remove pihole role; update template; move docker tasks to own folder
This commit is contained in:
parent
728a4969ad
commit
1915c5da5e
@ -2,8 +2,11 @@
|
||||
|
||||
[media-servers]
|
||||
|
||||
[docker-servers:children]
|
||||
main-docker
|
||||
media-managers
|
||||
[home-servers]
|
||||
|
||||
[main-docker]
|
||||
[docker-servers:children]
|
||||
media_managers
|
||||
media_servers
|
||||
home-servers
|
||||
|
||||
[pi-hole]
|
||||
|
@ -1,21 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2020 Jens Frey
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
@ -1,241 +0,0 @@
|
||||
# Pihole
|
||||
|
||||
|
||||
Pi-hole role. This will install [Pi-hole®: A black hole for Internet
|
||||
advertisements – A black hole for Internet
|
||||
advertisements](https://pi-hole.net/) for you.
|
||||
|
||||
It also helps you administering Pi-Hole using a simple CSV file that you can
|
||||
edit with your favourite editor.
|
||||
|
||||
## Requirements
|
||||
|
||||
A host running Ubuntu/Debian/Photon OS or e.g. a raspberry pi running Raspberry
|
||||
Pi OS (Lite).
|
||||
|
||||
If you run into problems, a look into the [Pi-hole
|
||||
documentation](https://docs.pi-hole.net/docker/dhcp/) may help.
|
||||
|
||||
### Host CSV File
|
||||
|
||||
Pi-hole configuration is done via a csv file. This gives you a nice overview
|
||||
and makes it easy to manage your environment.
|
||||
|
||||
The role includes a full example CSV file in the `files` folder for you to
|
||||
review.
|
||||
|
||||
The following lines do show `dhcp-option` settings that will be written into
|
||||
the dnsmasq configuration file. The lines tag one IP address as the vm based
|
||||
DNS server and the raspberry pi based DNS server running on an actual raspberry
|
||||
pi.
|
||||
|
||||
#### Set DHCP Options
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
,,,,,"tag:vm-dns,option:dns-server,192.168.30.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
||||
,,,,,"tag:pi-dns,option:dns-server,192.168.30.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
||||
```
|
||||
|
||||
**Note:** If you are setting up multiple DNS servers here, you probably do want
|
||||
to set the `riv_pihole_dns_default_tag` option when configuring your setup to set a default DNS server
|
||||
for clients without a specific configuration.
|
||||
|
||||
#### Setup IP/Host mapping
|
||||
|
||||
The configuration below configures the host with the name `slash` to receive an
|
||||
IP address of `192.168.128.2` if that address is still available. If a DHCP
|
||||
lease was already handed out to another machine, a new IP address will be
|
||||
assigned. It also identifies the machine as a physical host.
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
slash,example.net,192.168.128.2,true,,,"<<physical>>","ESXi Host""
|
||||
```
|
||||
|
||||
#### Setup static IP address
|
||||
|
||||
If you want to make sure that the IP address is assigned to a specific hostname
|
||||
only, you can set the `static` field to `true` to achieve that. Setting this
|
||||
option will instruct dnsmasq to ignore DHCP requests from any host named
|
||||
`vmhole` as shown in the example below. The type is also identified as a virtual machine.
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole Virtual machine DNS server"
|
||||
```
|
||||
|
||||
#### Setup Mac address/IP address mapping
|
||||
|
||||
To assign a specific IP address and hostname to a special device using the mac
|
||||
address of the device, use the following entry in the csv configuration
|
||||
database.
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,,"<<virtual>>","Pi-hole Virtual machine DNS server"
|
||||
```
|
||||
|
||||
#### Set different DNS server
|
||||
|
||||
Setting up a special DNS server for some devices can be achieved by supplying
|
||||
the appropriate DHCP option when defining the mapping. The below example shows
|
||||
how to set the `vm-dns` DNS server for the photon host.
