feat(adguard-home): add certificate selection support for DoT/DoH TLS configuration#5076
feat(adguard-home): add certificate selection support for DoT/DoH TLS configuration#5076lohart13 wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds support for selecting a TrueNAS certificate and injecting it into the AdGuard Home container for configuring DNS-over-TLS / DNS-over-HTTPS.
Changes:
- Add a
certificate_idquestion to select a TrueNAS certificate. - Template docker-compose generation to mount selected certificate + private key into the container.
- Add test values fixture covering certificate selection and bump chart/app version.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| ix-dev/community/adguard-home/templates/test_values/certificates-values.yaml | Adds a test fixture with certificate_id and embedded PEM materials. |
| ix-dev/community/adguard-home/templates/docker-compose.yaml | Mounts selected cert and key into container paths when certificate_id is set. |
| ix-dev/community/adguard-home/questions.yaml | Exposes certificate selection in the app questions UI. |
| ix-dev/community/adguard-home/ix_values.yaml | Adds TLS file path constants and user-facing notes about where files are mounted. |
| ix-dev/community/adguard-home/app.yaml | Bumps app/chart version. |
lohart13
force-pushed
the
adguard-home-certs
branch
from
fb17c1e to
bfb9e61
Compare
| ## TLS / DNS-over-TLS / DNS-over-HTTPS | ||
|
|
||
| If you selected a certificate, it will be available inside the container at: | ||
| - Certificate: /opt/adguardhome/ssl/server.crt | ||
| - Private Key: /opt/adguardhome/ssl/server.key | ||
|
|
||
| Configure AdGuard Home to use these paths in the AdGuard Home web UI | ||
| under Settings > Encryption Settings. |
There was a problem hiding this comment.
Doesnt Adguard provide cli flags or env vars to set this up?
I'm not a fan of mounting the files but still have the user do extra steps to configure it.
There was a problem hiding this comment.
@stavros-k from what I have seen, it is not possible to set these values via CLI flags or ENV vars. Based on my knowledge, you need to either edit the YAML or set these values via the UI.
There was a problem hiding this comment.
Yea that's unfortunate.
Certificate dropdown is meant to be used when we can actually configure the app to use it automatically.
I'm not sure I want to expose it in this case.
… configuration ## Summary This PR adds support for selecting a TrueNAS certificate for AdGuard Home so it can be used for DNS-over-TLS and DNS-over-HTTPS configuration inside the container. ## Changes - Added `network.certificate_id` to `questions.yaml` - Injects selected certificate and private key into the container when provided: - `/opt/adguardhome/ssl/server.crt` - `/opt/adguardhome/ssl/server.key` - Added TLS usage notes to `ix_values.yaml` notes body - Added `certificates-values.yaml` test values file - Bumped app version in `app.yaml` from `1.3.11` to `1.3.12` ## Notes This change does not force portal scheme changes; it only makes cert/key material available for AdGuard Home encryption settings.
lohart13
force-pushed
the
adguard-home-certs
branch
from
bfb9e61 to
1788ea0
Compare
Summary
This PR adds support for selecting a TrueNAS certificate for AdGuard Home so it can be used for DNS-over-TLS and DNS-over-HTTPS configuration inside the container.
Changes
network.certificate_idtoquestions.yaml/opt/adguardhome/ssl/server.crt/opt/adguardhome/ssl/server.keyix_values.yamlnotes bodycertificates-values.yamltest values fileapp.yamlfrom1.3.11to1.3.12Notes
This change does not force portal scheme changes; it only makes cert/key material available for AdGuard Home encryption settings.