remove pihole role; update template; move docker tasks to own folder
This commit is contained in:
parent
728a4969ad
commit
1915c5da5e
@ -2,8 +2,11 @@
|
|||||||
|
|
||||||
[media-servers]
|
[media-servers]
|
||||||
|
|
||||||
[docker-servers:children]
|
[home-servers]
|
||||||
main-docker
|
|
||||||
media-managers
|
|
||||||
|
|
||||||
[main-docker]
|
[docker-servers:children]
|
||||||
|
media_managers
|
||||||
|
media_servers
|
||||||
|
home-servers
|
||||||
|
|
||||||
|
[pi-hole]
|
||||||
|
@ -1,21 +0,0 @@
|
|||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) 2020 Jens Frey
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE.
|
|
@ -1,241 +0,0 @@
|
|||||||
# Pihole
|
|
||||||
|
|
||||||
|
|
||||||
Pi-hole role. This will install [Pi-hole®: A black hole for Internet
|
|
||||||
advertisements – A black hole for Internet
|
|
||||||
advertisements](https://pi-hole.net/) for you.
|
|
||||||
|
|
||||||
It also helps you administering Pi-Hole using a simple CSV file that you can
|
|
||||||
edit with your favourite editor.
|
|
||||||
|
|
||||||
## Requirements
|
|
||||||
|
|
||||||
A host running Ubuntu/Debian/Photon OS or e.g. a raspberry pi running Raspberry
|
|
||||||
Pi OS (Lite).
|
|
||||||
|
|
||||||
If you run into problems, a look into the [Pi-hole
|
|
||||||
documentation](https://docs.pi-hole.net/docker/dhcp/) may help.
|
|
||||||
|
|
||||||
### Host CSV File
|
|
||||||
|
|
||||||
Pi-hole configuration is done via a csv file. This gives you a nice overview
|
|
||||||
and makes it easy to manage your environment.
|
|
||||||
|
|
||||||
The role includes a full example CSV file in the `files` folder for you to
|
|
||||||
review.
|
|
||||||
|
|
||||||
The following lines do show `dhcp-option` settings that will be written into
|
|
||||||
the dnsmasq configuration file. The lines tag one IP address as the vm based
|
|
||||||
DNS server and the raspberry pi based DNS server running on an actual raspberry
|
|
||||||
pi.
|
|
||||||
|
|
||||||
#### Set DHCP Options
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
,,,,,"tag:vm-dns,option:dns-server,192.168.30.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
|
||||||
,,,,,"tag:pi-dns,option:dns-server,192.168.30.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
|
||||||
```
|
|
||||||
|
|
||||||
**Note:** If you are setting up multiple DNS servers here, you probably do want
|
|
||||||
to set the `riv_pihole_dns_default_tag` option when configuring your setup to set a default DNS server
|
|
||||||
for clients without a specific configuration.
|
|
||||||
|
|
||||||
#### Setup IP/Host mapping
|
|
||||||
|
|
||||||
The configuration below configures the host with the name `slash` to receive an
|
|
||||||
IP address of `192.168.128.2` if that address is still available. If a DHCP
|
|
||||||
lease was already handed out to another machine, a new IP address will be
|
|
||||||
assigned. It also identifies the machine as a physical host.
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
slash,example.net,192.168.128.2,true,,,"<<physical>>","ESXi Host""
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Setup static IP address
|
|
||||||
|
|
||||||
If you want to make sure that the IP address is assigned to a specific hostname
|
|
||||||
only, you can set the `static` field to `true` to achieve that. Setting this
|
|
||||||
option will instruct dnsmasq to ignore DHCP requests from any host named
|
|
||||||
`vmhole` as shown in the example below. The type is also identified as a virtual machine.
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole Virtual machine DNS server"
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Setup Mac address/IP address mapping
|
|
||||||
|
|
||||||
To assign a specific IP address and hostname to a special device using the mac
|
|
||||||
address of the device, use the following entry in the csv configuration
|
|
||||||
database.
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,,"<<virtual>>","Pi-hole Virtual machine DNS server"
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Set different DNS server
|
|
||||||
|
|
||||||
Setting up a special DNS server for some devices can be achieved by supplying
|
|
||||||
the appropriate DHCP option when defining the mapping. The below example shows
|
|
||||||
how to set the `vm-dns` DNS server for the photon host.