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","<<virtual>>","Proxy server VM based on a docker image, using vm-dns server"
|
||||
```
|
||||
|
||||
## Role Variables
|
||||
|
||||
The role uses the following variables:
|
||||
|
||||
| Variable | Default | Description |
|
||||
| ------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| riv_pihole_admin_password_generated | {{ lookup('password', '/dev/null length=15 chars=ascii_letters') }} | This variable sets the password for the web user interface. If no password is set, it will be auto-generated. The password value is shown in plain text in the last step if the variable `riv_pihole_show_summary` is set to `true`. |
|
||||
| riv_pihole_dns_default_tag | | This variable sets a DHCP tag that lets you specify a default DNS server for hosts not listed in the configuration csv file. |
|
||||
| riv_pihole_show_summary | false | If set `true` the last step will show the (generated) password in plain text along with some useful information like the IP address and name of the host pihole was installed on. |
|
||||
| riv_pihole_docker_network | host | The network to which docker connects. If you want to use DHCP, you need to connect to the host network. |
|
||||
| riv_pihole_docker_purge_networks | yes | Remove the created network when the docker container is shut down. |
|
||||
| riv_pihole_dhcp_active | false | Enable or disable the built-in DHCP server. If you want to use Pi-hole as DHCP server, you need to turn this on. |
|
||||
| riv_pihole_dhcp_leasetime | 24h | The default lease time to set when handing out a client IP address |
|
||||
| riv_pihole_dhcp_start | 192.168.1.2 | The starting range of the built-in DHCP server. |
|
||||
| riv_pihole_dhcp_end | 192.168.1.253 | The last address of the built-in DHCP server. |
|
||||
| riv_pihole_dhcp_router | 192.168.1.1 | The router which should be advertised to clients getting an IP address. |
|
||||
| riv_pihole_domain | example.net | The domain of your local network. |
|
||||
| riv_pihole_interface | eth0 | The interface processes inside Pi-hole will bind to |
|
||||
| riv_pihole_dhcp_ipv6 | false | Enable IPv6 support on DHCP. |
|
||||
| riv_pihole_dhcp_rapid_commit | false | Control switch for the rapid commit option. |
|
||||
| riv_pihole_dnsmasq_listening | all | The interface dnsmasq should listen on. |
|
||||
| riv_pihole_query_logging | true | Log DNS queries. |
|
||||
| riv_pihole_install_web_server | true | Install the built in Web-Server |
|
||||
| riv_pihole_install_web_interface | true | Install the Web-Interface. |
|
||||
| riv_pihole_lighttpd_enabled | | Enable lighttpd |
|
||||
| riv_pihole_ipv4_address | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IPv4 address you want Pi-Hole to listen on. |
|
||||
| riv_pihole_ipv6_address | | The IPv6 address you want Pi-Hole to listen on. |
|
||||
| riv_pihole_dns_bogus_priv | | Control bogus private reverse lookups |
|
||||
| riv_pihole_dns_fqdn_required | | Controls if the unqualified name is put into DNS as well |
|
||||
| riv_pihole_dnssec | | Control DNSSEC |
|
||||
| riv_pihole_rev_server_enabled | | Enable DNS conditional forwarding for device name resolution. |
|
||||
| riv_pihole_rev_server_cidr | | If conditional forwarding is enabled, set the reverse DNS zone (e.g. 192.168.0.0/24) |
|
||||
| riv_pihole_rev_server_domain | | If conditional forwarding is enabled, set the domain of the local network router (e.g example.net). |
|
||||
| riv_pihole_rev_server_target | | If conditional forwarding is enabled, set the IP of the local network router. |
|
||||
| riv_pihole_docker_image | pihole/pihole:latest | Which docker image to pull. You can e.g. specify a version. |
|
||||
| riv_pihole_configuration_base_folder | /opt/pihole | Where do you want your configuration to live on the target host. |
|
||||
| riv_pihole_etc_pihole_folder | {{ riv_pihole_configuration_base_folder }}/pihole | Control position of pihole folder. |
|
||||
| riv_pihole_etc_dnsmasq_folder | {{ riv_pihole_configuration_base_folder }}/dnsmasq.d | Control position of dnsmasq.d folder. |
|
||||
| riv_pihole_sys_dns_server1 | 127.0.0.1 | System DNS servers for Pi-hole. The first one HAS TO BE 127.0.0.1 |
|
||||
| riv_pihole_sys_dns_server2 | 8.8.8.8 | System DNS server for Pi-hole |
|
||||
| riv_pihole_dns_server1 | 1.1.1.1 | DNS Server used inside the docker container |
|
||||
| riv_pihole_dns_server2 | 8.8.8.8 | DNS Server used inside the docker container |
|
||||
| riv_pihole_serverip | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IP address of the Pi-hole host |
|
||||
| riv_pihole_timezone | Europe/Berlin | Your timezone |
|
||||
| riv_pihole_open_firewall_ports | true | Set to false if you don't want the role to open required firewall ports. |
|
||||
| riv_pihole_dns_db_configuration_file | {{ role_path }}/files/mappings.csv | The location of the DNS configuration file. The default file pointed to should be copied and adopted appropriately. |
|
||||
|
||||
## Example Playbook
|
||||
|
||||
The example below shows a playbook you can use to configure pi-hole on a Photon
|
||||
OS based virtual machine which is reflected in the inventory file.
