samsapti/pi-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add Pi-hole

Browse source
This commit is contained in:
Sam A. 2023-05-28 17:58:12 +02:00
parent 0121545e91
commit 95f3ffa79a
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 57 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
provision.sh
View file

@ -32,9 +32,9 @@ shift
case $TAG in case $TAG in
"") "")
install_modules; $BASE_CMD ;; install_modules; $EXEC "$BASE_CMD" ;;
os|docker) os|docker|firewall|ssh)
install_modules; $BASE_CMD --tags "$TAG" ;; install_modules; $EXEC "$BASE_CMD --tags '$TAG'" ;;
users) users)
install_modules install_modules

4
roles/docker_services/defaults/main.yml
View file

@ -32,6 +32,10 @@ services:
snowflake: snowflake:
version: latest version: latest
pihole:
volume: "{{ base_volume }}/pi-hole"
version: 2023.05.0
wireguard: wireguard:
domain: wg01.vpn.{{ base_domain }} domain: wg01.vpn.{{ base_domain }}
volume: "{{ base_volume }}/wireguard" volume: "{{ base_volume }}/wireguard"

41
roles/docker_services/tasks/services/pihole.yml Normal file
View file

@ -0,0 +1,41 @@
# vim: ft=yaml.ansible
---
- name: Create Pi-hole volume directories
ansible.builtin.file:
name: "{{ services.pihole.volume }}/{{ dir }}"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
loop:
- pihole
- dnsmasq.d
loop_control:
loop_var: dir
- name: Create Docker network for Pi-hole
community.docker.docker_network:
name: pi-hole
state: present
- name: Deploy Pi-hole Docker container
community.docker.docker_container:
name: pi-hole
state: "{{ 'absent' if stop is defined and stop else 'started' }}"
restart: "{{ stop is undefined or not stop }}"
image: pihole/pihole:{{ services.pihole.version }}
restart_policy: always
default_host_ip: ''
networks:
- name: pi-hole
env:
DNSMASQ_LISTENING: all
TZ: "{{ timezone }}"
volumes:
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
published_ports:
- 53:53/tcp
- 53:53/udo
- 81:80/tcp
capabilities:
- net_admin

5
roles/os_config/tasks/firewall.yml
View file

@ -7,7 +7,12 @@
proto: "{{ item.proto | default('tcp') }}" proto: "{{ item.proto | default('tcp') }}"
loop: loop:
- port: '22' # SSH - port: '22' # SSH
- port: '53' # Pi-hole
proto: tcp
- port: '53' # Pi-hole
proto: udp
- port: '80' # HTTP - port: '80' # HTTP
- port: '81' # Pi-hole
- port: '443' # HTTPS - port: '443' # HTTPS
- port: '18080' # monerod P2P - port: '18080' # monerod P2P
- port: '18089' # monerod RPC - port: '18089' # monerod RPC

4
roles/os_config/tasks/main.yml
View file

@ -15,9 +15,13 @@
- name: Configure firewall - name: Configure firewall
ansible.builtin.import_tasks: firewall.yml ansible.builtin.import_tasks: firewall.yml
tags:
- firewall
- name: Configure SSH - name: Configure SSH
ansible.builtin.import_tasks: ssh.yml ansible.builtin.import_tasks: ssh.yml
tags:
- ssh
- name: Configure disks - name: Configure disks
ansible.builtin.import_tasks: disks.yml ansible.builtin.import_tasks: disks.yml