remove pihole role; update template; move docker tasks to own folder

This commit is contained in:
Ryan Goodwin 2022-06-14 21:42:58 -04:00
parent 728a4969ad
commit 1915c5da5e
22 changed files with 71 additions and 713 deletions

View File

@ -2,8 +2,11 @@
[media-servers]
[docker-servers:children]
main-docker
media-managers
[home-servers]
[main-docker]
[docker-servers:children]
media_managers
media_servers
home-servers
[pi-hole]

View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2020 Jens Frey
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@ -1,241 +0,0 @@
# Pihole
Pi-hole role. This will install [Pi-hole®: A black hole for Internet
advertisements A black hole for Internet
advertisements](https://pi-hole.net/) for you.
It also helps you administering Pi-Hole using a simple CSV file that you can
edit with your favourite editor.
## Requirements
A host running Ubuntu/Debian/Photon OS or e.g. a raspberry pi running Raspberry
Pi OS (Lite).
If you run into problems, a look into the [Pi-hole
documentation](https://docs.pi-hole.net/docker/dhcp/) may help.
### Host CSV File
Pi-hole configuration is done via a csv file. This gives you a nice overview
and makes it easy to manage your environment.
The role includes a full example CSV file in the `files` folder for you to
review.
The following lines do show `dhcp-option` settings that will be written into
the dnsmasq configuration file. The lines tag one IP address as the vm based
DNS server and the raspberry pi based DNS server running on an actual raspberry
pi.
#### Set DHCP Options
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
,,,,,"tag:vm-dns,option:dns-server,192.168.30.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
,,,,,"tag:pi-dns,option:dns-server,192.168.30.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
```
**Note:** If you are setting up multiple DNS servers here, you probably do want
to set the `riv_pihole_dns_default_tag` option when configuring your setup to set a default DNS server
for clients without a specific configuration.
#### Setup IP/Host mapping
The configuration below configures the host with the name `slash` to receive an
IP address of `192.168.128.2` if that address is still available. If a DHCP
lease was already handed out to another machine, a new IP address will be
assigned. It also identifies the machine as a physical host.
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
slash,example.net,192.168.128.2,true,,,"<<physical>>","ESXi Host""
```
#### Setup static IP address
If you want to make sure that the IP address is assigned to a specific hostname
only, you can set the `static` field to `true` to achieve that. Setting this
option will instruct dnsmasq to ignore DHCP requests from any host named
`vmhole` as shown in the example below. The type is also identified as a virtual machine.
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole Virtual machine DNS server"
```
#### Setup Mac address/IP address mapping
To assign a specific IP address and hostname to a special device using the mac
address of the device, use the following entry in the csv configuration
database.
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,,"<<virtual>>","Pi-hole Virtual machine DNS server"
```
#### Set different DNS server
Setting up a special DNS server for some devices can be achieved by supplying
the appropriate DHCP option when defining the mapping. The below example shows
how to set the `vm-dns` DNS server for the photon host.
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","<<virtual>>","Proxy server VM based on a docker image, using vm-dns server"
```
## Role Variables
The role uses the following variables:
| Variable | Default | Description |
| ------------------------------------ | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| riv_pihole_admin_password_generated | {{ lookup('password', '/dev/null length=15 chars=ascii_letters') }} | This variable sets the password for the web user interface. If no password is set, it will be auto-generated. The password value is shown in plain text in the last step if the variable `riv_pihole_show_summary` is set to `true`. |
| riv_pihole_dns_default_tag | | This variable sets a DHCP tag that lets you specify a default DNS server for hosts not listed in the configuration csv file. |
| riv_pihole_show_summary | false | If set `true` the last step will show the (generated) password in plain text along with some useful information like the IP address and name of the host pihole was installed on. |