|
||||
|
||||
### Folder structure
|
||||
|
||||
The folder structure is as follows (the roles folder will be created automatically later):
|
||||
|
||||
```
|
||||
|-- dns-db.csv
|
||||
|-- inventory
|
||||
|-- pihole-vm.yml
|
||||
`-- roles
|
||||
`-- authsec.pihole
|
||||
|-- defaults
|
||||
| `-- main.yml
|
||||
|-- files
|
||||
| `-- mappings.csv
|
||||
|-- LICENSE
|
||||
|-- meta
|
||||
| `-- main.yml
|
||||
|-- README.md
|
||||
|-- tasks
|
||||
| |-- checkssh-photonos.yml
|
||||
| |-- checkssh.yml
|
||||
| |-- firewall-iptables.yml
|
||||
| |-- install-apt.yml
|
||||
| |-- install-photonos.yml
|
||||
| `-- main.yml
|
||||
`-- templates
|
||||
|-- 02-pihole-dhcp.conf.j2
|
||||
|-- 10-pihole-custom-static.conf.j2
|
||||
`-- setupVars.conf.j2
|
||||
```
|
||||
|
||||
### Import Role
|
||||
|
||||
You can import the role into your project using:
|
||||
|
||||
``` bash
|
||||
#> ansible-galaxy install -p roles authsec.pihole
|
||||
```
|
||||
|
||||
### Create database
|
||||
|
||||
This is a copy of the example database in `roles/authsec.pihole/files`.
|
||||
|
||||
**dns-db.csv:**
|
||||
|
||||
``` csv
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,comment
|
||||
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","Sets value of dhcp-option configuration option"
|
||||
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","Sets value of dhcp-option configuration option"
|
||||
slash,example.net,192.168.128.2,,,,"ESXi Host"
|
||||
mohh,example.net,192.168.128.5,,,,"The Brain (vCenter Server)"
|
||||
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,"pi-dns","VM using Raspberry Pi based DNS (and DHCP) server"
|
||||
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","VM using VM based DNS server"
|
||||
vmhole,example.net,192.168.128.253,true,,,"Pi-hole Virtual machine DNS server"
|
||||
pihole,example.net,192.168.128.254,,,,"Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
|
||||
```
|
||||
|
||||
**inventory:**
|
||||
|
||||
```
|
||||
[dns_vms]
|
||||
vmhole.example.net ansible_host=192.168.128.253 ansible_user=pihole ansible_become_method='su' ansible_become_password='kevin.is.dead' ansible_python_interpreter=/usr/bin/python3
|
||||
```
|
||||
|
||||
**pihole-vm.yml:**
|
||||
|
||||
``` yaml
|
||||
---
|
||||
# Configure a machine to run pi-hole inside a docker container
|
||||
- hosts: dns_vms
|
||||
gather_facts: yes
|
||||
become: yes
|
||||
tasks:
|
||||
- include_role:
|
||||
name: authsec.pihole
|
||||
vars:
|
||||
# true|false
|
||||
riv_pihole_admin_password: "secure.me"
|
||||
riv_pihole_dhcp_active: "false"
|
||||
riv_pihole_dhcp_start: "192.168.128.8"
|
||||
riv_pihole_dhcp_end: "192.168.128.252"
|
||||
riv_pihole_dhcp_router: "192.168.128.1"
|
||||
riv_pihole_domain: "example.net"
|
||||
riv_pihole_show_summary: true
|
||||
riv_pihole_dns_db_configuration_file: "dns-db.csv"
|
||||
```
|
||||
|
||||
### Run ansible
|
||||
|
||||
Once everything is configured, you can run `ansible` to setup pi-hole on the
|
||||
system configured in the `inventory`.
