AdGuardHome running alongside Proxmox 7.2

P

peracchi

Member
Apr 9, 2021
8
0
6
53
AdGuardHome runs fine alongside Proxmox 7.2 when it runs as root user. Including to work as DHCP server for my network.

However I would like to run AdGuardHome as a non-privileged user.

When I follow instructions to do so, running alongside Proxmox it can't bind ports to do DHCP stuff.

The steps I take were:

a) install AdGuardHome
Bash: 
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sudo sh -s -- -v

b) changed group and owner of files to the non-privileged user I want to run it (admin, in this case)
Bash: 
sudo chown -R admin:admin /opt/AdGuardHome /var/log/AdGuardHome*

c) altered /etc/systemd/system/AdGuardHome.service to:
Code: 
[Unit]
Description=AdGuard Home: Network-level blocker
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
After=syslog.target network-online.target

[Service]
User=admin
Group=admin
StartLimitInterval=5
StartLimitBurst=10
ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome
ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"

WorkingDirectory=/opt/AdGuardHome

StandardOutput=file:/var/log/AdGuardHome.out
StandardError=file:/var/log/AdGuardHome.err

Restart=always

RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome

[Install]
WantedBy=multi-user.target

When I try to check for DHCP servers running on my network AdGuardHome web interface throws this errors:

AdGuardHome_error_on_Proxmox.png

Running as root, everything runs without any error.

I opened a thread on AdGuardHome GitHub but at the moment they don´t know what can be, appears to be some configuration on Proxmox's Debian.

Any ideas?
 
vesalius said:
easy to set up. Check under ad blocker
Click to expand...

Amazing work, congratulations!

vesalius said:
why not just run adguard in a separate LXC and get some separation from the host?
Click to expand...

Right now I prefer the most simplistic approach that is just install AdGuardHome from Proxmox root shell.

And I am curious about what is preventing this solution (to run AdGuardHome as non-privileged user) to work at Proxmox. On other linux hosts (Arch, Ubuntu) it works as is.
 
In general you won't to run as less as possible directly on the PVE host. That way its way easier to restore your guests to another host in case your hardware fails and there is less that could conflict with PVE. Thats the point of a hypervisor, so run stuff isolated in VMs/Containers instead of running just a linux server with everything installed bare metal on it.
 
I would not call one functionality (DNS server/sink hole) "everything".

Dunuin said:
instead of running just a linux server with everything installed bare metal on it
Click to expand...

Dunuin said:
Thats the point of a hypervisor, so run stuff isolated in VMs/Containers
Click to expand...

Yes, I want the hypervisor to run some VMs, complete operating systems with stuff. But I don't need a complete VM nor container just to have a little DNS server running. This way, my network continues to work as long as Proxmox host is turned on (no need to start any VM or container).

Look, I'm already using AdGuardHome installed bare metal on Proxmox for some time. And it's working fine.

But when I saw a post showing how to run AdGuardHome with a non-privileged account I tried to do the same on my setup.

Isn't working, I just want to know why and if it is possible to run it that way.
 
peracchi said:
Yes, I want the hypervisor to run some VMs, complete operating systems with stuff. But I don't need a complete VM nor container just to have a little DNS server running. This way, my network continues to work as long as Proxmox host is turned on (no need to start any VM or container).
Click to expand...
Yes, thats the point of containers. When you got small services that don't need a full OS/VM a LXC would be a good idea. They share the kernel with the host, so its not really more overhead compared to running stuff bare metal and you get all the management and security benefits containerization and isolation would offer.

But do as you like. Just wanted to point out the downsides of installing services bare metal, as I reinstalled PVE alot of times and its really a pain to do that the more you individualize your PVE installation. While restoring a LXC on a fresh installation is just a few clicks and everyting would be running again. Always hard to get your PVE running again, especially if you don't write everything down you do to be able to redo later...especially after years when you don't have a clue anymore what you actually did to setup your stuff.
 
Last edited:
Dunuin said:
Just wanted to point out the downsides of installing services bare metal, as I reinstalled PVE alot of times and its really a pain to do that the more you individualize your PVE installation.
Click to expand...
I agree with you, thanks for your collaboration. Maybe I should wrote better the thread title to point out that the thread objective is to know why this way isn't working, if it is possible to make it work and how. Not to discuss best practices or other ways of getting AdGuardHome running in Proxmox, as VM or a container.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back