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","<<virtual>>","Proxy server VM based on a docker image, using vm-dns server"
|
|
||||||
```
|
|
||||||
|
|
||||||
## Role Variables
|
|
||||||
|
|
||||||
The role uses the following variables:
|
|
||||||
|
|
||||||
| Variable | Default | Description |
|
|
||||||
| ------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
|
||||||
| riv_pihole_admin_password_generated | {{ lookup('password', '/dev/null length=15 chars=ascii_letters') }} | This variable sets the password for the web user interface. If no password is set, it will be auto-generated. The password value is shown in plain text in the last step if the variable `riv_pihole_show_summary` is set to `true`. |
|
|
||||||
| riv_pihole_dns_default_tag | | This variable sets a DHCP tag that lets you specify a default DNS server for hosts not listed in the configuration csv file. |
|
|
||||||
| riv_pihole_show_summary | false | If set `true` the last step will show the (generated) password in plain text along with some useful information like the IP address and name of the host pihole was installed on. |
|
|
||||||
| riv_pihole_docker_network | host | The network to which docker connects. If you want to use DHCP, you need to connect to the host network. |
|
|
||||||
| riv_pihole_docker_purge_networks | yes | Remove the created network when the docker container is shut down. |
|
|
||||||
| riv_pihole_dhcp_active | false | Enable or disable the built-in DHCP server. If you want to use Pi-hole as DHCP server, you need to turn this on. |
|
|
||||||
| riv_pihole_dhcp_leasetime | 24h | The default lease time to set when handing out a client IP address |
|
|
||||||
| riv_pihole_dhcp_start | 192.168.1.2 | The starting range of the built-in DHCP server. |
|
|
||||||
| riv_pihole_dhcp_end | 192.168.1.253 | The last address of the built-in DHCP server. |
|
|
||||||
| riv_pihole_dhcp_router | 192.168.1.1 | The router which should be advertised to clients getting an IP address. |
|
|
||||||
| riv_pihole_domain | example.net | The domain of your local network. |
|
|
||||||
| riv_pihole_interface | eth0 | The interface processes inside Pi-hole will bind to |
|
|
||||||
| riv_pihole_dhcp_ipv6 | false | Enable IPv6 support on DHCP. |
|
|
||||||
| riv_pihole_dhcp_rapid_commit | false | Control switch for the rapid commit option. |
|
|
||||||
| riv_pihole_dnsmasq_listening | all | The interface dnsmasq should listen on. |
|
|
||||||
| riv_pihole_query_logging | true | Log DNS queries. |
|
|
||||||
| riv_pihole_install_web_server | true | Install the built in Web-Server |
|
|
||||||
| riv_pihole_install_web_interface | true | Install the Web-Interface. |
|
|
||||||
| riv_pihole_lighttpd_enabled | | Enable lighttpd |
|
|
||||||
| riv_pihole_ipv4_address | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IPv4 address you want Pi-Hole to listen on. |
|
|
||||||
| riv_pihole_ipv6_address | | The IPv6 address you want Pi-Hole to listen on. |
|
|
||||||
| riv_pihole_dns_bogus_priv | | Control bogus private reverse lookups |
|
|
||||||
| riv_pihole_dns_fqdn_required | | Controls if the unqualified name is put into DNS as well |
|
|
||||||
| riv_pihole_dnssec | | Control DNSSEC |
|
|
||||||
| riv_pihole_rev_server_enabled | | Enable DNS conditional forwarding for device name resolution. |
|
|
||||||
| riv_pihole_rev_server_cidr | | If conditional forwarding is enabled, set the reverse DNS zone (e.g. 192.168.0.0/24) |
|
|
||||||
| riv_pihole_rev_server_domain | | If conditional forwarding is enabled, set the domain of the local network router (e.g example.net). |
|
|
||||||
| riv_pihole_rev_server_target | | If conditional forwarding is enabled, set the IP of the local network router. |
|
|
||||||
| riv_pihole_docker_image | pihole/pihole:latest | Which docker image to pull. You can e.g. specify a version. |
|
|
||||||
| riv_pihole_configuration_base_folder | /opt/pihole | Where do you want your configuration to live on the target host. |
|
|
||||||
| riv_pihole_etc_pihole_folder | {{ riv_pihole_configuration_base_folder }}/pihole | Control position of pihole folder. |
|
|
||||||
| riv_pihole_etc_dnsmasq_folder | {{ riv_pihole_configuration_base_folder }}/dnsmasq.d | Control position of dnsmasq.d folder. |
|
|
||||||
| riv_pihole_sys_dns_server1 | 127.0.0.1 | System DNS servers for Pi-hole. The first one HAS TO BE 127.0.0.1 |
|
|
||||||
| riv_pihole_sys_dns_server2 | 8.8.8.8 | System DNS server for Pi-hole |
|
|
||||||
| riv_pihole_dns_server1 | 1.1.1.1 | DNS Server used inside the docker container |
|
|
||||||
| riv_pihole_dns_server2 | 8.8.8.8 | DNS Server used inside the docker container |
|
|
||||||
| riv_pihole_serverip | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IP address of the Pi-hole host |
|
|
||||||
| riv_pihole_timezone | Europe/Berlin | Your timezone |
|
|
||||||
| riv_pihole_open_firewall_ports | true | Set to false if you don't want the role to open required firewall ports. |
|
|
||||||
| riv_pihole_dns_db_configuration_file | {{ role_path }}/files/mappings.csv | The location of the DNS configuration file. The default file pointed to should be copied and adopted appropriately. |
|
|
||||||
|
|
||||||
## Example Playbook
|
|
||||||
|
|
||||||
The example below shows a playbook you can use to configure pi-hole on a Photon
|
|
||||||
OS based virtual machine which is reflected in the inventory file.