| riv_pihole_docker_network | host | The network to which docker connects. If you want to use DHCP, you need to connect to the host network. |
| riv_pihole_docker_purge_networks | yes | Remove the created network when the docker container is shut down. |
| riv_pihole_dhcp_active | false | Enable or disable the built-in DHCP server. If you want to use Pi-hole as DHCP server, you need to turn this on. |
| riv_pihole_dhcp_leasetime | 24h | The default lease time to set when handing out a client IP address |
| riv_pihole_dhcp_start | 192.168.1.2 | The starting range of the built-in DHCP server. |
| riv_pihole_dhcp_end | 192.168.1.253 | The last address of the built-in DHCP server. |
| riv_pihole_dhcp_router | 192.168.1.1 | The router which should be advertised to clients getting an IP address. |
| riv_pihole_domain | example.net | The domain of your local network. |
| riv_pihole_interface | eth0 | The interface processes inside Pi-hole will bind to |
| riv_pihole_dhcp_ipv6 | false | Enable IPv6 support on DHCP. |
| riv_pihole_dhcp_rapid_commit | false | Control switch for the rapid commit option. |
| riv_pihole_dnsmasq_listening | all | The interface dnsmasq should listen on. |
| riv_pihole_query_logging | true | Log DNS queries. |
| riv_pihole_install_web_server | true | Install the built in Web-Server |
| riv_pihole_install_web_interface | true | Install the Web-Interface. |
| riv_pihole_lighttpd_enabled | | Enable lighttpd |
| riv_pihole_ipv4_address | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IPv4 address you want Pi-Hole to listen on. |
| riv_pihole_ipv6_address | | The IPv6 address you want Pi-Hole to listen on. |
| riv_pihole_dns_bogus_priv | | Control bogus private reverse lookups |
| riv_pihole_dns_fqdn_required | | Controls if the unqualified name is put into DNS as well |
| riv_pihole_dnssec | | Control DNSSEC |
| riv_pihole_rev_server_enabled | | Enable DNS conditional forwarding for device name resolution. |
| riv_pihole_rev_server_cidr | | If conditional forwarding is enabled, set the reverse DNS zone (e.g. 192.168.0.0/24) |
| riv_pihole_rev_server_domain | | If conditional forwarding is enabled, set the domain of the local network router (e.g example.net). |
| riv_pihole_rev_server_target | | If conditional forwarding is enabled, set the IP of the local network router. |
| riv_pihole_docker_image | pihole/pihole:latest | Which docker image to pull. You can e.g. specify a version. |
| riv_pihole_configuration_base_folder | /opt/pihole | Where do you want your configuration to live on the target host. |
| riv_pihole_etc_pihole_folder | {{ riv_pihole_configuration_base_folder }}/pihole | Control position of pihole folder. |
| riv_pihole_etc_dnsmasq_folder | {{ riv_pihole_configuration_base_folder }}/dnsmasq.d | Control position of dnsmasq.d folder. |
| riv_pihole_sys_dns_server1 | 127.0.0.1 | System DNS servers for Pi-hole. The first one HAS TO BE 127.0.0.1 |
| riv_pihole_sys_dns_server2 | 8.8.8.8 | System DNS server for Pi-hole |
| riv_pihole_dns_server1 | 1.1.1.1 | DNS Server used inside the docker container |
| riv_pihole_dns_server2 | 8.8.8.8 | DNS Server used inside the docker container |
| riv_pihole_serverip | {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] \| default(ansible_host) }} | The IP address of the Pi-hole host |
| riv_pihole_timezone | Europe/Berlin | Your timezone |
| riv_pihole_open_firewall_ports | true | Set to false if you don't want the role to open required firewall ports. |
| riv_pihole_dns_db_configuration_file | {{ role_path }}/files/mappings.csv | The location of the DNS configuration file. The default file pointed to should be copied and adopted appropriately. |
## Example Playbook
The example below shows a playbook you can use to configure pi-hole on a Photon
OS based virtual machine which is reflected in the inventory file.
### Folder structure
The folder structure is as follows (the roles folder will be created automatically later):
```
|-- dns-db.csv
|-- inventory
|-- pihole-vm.yml
`-- roles
`-- authsec.pihole
|-- defaults
| `-- main.yml
|-- files
| `-- mappings.csv
|-- LICENSE
|-- meta
| `-- main.yml
|-- README.md
|-- tasks
| |-- checkssh-photonos.yml
| |-- checkssh.yml
| |-- firewall-iptables.yml
| |-- install-apt.yml
| |-- install-photonos.yml
| `-- main.yml
`-- templates
|-- 02-pihole-dhcp.conf.j2
|-- 10-pihole-custom-static.conf.j2
`-- setupVars.conf.j2
```
### Import Role
You can import the role into your project using:
``` bash
#> ansible-galaxy install -p roles authsec.pihole
```
### Create database
This is a copy of the example database in `roles/authsec.pihole/files`.
