } it { is_expected.to be_running } @@ -30,9 +31,11 @@ class {'adguard': describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - it { is_expected.to contain ' gateway_ip: 192.168.1.1' } - it { is_expected.to contain ' subnet_mask: 255.255.255.0' } - it { is_expected.to contain ' range_start: 192.168.1.2' } - it { is_expected.to contain ' range_end: 192.168.1.20' } + it { is_expected.to contain %r{interface_name: eth0} } + it { is_expected.to contain %r{gateway_ip: 192.168.1.1} } + it { is_expected.to contain %r{subnet_mask: 255.255.255.0} } + it { is_expected.to contain %r{range_start: 192.168.1.2} } + it { is_expected.to contain %r{range_end: 192.168.1.20} } + it { is_expected.to contain %r{lease_duration: 86400} } end end diff --git a/spec/acceptance/tls_spec.rb b/spec/acceptance/tls_spec.rb index 33da583..580d761 100644 --- a/spec/acceptance/tls_spec.rb +++ b/spec/acceptance/tls_spec.rb @@ -2,10 +2,12 @@ # Only basic configuration is checked as unsure how to test more extensively in a container. require 'spec_helper_acceptance' -# Copy over a dummy SSL cert + key (generated by OpenSSL) to use for testing SSL, -# this expires on 2022/04/02, unsure if this will cause errors in the future. -# This also only tests the "path" options for TLS and not specifying the certs directly, we should implement this later. -pp_tls = <<-MANIFEST +describe 'adguard_tls' do + it 'applies succesfully' do + # Copy over a dummy SSL cert + key (generated by OpenSSL) to use for testing SSL, + # this expires on 2022/04/02, unsure if this will cause errors in the future. + # This also only tests the "path" options for TLS and not specifying the certs directly, we should implement this later. + pp_tls = <<-MANIFEST $ca_cert = @("CA_CERT"/L) -----BEGIN CERTIFICATE----- MIIFcjCCA1oCCQDRZO9ndAf3hTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJH @@ -126,22 +128,24 @@ class {'adguard': } MANIFEST -idempotent_apply(pp_tls) - -describe 'adguard_tls' do - context service('AdGuardHome') do + idempotent_apply(pp_tls) + end + describe service('AdGuardHome') do it { is_expected.to be_enabled } it { is_expected.to be_running } end - # Ensure our ports are listening - context port(80) do - it { is_expected.to be_listening } - end - context port(53) do - it { is_expected.to be_listening } - end - context file('/opt/AdGuardHome/AdGuardHome.yaml') do + + describe file('/opt/AdGuardHome/AdGuardHome.yaml') do it { is_expected.to be_file } - its(:content) { is_expected.to match(%r{server_name: adguard-test.com}) } + it { is_expected.to contain %r{server_name: adguard-test.com} } + it { is_expected.to contain %r{force_https: false} } + it { is_expected.to contain %r{port_https: 443} } + it { is_expected.to contain %r{port_dns_over_tls: 853} } + it { is_expected.to contain %r{port_dns_over_quic: 784} } + it { is_expected.to contain %r{port_dnscrypt: 0} } + it { is_expected.to contain %r{allow_unencrypted_doh: false} } + it { is_expected.to contain %r{strict_sni_check: false} } + it { is_expected.to contain %r{certificate_path: /root/cert.pem} } + it { is_expected.to contain %r{private_key_path: /root/key.pem} } end end From 0d4f8f51c66cebe815509f1981de3990ff02b480 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 22:24:38 +0100 Subject: [PATCH 09/12] document the new features --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/README.md b/README.md index 1cc7811..b02d6d0 100644 --- a/README.md +++ b/README.md @@ -136,6 +136,73 @@ class {'adguard': ``` For more information on this please see the [official AdGuard documentation](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#newclient) +## Configuring DHCP +AdGuard Home supports acting as a DHCP server +To enable DHCP you would need to set `enable_dhcp` to `true`, specify a `dhcp_interface` and then specify your `dhcp_v4_options`/`dhcp_v6_options` +Example: +```puppet +class {'adguard': + users => [{ + username => 'user', + password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe', + }], + enable_dhcp => true, + dhcp_interface => 'eth0', + dhcp_v4_options => { + gateway_ip => '192.168.1.1', + subnet_mask => '255.255.255.0', + range_start => '192.168.1.2', + range_end => '192.168.1.20', + lease_duration => 86400, # in seconds + } +``` +You can also specify custom DHCP options via the `options` parameter, these should be given as `CODE hex HEX_VALUE` (eg `6 hex 0102030401020305`). +```puppet +class {'adguard': + users => [{ + username => 'user', + password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe', + }], + enable_dhcp => true, + dhcp_interface => 'eth0', + dhcp_v4_options => { + gateway_ip => '192.168.1.1', + subnet_mask => '255.255.255.0', + range_start => '192.168.1.2', + range_end => '192.168.1.20', + lease_duration => 86400, # in seconds + options => [ + '6 hex 0102030401020305' + ], + } +``` +For more information see the official [AdGuard documentation](https://github.com/AdguardTeam/AdGuardHome/wiki/DHCP#config-4) + +## TLS Configuration +As of v0.2.0 this module now supports setting the TLS settings in Adguard. This remains largely untested so use with caution and please report any issues on the module repository. +A basic configuration would look like: +```puppet +class {'adguard': + users => [{ + username => 'user', + password => '$2y$10$c6lDDShTh5ezcvKhyWwOMet6C/0tLxlgYX53wf58jl9tBdUVbYSqe', + }], + enable_tls => true, + tls_options => { + server_name => 'adguard-test.com', + force_https => false, + port_https => 443, + port_dns_over_tls => 853, + port_dns_over_quic => 784, + port_dnscrypt => 0, + allow_unencrypted_doh => false, + strict_sni_check => false, + certificate_path => '/root/cert.pem', + private_key_path => '/root/key.pem', + } +``` +More information on these settings can be found in the [official AdGuard docs](https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption) + # Know Limitations ## Configuration overwriting itself/Disabling configuration file management Due to the fact this module manages configuration of AdGuard by manipulating the `AdGuardHome.yaml` file there may be instances where Puppet fights against AdGuard Home with both trying to change the contents of the file. From 693a52afdeeabc61989d57728af5579ab4dbbed4 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 22:25:50 +0100 Subject: [PATCH 10/12] update module metadata for new release --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 1d3e55f..bda1069 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "shoddyguard-adguard", - "version": "0.1.1", + "version": "0.2.0", "author": "Steve Brown", "summary": "Manages AdGuard Home", "license": "Apache-2.0", From 1eb8dd735dcc007ff30e2454140c03349eaa220a Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 22:29:15 +0100 Subject: [PATCH 11/12] fix wording --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b02d6d0..1e8b871 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,7 @@ class {'adguard': For more information on this please see the [official AdGuard documentation](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#newclient) ## Configuring DHCP -AdGuard Home supports acting as a DHCP server +AdGuard Home supports acting as a DHCP server and as of v0.2.0 this module allows for configuration of those options. To enable DHCP you would need to set `enable_dhcp` to `true`, specify a `dhcp_interface` and then specify your `dhcp_v4_options`/`dhcp_v6_options` Example: ```puppet From 7485096e334138bfd40594a12005292a3cc0a025 Mon Sep 17 00:00:00 2001 From: Steve Brown Date: Fri, 2 Apr 2021 22:31:14 +0100 Subject: [PATCH 12/12] fix wording --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e8b871..0e79162 100644 --- a/README.md +++ b/README.md @@ -156,7 +156,7 @@ class {'adguard': lease_duration => 86400, # in seconds } ``` -You can also specify custom DHCP options via the `options` parameter, these should be given as `CODE hex HEX_VALUE` (eg `6 hex 0102030401020305`). +If you'd like to enable special DHCP options this can be done via the `options` parameter, these should be given as `CODE hex HEX_VALUE` (eg `6 hex 0102030401020305`). ```puppet class {'adguard': users => [{