Package Details: adguardhome-bin 0.107.52-1

Git Clone URL: https://aur.archlinux.org/adguardhome-bin.git (read-only, click to copy)
Package Base: adguardhome-bin
Description: Network-wide ads and trackers blocking DNS server (binary version).
Upstream URL: https://github.com/AdguardTeam/AdGuardHome
Keywords: adblock adblocker adguard adguardhome ads antispam antitracker black blocker blocking dns hole internet-of-things iot network privacy re-router server tracker tracking
Licenses: GPL
Conflicts: adguardhome
Provides: adguardhome-bin
Submitter: mvidaldp
Maintainer: mvidaldp
Last Packager: mvidaldp
Votes: 7
Popularity: 0.080087
First Submitted: 2021-03-12 18:26 (UTC)
Last Updated: 2024-07-30 15:28 (UTC)

Latest Comments

1 2 3 Next › Last »

dnaeon commented on 2024-10-14 05:46 (UTC)

0.107.53 version is available.

handsomexdd1024 commented on 2024-09-26 01:13 (UTC)

It's not recommended to install ../adguardhome.service directly. Instead, use source=("adguardhome.service"), with install -Dm644 "adguardhome.service" "${pkgdir}/usr/lib/systemd/system/adguardhome.service".

Kimiblock commented on 2024-04-06 14:58 (UTC) (edited on 2024-04-06 15:21 (UTC) by Kimiblock)

Also, post_remove() is generally not recommended when packaging and this package should provide and conflict adguardhome

Kimiblock commented on 2024-04-06 14:55 (UTC) (edited on 2024-04-06 14:56 (UTC) by Kimiblock)

I have a service file with DynamicUser which is also hardened:

➜  serverOS git:(master) cat /usr/lib/systemd/system/serverOS-AdGuardHome.service
[Unit]
Description=serverOS DNS
PartOf=network-online.target
RequiresMountsFor=/var/lib/private/adguardhome
After=serverOS-clash-meta.service
Before=NetworkManager-wait-online.service

[Service]
Nice=-1
DynamicUser=yes
StartLimitInterval=5
StateDirectory=serverOS-AdGuardHome
WorkingDirectory=/var/lib/private/serverOS-AdGuardHome
ExecStartPre=cp /var/lib/adguardhome/AdGuardHome /var/lib/private/serverOS-AdGuardHome/aghexec
ExecStart=/var/lib/private/serverOS-AdGuardHome/aghexec "-s" "run"
Restart=always
RestartSec=5

OOMPolicy=stop
OOMScoreAdjust=-500

SyslogIdentifier=AdGuardHome
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW

ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
RestrictAddressFamilies=AF_PACKET AF_NETLINK AF_INET AF_INET6
RestrictNamespaces=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
SystemCallArchitectures=native

ProtectProc=invisible
ProcSubset=pid

SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@swap

UMask=077

[Install]
WantedBy=multi-user.target

mvidaldp commented on 2023-09-16 10:46 (UTC)

@procobain yes it does :)

procobain commented on 2023-09-15 17:16 (UTC)

Does it run as root?

mvidaldp commented on 2023-01-04 13:14 (UTC)

@drrlvn thanks for the suggestion, it's fixed now.

drrlvn commented on 2023-01-03 19:47 (UTC) (edited on 2023-01-03 19:47 (UTC) by drrlvn)

The systemd service file should be installed in /usr/lib/systemd/system/ and not in /etc/systemd/system/ as it is now.

Also, the adguardhome package recently renamed the service from AdGuardHome.service to adguardhome.service, so you should perhaps consider doing the same.

mvidaldp commented on 2022-10-13 12:04 (UTC)

It's for setting up an internal AdGuard, for your local network. More info: https://github.com/AdguardTeam/AdGuardHome#readme https://adguard.com/en/adguard-home/overview.html

bkb commented on 2022-10-13 08:04 (UTC)

Wait, this package is for setting up rapidly AdGuard DNS for the computer to use it instead of default DNS? Or it's a copy of AdGuard internal DNS servers for us to run it locally in our WAN and become ourselves the filter?

Because I would prefer the first one, and if it's not possible, I want to be able to be client of my own server, because I want to filter my DNS requests

1 2 3 Next › Last »