Merge pull request #14 from shoddyguard/add_ipset

shoddyguard · web-flow · commit c5c3a5499d60 · 2021-04-02T20:19:53.000+01:00
Add ipset support
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,14 +13,14 @@ All notable changes to this project will be documented in this file.
 - Expanded acceptance testing slightly
 - Adds support for DHCP on IPV4 and IPV6, IPV6 remains untested
 - Adds experimental support for TLS/SSL
+- Adds basic ipset support
   
 **Bugfixes**
 Partially fixed #10 whereby you could not specify port numbers when using IP addresses (eg `127.0.0.1:5353` would fail).  
 This is marked as partially fixed as it works for IPV4 addresses but not IPV6 addresses at present.  
 Will require more familiarity with IPV6 before that can be implemented.
 
 **Known Issues**
-IPSET still not implemented
 
 ### [v0.1.0](https://github.com/shoddyguard/Puppet-Adguard/tree/v0.1.0) (2020-03-21)
 
diff --git a/README.md b/README.md
@@ -5,7 +5,6 @@ A Puppet module for installing and managing AdGuard Home
 # Module description
 This module will install and configure AdGuard Home on a node, it largely uses the defaults provided by AdGuard Home in a typical installation.  
 This module manages AdGuard by manipulating the `AdGuardHome.yaml` file.  
-There are some features that are not yet working in this module, see the [Known Limitations](#know-limitations) sections for more information. 
 
 This module has been tested on the following platforms:
 - Ubuntu 20.04
@@ -151,7 +150,7 @@ class {'adguard':
 ```
 This will stop Puppet from modifing the configuration file and allow AdGuard to manage the file.
 
-You may also wish to disable configuration file managment if you prefer to use to the WebUI to configure AdGuard, or you wish to use one of the [unsupported features](#unsupported-features).  
+You may also wish to disable configuration file managment if you prefer to use to the WebUI to configure AdGuard, or you wish to manage AdGuard's configuration manually.  
 
 **Note**: *Puppet will create the configuration file if it is missing with the values you have specified in your manifests and/or hiera.*  
 
@@ -160,7 +159,3 @@ If your configuration file has been overwritten Puppet will back it up before ov
 ## Systemd/Resolvd and AdGuard
 By default Resolvd will claim port `53` for `DNSStubListener` meaning AdGuard will fail to start when bound to port 53.  
 In these cases this module will disable `DNSStubListener` in `/etc/systemd/resolved.conf` which **WILL BREAK** local DNS lookups if AdGuard is ever removed and the setting is not changed back manually.
-
-## Unsupported features
-Currently this module does not support:
-- ipset
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -99,6 +99,7 @@ The following parameters are available in the `adguard` class:
 * [`enable_dnssec`](#enable_dnssec)
 * [`edns_client_subnet`](#edns_client_subnet)
 * [`max_goroutines`](#max_goroutines)
+* [`ipset_rules`](#ipset_rules)
 * [`filtering_enabled`](#filtering_enabled)
 * [`filters_update_interval`](#filters_update_interval)
 * [`parental_enabled`](#parental_enabled)
@@ -483,6 +484,14 @@ Max. number of parallel goroutines for processing incoming requests
 
 Default value: `300`
 
+##### <a name="ipset_rules"></a>`ipset_rules`
+
+Data type: `Optional[Array]`
+
+Set ipset rules
+
+Default value: ``undef``
+
 ##### <a name="filtering_enabled"></a>`filtering_enabled`
 
 Data type: `Boolean`
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -105,6 +105,8 @@
 #   Please note, that this will be done for clients with public IP addresses only.
 # @param max_goroutines
 #   Max. number of parallel goroutines for processing incoming requests
+# @param ipset_rules
+#   Set ipset rules
 # @param filtering_enabled
 #   Filtering of DNS requests based on filter lists. 
 # @param filters_update_interval
@@ -240,6 +242,7 @@
   Boolean $enable_dnssec = false,
   Boolean $edns_client_subnet = false,
   Integer $max_goroutines = 300,
+  Optional[Array] $ipset_rules = undef,
   Boolean $filtering_enabled = true,
   Integer $filters_update_interval = 24,
   Boolean $parental_enabled = false,
diff --git a/templates/AdGuardHome.yaml.erb b/templates/AdGuardHome.yaml.erb
@@ -83,7 +83,14 @@ dns:
   enable_dnssec: <%= @enable_dnssec %>
   edns_client_subnet: <%= @edns_client_subnet %>
   max_goroutines: <%= @max_goroutines %>
+<% if @ipset_rules -%>
+  ipset:
+<% @ipset_rules.each do |ir| -%>
+  - <%= ir %>
+<% end -%>
+<% else -%>
   ipset: []
+<% end -%>
   filtering_enabled: <%= @filtering_enabled %>
   filters_update_interval: <%= @filters_update_interval %>
   parental_enabled: <%= @parental_enabled %>
