From f91b08bdec4562b845e80c4012d9c12b2e2ab17f Mon Sep 17 00:00:00 2001
From: OniriCorpe <oniricorpe@disroot.org>
Date: Tue, 26 Dec 2023 05:28:26 +0100
Subject: [PATCH] enable DOH/DOQ using Let's Encrypt certs out of the box

---
 conf/AdGuardHome.yaml | 14 +++++++-------
 scripts/install       |  6 ++++++
 scripts/restore       |  5 +++++
 scripts/upgrade       |  6 ++++++
 4 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml
index a37ec83..aab7184 100644
--- a/conf/AdGuardHome.yaml
+++ b/conf/AdGuardHome.yaml
@@ -72,20 +72,20 @@ dns:
   resolve_clients: true
   local_ptr_upstreams: []
 tls:
-  enabled: false
-  server_name: ""
+  enabled: __DNS_OVER_HTTPS__
+  server_name: "__DOMAIN__"
   force_https: false
   port_https: 443
-  port_dns_over_tls: 853
-  port_dns_over_quic: 784
+  port_dns_over_tls: __ADGUARD_DOT_PORT__
+  port_dns_over_quic: __ADGUARD_DOQ_PORT__
   port_dnscrypt: 0
   dnscrypt_config_file: ""
-  allow_unencrypted_doh: __DNS_OVER_HTTPS__
+  allow_unencrypted_doh: false
   strict_sni_check: false
   certificate_chain: ""
   private_key: ""
-  certificate_path: ""
-  private_key_path: ""
+  certificate_path: "/etc/yunohost/certs/__DOMAIN__/cert.pem"
+  private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
 filters:
 - enabled: true
   url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
diff --git a/scripts/install b/scripts/install
index 5c2e176..7acca71 100644
--- a/scripts/install
+++ b/scripts/install
@@ -54,6 +54,12 @@ ynh_add_nginx_config
 
 #=================================================
 # SPECIFIC SETUP
+#=================================================
+
+# adding the adguardhome dedicated user to the 'ssl-cert' group to permit the
+# use of the Let's Encrypt certs for DOT/DOQ
+usermod -a -G "ssl-cert" "$app"
+
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 6070641..99660ff 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -13,6 +13,11 @@ source /usr/share/yunohost/helpers
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
+
+# adding the adguardhome dedicated user to the 'ssl-cert' group to permit the
+# use of the Let's Encrypt certs for DOT/DOQ
+usermod -a -G "ssl-cert" "$app"
+
 ynh_script_progression --message="Restoring the app main directory..." --weight=1
 
 ynh_restore_file --origin_path="$install_dir"
diff --git a/scripts/upgrade b/scripts/upgrade
index d036e39..8070950 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -80,6 +80,12 @@ yunohost service add $app --description="Ads & trackers blocking DNS server" --n
 
 #=================================================
 # SPECIFIC UPGRADE
+#=================================================
+
+# adding the adguardhome dedicated user to the 'ssl-cert' group to permit the
+# use of the Let's Encrypt certs for DOT/DOQ
+usermod -a -G "ssl-cert" "$app"
+
 #=================================================
 # UPDATE A CONFIG FILE
 #=================================================