**dns-db.csv:**
``` csv
hostname,domainname,ip_address,static,mac_address,dhcp_option,comment
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","Sets value of dhcp-option configuration option"
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","Sets value of dhcp-option configuration option"
slash,example.net,192.168.128.2,,,,"ESXi Host"
mohh,example.net,192.168.128.5,,,,"The Brain (vCenter Server)"
blib,example.net,192.168.128.18,,00:0c:29:43:37:dc,"pi-dns","VM using Raspberry Pi based DNS (and DHCP) server"
photon,example.net,192.168.128.19,,00:0c:29:51:80:1f,"vm-dns","VM using VM based DNS server"
vmhole,example.net,192.168.128.253,true,,,"Pi-hole Virtual machine DNS server"
pihole,example.net,192.168.128.254,,,,"Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
```
**inventory:**
```
[dns_vms]
vmhole.example.net ansible_host=192.168.128.253 ansible_user=pihole ansible_become_method='su' ansible_become_password='kevin.is.dead' ansible_python_interpreter=/usr/bin/python3
```
**pihole-vm.yml:**
``` yaml
---
# Configure a machine to run pi-hole inside a docker container
- hosts: dns_vms
gather_facts: yes
become: yes
tasks:
- include_role:
name: authsec.pihole
vars:
# true|false
riv_pihole_admin_password: "secure.me"
riv_pihole_dhcp_active: "false"
riv_pihole_dhcp_start: "192.168.128.8"
riv_pihole_dhcp_end: "192.168.128.252"
riv_pihole_dhcp_router: "192.168.128.1"
riv_pihole_domain: "example.net"
riv_pihole_show_summary: true
riv_pihole_dns_db_configuration_file: "dns-db.csv"
```
### Run ansible
Once everything is configured, you can run `ansible` to setup pi-hole on the
system configured in the `inventory`.
``` bash
#> ansible-playbook -i inventory pihole-vm.yml
```
License
-------
MIT

View File

@ -1,65 +0,0 @@
---
# tasks file for pihole
# Generate a secure default password
riv_pihole_admin_password_generated: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
riv_pihole_docker_network: "host"
riv_pihole_docker_purge_networks: "yes"
# If you are using tags to assign multiple DNS servers to an IP address,
# you can use this option to set a default, where you do not want to define
# a specific IP address to name mapping.
riv_pihole_dns_default_tag: ""
riv_pihole_show_summary: false
riv_pihole_dhcp_active: "false"
# 1 day lease
riv_pihole_dhcp_leasetime: "24h"
riv_pihole_dhcp_start: "192.168.1.2"
riv_pihole_dhcp_end: "192.168.1.253"
riv_pihole_dhcp_router: "192.168.1.1"
riv_pihole_domain: "example.net"
riv_pihole_interface: "eth0"
riv_pihole_dhcp_ipv6: "false"
riv_pihole_dhcp_rapid_commit: "false"
riv_pihole_dnsmasq_listening: "all"
riv_pihole_query_logging: "true"
riv_pihole_install_web_server: "true"
riv_pihole_install_web_interface: "true"
riv_pihole_lighttpd_enabled: ""
riv_pihole_ipv4_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
riv_pihole_ipv6_address: ""
riv_pihole_dns_bogus_priv: "false"
riv_pihole_dns_fqdn_required: "false"
riv_pihole_dnssec: "false"
riv_pihole_rev_server_enabled: "false" # previously conditional forwarding (riv_pihole_conditional_forwarding)
riv_pihole_rev_server_cidr: "" # previously conditional forwarding IP (riv_pihole_conditional_forwarding_ip)
riv_pihole_rev_server_domain: "" # previously conditional forwarding domain (riv_pihole_conditional_forwarding_domain)
riv_pihole_rev_server_target: "" # previously conditional forwarding host (riv_pihole_conditional_forwarding_reverse)
riv_pihole_docker_image: "pihole/pihole:latest"