|
||||
|
||||
``` bash
|
||||
#> ansible-playbook -i inventory pihole-vm.yml
|
||||
```
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
MIT
|
@ -1,65 +0,0 @@
|
||||
---
|
||||
# tasks file for pihole
|
||||
|
||||
# Generate a secure default password
|
||||
riv_pihole_admin_password_generated: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
|
||||
riv_pihole_docker_network: "host"
|
||||
riv_pihole_docker_purge_networks: "yes"
|
||||
|
||||
# If you are using tags to assign multiple DNS servers to an IP address,
|
||||
# you can use this option to set a default, where you do not want to define
|
||||
# a specific IP address to name mapping.
|
||||
riv_pihole_dns_default_tag: ""
|
||||
|
||||
riv_pihole_show_summary: false
|
||||
|
||||
riv_pihole_dhcp_active: "false"
|
||||
# 1 day lease
|
||||
riv_pihole_dhcp_leasetime: "24h"
|
||||
riv_pihole_dhcp_start: "192.168.1.2"
|
||||
riv_pihole_dhcp_end: "192.168.1.253"
|
||||
riv_pihole_dhcp_router: "192.168.1.1"
|
||||
riv_pihole_domain: "example.net"
|
||||
riv_pihole_interface: "eth0"
|
||||
|
||||
riv_pihole_dhcp_ipv6: "false"
|
||||
riv_pihole_dhcp_rapid_commit: "false"
|
||||
riv_pihole_dnsmasq_listening: "all"
|
||||
riv_pihole_query_logging: "true"
|
||||
riv_pihole_install_web_server: "true"
|
||||
riv_pihole_install_web_interface: "true"
|
||||
riv_pihole_lighttpd_enabled: ""
|
||||
riv_pihole_ipv4_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
|
||||
riv_pihole_ipv6_address: ""
|
||||
riv_pihole_dns_bogus_priv: "false"
|
||||
riv_pihole_dns_fqdn_required: "false"
|
||||
riv_pihole_dnssec: "false"
|
||||
riv_pihole_rev_server_enabled: "false" # previously conditional forwarding (riv_pihole_conditional_forwarding)
|
||||
riv_pihole_rev_server_cidr: "" # previously conditional forwarding IP (riv_pihole_conditional_forwarding_ip)
|
||||
riv_pihole_rev_server_domain: "" # previously conditional forwarding domain (riv_pihole_conditional_forwarding_domain)
|
||||
riv_pihole_rev_server_target: "" # previously conditional forwarding host (riv_pihole_conditional_forwarding_reverse)
|
||||
|
||||
riv_pihole_docker_image: "pihole/pihole:latest"
|
||||
|
||||
riv_pihole_configuration_base_folder: "/opt/pihole"
|
||||
riv_pihole_etc_pihole_folder: "{{ riv_pihole_configuration_base_folder }}/pihole"
|
||||
riv_pihole_etc_dnsmasq_folder: "{{ riv_pihole_configuration_base_folder }}/dnsmasq.d"
|
||||
|
||||
# These are the DNS servers for the docker system
|
||||
# The first one MUST be 127.0.0.1
|
||||
riv_pihole_sys_dns_server1: "127.0.0.1"
|
||||
riv_pihole_sys_dns_server2: "8.8.8.8"
|
||||
|
||||
# These are the DNS servers that Pi-hole uses to resolve
|
||||
riv_pihole_dns_server1: "1.1.1.1"
|
||||
riv_pihole_dns_server2: "8.8.8.8"
|
||||
|
||||
riv_pihole_serverip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
|
||||
|
||||
riv_pihole_timezone: "Europe/Berlin"
|
||||
|
||||
# Photon OS e.g. has the firewall locked by default, if this is enabled
|
||||
# the necessary ports will be opened
|
||||
riv_pihole_open_firewall_ports: true
|
||||
|
||||
riv_pihole_dns_db_configuration_file: "{{ role_path }}/files/mappings.csv"
|
@ -1,11 +0,0 @@
|
||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
||||
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
||||
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
||||
slash,example.net,192.168.128.2,true,f4:02:70:b6:17:d2,,"<<physical>>","ESXi Host"
|
||||
dudu,example.net,192.168.128.3,true,,,"<<physical>>","dudu node"
|
||||
mohh,example.net,192.168.128.5,true,,,"<<virtual>>","vCenter installation"
|
||||
ku,example.net,192.168.128.250,true,,"pi-dns","<<physical>>","Control node"
|
||||
proxy,example.net,192.168.128.252,true,,"vm-dns","<<virtual>>","Proxy server VM based on a docker image"
|
||||
wpad,example.net,192.168.128.252,,,,"<<alias>>","Proxy autodiscovery alias"
|
||||
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole based VM DNS server with statically assigned IP (static prevents DHCP from handing out that IP/DNS name combination)"
|
||||
opihi,example.net,192.168.128.254,,b8:27:eb:24:32:1b,,"<<physical>>","Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
|
|
@ -1,2 +0,0 @@
|
||||
install_date: Mon Jun 13 19:57:14 2022
|
||||
version: master
|
@ -1,26 +0,0 @@
|
||||
galaxy_info:
|
||||
role_name: pihole
|
||||
author: Jens Frey
|
||||
description: Install, run and configure Pi-Hole using docker and a CSV file where you can map your hosts to IP addresses.
