From fe1147e7a540e6feb6d1ec2be9ffee07371a6c6c Mon Sep 17 00:00:00 2001 From: ixxeL2097 Date: Sat, 25 Apr 2026 15:53:35 +0200 Subject: [PATCH] feat(adguard): add adguardhome-sync to sync config between genmachine and beelink Deploys bakito/adguardhome-sync alongside the existing AdGuard Home instances. Syncs DNS rewrites, filters and settings from genmachine (origin) to beelink (replica) every 2 minutes. Credentials are sourced from Vault via ExternalSecret at adguard/credentials. Prerequisite: populate Vault key adguard/credentials with username and password (plaintext) matching the AdGuard admin account. Co-Authored-By: Claude Sonnet 4.6 --- .../templates/adguardhome-sync.yaml | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 gitops/manifests/adguard/genmachine/templates/adguardhome-sync.yaml diff --git a/gitops/manifests/adguard/genmachine/templates/adguardhome-sync.yaml b/gitops/manifests/adguard/genmachine/templates/adguardhome-sync.yaml new file mode 100644 index 000000000..52a6d84d5 --- /dev/null +++ b/gitops/manifests/adguard/genmachine/templates/adguardhome-sync.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: adguardhome-sync-config + namespace: adguard +data: + config.yaml: | + cron: "*/2 * * * *" + runOnStart: true + logTimestamp: false + origin: + url: http://adguard-adguard-home-http:80 + apiPath: /control + replicas: + - url: https://adguard.k0s-fullstack.fredcorp.com + insecureskipverify: true +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: adguardhome-sync-credentials + namespace: adguard +spec: + refreshInterval: 1h + secretStoreRef: + name: admin + kind: ClusterSecretStore + target: + name: adguardhome-sync-credentials + creationPolicy: Owner + deletionPolicy: Retain + template: + engineVersion: v2 + data: + ADGUARDHOME_SYNC_ORIGIN_USERNAME: '{{ "{{" }}.username{{ "}}" }}' + ADGUARDHOME_SYNC_ORIGIN_PASSWORD: '{{ "{{" }}.password{{ "}}" }}' + ADGUARDHOME_SYNC_REPLICA1_USERNAME: '{{ "{{" }}.username{{ "}}" }}' + ADGUARDHOME_SYNC_REPLICA1_PASSWORD: '{{ "{{" }}.password{{ "}}" }}' + data: + - secretKey: username + remoteRef: + conversionStrategy: Default + decodingStrategy: None + metadataPolicy: None + key: adguard/credentials + property: username + - secretKey: password + remoteRef: + conversionStrategy: Default + decodingStrategy: None + metadataPolicy: None + key: adguard/credentials + property: password +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguardhome-sync + namespace: adguard + labels: + app.kubernetes.io/name: adguardhome-sync + app.kubernetes.io/instance: adguard +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: adguardhome-sync + app.kubernetes.io/instance: adguard + template: + metadata: + labels: + app.kubernetes.io/name: adguardhome-sync + app.kubernetes.io/instance: adguard + spec: + priorityClassName: infra-apps-priority + containers: + - name: adguardhome-sync + # renovate: datasource=github-releases depName=bakito/adguardhome-sync + image: ghcr.io/bakito/adguardhome-sync:v0.9.0 + args: + - run + envFrom: + - secretRef: + name: adguardhome-sync-credentials + env: + - name: ADGUARDHOME_SYNC_CONFIG + value: /config/config.yaml + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 128Mi + volumeMounts: + - name: config + mountPath: /config + readOnly: true + volumes: + - name: config + configMap: + name: adguardhome-sync-config