apiVersion: v1
kind: ConfigMap
metadata:
  name: adguard-config
  namespace: adguard
data:
  AdGuardHome.yaml: |
    http:
      pprof:
        port: 6060
        enabled: false
      address: 0.0.0.0:8300
      session_ttl: 720h
    auth_attempts: 5
    block_auth_min: 15
    http_proxy: ""
    language: en
    theme: dark
    dns:
      bind_hosts:
        - 0.0.0.0
      port: 53
      anonymize_client_ip: false
      ratelimit: 20
      ratelimit_subnet_len_ipv4: 24
      ratelimit_subnet_len_ipv6: 56
      ratelimit_whitelist: []
      refuse_any: false
      upstream_dns:
        - https://dns10.quad9.net/dns-query
        - https://dns.google/dns-query
      upstream_dns_file: ""
      bootstrap_dns:
        - 9.9.9.10
        - 149.112.112.10
        - 2620:fe::10
        - 2620:fe::fe:10
      fallback_dns: []
      upstream_mode: load_balance
      fastest_timeout: 1s
      allowed_clients:
        - 192.168.178.0/24
        - 10.6.0.0/24
        - fd00::dea6:32ff:fe42:317b
        - fd00::ec4:8d18:3bfa:349b
        - fd00::98fb:4209:47b7:5f85
        - 127.0.0.1
      disallowed_clients: []
      blocked_hosts:
        - version.bind
        - id.server
        - hostname.bind
      trusted_proxies:
        - 127.0.0.0/8
        - 10.6.0.0/24
        - 192.168.178.0/24
        - ::1/128
      cache_size: 4194304
      cache_ttl_min: 0
      cache_ttl_max: 0
      cache_optimistic: true
      bogus_nxdomain: []
      aaaa_disabled: false
      enable_dnssec: false
      edns_client_subnet:
        custom_ip: ""
        enabled: false
        use_custom: false
      max_goroutines: 300
      handle_ddr: true
      ipset: []
      ipset_file: ""
      bootstrap_prefer_ipv6: false
      upstream_timeout: 10s
      private_networks: []
      use_private_ptr_resolvers: true
      local_ptr_upstreams:
        - 192.168.178.1
      use_dns64: false
      dns64_prefixes: []
      serve_http3: false
      use_http3_upstreams: false
      serve_plain_dns: true
    tls:
      enabled: true
      server_name: dns.steffenillium.de
      force_https: false
      port_https: 0
      port_dns_over_tls: 853
      port_dns_over_quic: 784
      port_dnscrypt: 0
      dnscrypt_config_file: ""
      allow_unencrypted_doh: true
      certificate_chain: ""
      private_key: ""
      certificate_path: ""
      private_key_path: ""
      strict_sni_check: false
    querylog:
      ignored: []
      interval: 2160h
      size_memory: 1000
      enabled: true
      file_enabled: true
    statistics:
      ignored: []
      interval: 2160h
      enabled: true
    filters:
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
        name: AdGuard DNS filter
        id: 1
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
        name: AdAway Default Blocklist
        id: 2
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt
        name: The NoTracking blocklist
        id: 1680003877
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt
        name: 1Hosts (Lite)
        id: 1680459591
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt
        name: 'CHN: AdRules DNS List'
        id: 1680459592
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
        name: Phishing URL Blocklist (PhishTank and OpenPhish)
        id: 1680459593
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
        name: Dandelion Sprout's Anti-Malware List
        id: 1680459594
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt
        name: 'CHN: anti-AD'
        id: 1680459595
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
        name: NoCoin Filter List
        id: 1680459596
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt
        name: Scam Blocklist by DurableNapkin
        id: 1680459597
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt
        name: Stalkerware Indicators List
        id: 1680459598
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt
        name: The Big List of Hacked Malware Web Sites
        id: 1680459599
      - enabled: true
        url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt
        name: Malicious URL Blocklist (URLHaus)
        id: 1680459600
      - enabled: true
        url: https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters/-/raw/main/bpc-paywall-filter.txt
        name: Paywall Sentry
        id: 1696527404
    whitelist_filters: []
    user_rules:
      - '||diag.meethue.com^$important'
      - '||awsde0.fds.api.xiaomi.com^$important'
      - '@@||firebasedynamiclinks.googleapis.com^$important'
    dhcp:
      enabled: false
      interface_name: ""
      local_domain_name: lan
      dhcpv4:
        gateway_ip: ""
        subnet_mask: ""
        range_start: ""
        range_end: ""
        lease_duration: 86400
        icmp_timeout_msec: 1000
        options: []
      dhcpv6:
        range_start: ""
        lease_duration: 86400
        ra_slaac_only: false
        ra_allow_slaac: false
    filtering:
      rewrites:
        - domain: steffenillium.de
          answer: 82.165.0.71
        - domain: '*.steffenillium.de'
          answer: 192.168.178.102
      safebrowsing_cache_size: 1048576
      safesearch_cache_size: 1048576
      parental_cache_size: 1048576
      cache_time: 30
      filters_update_interval: 12
      blocked_response_ttl: 10
      filtering_enabled: true
      parental_enabled: false
      safebrowsing_enabled: true
      protection_enabled: true
    log:
      file: ""
      max_backups: 0
      max_size: 100
      max_age: 3
      compress: false
      local_time: false
      verbose: false