From 4afd9a99fa416b824cdc122b6b06a3b5eb7d1422 Mon Sep 17 00:00:00 2001
From: Eduardo David Paredes Vara <paredes1516@gmail.com>
Date: Wed, 3 Dec 2025 12:49:54 +0000
Subject: [PATCH] adguard compose

---
 adguard/docker-compose.yml | 42 ++++++++++++++++++++++++++++++++++++++
 adguard/stack.env          | 16 +++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 adguard/docker-compose.yml
 create mode 100644 adguard/stack.env

diff --git a/adguard/docker-compose.yml b/adguard/docker-compose.yml
new file mode 100644
index 0000000..1aafc78
--- /dev/null
+++ b/adguard/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+  adguardhome:
+    image: ${ADGUARD_IMAGE}
+    restart: unless-stopped
+
+    volumes:
+      - ${ADGUARD_WORK_PATH}:/opt/adguardhome/work:Z
+      - ${ADGUARD_CONF_PATH}:/opt/adguardhome/conf:Z
+      - ${ADGUARD_CERT_CRT_PATH}:/certs/adguard.crt:ro,Z
+      - ${ADGUARD_CERT_KEY_PATH}:/certs/adguard.key:ro,Z
+
+    # Solo DNS/DoT expuestos en el host
+    ports:
+      # - "53:53/tcp"
+      # - "53:53/udp"
+      - "${ADGUARD_DOT_PORT}:853/tcp"   # DoT para Android (DNS privado)
+      # - "81:80/tcp"
+
+    networks:
+      proxy:
+        ipv4_address: ${ADGUARD_IPV4}
+
+    labels:
+      traefik.enable: "true"
+      traefik.docker.network: "${TRAEFIK_DOCKER_NETWORK}"
+
+      # Router HTTPS para el panel web
+      traefik.http.routers.adguard.rule: "Host(`${ADGUARD_DOMAIN}`)"
+      traefik.http.routers.adguard.entrypoints: "${TRAEFIK_ENTRYPOINT_SECURE}"
+      traefik.http.routers.adguard.tls.certresolver: "${TRAEFIK_CERTRESOLVER}"
+
+      # Panel interno de AdGuard (HTTP en el contenedor)
+      # OJO: si es la primera vez y el panel escucha en 3000, cambia a 3000
+      traefik.http.services.adguard.loadbalancer.server.port: "80"
+
+      # Proteger el panel con Authentik (middleware definido en authentik-server)
+      traefik.http.routers.adguard.middlewares: "${TRAEFIK_AUTH_MIDDLEWARE}"
+
+networks:
+  proxy:
+    external: true
+
diff --git a/adguard/stack.env b/adguard/stack.env
new file mode 100644
index 0000000..82198c3
--- /dev/null
+++ b/adguard/stack.env
@@ -0,0 +1,16 @@
+##### AdGuard #####
+ADGUARD_IMAGE=
+ADGUARD_WORK_PATH=
+ADGUARD_CONF_PATH=
+ADGUARD_CERT_CRT_PATH=
+ADGUARD_CERT_KEY_PATH=
+ADGUARD_DOT_PORT=
+ADGUARD_IPV4=
+
+##### Traefik / red #####
+TRAEFIK_DOCKER_NETWORK=
+ADGUARD_DOMAIN=
+TRAEFIK_ENTRYPOINT_SECURE=
+TRAEFIK_CERTRESOLVER=
+TRAEFIK_AUTH_MIDDLEWARE=
+