|
|
||||||
|
|
||||||
### Folder structure
|
|
||||||
|
|
||||||
The folder structure is as follows (the roles folder will be created automatically later):
|
|
||||||
|
|
||||||
```
|
|
||||||
|-- dns-db.csv
|
|
||||||
|-- inventory
|
|
||||||
|-- pihole-vm.yml
|
|
||||||
`-- roles
|
|
||||||
`-- authsec.pihole
|
|
||||||
|-- defaults
|
|
||||||
| `-- main.yml
|
|
||||||
|-- files
|
|
||||||
| `-- mappings.csv
|
|
||||||
|-- LICENSE
|
|
||||||
|-- meta
|
|
||||||
| `-- main.yml
|
|
||||||
|-- README.md
|
|
||||||
|-- tasks
|
|
||||||
| |-- checkssh-photonos.yml
|
|
||||||
| |-- checkssh.yml
|
|
||||||
| |-- firewall-iptables.yml
|
|
||||||
| |-- install-apt.yml
|
|
||||||
| |-- install-photonos.yml
|
|
||||||
| `-- main.yml
|
|
||||||
`-- templates
|
|
||||||
|-- 02-pihole-dhcp.conf.j2
|
|
||||||
|-- 10-pihole-custom-static.conf.j2
|
|
||||||
`-- setupVars.conf.j2
|
|
||||||
```
|
|
||||||
|
|
||||||
### Import Role
|
|
||||||
|
|
||||||
You can import the role into your project using:
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
#> ansible-galaxy install -p roles authsec.pihole
|
|
||||||
```
|
|
||||||
|
|
||||||
### Create database
|
|
||||||
|
|
||||||
This is a copy of the example database in `roles/authsec.pihole/files`.
|
|
||||||
|
|
||||||
**dns-db.csv:**
|
|
||||||
|
|
||||||
``` csv
|
|
||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,comment
|
|
||||||
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","Sets value of dhcp-option configuration option"
|
|
||||||
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","Sets value of dhcp-option configuration option"
|
|
||||||
slash,example.net,192.168.128.2,,,,"ESXi Host"
|
|
||||||
mohh,example.net,192.168.128.5,,,,"The Brain (vCenter Server)"
|
|
||||||
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,"pi-dns","VM using Raspberry Pi based DNS (and DHCP) server"
|
|
||||||
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","VM using VM based DNS server"
|
|
||||||
vmhole,example.net,192.168.128.253,true,,,"Pi-hole Virtual machine DNS server"
|
|
||||||
pihole,example.net,192.168.128.254,,,,"Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
|
|
||||||
```
|
|
||||||
|
|
||||||
**inventory:**
|
|
||||||
|
|
||||||
```
|
|
||||||
[dns_vms]
|
|
||||||
vmhole.example.net ansible_host=192.168.128.253 ansible_user=pihole ansible_become_method='su' ansible_become_password='kevin.is.dead' ansible_python_interpreter=/usr/bin/python3
|
|
||||||
```
|
|
||||||
|
|
||||||
**pihole-vm.yml:**
|
|
||||||
|
|
||||||
``` yaml
|
|
||||||
---
|
|
||||||
# Configure a machine to run pi-hole inside a docker container
|
|
||||||
- hosts: dns_vms
|
|
||||||
gather_facts: yes
|
|
||||||
become: yes
|
|
||||||
tasks:
|
|
||||||
- include_role:
|
|
||||||
name: authsec.pihole
|
|
||||||
vars:
|
|
||||||
# true|false
|
|
||||||
riv_pihole_admin_password: "secure.me"
|
|
||||||
riv_pihole_dhcp_active: "false"
|
|
||||||
riv_pihole_dhcp_start: "192.168.128.8"
|
|
||||||
riv_pihole_dhcp_end: "192.168.128.252"
|
|
||||||
riv_pihole_dhcp_router: "192.168.128.1"
|
|
||||||
riv_pihole_domain: "example.net"
|
|
||||||
riv_pihole_show_summary: true
|
|
||||||
riv_pihole_dns_db_configuration_file: "dns-db.csv"
|
|
||||||
```
|
|
||||||
|
|
||||||
### Run ansible
|
|
||||||
|
|
||||||
Once everything is configured, you can run `ansible` to setup pi-hole on the
|
|
||||||
system configured in the `inventory`.
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
#> ansible-playbook -i inventory pihole-vm.yml
|
|
||||||
```
|
|
||||||
|
|
||||||
License
|
|
||||||
-------
|
|
||||||
|
|
||||||
MIT
|
|
@ -1,65 +0,0 @@
|
|||||||
---
|
|
||||||
# tasks file for pihole
|
|
||||||
|
|
||||||
# Generate a secure default password
|
|
||||||
riv_pihole_admin_password_generated: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
|
|
||||||
riv_pihole_docker_network: "host"
|
|
||||||
riv_pihole_docker_purge_networks: "yes"
