From 359efe72b49cfc65c18c9fe9007fdf8286a8e84e Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Mon, 16 Mar 2020 13:44:24 +0000 Subject: [PATCH] Install pihole Eventially it'll replace dnsmasq, but not today --- .../docker/files/pihole/docker-compose.yml | 24 +++++++++++++ ansible/roles/docker/tasks/main.yml | 3 ++ ansible/roles/docker/tasks/pihole.yml | 34 +++++++++++++++++++ ansible/roles/docker/vars/pihole.yml | 11 ++++++ 4 files changed, 72 insertions(+) create mode 100644 ansible/roles/docker/files/pihole/docker-compose.yml create mode 100644 ansible/roles/docker/tasks/pihole.yml create mode 100644 ansible/roles/docker/vars/pihole.yml diff --git a/ansible/roles/docker/files/pihole/docker-compose.yml b/ansible/roles/docker/files/pihole/docker-compose.yml new file mode 100644 index 0000000..eaecac5 --- /dev/null +++ b/ansible/roles/docker/files/pihole/docker-compose.yml @@ -0,0 +1,24 @@ +version: "2.3" + +services: + pihole: + container_name: pihole + image: pihole/pihole:v4.4 + ports: + - "{{ wireguard.clients.intersect.ip }}:5353:53/tcp" + - "{{ wireguard.clients.intersect.ip }}:5353:53/udp" + environment: + - TZ=Europe/London' + - VIRTUAL_HOST=pihole.jakehoward.tech + - WEBPASSWORD={{ pihole_password }} + volumes: + - ./etc-pihole/:/etc/pihole/ + - ./etc-dnsmasq.d/:/etc/dnsmasq.d/ + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.pihole.rule=Host(`pihole.jakehoward.tech`)" + - "traefik.http.routers.pihole.tls=true" + - "traefik.http.routers.pihole.tls.certresolver=le" + - "traefik.http.routers.pihole.middlewares=internal-only@file" + - "traefik.http.services.pihole-pihole.loadbalancer.server.port=80" diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 43b5b90..4041589 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -69,3 +69,6 @@ - name: Install wallabag include: wallabag.yml + +- name: Install pihole + include: pihole.yml diff --git a/ansible/roles/docker/tasks/pihole.yml b/ansible/roles/docker/tasks/pihole.yml new file mode 100644 index 0000000..ab789e9 --- /dev/null +++ b/ansible/roles/docker/tasks/pihole.yml @@ -0,0 +1,34 @@ +- name: Include pihole variables + include_vars: pihole.yml + +- name: Create pihole directory + file: + path: '/opt/pihole' + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Install pihole compose file + template: + src: files/pihole/docker-compose.yml + dest: "/opt/pihole/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: /usr/bin/docker-compose -f %s config + register: compose_file + become: true + become_user: root + +- name: Cycle pihole container + docker_compose: + project_src: /opt/pihole + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed + loop: + - absent + - present diff --git a/ansible/roles/docker/vars/pihole.yml b/ansible/roles/docker/vars/pihole.yml new file mode 100644 index 0000000..943232e --- /dev/null +++ b/ansible/roles/docker/vars/pihole.yml @@ -0,0 +1,11 @@ +pihole_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30313634393464323738306566363963353163393137663031633162303233633239333361643465 + 3966636539623365386333313162353233336666663836620a363536636164663034336635383534 + 61643632646165653364626633383531363738646564363165386234343335313933643862653266 + 3564313131396339610a353936616631373266386636363238376630326663326363326664613362 + 61343865653736656461383030396664323762636539656132393634646634323364356130386236 + 34643430626532313166303938323730613631653631643663663039346334396163333063653564 + 37623063643862313732333463333731653963373832343732393566366433313363353132366335 + 31376132326565646235393539646234326635303461386537356339313863313066396634623833 + 63656666626630343964356230626561316164383437306433396334333331323262