riv_pihole_configuration_base_folder: "/opt/pihole"
riv_pihole_etc_pihole_folder: "{{ riv_pihole_configuration_base_folder }}/pihole"
riv_pihole_etc_dnsmasq_folder: "{{ riv_pihole_configuration_base_folder }}/dnsmasq.d"
# These are the DNS servers for the docker system
# The first one MUST be 127.0.0.1
riv_pihole_sys_dns_server1: "127.0.0.1"
riv_pihole_sys_dns_server2: "8.8.8.8"
# These are the DNS servers that Pi-hole uses to resolve
riv_pihole_dns_server1: "1.1.1.1"
riv_pihole_dns_server2: "8.8.8.8"
riv_pihole_serverip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default(ansible_host) }}"
riv_pihole_timezone: "Europe/Berlin"
# Photon OS e.g. has the firewall locked by default, if this is enabled
# the necessary ports will be opened
riv_pihole_open_firewall_ports: true
riv_pihole_dns_db_configuration_file: "{{ role_path }}/files/mappings.csv"

View File

@ -1,11 +0,0 @@
hostname,domainname,ip_address,static,mac_address,dhcp_option,type,comment
,,,,,"tag:vm-dns,option:dns-server,192.168.128.253","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
,,,,,"tag:pi-dns,option:dns-server,192.168.128.254","<<tag>>","Sets value of dhcp-option configuration option, here which DNS server to use"
slash,example.net,192.168.128.2,true,f4:02:70:b6:17:d2,,"<<physical>>","ESXi Host"
dudu,example.net,192.168.128.3,true,,,"<<physical>>","dudu node"
mohh,example.net,192.168.128.5,true,,,"<<virtual>>","vCenter installation"
ku,example.net,192.168.128.250,true,,"pi-dns","<<physical>>","Control node"
proxy,example.net,192.168.128.252,true,,"vm-dns","<<virtual>>","Proxy server VM based on a docker image"
wpad,example.net,192.168.128.252,,,,"<<alias>>","Proxy autodiscovery alias"
vmhole,example.net,192.168.128.253,true,,,"<<virtual>>","Pi-hole based VM DNS server with statically assigned IP (static prevents DHCP from handing out that IP/DNS name combination)"
opihi,example.net,192.168.128.254,,b8:27:eb:24:32:1b,,"<<physical>>","Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed"
1 hostname domainname ip_address static mac_address dhcp_option type comment
2 tag:vm-dns,option:dns-server,192.168.128.253 <<tag>> Sets value of dhcp-option configuration option, here which DNS server to use
3 tag:pi-dns,option:dns-server,192.168.128.254 <<tag>> Sets value of dhcp-option configuration option, here which DNS server to use
4 slash example.net 192.168.128.2 true f4:02:70:b6:17:d2 <<physical>> ESXi Host
5 dudu example.net 192.168.128.3 true <<physical>> dudu node
6 mohh example.net 192.168.128.5 true <<virtual>> vCenter installation
7 ku example.net 192.168.128.250 true pi-dns <<physical>> Control node
8 proxy example.net 192.168.128.252 true vm-dns <<virtual>> Proxy server VM based on a docker image
9 wpad example.net 192.168.128.252 <<alias>> Proxy autodiscovery alias
10 vmhole example.net 192.168.128.253 true <<virtual>> Pi-hole based VM DNS server with statically assigned IP (static prevents DHCP from handing out that IP/DNS name combination)
11 opihi example.net 192.168.128.254 b8:27:eb:24:32:1b <<physical>> Raspberry Pi backed Pi-Hole DNS and DHCP server for this network, docker based and ansible managed

View File

@ -1,2 +0,0 @@
install_date: Mon Jun 13 19:57:14 2022
version: master

View File

@ -1,26 +0,0 @@
galaxy_info:
role_name: pihole
author: Jens Frey
description: Install, run and configure Pi-Hole using docker and a CSV file where you can map your hosts to IP addresses.
