From 3dc2ee311ac2bd3cb10af757cd4c222068d29254 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Tue, 17 Aug 2021 00:05:31 +0200 Subject: [PATCH] Init PiHole role --- ansible/roles/pihole/tasks/configure.yml | 41 ++++++++++++ ansible/roles/pihole/tasks/gather.yml | 43 +++++++++++++ ansible/roles/pihole/tasks/main.yml | 18 ++++++ .../roles/pihole/templates/setupVars.conf.j2 | 21 +++++++ ansible/run.yml | 63 +------------------ 5 files changed, 126 insertions(+), 60 deletions(-) create mode 100644 ansible/roles/pihole/tasks/configure.yml create mode 100644 ansible/roles/pihole/tasks/gather.yml create mode 100644 ansible/roles/pihole/tasks/main.yml create mode 100644 ansible/roles/pihole/templates/setupVars.conf.j2 diff --git a/ansible/roles/pihole/tasks/configure.yml b/ansible/roles/pihole/tasks/configure.yml new file mode 100644 index 0000000..46d2752 --- /dev/null +++ b/ansible/roles/pihole/tasks/configure.yml @@ -0,0 +1,41 @@ +- name: Set pihole webpassword + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^WEBPASSWORD=" + line: WEBPASSWORD={{ pihole.password | hash("sha256") | hash("sha256") | default("")}} + create: yes + +- name: Set pihole theme + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^WEBTHEME=" + line: WEBTHEME=default-dark #default-dark default-darker default-light + create: yes + +- name: Set pihole layout + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^WEBUIBOXEDLAYOUT=" + line: WEBUIBOXEDLAYOUT=boxed + create: yes + +- name: Set pihole listen + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^DNSMASQ_LISTENING=" + line: DNSMASQ_LISTENING=local + create: yes + +- name: Set pihole fqdn forwarding + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^DNS_FQDN_REQUIRED=" + line: DNS_FQDN_REQUIRED=true + create: yes + +- name: Set pihole reverse lookup + ansible.builtin.lineinfile: + path: /etc/pihole/setupVars.conf + regexp: "^DNS_BOGUS_PRIV=" + line: DNS_BOGUS_PRIV=true + create: yes diff --git a/ansible/roles/pihole/tasks/gather.yml b/ansible/roles/pihole/tasks/gather.yml new file mode 100644 index 0000000..6fe56cc --- /dev/null +++ b/ansible/roles/pihole/tasks/gather.yml @@ -0,0 +1,43 @@ +- name: Get dependencies for PiHole + when: not pihole_setup.stat.exists + become: yes + ansible.builtin.apt: + name: + [ + "cron", + "curl", + "dhcpcd5", + "dns-root-data", + "dnsutils", + "git", + "idn2", + "idn2", + "iputils-ping", + "libcap2-bin", + "libcap2", + "lighttpd", + "lsof", + "netcat", + "php-cgi", + "php-cli", + "php-curl", + "php-intl", + "php-sqlite3", + "php-xml", + "psmisc", + "sqlite3", + "sudo", + "unzip", + "wget", + "whiptail", + ] + state: latest + +- name: Checkout PiHole + become: yes + ansible.builtin.git: + repo: "https://github.com/pi-hole/pi-hole.git" + clone: yes + dest: "/etc/.pihole" + depth: 1 + umask: "022" diff --git a/ansible/roles/pihole/tasks/main.yml b/ansible/roles/pihole/tasks/main.yml new file mode 100644 index 0000000..c71a372 --- /dev/null +++ b/ansible/roles/pihole/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Check if PiHole is cloned + stat: + path: "/etc/pihole" + register: pihole_clone + +- name: Gather PiHole + when: not pihole_clone.stat.exists + include: gather.yml + +- name: Check if PiHole is installed + stat: + path: "/usr/local/bin/pihole" + register: pihole_bin + +- name: Configure PiHole + when: pihole_bin.stat.exists + include: configure.yml + become: yes diff --git a/ansible/roles/pihole/templates/setupVars.conf.j2 b/ansible/roles/pihole/templates/setupVars.conf.j2 new file mode 100644 index 0000000..20eee0e --- /dev/null +++ b/ansible/roles/pihole/templates/setupVars.conf.j2 @@ -0,0 +1,21 @@ +{{ ansible_managed | comment}} +PIHOLE_INTERFACE=eth0 +IPV4_ADDRESS={{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}/24 +IPV6_ADDRESS= +QUERY_LOGGING=true +INSTALL_WEB_SERVER=true +INSTALL_WEB_INTERFACE=true +LIGHTTPD_ENABLED=true +CACHE_SIZE=10000 +BLOCKING_ENABLED=true +WEBPASSWORD={{ secret_sudo | hash('sha256') | hash('sha256') }} +ADMIN_EMAIL= +WEBUIBOXEDLAYOUT=boxed +WEBTHEME=default-dark +DNSMASQ_LISTENING=local +PIHOLE_DNS_1=208.67.222.222 +PIHOLE_DNS_2=208.67.220.220 +DNS_FQDN_REQUIRED=true +DNS_BOGUS_PRIV=false +DNSSEC=false +REV_SERVER=false \ No newline at end of file diff --git a/ansible/run.yml b/ansible/run.yml index 1b3e352..f9e86c3 100644 --- a/ansible/run.yml +++ b/ansible/run.yml @@ -155,68 +155,11 @@ - hosts: piholes vars_files: - "vars/vault.yml" - pre_tasks: - - name: Checkout pihole - tags: [never, init, pihole] - become: yes - ansible.builtin.git: - repo: "https://github.com/pi-hole/pi-hole.git" - clone: yes - dest: "/etc/.pihole" - depth: 1 - umask: "022" - - - name: Checkout pihole_updatelist - tags: [never, init, pihole] - ansible.builtin.git: - repo: "https://github.com/jacklul/pihole-updatelists.git" - clone: yes - dest: "/home/{{ users.0.username }}/pihole_updatelist" - depth: 1 - - - name: Get dependencies - become: yes - tags: [never, init, pihole] - ansible.builtin.apt: - name: - [ - "cron", - "curl", - "dhcpcd5", - "dns-root-data", - "dns-root-data", - "dnsutils", - "git", - "idn2", - "idn2", - "iputils-ping", - "libcap2-bin", - "libcap2", - "lighttpd", - "lsof", - "netcat", - "php-cgi", - "php-cli", - "php-curl", - "php-intl", - "php-sqlite3", - "php-sqlite3", - "php-xml", - "psmisc", - "sqlite3", - "sudo", - "unzip", - "unzip", - "wget", - "whiptail", - ] - state: latest - + tags: [update, pihole] roles: - - role: pi_updatelist - tags: [update] + - role: pihole_updatelist - role: pi_dnsmasq - tags: [update] + - role: pihole - hosts: all become: yes