Update catalog information

catalog.json

@@ -49,7 +49,7 @@
             "latest_version": "1.0.0",
             "latest_app_version": "8.7.0",
             "latest_human_version": "8.7.0_1.0.0",
-            "last_update": null,
+            "last_update": "2023-04-11 15:33:26",
             "name": "elastic-search",
             "recommended": false,
             "title": "Elastic Search",
@@ -402,6 +402,25 @@
             "title": "IPFS",
             "icon_url": "https://avatars.githubusercontent.com/u/10536621"
         },
+        "adguard-home": {
+            "app_readme": "<h1>AdGuard Home</h1>\n<p>During the setup wizard, AdGuard Home presents an option to select on which port the web interface will be available.\n(Defaults to 80. Which is a privileged port and also usually the TrueNAS SCALE UI uses that port)\nBecause of that, App will force the webUI to listen to port 30000 (or the port selected by user in the TrueNAS SCALE UI).</p>\n<p>If you select a different port in the wizard, the Dashboard will not work initially but\nafter a couple of minutes container will automatically restart and the Dashboard will\nbe available on the port you selected on the TrueNAS SCALE UI.</p>\n<blockquote>\n<ul>\n<li>AdGuard runs as <code>root</code> user.</li>\n<li>AdGuard runs with host networking enabled.</li>\n</ul>\n</blockquote>",
+            "categories": [
+                "dns",
+                "adblock"
+            ],
+            "description": "Free and open source, powerful network-wide ads & trackers blocking DNS server.",
+            "healthy": true,
+            "healthy_error": null,
+            "location": "/__w/charts/charts/community/adguard-home",
+            "latest_version": "1.0.0",
+            "latest_app_version": "v0.107.26",
+            "latest_human_version": "v0.107.26_1.0.0",
+            "last_update": null,
+            "name": "adguard-home",
+            "recommended": false,
+            "title": "AdGuard Home",
+            "icon_url": "https://github.com/AdguardTeam/AdGuardHome/raw/master/doc/adguard_home_darkmode.svg"
+        },
         "vaultwarden": {
             "app_readme": "<h1>Vaultwarden</h1>\n<p><a href=\"https://github.com/dani-garcia/vaultwarden\">Vaultwarden</a> Alternative implementation of the <code>Bitwarden</code> server API written in Rust and compatible with upstream Bitwarden clients</p>\n<blockquote>\n<p>During the installation process, a container will be launched with <strong>root</strong> privileges. This is required\nin order to apply the correct permissions to the <code>Vaultwarden</code> data directory. Afterward, the <code>Vaultwarden</code> container\nwill run as a <strong>non</strong>-root user (default <code>568</code>).\nSame applies to the <code>postgres</code> container. This will run afterwards as a <strong>non</strong>-root user (<code>999</code>).\nOn each upgrade, a container will be launched with <strong>root</strong> privileges in order to apply the correct\npermissions to the <code>postgres</code> <strong>backups</strong> directory. Container that performs the backup will run as a <strong>non</strong>-root user (<code>999</code>) afterwards.\nKeep in mind the permissions on the backup directory will be changed to <code>999:999</code> on <strong>every</strong> update.\nBut will only be changed once for the <code>Vaultwarden</code> and <code>postgres</code> data directories.</p>\n</blockquote>\n<p>While the option to use <code>Rocket</code> for TLS is there, it is not\n<a href=\"https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket\">recommended</a>.\nInstead, use a reverse proxy to handle TLS termination.</p>\n<p>Using <code>HTTPS</code> is <strong>required</strong> for the most of the features to work (correctly).</p>",
             "categories": [

community/adguard-home/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.0.3
+digest: sha256:1a090020cfa582aff29906320874ffe9b543fcc6c2423c281f434514f2653e02
+generated: "2023-04-06T19:01:50.673798323+03:00"

community/adguard-home/1.0.0/Chart.yaml

@@ -0,0 +1,25 @@
+name: adguard-home
+description: Free and open source, powerful network-wide ads & trackers blocking DNS server.
+annotations:
+  title: AdGuard Home
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: 'v0.107.26'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.0.3
+home: https://github.com/AdguardTeam/AdGuardHome
+icon: https://github.com/AdguardTeam/AdGuardHome/raw/master/doc/adguard_home_darkmode.svg
+sources:
+  - https://github.com/AdguardTeam/AdGuardHome
+  - https://github.com/truenas/charts/tree/master/library/ix-dev/community/adguard-home
+  - https://hub.docker.com/r/adguard/adguardhome
+keywords:
+  - dns
+  - adblock

community/adguard-home/1.0.0/README.md

@@ -0,0 +1,12 @@
+# AdGuard Home
+
+During the setup wizard, AdGuard Home presents an option to select on which port the web interface will be available.
+(Defaults to 80. Which is a privileged port and also usually the TrueNAS SCALE UI uses that port)
+Because of that, App will force the webUI to listen to port 30000 (or the port selected by user in the TrueNAS SCALE UI).
+
+If you select a different port in the wizard, the Dashboard will not work initially but
+after a couple of minutes container will automatically restart and the Dashboard will
+be available on the port you selected on the TrueNAS SCALE UI.
+
+> - AdGuard runs as `root` user.
+> - AdGuard runs with host networking enabled.