license: MIT
min_ansible_version: 2.9
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
platforms:
- name: Debian
versions:
- buster
- name: Ubuntu
versions:
- focal
galaxy_tags:
- pihole
- raspberry
- raspberrypi
- rpi
- photonos
dependencies: []

View File

@ -1,5 +0,0 @@
- name: Make sure ssh is enabled, not just started
systemd:
name: sshd.service
enabled: true
state: started

View File

@ -1,5 +0,0 @@
- name: Make sure ssh is enabled, not just started
systemd:
name: ssh.service
enabled: true
state: started

View File

@ -1,41 +0,0 @@
- name: Allow ping
iptables:
chain: INPUT
jump: ACCEPT
protocol: icmp
- name: Allow DHCP
iptables:
chain: INPUT
protocol: udp
destination_port: "67"
jump: ACCEPT
when: riv_pihole_dhcp_active|bool
- name: Allow HTTP
iptables:
chain: INPUT
protocol: tcp
destination_port: "80"
jump: ACCEPT
- name: Allow HTTPS
iptables:
chain: INPUT
protocol: tcp
destination_port: "443"
jump: ACCEPT
- name: Allow UDP DNS queries
iptables:
chain: INPUT
protocol: udp
destination_port: "53"
jump: ACCEPT
- name: Allow TCP DNS queries
iptables:
chain: INPUT
protocol: tcp
destination_port: "53"
jump: ACCEPT

View File

@ -1,6 +0,0 @@
- name: Install docker and pip3
apt:
pkg:
- docker.io
- python3-pip
state: present

View File

@ -1,5 +0,0 @@
- name: Install docker and pip3
command: tdnf -y install docker python3-pip
register: result
changed_when:
- '"Complete!" in result.stdout'

View File

@ -1,159 +0,0 @@
---
- name: Setting or generating password for web interface
set_fact:
riv_pihole_admin_password: "{{ riv_pihole_admin_password_generated }}"
when: riv_pihole_admin_password is undefined
- name: Ensure resolv.conf absent
file:
path: /etc/resolv.conf
state: absent
- name: Ensure we do have DNS available for the installation.
lineinfile:
path: /etc/resolv.conf
insertbefore: '^{{ item.property | regex_escape() }} '
line: '{{ item.property }} {{ item.value }}'
create: true
with_items:
- { property: 'nameserver', value: '127.0.0.1'}
- { property: 'nameserver', value: '9.9.9.9'}
- { property: 'search', value: "{{ riv_pihole_domain }}" }
- name: Running apt install environment
include_tasks:
file: install-apt.yml
when:
- (ansible_facts['distribution'] == 'Debian') or (ansible_facts['distribution'] == 'Ubuntu')
- name: Running photon os install environment
include_tasks:
file: install-photonos.yml
when:
- ansible_facts['distribution'] == 'VMware Photon OS'
- name: Install python docker support
pip:
name: docker
state: present
- name: Ensure docker is up
systemd:
name: docker
enabled: true
state: started
- name: Pull Pi-hole image before resolved is shut down
docker_image:
name: "{{ riv_pihole_docker_image }}"
force_source: yes
source: pull
- name: Running general SSH check
include_tasks:
file: checkssh.yml
when:
- ansible_facts['distribution'] != 'VMware Photon OS'
- name: Running Photon OS SSH check
include_tasks:
file: checkssh-photonos.yml
when:
- ansible_facts['distribution'] == 'VMware Photon OS'
- name: Make sure default resolved service is stopped
systemd:
name: systemd-resolved.service
enabled: false
state: stopped
- name: Read configuration data
read_csv:
path: "{{ riv_pihole_dns_db_configuration_file }}"
delimiter: ','
register: mappings
delegate_to: localhost
become: no
- name: Ensure pihole folder is present
file:
path: "{{ riv_pihole_etc_pihole_folder }}"
state: directory
mode: '0775'
- name: Ensure dnsmasq.d folder is present
file:
path: "{{ riv_pihole_etc_dnsmasq_folder }}"
state: directory
mode: '0755'
- name: Generate encoded Pi-hole WEBPASSWORD
shell: set -o pipefail && echo -n $(echo -n "{{ riv_pihole_admin_password }}" | sha256sum | sed 's/\s.*$//') | sha256sum | sed 's/\s.*$//'
args:
executable: /bin/bash
register: riv_pihole_admin_password_encoded
changed_when: false
- name: Provision Pihole config
template:
src: setupVars.conf.j2
dest: "{{ riv_pihole_etc_pihole_folder }}/setupVars.conf"
