160 lines
5.1 KiB
YAML
160 lines
5.1 KiB
YAML
---
|
|
- name: Setting or generating password for web interface
|
|
set_fact:
|
|
riv_pihole_admin_password: "{{ riv_pihole_admin_password_generated }}"
|
|
when: riv_pihole_admin_password is undefined
|
|
- name: Ensure resolv.conf absent
|
|
file:
|
|
path: /etc/resolv.conf
|
|
state: absent
|
|
- name: Ensure we do have DNS available for the installation.
|
|
lineinfile:
|
|
path: /etc/resolv.conf
|
|
insertbefore: '^{{ item.property | regex_escape() }} '
|
|
line: '{{ item.property }} {{ item.value }}'
|
|
create: true
|
|
with_items:
|
|
- { property: 'nameserver', value: '127.0.0.1'}
|
|
- { property: 'nameserver', value: '9.9.9.9'}
|
|
- { property: 'search', value: "{{ riv_pihole_domain }}" }
|
|
- name: Running apt install environment
|
|
include_tasks:
|
|
file: install-apt.yml
|
|
when:
|
|
- (ansible_facts['distribution'] == 'Debian') or (ansible_facts['distribution'] == 'Ubuntu')
|
|
- name: Running photon os install environment
|
|
include_tasks:
|
|
file: install-photonos.yml
|
|
when:
|
|
- ansible_facts['distribution'] == 'VMware Photon OS'
|
|
- name: Install python docker support
|
|
pip:
|
|
name: docker
|
|
state: present
|
|
- name: Ensure docker is up
|
|
systemd:
|
|
name: docker
|
|
enabled: true
|
|
state: started
|
|
- name: Pull Pi-hole image before resolved is shut down
|
|
docker_image:
|
|
name: "{{ riv_pihole_docker_image }}"
|
|
force_source: yes
|
|
source: pull
|
|
- name: Running general SSH check
|
|
include_tasks:
|
|
file: checkssh.yml
|
|
when:
|
|
- ansible_facts['distribution'] != 'VMware Photon OS'
|
|
- name: Running Photon OS SSH check
|
|
include_tasks:
|
|
file: checkssh-photonos.yml
|
|
when:
|
|
- ansible_facts['distribution'] == 'VMware Photon OS'
|
|
- name: Make sure default resolved service is stopped
|
|
systemd:
|
|
name: systemd-resolved.service
|
|
enabled: false
|
|
state: stopped
|
|
- name: Read configuration data
|
|
read_csv:
|
|
path: "{{ riv_pihole_dns_db_configuration_file }}"
|
|
delimiter: ','
|
|
register: mappings
|
|
delegate_to: localhost
|
|
become: no
|
|
- name: Ensure pihole folder is present
|
|
file:
|
|
path: "{{ riv_pihole_etc_pihole_folder }}"
|
|
state: directory
|
|
mode: '0775'
|
|
- name: Ensure dnsmasq.d folder is present
|
|
file:
|
|
path: "{{ riv_pihole_etc_dnsmasq_folder }}"
|
|
state: directory
|
|
mode: '0755'
|
|
- name: Generate encoded Pi-hole WEBPASSWORD
|
|
shell: set -o pipefail && echo -n $(echo -n "{{ riv_pihole_admin_password }}" | sha256sum | sed 's/\s.*$//') | sha256sum | sed 's/\s.*$//'
|
|
args:
|
|
executable: /bin/bash
|
|
register: riv_pihole_admin_password_encoded
|
|
changed_when: false
|
|
- name: Provision Pihole config
|
|
template:
|
|
src: setupVars.conf.j2
|
|
dest: "{{ riv_pihole_etc_pihole_folder }}/setupVars.conf"
|
|
mode: '0644'
|
|
register: riv_pihole_config
|
|
- name: Provision DNS configuration
|
|
template:
|
|
src: 10-pihole-custom-static.conf.j2
|
|
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/10-pihole-custom-static.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: riv_pihole_dns_config
|
|
vars:
|
|
mappings: mappings
|
|
- name: Provision DHCP configuration
|
|
template:
|
|
src: 02-pihole-dhcp.conf.j2
|
|
dest: "{{ riv_pihole_etc_dnsmasq_folder }}/02-pihole-dhcp.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: riv_pihole_dhcp_config
|
|
- name: Provisioning host aliases
|
|
template:
|
|
src: ansible-managed.hosts.j2
|
|
dest: "{{ riv_pihole_etc_pihole_folder }}/ansible-managed.hosts"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
register: riv_pihole_dns_alias_config
|
|
vars:
|
|
mappings: mappings
|
|
- name: Setting up firewall
|
|
include_tasks:
|
|
file: firewall-iptables.yml
|
|
when: riv_pihole_open_firewall_ports
|
|
- name: Ensure pihole docker container is running
|
|
docker_container:
|
|
name: pihole
|
|
image: "{{ riv_pihole_docker_image }}"
|
|
state: started
|
|
restart: "{{ riv_pihole_config.changed or riv_pihole_dns_config.changed or riv_pihole_dhcp_config.changed }}"
|
|
restart_policy: unless-stopped
|
|
networks_cli_compatible: yes
|
|
network_mode: host
|
|
networks:
|
|
- name: "{{ riv_pihole_docker_network }}"
|
|
capabilities:
|
|
- NET_ADMIN
|
|
dns_servers:
|
|
- "{{ riv_pihole_sys_dns_server1 }}"
|
|
- "{{ riv_pihole_sys_dns_server2 }}"
|
|
volumes:
|
|
- "{{ riv_pihole_etc_pihole_folder }}:/etc/pihole/"
|
|
- "{{ riv_pihole_etc_dnsmasq_folder }}:/etc/dnsmasq.d/"
|
|
env:
|
|
TZ: '{{ riv_pihole_timezone }}'
|
|
DNS1: '{{ riv_pihole_dns_server1 }}'
|
|
DNS2: '{{ riv_pihole_dns_server2 }}'
|
|
WEBPASSWORD: "{{ riv_pihole_admin_password }}"
|
|
ServerIP: "{{ riv_pihole_serverip }}"
|
|
REV_SERVER: "{{ riv_pihole_rev_server_enabled }}"
|
|
REV_SERVER_CIDR: "{{ riv_pihole_rev_server_cidr }}"
|
|
REV_SERVER_DOMAIN: "{{ riv_pihole_rev_server_domain }}"
|
|
REV_SERVER_TARGET: "{{ riv_pihole_rev_server_target }}"
|
|
- name: DNS/DHCP server summary
|
|
pause:
|
|
seconds: 1
|
|
prompt: |
|
|
Pi-Hole web PASSWORD: "{{ riv_pihole_admin_password }}"
|
|
Pi-Hole Server IP: "{{ riv_pihole_serverip }}"
|
|
Pi-Hole Server Name: "{{ inventory_hostname }}"
|
|
Pi-Hole DHCP server active: "{{ riv_pihole_dhcp_active }}"
|
|
changed_when: false
|
|
when: riv_pihole_show_summary
|
|
delegate_to: localhost
|