community/adguard-home/1.0.0/app-readme.md

@@ -0,0 +1,12 @@
+# AdGuard Home
+
+During the setup wizard, AdGuard Home presents an option to select on which port the web interface will be available.
+(Defaults to 80. Which is a privileged port and also usually the TrueNAS SCALE UI uses that port)
+Because of that, App will force the webUI to listen to port 30000 (or the port selected by user in the TrueNAS SCALE UI).
+
+If you select a different port in the wizard, the Dashboard will not work initially but
+after a couple of minutes container will automatically restart and the Dashboard will
+be available on the port you selected on the TrueNAS SCALE UI.
+
+> - AdGuard runs as `root` user.
+> - AdGuard runs with host networking enabled.

community/adguard-home/1.0.0/ci/basic-values.yaml

@@ -0,0 +1,7 @@
+adguardStorage:
+  work:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/work
+  conf:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Name }}/conf

community/adguard-home/1.0.0/ix_values.yaml

@@ -0,0 +1,28 @@
+image:
+  repository: adguard/adguardhome
+  tag: v0.107.26
+  pullPolicy: IfNotPresent
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+adguardNetwork:
+  webPort: 30000
+  enableDHCP: false
+
+# FIXME: See _adguard.tpl
+# adguardRunAs:
+#   user: 568
+#   group: 568
+
+adguardStorage:
+  work:
+    type: ixVolume
+    hostPath: ""
+    datasetName: work
+  conf:
+    type: ixVolume
+    hostPath: ""
+    datasetName: conf

community/adguard-home/1.0.0/questions.yaml

@@ -0,0 +1,181 @@
+groups:
+  - name: AdGuard Home Configuration
+    description: Configure AdGuard Home
+  # - name: User and Group Configuration
+  #   description: Configure User and Group for AdGuard Home
+  - name: Network Configuration
+    description: Configure Network for AdGuard Home
+  - name: Storage Configuration
+    description: Configure Storage for AdGuard Home
+  - name: Resources Configuration
+    description: Configure Resources for AdGuard Home
+
+portals:
+  web_portal:
+    protocols:
+      - "$kubernetes-resource_configmap_portal_protocol"
+    host:
+      - "$kubernetes-resource_configmap_portal_host"
+    ports:
+      - "$kubernetes-resource_configmap_portal_port"
+    path: "$kubernetes-resource_configmap_portal_path"
+
+questions:
+  # - variable: adguardRunAs
+  #   label: ""
+  #   group: User and Group Configuration
+  #   schema:
+  #     type: dict
+  #     attrs:
+  #       - variable: user
+  #         label: User ID
+  #         description: The user id that AdGuard Home will run as.
+  #         schema:
+  #           type: int
+  #           min: 1
+  #           default: 568
+  #           required: true
+  #       - variable: group
+  #         label: Group ID
+  #         description: The group id that AdGuard Home will run as.
+  #         schema:
+  #           type: int
+  #           min: 1
+  #           default: 568
+  #           required: true
+
+  - variable: adguardNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: webPort
+          label: Web Port
+          description: |
+            The port for the AdGuard Home WebUI. Set the same during the setup wizard.
+            In case you set a different port, you will need to stop/start the app for the
+            port set here to take effect. (Or wait for the container to restart automatically)
+          schema:
+            type: int
+            default: 30000
+            min: 9000
+            max: 65535
+            required: true
+        - variable: enableDHCP
+          label: Enable DHCP
+          description: |
+            This will only append the needed capabilities for DHCP to work </br>
+            The configuration for DHCP is done in the AdGuard Home WebUI
+          schema:
+            type: boolean
+            default: false
+
+  - variable: adguardStorage
+    label: ""
+    group: Storage Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: work
+          label: AdGuard Home Data Storage
+          description: The path to store AdGuard Home work.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: work
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: conf
+          label: AdGuard Home Configuration Storage
+          description: The path to store AdGuard Home configuration
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: conf
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+
+  - variable: resources
+    label: ""
+    group: Resources Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for AdGuard Home.
+                schema:
+                  type: string
+                  default: 4000m
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for AdGuard Home.
+                schema:
+                  type: string
+                  default: 8Gi
+                  required: true