mode: '0644'
register: riv_pihole_config
- name: Provision DNS configuration
template:
src: 10-pihole-custom-static.conf.j2
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/10-pihole-custom-static.conf"
owner: root
group: root
mode: '0644'
register: riv_pihole_dns_config
vars:
mappings: mappings
- name: Provision DHCP configuration
template:
src: 02-pihole-dhcp.conf.j2
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/02-pihole-dhcp.conf"
owner: root
group: root
mode: '0644'
register: riv_pihole_dhcp_config
- name: Provisioning host aliases
template:
src: ansible-managed.hosts.j2
dest: "{{ riv_pihole_etc_pihole_folder }}/ansible-managed.hosts"
owner: root
group: root
mode: '0644'
register: riv_pihole_dns_alias_config
vars:
mappings: mappings
- name: Setting up firewall
include_tasks:
file: firewall-iptables.yml
when: riv_pihole_open_firewall_ports
- name: Ensure pihole docker container is running
docker_container:
name: pihole
image: "{{ riv_pihole_docker_image }}"
state: started
restart: "{{ riv_pihole_config.changed or riv_pihole_dns_config.changed or riv_pihole_dhcp_config.changed }}"
restart_policy: unless-stopped
networks_cli_compatible: yes
network_mode: host
networks:
- name: "{{ riv_pihole_docker_network }}"
capabilities:
- NET_ADMIN
dns_servers:
- "{{ riv_pihole_sys_dns_server1 }}"
- "{{ riv_pihole_sys_dns_server2 }}"
volumes:
- "{{ riv_pihole_etc_pihole_folder }}:/etc/pihole/"
- "{{ riv_pihole_etc_dnsmasq_folder }}:/etc/dnsmasq.d/"
env:
TZ: '{{ riv_pihole_timezone }}'
DNS1: '{{ riv_pihole_dns_server1 }}'
DNS2: '{{ riv_pihole_dns_server2 }}'
WEBPASSWORD: "{{ riv_pihole_admin_password }}"
ServerIP: "{{ riv_pihole_serverip }}"
REV_SERVER: "{{ riv_pihole_rev_server_enabled }}"
REV_SERVER_CIDR: "{{ riv_pihole_rev_server_cidr }}"
REV_SERVER_DOMAIN: "{{ riv_pihole_rev_server_domain }}"
REV_SERVER_TARGET: "{{ riv_pihole_rev_server_target }}"
- name: DNS/DHCP server summary
pause:
seconds: 1
prompt: |
Pi-Hole web PASSWORD: "{{ riv_pihole_admin_password }}"
Pi-Hole Server IP: "{{ riv_pihole_serverip }}"
Pi-Hole Server Name: "{{ inventory_hostname }}"
Pi-Hole DHCP server active: "{{ riv_pihole_dhcp_active }}"
changed_when: false
when: riv_pihole_show_summary
delegate_to: localhost

View File

@ -1,11 +0,0 @@
###############################################################################
# DHCP SERVER CONFIG FILE AUTOMATICALLY POPULATED BY PI-HOLE WEB INTERFACE. #
# ANY CHANGES MADE TO THIS FILE WILL BE LOST ON CHANGE #
###############################################################################
dhcp-authoritative
dhcp-range={% if riv_pihole_dns_default_tag is defined and riv_pihole_dns_default_tag|length >0%}set:{{ riv_pihole_dns_default_tag }},{% endif %}{{ riv_pihole_dhcp_start }},{{ riv_pihole_dhcp_end }},{{ riv_pihole_dhcp_leasetime }}
dhcp-option=option:router,{{ riv_pihole_dhcp_router }}
dhcp-leasefile=/etc/pihole/dhcp.leases
#quiet-dhcp
domain={{ riv_pihole_domain }}

View File

@ -1,18 +0,0 @@
# {{ ansible_managed }}
# Change dhcp-option to dhcp-option-force if you need PXELinux support
{% for item in mappings.list %}
{% if item.type=="<<tag>>" %}
dhcp-option={{ item.dhcp_option }}
{% elif item.type=="<<physical>>" or item.type=="<<virtual>>" %}
# {{ item.comment }}
address=/{{ item.hostname }}.{{ item.domainname }}/{{ item.ip_address }}
ptr-record={{ (item.ip_address.split('.'))[::-1]|join('.') }}.in-addr.arpa,{{ item.hostname }}.{{ item.domainname }}
dhcp-host={% if item.mac_address is defined and item.mac_address|length %}{{ item.mac_address }},{% endif %}{% if item.dhcp_option is defined and item.dhcp_option|length >0%}set:{{ item.dhcp_option }},{% endif %}{{ item.ip_address }},{{ item.hostname }}{% if item.static is defined and item.static|length%},ignore{% endif %}
{% endif %}
{% endfor %}
# Include ansible managed static hosts
addn-hosts=/etc/pihole/ansible-managed.hosts

