PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Raspberry-Pi-IaC/roles/pi-hole/tasks/main.yml
Thomas Kleinendorst 21237b64c0 Install Pi-hole with some existing problems 
There is an error telling that dnsmasq doesn't start, this might have
to do with the user having to be root.
The DNS service also isn't exposed yet as it needs some ufw forwarding
(there's a TODO in the code mentioning this).
2024-04-13 15:26:45 +02:00

78 lines
3.3 KiB
YAML
Raw Blame History

---
- name: Install Podman
become: true
ansible.builtin.apt:
name: podman
state: present
- name: Create a user for running the pi-hole podman container
ansible.builtin.include_role:
name: user
vars:
user_username: "{{ pi_hole_username }}"
user_password: "{{ pi_hole_password }}"
- name: Create the /etc-pihole directory in the home directory (will be mounted to the container)
become: true
become_user: "{{ pi_hole_username }}"
ansible.builtin.file:
path: "/home/{{ pi_hole_username }}/etc-pihole"
state: directory
mode: '0700'
register: command_result
failed_when:
- command_result.rc != 0
# This is quite an interesting problem. The command fails because, after initial creation, the pod using the volume
# changes the user of the folder to a UID only known within the container. This command basically doesn't need to
# change anything at this point so we'll ignore the error for now.
- "'set_mode_if_different' not in command_result.module_stdout"
- name: Create the /etc-dnsmasq.d directory in the home directory (will be mounted to the container)
become: true
become_user: "{{ pi_hole_username }}"
ansible.builtin.file:
path: "/home/{{ pi_hole_username }}/etc-dnsmasq.d"
state: directory
mode: '0700'
failed_when:
- command_result.rc != 0
# This is quite an interesting problem. The command fails because, after initial creation, the pod using the volume
# changes the user of the folder to a UID only known within the container. This command basically doesn't need to
# change anything at this point so we'll ignore the error for now.
- "'set_mode_if_different' not in command_result.module_stdout"
- name: Start the Pi-hole container
become: true
become_user: "{{ pi_hole_username }}"
containers.podman.podman_container:
name: pi-hole
image: docker.io/pihole/pihole:2024.03.2
restart_policy: on-failure
publish:
# It seems we can't use authbind in combination with Podman, see: https://github.com/containers/podman/issues/13426.
# Instead we'll map to a higher port number and install and use the ufw firewall to forward packets to the local port.
- 127.0.0.1:5053:53/tcp
- 127.0.0.1:5053:53/udp
- 127.0.0.1:8080:80
env:
TZ: 'Europe/Amsterdam'
WEBPASSWORD: "{{ pi_hole_web_password }}"
FTLCONF_LOCAL_IPV4: "{{ ansible_facts['default_ipv4']['address'] }}"
PIHOLE_DNS_: 1.1.1.1;1.0.0.1
DNSMASQ_USER: "{{ pi_hole_username }}"
volumes:
- "/home/{{ pi_hole_username }}/etc-pihole:/etc/pihole"
- "/home/{{ pi_hole_username }}/etc-dnsmasq.d:/etc/dnsmasq.d"
state: started
- name: Install certificate for pi-hole.kleinendorst.info
become: true
ansible.builtin.command:
cmd: register_certbot_domain.sh pi-hole.kleinendorst.info
creates: /etc/letsencrypt/live/pi-hole.kleinendorst.info # The certificate directory
- name: Set Nginx configuration
become: true
ansible.builtin.template:
src: pi-hole.conf.j2
dest: /etc/nginx/conf.d/pi-hole.conf
mode: '0644'
notify: Restart Nginx
- name: Debug
ansible.builtin.debug:
msg: "Don't forget to manually add a DNS record for pi-hole.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
# TODO: Install and configure ufw to forward the DNS port (53) to the 5053 podman container port.
Reference in a new issue View git blame Copy permalink