|
||||
license: MIT
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- buster
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- focal
|
||||
|
||||
galaxy_tags:
|
||||
- pihole
|
||||
- raspberry
|
||||
- raspberrypi
|
||||
- rpi
|
||||
- photonos
|
||||
|
||||
dependencies: []
|
@ -1,5 +0,0 @@
|
||||
- name: Make sure ssh is enabled, not just started
|
||||
systemd:
|
||||
name: sshd.service
|
||||
enabled: true
|
||||
state: started
|
@ -1,5 +0,0 @@
|
||||
- name: Make sure ssh is enabled, not just started
|
||||
systemd:
|
||||
name: ssh.service
|
||||
enabled: true
|
||||
state: started
|
@ -1,41 +0,0 @@
|
||||
- name: Allow ping
|
||||
iptables:
|
||||
chain: INPUT
|
||||
jump: ACCEPT
|
||||
protocol: icmp
|
||||
|
||||
- name: Allow DHCP
|
||||
iptables:
|
||||
chain: INPUT
|
||||
protocol: udp
|
||||
destination_port: "67"
|
||||
jump: ACCEPT
|
||||
when: riv_pihole_dhcp_active|bool
|
||||
|
||||
- name: Allow HTTP
|
||||
iptables:
|
||||
chain: INPUT
|
||||
protocol: tcp
|
||||
destination_port: "80"
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Allow HTTPS
|
||||
iptables:
|
||||
chain: INPUT
|
||||
protocol: tcp
|
||||
destination_port: "443"
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Allow UDP DNS queries
|
||||
iptables:
|
||||
chain: INPUT
|
||||
protocol: udp
|
||||
destination_port: "53"
|
||||
jump: ACCEPT
|
||||
|
||||
- name: Allow TCP DNS queries
|
||||
iptables:
|
||||
chain: INPUT
|
||||
protocol: tcp
|
||||
destination_port: "53"
|
||||
jump: ACCEPT
|
@ -1,6 +0,0 @@
|
||||
- name: Install docker and pip3
|
||||
apt:
|
||||
pkg:
|
||||
- docker.io
|
||||
- python3-pip
|
||||
state: present
|
@ -1,5 +0,0 @@
|
||||
- name: Install docker and pip3
|
||||
command: tdnf -y install docker python3-pip
|
||||
register: result
|
||||
changed_when:
|
||||
- '"Complete!" in result.stdout'
|
@ -1,159 +0,0 @@
|
||||
---
|
||||
- name: Setting or generating password for web interface
|
||||
set_fact:
|
||||
riv_pihole_admin_password: "{{ riv_pihole_admin_password_generated }}"
|
||||
when: riv_pihole_admin_password is undefined
|
||||
- name: Ensure resolv.conf absent
|
||||
file:
|
||||
path: /etc/resolv.conf
|
||||
state: absent
|
||||
- name: Ensure we do have DNS available for the installation.