|
|
||||||
|
|
||||||
# If you are using tags to assign multiple DNS servers to an IP address,
|
|
||||||
# you can use this option to set a default, where you do not want to define
|
|
||||||
# a specific IP address to name mapping.
|
|
||||||
riv_pihole_dns_default_tag: ""
|
|
||||||
|
|
||||||
riv_pihole_show_summary: false
|
|
||||||
|
|
||||||
riv_pihole_dhcp_active: "false"
|
|
||||||
# 1 day lease
|
|
||||||
riv_pihole_dhcp_leasetime: "24h"
|
|
||||||
riv_pihole_dhcp_start: "192.168.1.2"
|
|
||||||
riv_pihole_dhcp_end: "192.168.1.253"
|
|
||||||
riv_pihole_dhcp_router: "192.168.1.1"
|
|
||||||
riv_pihole_domain: "example.net"
|
|
||||||
riv_pihole_interface: "eth0"
|
|
||||||
|
|
||||||
riv_pihole_dhcp_ipv6: "false"
|
|
||||||
riv_pihole_dhcp_rapid_commit: "false"
|
|
||||||
riv_pihole_dnsmasq_listening: "all"
|
|
||||||
riv_pihole_query_logging: "true"
|
|
||||||
riv_pihole_install_web_server: "true"
|
|
||||||
riv_pihole_install_web_interface: "true"
|
|
||||||
riv_pihole_lighttpd_enabled: ""
|
|
||||||
riv_pihole_ipv4_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
|
|
||||||
riv_pihole_ipv6_address: ""
|
|
||||||
riv_pihole_dns_bogus_priv: "false"
|
|
||||||
riv_pihole_dns_fqdn_required: "false"
|
|
||||||
riv_pihole_dnssec: "false"
|
|
||||||
riv_pihole_rev_server_enabled: "false" # previously conditional forwarding (riv_pihole_conditional_forwarding)
|
|
||||||
riv_pihole_rev_server_cidr: "" # previously conditional forwarding IP (riv_pihole_conditional_forwarding_ip)
|
|
||||||
riv_pihole_rev_server_domain: "" # previously conditional forwarding domain (riv_pihole_conditional_forwarding_domain)
|
|
||||||
riv_pihole_rev_server_target: "" # previously conditional forwarding host (riv_pihole_conditional_forwarding_reverse)
|
|
||||||
|
|
||||||
riv_pihole_docker_image: "pihole/pihole:latest"
|
|
||||||
|
|
||||||
riv_pihole_configuration_base_folder: "/opt/pihole"
|
|
||||||
riv_pihole_etc_pihole_folder: "{{ riv_pihole_configuration_base_folder }}/pihole"
|
|
||||||
riv_pihole_etc_dnsmasq_folder: "{{ riv_pihole_configuration_base_folder }}/dnsmasq.d"
|
|
||||||
|
|
||||||
# These are the DNS servers for the docker system
|
|
||||||
# The first one MUST be 127.0.0.1
|
|
||||||
riv_pihole_sys_dns_server1: "127.0.0.1"
|
|
||||||
riv_pihole_sys_dns_server2: "8.8.8.8"
|
|
||||||
|
|
||||||
# These are the DNS servers that Pi-hole uses to resolve
|
|
||||||
riv_pihole_dns_server1: "1.1.1.1"
|
|
||||||
riv_pihole_dns_server2: "8.8.8.8"
|
|
||||||
|
|
||||||
riv_pihole_serverip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
|
|
||||||
|
|
||||||
riv_pihole_timezone: "Europe/Berlin"
|
|
||||||
|
|
||||||
# Photon OS e.g. has the firewall locked by default, if this is enabled
|
|
||||||
# the necessary ports will be opened
|
|
||||||
riv_pihole_open_firewall_ports: true
|
|
||||||
|
|
||||||
riv_pihole_dns_db_configuration_file: "{{ role_path }}/files/mappings.csv"
|
|
@ -1,11 +0,0 @@
|
|||||||
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
|
|
||||||
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
|
||||||
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
|
|
||||||
slash,example.net,192.168.128.2,true,f4:02:70:b6:17:d2,,"<<physical>>","ESXi Host"
|
|
||||||
dudu,example.net,192.168.128.3,true,,,"<<physical>>","dudu node"
|
|
||||||
mohh,example.net,192.168.128.5,true,,,"<<virtual>>","vCenter installation"
|
|
||||||
ku,example.net,192.168.128.250,true,,"pi-dns","<<physical>>","Control node"
|
|
||||||
proxy,example.net,192.168.128.252,true,,"vm-dns","<<virtual>>","Proxy server VM based on a docker image"
|
|
||||||
wpad,example.net,192.168.128.252,,,,"<<alias>>","Proxy autodiscovery alias"
|
|
||||||
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole based VM DNS server with statically assigned IP (static prevents DHCP from handing out that IP/DNS name combination)"
|
|
||||||
opihi,example.net,192.168.128.254,,b8:27:eb:24:32:1b,,"<<physical>>","Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
|
|
|
@ -1,2 +0,0 @@
|
|||||||
install_date: Mon Jun 13 19:57:14 2022
|
|
||||||
version: master
|
|
@ -1,26 +0,0 @@
|
|||||||
galaxy_info:
|
|
||||||
role_name: pihole
|
|
||||||
author: Jens Frey
|
|
||||||
description: Install, run and configure Pi-Hole using docker and a CSV file where you can map your hosts to IP addresses.
