Add Pi-hole
This commit is contained in:
parent
0121545e91
commit
95f3ffa79a
GPG key ID:
CBBBE7371E81C4EA
|
|
@ -32,9 +32,9 @@ shift
|
|||
|
||||
case $TAG in
|
||||
"")
|
||||
install_modules; $BASE_CMD ;;
|
||||
os|docker)
|
||||
install_modules; $BASE_CMD --tags "$TAG" ;;
|
||||
install_modules; $EXEC "$BASE_CMD" ;;
|
||||
os|docker|firewall|ssh)
|
||||
install_modules; $EXEC "$BASE_CMD --tags '$TAG'" ;;
|
||||
users)
|
||||
install_modules
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,10 @@ services:
|
|||
snowflake:
|
||||
version: latest
|
||||
|
||||
pihole:
|
||||
volume: "{{ base_volume }}/pi-hole"
|
||||
version: 2023.05.0
|
||||
|
||||
wireguard:
|
||||
domain: wg01.vpn.{{ base_domain }}
|
||||
volume: "{{ base_volume }}/wireguard"
|
||||
|
|
|
|||
41
roles/docker_services/tasks/services/pihole.yml
Normal file
41
roles/docker_services/tasks/services/pihole.yml
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Create Pi-hole volume directories
|
||||
ansible.builtin.file:
|
||||
name: "{{ services.pihole.volume }}/{{ dir }}"
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
state: directory
|
||||
loop:
|
||||
- pihole
|
||||
- dnsmasq.d
|
||||
loop_control:
|
||||
loop_var: dir
|
||||
|
||||
- name: Create Docker network for Pi-hole
|
||||
community.docker.docker_network:
|
||||
name: pi-hole
|
||||
state: present
|
||||
|
||||
- name: Deploy Pi-hole Docker container
|
||||
community.docker.docker_container:
|
||||
name: pi-hole
|
||||
state: "{{ 'absent' if stop is defined and stop else 'started' }}"
|
||||
restart: "{{ stop is undefined or not stop }}"
|
||||
image: pihole/pihole:{{ services.pihole.version }}
|
||||
restart_policy: always
|
||||
default_host_ip: ''
|
||||
networks:
|
||||
- name: pi-hole
|
||||
env:
|
||||
DNSMASQ_LISTENING: all
|
||||
TZ: "{{ timezone }}"
|
||||
volumes:
|
||||
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
|
||||
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
|
||||
published_ports:
|
||||
- 53:53/tcp
|
||||
- 53:53/udo
|
||||
- 81:80/tcp
|
||||
capabilities:
|
||||
- net_admin
|
||||
|
|
@ -7,7 +7,12 @@
|
|||
proto: "{{ item.proto | default('tcp') }}"
|
||||
loop:
|
||||
- port: '22' # SSH
|
||||
- port: '53' # Pi-hole
|
||||
proto: tcp
|
||||
- port: '53' # Pi-hole
|
||||
proto: udp
|
||||
- port: '80' # HTTP
|
||||
- port: '81' # Pi-hole
|
||||
- port: '443' # HTTPS
|
||||
- port: '18080' # monerod P2P
|
||||
- port: '18089' # monerod RPC
|
||||
|
|
|
|||
|
|
@ -15,9 +15,13 @@
|
|||
|
||||
- name: Configure firewall
|
||||
ansible.builtin.import_tasks: firewall.yml
|
||||
tags:
|
||||
- firewall
|
||||
|
||||
- name: Configure SSH
|
||||
ansible.builtin.import_tasks: ssh.yml
|
||||
tags:
|
||||
- ssh
|
||||
|
||||
- name: Configure disks
|
||||
ansible.builtin.import_tasks: disks.yml
|
||||
|
|
|
|||
Reference in a new issue