community/adguard-home/1.0.0/templates/NOTES.txt

@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}

community/adguard-home/1.0.0/templates/_adguard.tpl

@@ -0,0 +1,105 @@
+{{- define "adguard.workload" -}}
+workload:
+  adguard:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      # Host network is pretty much a requirement for apps like this.
+      # Because NodePort can't bind ports like 53(DNS) or 67(DHCP)
+      # and the majority of devices do not have option to change the port.
+      hostNetwork: true
+      containers:
+        adguard:
+          enabled: true
+          primary: true
+          imageSelector: image
+          # Args are copied from the official docker image
+          # So we can also specify the port.
+          # If we dont specify the port here, AdGuardHome
+          # will start initially at port 3000 and after
+          # the setup wizard is completed it will switch
+          # to user specified port.
+          args:
+            - --no-check-update
+            - --host
+            - "0.0.0.0"
+            - --config
+            - /opt/adguardhome/conf/AdGuardHome.yaml
+            - --work-dir
+            - /opt/adguardhome/work
+            - --port
+            - {{ .Values.adguardNetwork.webPort | quote }}
+            # Setup wizard shows an option to select the port that AdGuardHome
+            # Web UI will listen on. If the user selects anything other than the `webPort`,
+            # container will reload its new configuration and listen to the user specified port.
+            # But user won't have access to it because the port is not exposed. Few seconds later
+            # probes will kill the container and restart it with the correct `webPort` port.
+          securityContext:
+            # FIXME: It might be able to run rootless, probably blocked by:
+            # https://github.com/AdguardTeam/AdGuardHome/issues/4681
+            runAsNonRoot: false
+            runAsUser: 0
+            runAsGroup: 0
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+                {{ if .Values.adguardNetwork.enableDHCP }}
+                - NET_RAW
+                {{ end }}
+          # FIXME: Switch to exec probe after this issue is solved, also note that healthcheck
+          # is only available on "edge" tag, as of 27/03/2023
+          # https://github.com/AdguardTeam/AdGuardHome/issues/3290#issuecomment-1485451976
+          probes:
+            liveness:
+              enabled: true
+              type: http
+              path: /
+              port: {{ .Values.adguardNetwork.webPort }}
+            readiness:
+              enabled: true
+              type: http
+              path: /
+              port: {{ .Values.adguardNetwork.webPort }}
+            startup:
+              enabled: true
+              type: http
+              path: /
+              port: {{ .Values.adguardNetwork.webPort }}
+      {{/* # FIXME: Disabled until it can run as non-root
+      initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                        "UID" .Values.ipfsRunAs.user
+                                                        "GID" .Values.ipfsRunAs.group
+                                                        "type" "install") | nindent 8 }}
+      */}}
+
+{{/* Persistence */}}
+persistence:
+  work:
+    enabled: true
+    type: {{ .Values.adguardStorage.work.type }}
+    datasetName: {{ .Values.adguardStorage.work.datasetName | default "" }}
+    hostPath: {{ .Values.adguardStorage.work.hostPath | default "" }}
+    targetSelector:
+      adguard:
+        adguard:
+          mountPath: /opt/adguardhome/work
+        {{/* # FIXME: See above
+        01-permissions:
+          mountPath: /mnt/directories/work
+        */}}
+  conf:
+    enabled: true
+    type: {{ .Values.adguardStorage.conf.type }}
+    datasetName: {{ .Values.adguardStorage.conf.datasetName | default "" }}
+    hostPath: {{ .Values.adguardStorage.conf.hostPath | default "" }}
+    targetSelector:
+      adguard:
+        adguard:
+          mountPath: /opt/adguardhome/conf
+        {{/* # FIXME: See above
+        01-permissions:
+          mountPath: /mnt/directories/conf
+        */}}
+{{- end -}}

community/adguard-home/1.0.0/templates/_portal.tpl

@@ -0,0 +1,12 @@
+{{- define "adguard.portal" -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: portal
+data:
+  path: /
+  port: {{ .Values.adguardNetwork.webPort | quote }}
+  protocol: http
+  host: $node_ip
+{{- end -}}

community/adguard-home/1.0.0/templates/common.yaml

@@ -0,0 +1,9 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "adguard.workload" $ | fromYaml) -}}
+
+{{/* Create the configmap for portal manually*/}}
+{{- include "adguard.portal" $ -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

community/adguard-home/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://github.com/AdguardTeam/AdGuardHome/raw/master/doc/adguard_home_darkmode.svg
+categories:
+  - dns
+  - adblock