View File

@ -1,9 +0,0 @@
# {{ ansible_managed }}
{% for item in mappings.list %}
{% if item.type=="<<alias>>" %}
# {{ item.comment }}
{{ item.ip_address }} {{ item.hostname }} {{ item.hostname }}.{{ item.domainname }}
{% endif %}
{% endfor %}

View File

@ -1,33 +0,0 @@
# {{ ansible_managed }}
BLOCKING_ENABLED=true
DHCP_ACTIVE={{ riv_pihole_dhcp_active }}
DHCP_START={{ riv_pihole_dhcp_start }}
DHCP_END={{ riv_pihole_dhcp_end }}
DHCP_ROUTER={{ riv_pihole_dhcp_router }}
DHCP_LEASETIME={{ riv_pihole_dhcp_leasetime }}
PIHOLE_DOMAIN={{ riv_pihole_domain }}
DHCP_IPv6={{ riv_pihole_dhcp_ipv6 }}
DHCP_rapid_commit={{ riv_pihole_dhcp_rapid_commit }}
DNSMASQ_LISTENING={{ riv_pihole_dnsmasq_listening }}
PIHOLE_DNS_1={{ riv_pihole_dns_server1 }}
PIHOLE_DNS_2={{ riv_pihole_dns_server2 }}
WEBPASSWORD={{ riv_pihole_admin_password_encoded.stdout }}
QUERY_LOGGING={{ riv_pihole_query_logging }}
INSTALL_WEB_SERVER={{ riv_pihole_install_web_server }}
INSTALL_WEB_INTERFACE={{ riv_pihole_install_web_interface }}
LIGHTTPD_ENABLED={{ riv_pihole_lighttpd_enabled }}
IPV4_ADDRESS={{ riv_pihole_ipv4_address }}
IPV6_ADDRESS={{ riv_pihole_ipv6_address }}
DNS_BOGUS_PRIV={{ riv_pihole_dns_bogus_priv }}
DNS_FQDN_REQUIRED={{ riv_pihole_dns_fqdn_required }}
DNSSEC={{ riv_pihole_dnssec }}
REV_SERVER={{ riv_pihole_rev_server_enabled }}
REV_SERVER_CIDR={{ riv_pihole_rev_server_cidr }}
REV_SERVER_DOMAIN={{ riv_pihole_rev_server_domain }}
REV_SERVER_TARGET={{ riv_pihole_rev_server_target }}
CONDITIONAL_FORWARDING=
CONDITIONAL_FORWARDING_IP=
CONDITIONAL_FORWARDING_DOMAIN=
CONDITIONAL_FORWARDING_REVERSE=
PIHOLE_INTERFACE={{ riv_pihole_interface }}

View File

@ -11,7 +11,7 @@
ports:
- 9000:9000
- 8000:8000
when: "'docker-main' in group_names"
when: "'home-apps' in group_names"
- name: Deploy Portainer Agent
community.docker.docker_container:

View File

@ -0,0 +1,50 @@
# Docker
- name: Install prerequisites
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
state: present
update_cache: yes
- name: Add docker apt-key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
- name: Add docker repo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
- name: Install Docker
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
update_cache: yes
- name: Add user permissions
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
# Python Docker SDK
- name: Install Python package manager
apt:
name: python3-pip
state: present
- name: Install Python SDK
become_user: "{{ lookup('env', 'USER') }}"
pip:
name:
- docker
- docker-compose
state: present
# Containers
- include_tasks: containers.yml
become_user: "{{ lookup('env', 'USER') }}"
when: "'docker-servers' in group_names"

View File

@ -7,53 +7,5 @@
update_cache: yes
state: present
# Docker
- name: Install prerequisites
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
state: present
update_cache: yes
- name: Add docker apt-key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
- name: Add docker repo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
- name: Install Docker
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
update_cache: yes
- name: Ddd user permissions
shell: "usermod -aG docker {{ lookup ('env', 'USER') }}"
# Python Docker SDK
- name: Install Python package manager
apt:
name: python3-pip
state: present
- name: Install Python SDK
become_user: "{{ lookup('env', 'USER') }}"
pip:
name:
- docker
- docker-compose
state: present
# Containers
- include_tasks: containers.yml
become_user: "{{ lookup('env', 'USER') }}"
when: "'docker-servers' in group_names"
- include_tasks: docker.yml
when: "'docker_servers' in group_names"

View File

@ -0,0 +1,6 @@
---
- hosts: all
tasks:
- include_roles:
name: base

View File

@ -13,6 +13,11 @@ ${ ip }
${ ip }
%{ end for }
[docker-servers:children]
media_managers
media_servers
home-servers
[pi-hole]
%{ for ip in piholes }
${ ip }