|
| 1 | +--- |
| 2 | +title: "Deploy AdGuard Home via Podman Quadlets" |
| 3 | +date: 2025-09-24T11:02:47+02:00 |
| 4 | +type: "post" |
| 5 | +tags: |
| 6 | +- linux |
| 7 | +- fedora |
| 8 | +--- |
| 9 | + |
| 10 | +Let's install AdGuard Home via Podman Quadlets. Volumes: |
| 11 | + |
| 12 | + sudo podman volume create adguard-work |
| 13 | + sudo podman volume create adguard-conf |
| 14 | + |
| 15 | +Everything must be done as root since AdGuard needs to bind UDP port. Volume |
| 16 | +units: |
| 17 | + |
| 18 | +``` |
| 19 | +cat <<EOF | sudo tee /etc/containers/systemd/adguard-work.volume > /dev/null |
| 20 | +[Volume] |
| 21 | +VolumeName=adguard-work |
| 22 | +EOF |
| 23 | +``` |
| 24 | + |
| 25 | +``` |
| 26 | +cat <<EOF | sudo tee /etc/containers/systemd/adguard-conf.volume > /dev/null |
| 27 | +[Volume] |
| 28 | +VolumeName=adguard-conf |
| 29 | +EOF |
| 30 | +``` |
| 31 | + |
| 32 | +Now the container unit: |
| 33 | + |
| 34 | +``` |
| 35 | +cat <<EOF | sudo tee /etc/containers/systemd/adguard.container > /dev/null |
| 36 | +[Container] |
| 37 | +ContainerName=adguard |
| 38 | +Image=docker.io/adguard/adguardhome:latest |
| 39 | +Pod=adguard.pod |
| 40 | +Volume=adguard-work.volume:/opt/adguardhome/work:Z |
| 41 | +Volume=adguard-conf.volume:/opt/adguardhome/conf:Z |
| 42 | +EOF |
| 43 | +``` |
| 44 | + |
| 45 | +The pod unit. Maybe comment out DHCP if you do not intend to use it: |
| 46 | + |
| 47 | +``` |
| 48 | +cat <<EOF | sudo tee /etc/containers/systemd/adguard.pod > /dev/null |
| 49 | +[Pod] |
| 50 | +PodName=adguard |
| 51 | +# Admin interface |
| 52 | +PublishPort=3000:3000/tcp |
| 53 | +# DNS |
| 54 | +PublishPort=53:53/udp |
| 55 | +PublishPort=53:53/tcp |
| 56 | +# DHCP |
| 57 | +PublishPort=67:67/udp |
| 58 | +PublishPort=68:68/udp |
| 59 | +# DNS-over-HTTP |
| 60 | +PublishPort=80:80/tcp |
| 61 | +# DNS-over-HTTPS |
| 62 | +PublishPort=443:443/tcp |
| 63 | +PublishPort=443:443/udp |
| 64 | +# DNS-over-TLS |
| 65 | +PublishPort=853:853/tcp |
| 66 | +# DNS-over-QUIC |
| 67 | +PublishPort=784:784/udp |
| 68 | +PublishPort=853:853/udp |
| 69 | +PublishPort=8853:8853/udp |
| 70 | +# DNSCrypt |
| 71 | +PublishPort=5443:5443/tcp |
| 72 | +PublishPort=5443:5443/udp |
| 73 | +[Install] |
| 74 | +WantedBy=multi-user.target default.target |
| 75 | +EOF |
| 76 | +``` |
| 77 | + |
| 78 | +Try if it generates fine: |
| 79 | + |
| 80 | + sudo /usr/libexec/podman/quadlet -dryrun |
| 81 | + |
| 82 | +Reload units: |
| 83 | + |
| 84 | + sudo systemctl daemon-reload |
| 85 | + |
| 86 | +And enable and start: |
| 87 | + |
| 88 | + sudo systemctl enable --now adguard-pod |
| 89 | + |
| 90 | +You may run into existing services bound to the DNS port, typically this is |
| 91 | +`resolved` which can be disabled with: |
| 92 | + |
| 93 | +``` |
| 94 | +$ cat /etc/systemd/resolved.conf.d/listenall.conf |
| 95 | +[Resolve] |
| 96 | +DNS=127.0.0.1 |
| 97 | +DNSStubListener=no |
| 98 | +``` |
| 99 | + |
| 100 | +If you are running `libvirtd` the `dnsmasq` could be problem, although it is |
| 101 | +only listening on `virbrX` interfaces it will cause the adblock to fail to |
| 102 | +launch. In that case, prefix the address you want to use to all the ports: |
| 103 | + |
| 104 | +``` |
| 105 | +PublishPort=192.168.X.X:3000:3000/tcp |
| 106 | +``` |
| 107 | + |
| 108 | +Visit `https://adguard.example.com:3000` to configure it. |
0 commit comments