|
|
||||||
license: MIT
|
|
||||||
|
|
||||||
min_ansible_version: 2.9
|
|
||||||
|
|
||||||
# To view available platforms and versions (or releases), visit:
|
|
||||||
# https://galaxy.ansible.com/api/v1/platforms/
|
|
||||||
platforms:
|
|
||||||
- name: Debian
|
|
||||||
versions:
|
|
||||||
- buster
|
|
||||||
- name: Ubuntu
|
|
||||||
versions:
|
|
||||||
- focal
|
|
||||||
|
|
||||||
galaxy_tags:
|
|
||||||
- pihole
|
|
||||||
- raspberry
|
|
||||||
- raspberrypi
|
|
||||||
- rpi
|
|
||||||
- photonos
|
|
||||||
|
|
||||||
dependencies: []
|
|
@ -1,5 +0,0 @@
|
|||||||
- name: Make sure ssh is enabled, not just started
|
|
||||||
systemd:
|
|
||||||
name: sshd.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
@ -1,5 +0,0 @@
|
|||||||
- name: Make sure ssh is enabled, not just started
|
|
||||||
systemd:
|
|
||||||
name: ssh.service
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
@ -1,41 +0,0 @@
|
|||||||
- name: Allow ping
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
jump: ACCEPT
|
|
||||||
protocol: icmp
|
|
||||||
|
|
||||||
- name: Allow DHCP
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
protocol: udp
|
|
||||||
destination_port: "67"
|
|
||||||
jump: ACCEPT
|
|
||||||
when: riv_pihole_dhcp_active|bool
|
|
||||||
|
|
||||||
- name: Allow HTTP
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
protocol: tcp
|
|
||||||
destination_port: "80"
|
|
||||||
jump: ACCEPT
|
|
||||||
|
|
||||||
- name: Allow HTTPS
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
protocol: tcp
|
|
||||||
destination_port: "443"
|
|
||||||
jump: ACCEPT
|
|
||||||
|
|
||||||
- name: Allow UDP DNS queries
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
protocol: udp
|
|
||||||
destination_port: "53"
|
|
||||||
jump: ACCEPT
|
|
||||||
|
|
||||||
- name: Allow TCP DNS queries
|
|
||||||
iptables:
|
|
||||||
chain: INPUT
|
|
||||||
protocol: tcp
|
|
||||||
destination_port: "53"
|
|
||||||
jump: ACCEPT
|
|
@ -1,6 +0,0 @@
|
|||||||
- name: Install docker and pip3
|
|
||||||
apt:
|
|
||||||
pkg:
|
|
||||||
- docker.io
|
|
||||||
- python3-pip
|
|
||||||
state: present
|
|
@ -1,5 +0,0 @@
|
|||||||
- name: Install docker and pip3
|
|
||||||
command: tdnf -y install docker python3-pip
|
|
||||||
register: result
|
|
||||||
changed_when:
|
|
||||||
- '"Complete!" in result.stdout'
|
|
@ -1,159 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Setting or generating password for web interface
|
|
||||||
set_fact:
|
|
||||||
riv_pihole_admin_password: "{{ riv_pihole_admin_password_generated }}"
|
|
||||||
when: riv_pihole_admin_password is undefined
|
|
||||||
- name: Ensure resolv.conf absent
|
|
||||||
file:
|
|
||||||
path: /etc/resolv.conf
|
|
||||||
state: absent
|
|
||||||
- name: Ensure we do have DNS available for the installation.
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/resolv.conf
|
|
||||||
insertbefore: '^{{ item.property | regex_escape() }} '
|
|
||||||
line: '{{ item.property }} {{ item.value }}'
|
|
||||||
create: true
|
|
||||||
with_items:
|
|
||||||
- { property: 'nameserver', value: '127.0.0.1'}
|
|
||||||
- { property: 'nameserver', value: '9.9.9.9'}
|
|
||||||
- { property: 'search', value: "{{ riv_pihole_domain }}" }
|
|
||||||
- name: Running apt install environment
|
|
||||||
include_tasks:
|
|
||||||
file: install-apt.yml
|
|
||||||
when:
|
|
||||||
- (ansible_facts['distribution'] == 'Debian') or (ansible_facts['distribution'] == 'Ubuntu')
|
|
||||||
- name: Running photon os install environment
|
|
||||||
include_tasks:
|
|
||||||
file: install-photonos.yml
|
|
||||||
when:
|
|
||||||
- ansible_facts['distribution'] == 'VMware Photon OS'
|
|
||||||
- name: Install python docker support
|
|
||||||
pip:
|
|
||||||
name: docker
|
|
||||||
state: present
|
|
||||||
- name: Ensure docker is up
|
|
||||||
systemd:
|
|
||||||
name: docker
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
- name: Pull Pi-hole image before resolved is shut down
|
|
||||||
docker_image:
|
|
||||||
name: "{{ riv_pihole_docker_image }}"
|
|
||||||
force_source: yes
|
|
||||||
source: pull
|
|
||||||
