diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml index 03933c7..b8a9fc0 100644 --- a/roles/docker_services/defaults/main.yml +++ b/roles/docker_services/defaults/main.yml @@ -35,6 +35,7 @@ services: pihole: volume: "{{ base_volume }}/pi-hole" version: 2023.05.0 + unbound_version: latest wireguard: domain: wg01.vpn.{{ base_domain }} diff --git a/roles/docker_services/files/pihole/forward-records.conf b/roles/docker_services/files/pihole/forward-records.conf new file mode 100644 index 0000000..e5fa4bc --- /dev/null +++ b/roles/docker_services/files/pihole/forward-records.conf @@ -0,0 +1,8 @@ +forward-zone: + name: "." + forward-tls-upstream: yes + forward-no-cache: yes + forward-addr: 91.239.100.100@853#anycast.censurfridns.dk + forward-addr: 2001:67c:28a4::@853#anycast.censurfridns.dk + forward-addr: 89.233.43.71@853#unicast.censurfridns.dk + forward-addr: 2a01:3a0:53:53::@853#unicast.censurfridns.dk diff --git a/roles/docker_services/tasks/services/pihole.yml b/roles/docker_services/tasks/services/pihole.yml index c15b1f5..24b3153 100644 --- a/roles/docker_services/tasks/services/pihole.yml +++ b/roles/docker_services/tasks/services/pihole.yml @@ -1,41 +1,68 @@ # vim: ft=yaml.ansible --- -- name: Create Pi-hole volume directories +- name: Create Pi-hole volume base directory + ansible.builtin.file: + name: "{{ services.pihole.volume }}" + owner: root + mode: u=rwx,g=rx,o=rx + state: directory + +- name: Create Pi-hole volume directory pihole + ansible.builtin.file: + name: "{{ services.pihole.volume }}/pihole" + owner: '999' + group: '1000' + mode: u=rwx,g=rx,o=rx + state: directory + +- name: Create other Pi-hole volume directories ansible.builtin.file: name: "{{ services.pihole.volume }}/{{ dir }}" owner: root mode: u=rwx,g=rx,o=rx state: directory loop: - - pihole - dnsmasq.d + - unbound loop_control: loop_var: dir -- name: Create Docker network for Pi-hole - community.docker.docker_network: - name: pi-hole - state: present +- name: Copy forward-records.conf for Unbound + ansible.builtin.copy: + src: pihole/forward-records.conf + dest: "{{ services.pihole.volume }}/unbound/forward-records.conf" + owner: root + mode: u=rw,g=r,o=r -- name: Deploy Pi-hole Docker container - community.docker.docker_container: - name: pi-hole - state: "{{ 'absent' if stop is defined and stop else 'started' }}" - restart: "{{ stop is undefined or not stop }}" - image: pihole/pihole:{{ services.pihole.version }} - restart_policy: always - default_host_ip: '' - networks: - - name: pi-hole - env: - DNSMASQ_LISTENING: all - TZ: "{{ timezone }}" - volumes: - - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw" - - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw" - published_ports: - - 53:53/tcp - - 53:53/udp - - 81:80/tcp - capabilities: - - net_admin +- name: Deploy Pi-hole with Docker Compose + community.docker.docker_compose: + project_name: pihole + state: "{{ 'absent' if stop is defined and stop else 'present' }}" + restarted: "{{ stop is undefined or not stop }}" + pull: true + definition: + version: '3.8' + + services: + app: + image: pihole/pihole:{{ services.pihole.version }} + restart: always + environment: + DNSMASQ_LISTENING: all + PIHOLE_DNS_: unbound + TZ: "{{ timezone }}" + volumes: + - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw" + - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw" + ports: + - 53:53/tcp + - 53:53/udp + - 81:80/tcp + cap_add: + - net_admin + + unbound: + image: mvance/unbound-rpi:{{ services.pihole.unbound_version }} + restart: always + volumes: + - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"