|
||||
lineinfile:
|
||||
path: /etc/resolv.conf
|
||||
insertbefore: '^{{ item.property | regex_escape() }} '
|
||||
line: '{{ item.property }} {{ item.value }}'
|
||||
create: true
|
||||
with_items:
|
||||
- { property: 'nameserver', value: '127.0.0.1'}
|
||||
- { property: 'nameserver', value: '9.9.9.9'}
|
||||
- { property: 'search', value: "{{ riv_pihole_domain }}" }
|
||||
- name: Running apt install environment
|
||||
include_tasks:
|
||||
file: install-apt.yml
|
||||
when:
|
||||
- (ansible_facts['distribution'] == 'Debian') or (ansible_facts['distribution'] == 'Ubuntu')
|
||||
- name: Running photon os install environment
|
||||
include_tasks:
|
||||
file: install-photonos.yml
|
||||
when:
|
||||
- ansible_facts['distribution'] == 'VMware Photon OS'
|
||||
- name: Install python docker support
|
||||
pip:
|
||||
name: docker
|
||||
state: present
|
||||
- name: Ensure docker is up
|
||||
systemd:
|
||||
name: docker
|
||||
enabled: true
|
||||
state: started
|
||||
- name: Pull Pi-hole image before resolved is shut down
|
||||
docker_image:
|
||||
name: "{{ riv_pihole_docker_image }}"
|
||||
force_source: yes
|
||||
source: pull
|
||||
- name: Running general SSH check
|
||||
include_tasks:
|
||||
file: checkssh.yml
|
||||
when:
|
||||
- ansible_facts['distribution'] != 'VMware Photon OS'
|
||||
- name: Running Photon OS SSH check
|
||||
include_tasks:
|
||||
file: checkssh-photonos.yml
|
||||
when:
|
||||
- ansible_facts['distribution'] == 'VMware Photon OS'
|
||||
- name: Make sure default resolved service is stopped
|
||||
systemd:
|
||||
name: systemd-resolved.service
|
||||
enabled: false
|
||||
state: stopped
|
||||
- name: Read configuration data
|
||||
read_csv:
|
||||
path: "{{ riv_pihole_dns_db_configuration_file }}"
|
||||
delimiter: ','
|
||||
register: mappings
|
||||
delegate_to: localhost
|
||||
become: no
|
||||
- name: Ensure pihole folder is present
|
||||
file:
|
||||
path: "{{ riv_pihole_etc_pihole_folder }}"
|
||||
state: directory
|
||||
mode: '0775'
|
||||
- name: Ensure dnsmasq.d folder is present
|
||||
file:
|
||||
path: "{{ riv_pihole_etc_dnsmasq_folder }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
- name: Generate encoded Pi-hole WEBPASSWORD
|
||||
shell: set -o pipefail && echo -n $(echo -n "{{ riv_pihole_admin_password }}" | sha256sum | sed 's/\s.*$//') | sha256sum | sed 's/\s.*$//'
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: riv_pihole_admin_password_encoded
|
||||
changed_when: false
|
||||
- name: Provision Pihole config
|
||||
template:
|
||||
src: setupVars.conf.j2
|
||||
dest: "{{ riv_pihole_etc_pihole_folder }}/setupVars.conf"
|
||||
mode: '0644'
|
||||
register: riv_pihole_config
|
||||
- name: Provision DNS configuration
|
||||
template:
|
||||
src: 10-pihole-custom-static.conf.j2
|
||||
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/10-pihole-custom-static.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: riv_pihole_dns_config
|
||||
vars:
|
||||
mappings: mappings
|
||||
- name: Provision DHCP configuration
|
||||
template:
|
||||
src: 02-pihole-dhcp.conf.j2
|
||||
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/02-pihole-dhcp.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: riv_pihole_dhcp_config
|
||||
- name: Provisioning host aliases
|
||||
template:
|
||||
src: ansible-managed.hosts.j2
|
||||
dest: "{{ riv_pihole_etc_pihole_folder }}/ansible-managed.hosts"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: riv_pihole_dns_alias_config
|
||||
vars:
|
||||
mappings: mappings
|
||||
- name: Setting up firewall
|
||||
include_tasks:
|
||||
file: firewall-iptables.yml
|
||||
when: riv_pihole_open_firewall_ports
|
||||
- name: Ensure pihole docker container is running
|
||||
docker_container:
|
||||
name: pihole
|
||||
image: "{{ riv_pihole_docker_image }}"
|
||||
state: started
|
||||
restart: "{{ riv_pihole_config.changed or riv_pihole_dns_config.changed or riv_pihole_dhcp_config.changed }}"
|
||||
restart_policy: unless-stopped
|
||||
