commit 6384ac2152de8cf5a42e67c362f6f80a0d516f91 Author: Philip (a-0) <@ph:a-0.me> Date: Wed Jul 13 12:52:43 2022 +0200 Initial commit diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ee579bb --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +pihole_os_supported: False \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..f97d40d --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,65 @@ +--- +- name: Set OS dependent variables + ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + - "{{ ansible_system | lower }}.yml" + paths: + - '{{ role_path }}/vars' + ignore_errors: True + +- name: OS is supported + ansible.builtin.assert: + that: __os_supported + quiet: True + vars: + __os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}" + + +- name: Check whether pi-hole is installed + stat: + path: /etc/pihole + register: pihole_dir + +- name: Clone the pi-hole repo + ansible.builtin.git: + repo: https://github.com/pi-hole/pi-hole.git + depth: 1 + dest: "/var/pi-hole" + version: master + when: not pihole_dir.stat.exists + +- name: Set /etc/pihole/setupVars.conf + template: + src: setupVars.conf.j2 + dest: /etc/pihole/setupVars.conf + owner: root + mode: 0400 + when: not pihole_dir.stat.exists + +# pihole unattented install only works if /etc/pihole/setupVars.conf already exists +# debug tip: keep track of the install progress by tailing the log-file +- name: Run pi-hole install script + ansible.builtin.shell: "'/var/pi-hole/automated install/basic-install.sh' --unattended >> {{ ansible_env.HOME }}/pihole_install.log" + args: + warn: false + when: not pihole_dir.stat.exists + +- name: Set admin password + shell: "pihole -a -p {{ pihole_admin_password }}" + +- name: Set local DNS entries + template: + src: custom.list.j2 + dest: /etc/pihole/custom.list + owner: root + mode: 0664 + +- name: Restart pihole + become: yes + shell: "pihole restartdns" \ No newline at end of file diff --git a/templates/custom.list.j2 b/templates/custom.list.j2 new file mode 100644 index 0000000..941871b --- /dev/null +++ b/templates/custom.list.j2 @@ -0,0 +1,3 @@ +{% for dns_entry in local_dns_entries %} +{{ dns_entry.ip4 }} {{ dns_entry.domain }} +{% endfor %} \ No newline at end of file diff --git a/templates/setupVars.conf.j2 b/templates/setupVars.conf.j2 new file mode 100644 index 0000000..3b381fc --- /dev/null +++ b/templates/setupVars.conf.j2 @@ -0,0 +1,18 @@ +PIHOLE_INTERFACE=eth0 +IPV4_ADDRESS={{ query('community.general.dig', inventory_hostname, 'qtype=A') | first }}/24 +{# IPV6_ADDRESS={{ query('community.general.dig', inventory_hostname, 'qtype=AAAA') | first }} #} +QUERY_LOGGING=true +INSTALL_WEB_SERVER=true +INSTALL_WEB_INTERFACE=true +LIGHTTPD_ENABLED=true +CACHE_SIZE=10000 +BLOCKING_ENABLED=true +{# doesn't matter, password will be set using pihole cli later #} +WEBPASSWORD=642da416d1acba139eb3514b7ef3318104937f4eeceb8b33663d46c23f56dbfa +DNSMASQ_LISTENING=single +PIHOLE_DNS_1=192.168.2.105#5335 +PIHOLE_DNS_2=208.67.222.220 +DNS_FQDN_REQUIRED=true +DNS_BOGUS_PRIV=true +DNSSEC=false +REV_SERVER=false \ No newline at end of file diff --git a/vars/debian.yml b/vars/debian.yml new file mode 100644 index 0000000..2256703 --- /dev/null +++ b/vars/debian.yml @@ -0,0 +1,2 @@ +--- +pihole_os_supported: True \ No newline at end of file