- name: Running general SSH check
|
|
||||||
include_tasks:
|
|
||||||
file: checkssh.yml
|
|
||||||
when:
|
|
||||||
- ansible_facts['distribution'] != 'VMware Photon OS'
|
|
||||||
- name: Running Photon OS SSH check
|
|
||||||
include_tasks:
|
|
||||||
file: checkssh-photonos.yml
|
|
||||||
when:
|
|
||||||
- ansible_facts['distribution'] == 'VMware Photon OS'
|
|
||||||
- name: Make sure default resolved service is stopped
|
|
||||||
systemd:
|
|
||||||
name: systemd-resolved.service
|
|
||||||
enabled: false
|
|
||||||
state: stopped
|
|
||||||
- name: Read configuration data
|
|
||||||
read_csv:
|
|
||||||
path: "{{ riv_pihole_dns_db_configuration_file }}"
|
|
||||||
delimiter: ','
|
|
||||||
register: mappings
|
|
||||||
delegate_to: localhost
|
|
||||||
become: no
|
|
||||||
- name: Ensure pihole folder is present
|
|
||||||
file:
|
|
||||||
path: "{{ riv_pihole_etc_pihole_folder }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0775'
|
|
||||||
- name: Ensure dnsmasq.d folder is present
|
|
||||||
file:
|
|
||||||
path: "{{ riv_pihole_etc_dnsmasq_folder }}"
|
|
||||||
state: directory
|
|
||||||
mode: '0755'
|
|
||||||
- name: Generate encoded Pi-hole WEBPASSWORD
|
|
||||||
shell: set -o pipefail && echo -n $(echo -n "{{ riv_pihole_admin_password }}" | sha256sum | sed 's/\s.*$//') | sha256sum | sed 's/\s.*$//'
|
|
||||||
args:
|
|
||||||
executable: /bin/bash
|
|
||||||
register: riv_pihole_admin_password_encoded
|
|
||||||
changed_when: false
|
|
||||||
- name: Provision Pihole config
|
|
||||||
template:
|
|
||||||
src: setupVars.conf.j2
|
|
||||||
dest: "{{ riv_pihole_etc_pihole_folder }}/setupVars.conf"
|
|
||||||
mode: '0644'
|
|
||||||
register: riv_pihole_config
|
|
||||||
- name: Provision DNS configuration
|
|
||||||
template:
|
|
||||||
src: 10-pihole-custom-static.conf.j2
|
|
||||||
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/10-pihole-custom-static.conf"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
register: riv_pihole_dns_config
|
|
||||||
vars:
|
|
||||||
mappings: mappings
|
|
||||||
- name: Provision DHCP configuration
|
|
||||||
template:
|
|
||||||
src: 02-pihole-dhcp.conf.j2
|
|
||||||
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/02-pihole-dhcp.conf"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
register: riv_pihole_dhcp_config
|
|
||||||
- name: Provisioning host aliases
|
|
||||||
template:
|
|
||||||
src: ansible-managed.hosts.j2
|
|
||||||
dest: "{{ riv_pihole_etc_pihole_folder }}/ansible-managed.hosts"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
register: riv_pihole_dns_alias_config
|
|
||||||
vars:
|
|
||||||
mappings: mappings
|
|
||||||
- name: Setting up firewall
|
|
||||||
include_tasks:
|
|
||||||
file: firewall-iptables.yml
|
|
||||||
when: riv_pihole_open_firewall_ports
|
|
||||||
- name: Ensure pihole docker container is running
|
|
||||||
docker_container:
|
|
||||||
name: pihole
|
|
||||||
image: "{{ riv_pihole_docker_image }}"
|
|
||||||
state: started
|
|
||||||
restart: "{{ riv_pihole_config.changed or riv_pihole_dns_config.changed or riv_pihole_dhcp_config.changed }}"
|
|
||||||
restart_policy: unless-stopped
|
|
||||||
networks_cli_compatible: yes
|
|
||||||
network_mode: host
|
|
||||||
networks:
|
|
||||||
- name: "{{ riv_pihole_docker_network }}"
|
|
||||||
capabilities:
|
|
||||||
- NET_ADMIN
|
|
||||||
dns_servers:
|
|
||||||
- "{{ riv_pihole_sys_dns_server1 }}"
|
|
||||||
- "{{ riv_pihole_sys_dns_server2 }}"
|
|
||||||
volumes:
|
|
||||||
- "{{ riv_pihole_etc_pihole_folder }}:/etc/pihole/"
|
|
||||||
- "{{ riv_pihole_etc_dnsmasq_folder }}:/etc/dnsmasq.d/"
|
|
||||||
env:
|
|
||||||
TZ: '{{ riv_pihole_timezone }}'
|
|
||||||
DNS1: '{{ riv_pihole_dns_server1 }}'
|
|
||||||
DNS2: '{{ riv_pihole_dns_server2 }}'
|
|
||||||
WEBPASSWORD: "{{ riv_pihole_admin_password }}"
|
|
||||||
ServerIP: "{{ riv_pihole_serverip }}"
|
|
||||||
REV_SERVER: "{{ riv_pihole_rev_server_enabled }}"
|
|
||||||
REV_SERVER_CIDR: "{{ riv_pihole_rev_server_cidr }}"
|
|
||||||
REV_SERVER_DOMAIN: "{{ riv_pihole_rev_server_domain }}"
|
|
||||||