networks_cli_compatible: yes
|
||||
network_mode: host
|
||||
networks:
|
||||
- name: "{{ riv_pihole_docker_network }}"
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
dns_servers:
|
||||
- "{{ riv_pihole_sys_dns_server1 }}"
|
||||
- "{{ riv_pihole_sys_dns_server2 }}"
|
||||
volumes:
|
||||
- "{{ riv_pihole_etc_pihole_folder }}:/etc/pihole/"
|
||||
- "{{ riv_pihole_etc_dnsmasq_folder }}:/etc/dnsmasq.d/"
|
||||
env:
|
||||
TZ: '{{ riv_pihole_timezone }}'
|
||||
DNS1: '{{ riv_pihole_dns_server1 }}'
|
||||
DNS2: '{{ riv_pihole_dns_server2 }}'
|
||||
WEBPASSWORD: "{{ riv_pihole_admin_password }}"
|
||||
ServerIP: "{{ riv_pihole_serverip }}"
|
||||
REV_SERVER: "{{ riv_pihole_rev_server_enabled }}"
|
||||
REV_SERVER_CIDR: "{{ riv_pihole_rev_server_cidr }}"
|
||||
REV_SERVER_DOMAIN: "{{ riv_pihole_rev_server_domain }}"
|
||||
REV_SERVER_TARGET: "{{ riv_pihole_rev_server_target }}"
|
||||
- name: DNS/DHCP server summary
|
||||
pause:
|
||||
seconds: 1
|
||||
prompt: |
|
||||
Pi-Hole web PASSWORD: "{{ riv_pihole_admin_password }}"
|
||||
Pi-Hole Server IP: "{{ riv_pihole_serverip }}"
|
||||
Pi-Hole Server Name: "{{ inventory_hostname }}"
|
||||
Pi-Hole DHCP server active: "{{ riv_pihole_dhcp_active }}"
|
||||
changed_when: false
|
||||
when: riv_pihole_show_summary
|
||||
delegate_to: localhost
|
@ -1,11 +0,0 @@
|
||||
###############################################################################
|
||||
# DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE. #
|
||||
# ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE #
|
||||
###############################################################################
|
||||
dhcp-authoritative
|
||||
dhcp-range={% if riv_pihole_dns_default_tag is defined and riv_pihole_dns_default_tag|length >0%}set:{{ riv_pihole_dns_default_tag }},{% endif %}{{ riv_pihole_dhcp_start }},{{ riv_pihole_dhcp_end }},{{ riv_pihole_dhcp_leasetime }}
|
||||
dhcp-option=option:router,{{ riv_pihole_dhcp_router }}
|
||||
dhcp-leasefile=/etc/pihole/dhcp.leases
|
||||
#quiet-dhcp
|
||||
|
||||
domain={{ riv_pihole_domain }}
|
@ -1,18 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
# Change dhcp-option to dhcp-option-force if you need PXELinux support
|
||||
{% for item in mappings.list %}
|
||||
{% if item.type=="<<tag>>" %}
|
||||
dhcp-option={{ item.dhcp_option }}
|
||||
{% elif item.type=="<<physical>>" or item.type=="<<virtual>>" %}
|
||||
|
||||
# {{ item.comment }}
|
||||
address=/{{ item.hostname }}.{{ item.domainname }}/{{ item.ip_address }}
|
||||
ptr-record={{ (item.ip_address.split('.'))[::-1]|join('.') }}.in-addr.arpa,{{ item.hostname }}.{{ item.domainname }}
|
||||
dhcp-host={% if item.mac_address is defined and item.mac_address|length %}{{ item.mac_address }},{% endif %}{% if item.dhcp_option is defined and item.dhcp_option|length >0%}set:{{ item.dhcp_option }},{% endif %}{{ item.ip_address }},{{ item.hostname }}{% if item.static is defined and item.static|length%},ignore{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
# Include ansible managed static hosts
|
||||
addn-hosts=/etc/pihole/ansible-managed.hosts
|
@ -1,9 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
{% for item in mappings.list %}
|
||||
{% if item.type=="<<alias>>" %}
|
||||
# {{ item.comment }}
|
||||
{{ item.ip_address }} {{ item.hostname }} {{ item.hostname }}.{{ item.domainname }}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
@ -1,33 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
BLOCKING_ENABLED=true
|
||||
DHCP_ACTIVE={{ riv_pihole_dhcp_active }}
|
||||
DHCP_START={{ riv_pihole_dhcp_start }}
|
||||
DHCP_END={{ riv_pihole_dhcp_end }}
|
||||
DHCP_ROUTER={{ riv_pihole_dhcp_router }}
|
||||
DHCP_LEASETIME={{ riv_pihole_dhcp_leasetime }}
|
||||
PIHOLE_DOMAIN={{ riv_pihole_domain }}
|
||||
DHCP_IPv6={{ riv_pihole_dhcp_ipv6 }}
|
||||
DHCP_rapid_commit={{ riv_pihole_dhcp_rapid_commit }}
|
||||
DNSMASQ_LISTENING={{ riv_pihole_dnsmasq_listening }}
|
||||
PIHOLE_DNS_1={{ riv_pihole_dns_server1 }}
|
||||
PIHOLE_DNS_2={{ riv_pihole_dns_server2 }}
