Init PiHole role

ansible/roles/pihole/tasks/configure.yml

@@ -0,0 +1,41 @@
+- name: Set pihole webpassword
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^WEBPASSWORD="
+    line: WEBPASSWORD={{ pihole.password | hash("sha256") | hash("sha256") | default("")}}
+    create: yes
+
+- name: Set pihole theme
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^WEBTHEME="
+    line: WEBTHEME=default-dark #default-dark default-darker default-light
+    create: yes
+
+- name: Set pihole layout
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^WEBUIBOXEDLAYOUT="
+    line: WEBUIBOXEDLAYOUT=boxed
+    create: yes
+
+- name: Set pihole listen
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^DNSMASQ_LISTENING="
+    line: DNSMASQ_LISTENING=local
+    create: yes
+
+- name: Set pihole fqdn forwarding
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^DNS_FQDN_REQUIRED="
+    line: DNS_FQDN_REQUIRED=true
+    create: yes
+
+- name: Set pihole reverse lookup
+  ansible.builtin.lineinfile:
+    path: /etc/pihole/setupVars.conf
+    regexp: "^DNS_BOGUS_PRIV="
+    line: DNS_BOGUS_PRIV=true
+    create: yes

ansible/roles/pihole/tasks/gather.yml

@@ -0,0 +1,43 @@
+- name: Get dependencies for PiHole
+  when: not pihole_setup.stat.exists
+  become: yes
+  ansible.builtin.apt:
+    name:
+      [
+        "cron",
+        "curl",
+        "dhcpcd5",
+        "dns-root-data",
+        "dnsutils",
+        "git",
+        "idn2",
+        "idn2",
+        "iputils-ping",
+        "libcap2-bin",
+        "libcap2",
+        "lighttpd",
+        "lsof",
+        "netcat",
+        "php-cgi",
+        "php-cli",
+        "php-curl",
+        "php-intl",
+        "php-sqlite3",
+        "php-xml",
+        "psmisc",
+        "sqlite3",
+        "sudo",
+        "unzip",
+        "wget",
+        "whiptail",
+      ]
+    state: latest
+
+- name: Checkout PiHole
+  become: yes
+  ansible.builtin.git:
+    repo: "https://github.com/pi-hole/pi-hole.git"
+    clone: yes
+    dest: "/etc/.pihole"
+    depth: 1
+    umask: "022"

ansible/roles/pihole/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Check if PiHole is cloned
+  stat:
+    path: "/etc/pihole"
+  register: pihole_clone
+
+- name: Gather PiHole
+  when: not pihole_clone.stat.exists
+  include: gather.yml
+
+- name: Check if PiHole is installed
+  stat:
+    path: "/usr/local/bin/pihole"
+  register: pihole_bin
+
+- name: Configure PiHole
+  when: pihole_bin.stat.exists
+  include: configure.yml
+  become: yes

ansible/roles/pihole/templates/setupVars.conf.j2

@@ -0,0 +1,21 @@
+{{ ansible_managed | comment}}
+PIHOLE_INTERFACE=eth0
+IPV4_ADDRESS={{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0])  }}/24
+IPV6_ADDRESS=
+QUERY_LOGGING=true
+INSTALL_WEB_SERVER=true
+INSTALL_WEB_INTERFACE=true
+LIGHTTPD_ENABLED=true
+CACHE_SIZE=10000
+BLOCKING_ENABLED=true
+WEBPASSWORD={{ secret_sudo | hash('sha256') | hash('sha256') }}
+ADMIN_EMAIL=
+WEBUIBOXEDLAYOUT=boxed
+WEBTHEME=default-dark
+DNSMASQ_LISTENING=local
+PIHOLE_DNS_1=208.67.222.222
+PIHOLE_DNS_2=208.67.220.220
+DNS_FQDN_REQUIRED=true
+DNS_BOGUS_PRIV=false
+DNSSEC=false
+REV_SERVER=false

ansible/run.yml

@@ -155,68 +155,11 @@
 - hosts: piholes
   vars_files:
     - "vars/vault.yml"
-  pre_tasks:
+  tags: [update, pihole]
-    - name: Checkout pihole
-      tags: [never, init, pihole]
-      become: yes
-      ansible.builtin.git:
-        repo: "https://github.com/pi-hole/pi-hole.git"
-        clone: yes
-        dest: "/etc/.pihole"
-        depth: 1
-        umask: "022"
-
-    - name: Checkout pihole_updatelist
-      tags: [never, init, pihole]
-      ansible.builtin.git:
-        repo: "https://github.com/jacklul/pihole-updatelists.git"
-        clone: yes
-        dest: "/home/{{ users.0.username }}/pihole_updatelist"
-        depth: 1
-
-    - name: Get dependencies
-      become: yes
-      tags: [never, init, pihole]
-      ansible.builtin.apt:
-        name:
-          [
-            "cron",
-            "curl",
-            "dhcpcd5",
-            "dns-root-data",
-            "dns-root-data",
-            "dnsutils",
-            "git",
-            "idn2",
-            "idn2",
-            "iputils-ping",
-            "libcap2-bin",
-            "libcap2",
-            "lighttpd",
-            "lsof",
-            "netcat",
-            "php-cgi",
-            "php-cli",
-            "php-curl",
-            "php-intl",
-            "php-sqlite3",
-            "php-sqlite3",
-            "php-xml",
-            "psmisc",
-            "sqlite3",
-            "sudo",
-            "unzip",
-            "unzip",
-            "wget",
-            "whiptail",
-          ]
-        state: latest
-
   roles:
-    - role: pi_updatelist
+    - role: pihole_updatelist
-      tags: [update]
     - role: pi_dnsmasq
-      tags: [update]
+    - role: pihole
 
 - hosts: all
   become: yes