REV_SERVER_TARGET: "{{ riv_pihole_rev_server_target }}"
|
|
||||||
- name: DNS/DHCP server summary
|
|
||||||
pause:
|
|
||||||
seconds: 1
|
|
||||||
prompt: |
|
|
||||||
Pi-Hole web PASSWORD: "{{ riv_pihole_admin_password }}"
|
|
||||||
Pi-Hole Server IP: "{{ riv_pihole_serverip }}"
|
|
||||||
Pi-Hole Server Name: "{{ inventory_hostname }}"
|
|
||||||
Pi-Hole DHCP server active: "{{ riv_pihole_dhcp_active }}"
|
|
||||||
changed_when: false
|
|
||||||
when: riv_pihole_show_summary
|
|
||||||
delegate_to: localhost
|
|
@ -1,11 +0,0 @@
|
|||||||
###############################################################################
|
|
||||||
# DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE. #
|
|
||||||
# ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE #
|
|
||||||
###############################################################################
|
|
||||||
dhcp-authoritative
|
|
||||||
dhcp-range={% if riv_pihole_dns_default_tag is defined and riv_pihole_dns_default_tag|length >0%}set:{{ riv_pihole_dns_default_tag }},{% endif %}{{ riv_pihole_dhcp_start }},{{ riv_pihole_dhcp_end }},{{ riv_pihole_dhcp_leasetime }}
|
|
||||||
dhcp-option=option:router,{{ riv_pihole_dhcp_router }}
|
|
||||||
dhcp-leasefile=/etc/pihole/dhcp.leases
|
|
||||||
#quiet-dhcp
|
|
||||||
|
|
||||||
domain={{ riv_pihole_domain }}
|
|
@ -1,18 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
# Change dhcp-option to dhcp-option-force if you need PXELinux support
|
|
||||||
{% for item in mappings.list %}
|
|
||||||
{% if item.type=="<<tag>>" %}
|
|
||||||
dhcp-option={{ item.dhcp_option }}
|
|
||||||
{% elif item.type=="<<physical>>" or item.type=="<<virtual>>" %}
|
|
||||||
|
|
||||||
# {{ item.comment }}
|
|
||||||
address=/{{ item.hostname }}.{{ item.domainname }}/{{ item.ip_address }}
|
|
||||||
ptr-record={{ (item.ip_address.split('.'))[::-1]|join('.') }}.in-addr.arpa,{{ item.hostname }}.{{ item.domainname }}
|
|
||||||
dhcp-host={% if item.mac_address is defined and item.mac_address|length %}{{ item.mac_address }},{% endif %}{% if item.dhcp_option is defined and item.dhcp_option|length >0%}set:{{ item.dhcp_option }},{% endif %}{{ item.ip_address }},{{ item.hostname }}{% if item.static is defined and item.static|length%},ignore{% endif %}
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
# Include ansible managed static hosts
|
|
||||||
addn-hosts=/etc/pihole/ansible-managed.hosts
|
|
@ -1,9 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
{% for item in mappings.list %}
|
|
||||||
{% if item.type=="<<alias>>" %}
|
|
||||||
# {{ item.comment }}
|
|
||||||
{{ item.ip_address }} {{ item.hostname }} {{ item.hostname }}.{{ item.domainname }}
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
@ -1,33 +0,0 @@
|
|||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
BLOCKING_ENABLED=true
|
|
||||||
DHCP_ACTIVE={{ riv_pihole_dhcp_active }}
|
|
||||||
DHCP_START={{ riv_pihole_dhcp_start }}
|
|
||||||
DHCP_END={{ riv_pihole_dhcp_end }}
|
|
||||||
DHCP_ROUTER={{ riv_pihole_dhcp_router }}
|
|
||||||
DHCP_LEASETIME={{ riv_pihole_dhcp_leasetime }}
|
|
||||||
PIHOLE_DOMAIN={{ riv_pihole_domain }}
|
|
||||||
DHCP_IPv6={{ riv_pihole_dhcp_ipv6 }}
|
|
||||||
DHCP_rapid_commit={{ riv_pihole_dhcp_rapid_commit }}
|
|
||||||
DNSMASQ_LISTENING={{ riv_pihole_dnsmasq_listening }}
|
|
||||||
PIHOLE_DNS_1={{ riv_pihole_dns_server1 }}
|
|
||||||
PIHOLE_DNS_2={{ riv_pihole_dns_server2 }}
|
|
||||||
WEBPASSWORD={{ riv_pihole_admin_password_encoded.stdout }}
|
|
||||||
QUERY_LOGGING={{ riv_pihole_query_logging }}
|
|
||||||
INSTALL_WEB_SERVER={{ riv_pihole_install_web_server }}
|
|
||||||
INSTALL_WEB_INTERFACE={{ riv_pihole_install_web_interface }}
|
|
||||||
LIGHTTPD_ENABLED={{ riv_pihole_lighttpd_enabled }}
|
|
||||||
IPV4_ADDRESS={{ riv_pihole_ipv4_address }}
|
|
||||||
IPV6_ADDRESS={{ riv_pihole_ipv6_address }}
|
|
||||||
DNS_BOGUS_PRIV={{ riv_pihole_dns_bogus_priv }}
|
|
||||||
DNS_FQDN_REQUIRED={{ riv_pihole_dns_fqdn_required }}
|
|
||||||
DNSSEC={{ riv_pihole_dnssec }}
|
|
||||||
REV_SERVER={{ riv_pihole_rev_server_enabled }}
|
|
||||||
REV_SERVER_CIDR={{ riv_pihole_rev_server_cidr }}
|
