Add TODO stub of Pi Hole setup

See the TODO comment in /roles/pi-hole/tasks/main.yml.
We'll probably need to install other software first.

playbook.yml

@@ -4,6 +4,8 @@
 # For a purely reproducible build this would be a good suggestion but I'm willing to take the risk with the Pi.
 - name: Install raspberry pi
   hosts: raspberry_pis
+  vars_files:
+    - vault.yml
   roles:
     # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
     # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
@@ -11,7 +13,8 @@
     #   become: true
     # - role: devsec.hardening.ssh_hardening
     #   become: true
-    - role: zsh
+    # - role: zsh
+    - role: pi-hole
   vars:
     # devsec.hardening.os_hardening vars:
     os_auth_pw_max_age: 99999 # Effectively disables the setting as mentioned in the docs.
@@ -23,6 +26,13 @@
     ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
     ssh_client_password_login: false # Default, but duplicated here for documentation purpose.
   tasks:
+    # This task can be handy for debugging gathered facts, uncomment it if necessary:
+    # - name: Store gathered facts in local file
+    #   delegate_to: localhost
+    #   ansible.builtin.copy:
+    #     dest: './.ansible_facts.json'
+    #     content: "{{ ansible_facts }}"
+    #     mode: "0600"
     # TODO: Replace this with setup that sets up unnattended updates on the machine itself.
     - name: Update all packages to their latest version # noqa: package-latest
       become: true