81 lines
2.3 KiB
YAML
81 lines
2.3 KiB
YAML
# vim: ft=yaml.ansible
|
|
---
|
|
- name: Create Pi-hole volume base directory
|
|
ansible.builtin.file:
|
|
name: "{{ services.pihole.volume }}"
|
|
owner: root
|
|
mode: u=rwx,g=rx,o=rx
|
|
state: directory
|
|
|
|
- name: Create Pi-hole volume directory pihole
|
|
ansible.builtin.file:
|
|
name: "{{ services.pihole.volume }}/pihole"
|
|
owner: '999'
|
|
group: '1000'
|
|
mode: u=rwx,g=rwx,o=rx
|
|
state: directory
|
|
|
|
- name: Create other Pi-hole volume directories
|
|
ansible.builtin.file:
|
|
name: "{{ services.pihole.volume }}/{{ dir }}"
|
|
owner: root
|
|
mode: u=rwx,g=rx,o=rx
|
|
state: directory
|
|
loop:
|
|
- dnsmasq.d
|
|
- unbound
|
|
loop_control:
|
|
loop_var: dir
|
|
|
|
- name: Copy forward-records.conf for Unbound
|
|
ansible.builtin.copy:
|
|
src: pihole/forward-records.conf
|
|
dest: "{{ services.pihole.volume }}/unbound/forward-records.conf"
|
|
owner: root
|
|
mode: u=rw,g=r,o=r
|
|
|
|
- name: Deploy Pi-hole with Docker Compose
|
|
community.docker.docker_compose:
|
|
project_name: pihole
|
|
state: "{{ 'absent' if down is defined and down else 'present' }}"
|
|
restarted: "{{ restart is defined and restart }}"
|
|
recreate: "{{ 'always' if recreate is defined and recreate else 'smart' }}"
|
|
pull: true
|
|
definition:
|
|
version: '3.8'
|
|
|
|
services:
|
|
app:
|
|
image: pihole/pihole:{{ services.pihole.version }}
|
|
restart: always
|
|
environment:
|
|
DNSMASQ_LISTENING: all
|
|
DHCP_ACTIVE: 'false'
|
|
DNSSEC: 'true'
|
|
PIHOLE_DNS_: unbound
|
|
WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
|
|
TZ: "{{ timezone }}"
|
|
networks:
|
|
default:
|
|
pihole_wireguard:
|
|
ipv4_address: "{{ services.pihole.docker_ipv4 }}"
|
|
volumes:
|
|
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
|
|
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
|
|
ports:
|
|
- 53:53/tcp
|
|
- 53:53/udp
|
|
- 81:80/tcp
|
|
depends_on:
|
|
- unbound
|
|
|
|
unbound:
|
|
image: mvance/unbound-rpi:{{ services.pihole.unbound_version }}
|
|
restart: always
|
|
volumes:
|
|
- "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
|
|
|
|
networks:
|
|
pihole_wireguard:
|
|
external: true
|