|
||||||
REV_SERVER_DOMAIN={{ riv_pihole_rev_server_domain }}
|
|
||||||
REV_SERVER_TARGET={{ riv_pihole_rev_server_target }}
|
|
||||||
CONDITIONAL_FORWARDING=
|
|
||||||
CONDITIONAL_FORWARDING_IP=
|
|
||||||
CONDITIONAL_FORWARDING_DOMAIN=
|
|
||||||
CONDITIONAL_FORWARDING_REVERSE=
|
|
||||||
PIHOLE_INTERFACE={{ riv_pihole_interface }}
|
|
@ -11,7 +11,7 @@
|
|||||||
ports:
|
ports:
|
||||||
- 9000:9000
|
- 9000:9000
|
||||||
- 8000:8000
|
- 8000:8000
|
||||||
when: "'docker-main' in group_names"
|
when: "'home-apps' in group_names"
|
||||||
|
|
||||||
- name: Deploy Portainer Agent
|
- name: Deploy Portainer Agent
|
||||||
community.docker.docker_container:
|
community.docker.docker_container:
|
||||||
|
50
applications/roles/base/tasks/docker.yml
Normal file
50
applications/roles/base/tasks/docker.yml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Docker
|
||||||
|
- name: Install prerequisites
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
- gnupg-agent
|
||||||
|
- software-properties-common
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Add docker apt-key
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
|
||||||
|
- name: Add docker repo
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
||||||
|
|
||||||
|
- name: Install Docker
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Add user permissions
|
||||||
|
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
|
||||||
|
|
||||||
|
# Python Docker SDK
|
||||||
|
- name: Install Python package manager
|
||||||
|
apt:
|
||||||
|
name: python3-pip
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install Python SDK
|
||||||
|
become_user: "{{ lookup('env', 'USER') }}"
|
||||||
|
pip:
|
||||||
|
name:
|
||||||
|
- docker
|
||||||
|
- docker-compose
|
||||||
|
state: present
|
||||||
|
|
||||||
|
# Containers
|
||||||
|
- include_tasks: containers.yml
|
||||||
|
become_user: "{{ lookup('env', 'USER') }}"
|
||||||
|
when: "'docker-servers' in group_names"
|
@ -7,53 +7,5 @@
|
|||||||
update_cache: yes
|
update_cache: yes
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# Docker
|
- include_tasks: docker.yml
|
||||||
- name: Install prerequisites
|
when: "'docker_servers' in group_names"
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- apt-transport-https
|
|
||||||
- ca-certificates
|
|
||||||
- curl
|
|
||||||
- gnupg-agent
|
|
||||||
- software-properties-common
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: Add docker apt-key
|
|
||||||
apt_key:
|
|
||||||
url: https://download.docker.com/linux/ubuntu/gpg
|
|
||||||
|
|
||||||
- name: Add docker repo
|
|
||||||
apt_repository:
|
|
||||||
repo: deb https://download.docker.com/linux/ubuntu focal stable
|
|
||||||
|
|
||||||
- name: Install Docker
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- docker-ce
|
|
||||||
- docker-ce-cli
|
|
||||||
- containerd.io
|
|
||||||
state: present
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: Ddd user permissions
|
|
||||||
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
|
|
||||||
|
|
||||||
# Python Docker SDK
|
|
||||||
- name: Install Python package manager
|
|
||||||
apt:
|
|
||||||
name: python3-pip
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Install Python SDK
|
|
||||||
become_user: "{{ lookup('env', 'USER') }}"
|
|
||||||
pip:
|
|
||||||
name:
|
|
||||||
- docker
|
|
||||||
- docker-compose
|
|
||||||
state: present
|
|
||||||
|
|
||||||
# Containers
|
|
||||||
- include_tasks: containers.yml
|
|
||||||
become_user: "{{ lookup('env', 'USER') }}"
|
|
||||||
when: "'docker-servers' in group_names"
|
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
tasks:
|
||||||
|
- include_roles:
|
||||||
|
name: base
|
||||||
|
|
@ -13,6 +13,11 @@ ${ ip }
|
|||||||
${ ip }
|
${ ip }
|
||||||
%{ end for }
|
%{ end for }
|
||||||
|
|
||||||
|
[docker-servers:children]
|
||||||
|
media_managers
|
||||||
|
media_servers
|
||||||
|
home-servers
|
||||||
|
|
||||||
[pi-hole]
|
[pi-hole]
|
||||||
%{ for ip in piholes }
|
%{ for ip in piholes }
|
||||||
${ ip }
|
${ ip }
|
||||||
|
Loading…
Reference in New Issue
Block a user