|
||||
WEBPASSWORD={{ riv_pihole_admin_password_encoded.stdout }}
|
||||
QUERY_LOGGING={{ riv_pihole_query_logging }}
|
||||
INSTALL_WEB_SERVER={{ riv_pihole_install_web_server }}
|
||||
INSTALL_WEB_INTERFACE={{ riv_pihole_install_web_interface }}
|
||||
LIGHTTPD_ENABLED={{ riv_pihole_lighttpd_enabled }}
|
||||
IPV4_ADDRESS={{ riv_pihole_ipv4_address }}
|
||||
IPV6_ADDRESS={{ riv_pihole_ipv6_address }}
|
||||
DNS_BOGUS_PRIV={{ riv_pihole_dns_bogus_priv }}
|
||||
DNS_FQDN_REQUIRED={{ riv_pihole_dns_fqdn_required }}
|
||||
DNSSEC={{ riv_pihole_dnssec }}
|
||||
REV_SERVER={{ riv_pihole_rev_server_enabled }}
|
||||
REV_SERVER_CIDR={{ riv_pihole_rev_server_cidr }}
|
||||
REV_SERVER_DOMAIN={{ riv_pihole_rev_server_domain }}
|
||||
REV_SERVER_TARGET={{ riv_pihole_rev_server_target }}
|
||||
CONDITIONAL_FORWARDING=
|
||||
CONDITIONAL_FORWARDING_IP=
|
||||
CONDITIONAL_FORWARDING_DOMAIN=
|
||||
CONDITIONAL_FORWARDING_REVERSE=
|
||||
PIHOLE_INTERFACE={{ riv_pihole_interface }}
|
@ -11,7 +11,7 @@
|
||||
ports:
|
||||
- 9000:9000
|
||||
- 8000:8000
|
||||
when: "'docker-main' in group_names"
|
||||
when: "'home-apps' in group_names"
|
||||
|
||||
- name: Deploy Portainer Agent
|
||||
community.docker.docker_container:
|
||||
|
50
applications/roles/base/tasks/docker.yml
Normal file
50
applications/roles/base/tasks/docker.yml
Normal file
@ -0,0 +1,50 @@
|
||||
# Docker
|
||||
- name: Install prerequisites
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg-agent
|
||||
- software-properties-common
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Add docker apt-key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
|
||||
- name: Add docker repo
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
||||
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Add user permissions
|
||||
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
|
||||
|
||||
# Python Docker SDK
|
||||
- name: Install Python package manager
|
||||
apt:
|
||||
name: python3-pip
|
||||
state: present
|
||||
|
||||
- name: Install Python SDK
|
||||
become_user: "{{ lookup('env', 'USER') }}"
|
||||
pip:
|
||||
name:
|
||||
- docker
|
||||
- docker-compose
|
||||
state: present
|
||||
|
||||
# Containers
|
||||
- include_tasks: containers.yml
|
||||
become_user: "{{ lookup('env', 'USER') }}"
|
||||
when: "'docker-servers' in group_names"
|
@ -7,53 +7,5 @@
|
||||
update_cache: yes
|
||||
state: present
|
||||
|
||||
# Docker
|
||||
- name: Install prerequisites
|
||||
apt:
|
||||
name:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- curl
|
||||
- gnupg-agent
|
||||
- software-properties-common
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Add docker apt-key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
|
||||
- name: Add docker repo
|
||||
apt_repository:
|
||||
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
||||
|
||||
- name: Install Docker
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Ddd user permissions
|
||||
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
|
||||
|
||||
# Python Docker SDK
|
||||
- name: Install Python package manager
|
||||
apt:
|
||||
name: python3-pip
|
||||
state: present
|
||||
|
||||
- name: Install Python SDK
|
||||
become_user: "{{ lookup('env', 'USER') }}"
|
||||
pip:
|
||||
name:
|
||||
- docker
|
||||
- docker-compose
|
||||
state: present
|
||||
|
||||
# Containers
|
||||
- include_tasks: containers.yml
|
||||
become_user: "{{ lookup('env', 'USER') }}"
|
||||
when: "'docker-servers' in group_names"
|
||||
- include_tasks: docker.yml
|
||||
when: "'docker_servers' in group_names"
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
- hosts: all
|
||||
tasks:
|
||||
- include_roles:
|
||||
name: base
|
||||
|
@ -13,6 +13,11 @@ ${ ip }
|
||||
${ ip }
|
||||
%{ end for }
|
||||
|
||||
[docker-servers:children]
|
||||
media_managers
|
||||
media_servers
|
||||
home-servers
|
||||
|
||||
[pi-hole]
|
||||
%{ for ip in piholes }
|
||||
${ ip }
|
||||
|
Loading…
Reference in New Issue
Block a user