2 files changed, 94 insertions, 0 deletions
diff --git a/roles/services/pihole/handlers/main.yml b/roles/services/pihole/handlers/main.yml
new file mode 100644
index 0000000..9c1d311
--- /dev/null
+++ b/roles/services/pihole/handlers/main.yml
@@ -0,0 +1,14 @@
+- name: restart unbound
+  service:
+    name: unbound
+    state: restarted
+- name: restart lighttpd
+  service:
+    name: lighttpd
+    state: restarted
+- name: restart ftl
+  service:
+    name: pihole-FTL
+    state: restarted
diff --git a/roles/services/pihole/tasks/main.yml b/roles/services/pihole/tasks/main.yml
new file mode 100644
index 0000000..3f3abde
--- /dev/null
+++ b/roles/services/pihole/tasks/main.yml
@@ -0,0 +1,80 @@
+- name: install packages
+  package:
+    name: "{{ pihole_packages }}"
+- name: clone pihole repository
+  git:
+    repo: https://github.com/pi-hole/pi-hole.git
+    dest: /tmp/pi-hole
+    version: v5.17.1
+    depth: 1
+- name: create configuration directory
+  file:
+    path: /etc/pihole
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+- name: copy setupVars.conf
+  copy:
+    src: "{{ pihole_setupvars }}"
+    dest: /etc/pihole/setupVars.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: copy pihole unbound configuration
+  notify: restart unbound
+  copy:
+    src: "{{ pihole_unboundconf }}"
+    dest: /etc/unbound/unbound.conf.d/pihole.conf
+    owner: root
+    group: root
+    mode: '0644'
+- name: run installation script
+  command:
+    cmd: "/bin/bash '/tmp/pi-hole/automated install/basic-install.sh' --unattended"
+    creates: /etc/pihole/install.log
+  ignore_errors: yes
+  notify:
+    - restart lighttpd
+    - restart ftl
+- name: change pihole admin password
+  register: result
+  changed_when: result.rc == 0
+  command:
+    cmd: "pihole -a -p {{ pihole_password }}"
+- name: initialize gravity
+  register: result
+  changed_when: result.rc == 0
+  command:
+    cmd: "pihole -g"
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: allow dns (53/udp) traffic
+  ufw:
+    rule: allow
+    port: '53'
+    proto: udp
+- name: allow dns tcp (53/tcp) traffic
+  ufw:
+    rule: allow
+    port: '53'
+    proto: tcp

diff --git a/roles/services/pihole/handlers/main.yml b/roles/services/pihole/handlers/main.yml new file mode 100644 index 0000000..9c1d311 --- /dev/null +++ b/roles/services/pihole/handlers/main.yml
@@ -0,0 +1,14 @@
	1	- name: restart unbound
	2	service:
	3	name: unbound
	4	state: restarted
	5
	6	- name: restart lighttpd
	7	service:
	8	name: lighttpd
	9	state: restarted
	10
	11	- name: restart ftl
	12	service:
	13	name: pihole-FTL
	14	state: restarted


diff --git a/roles/services/pihole/tasks/main.yml b/roles/services/pihole/tasks/main.yml new file mode 100644 index 0000000..3f3abde --- /dev/null +++ b/roles/services/pihole/tasks/main.yml
@@ -0,0 +1,80 @@
	1	- name: install packages
	2	package:
	3	name: "{{ pihole_packages }}"
	4
	5	- name: clone pihole repository
	6	git:
	7	repo: https://github.com/pi-hole/pi-hole.git
	8	dest: /tmp/pi-hole
	9	version: v5.17.1
	10	depth: 1
	11
	12	- name: create configuration directory
	13	file:
	14	path: /etc/pihole
	15	state: directory
	16	owner: root
	17	group: root
	18	mode: '0755'
	19
	20	- name: copy setupVars.conf
	21	copy:
	22	src: "{{ pihole_setupvars }}"
	23	dest: /etc/pihole/setupVars.conf
	24	owner: root
	25	group: root
	26	mode: '0644'
	27
	28	- name: copy pihole unbound configuration
	29	notify: restart unbound
	30	copy:
	31	src: "{{ pihole_unboundconf }}"
	32	dest: /etc/unbound/unbound.conf.d/pihole.conf
	33	owner: root
	34	group: root
	35	mode: '0644'
	36
	37	- name: run installation script
	38	command:
	39	cmd: "/bin/bash '/tmp/pi-hole/automated install/basic-install.sh' --unattended"
	40	creates: /etc/pihole/install.log
	41	ignore_errors: yes
	42	notify:
	43	- restart lighttpd
	44	- restart ftl
	45
	46	- name: change pihole admin password
	47	register: result
	48	changed_when: result.rc == 0
	49	command:
	50	cmd: "pihole -a -p {{ pihole_password }}"
	51
	52	- name: initialize gravity
	53	register: result
	54	changed_when: result.rc == 0
	55	command:
	56	cmd: "pihole -g"
	57
	58	- name: allow http (80/tcp) traffic
	59	ufw:
	60	rule: allow
	61	port: '80'
	62	proto: tcp
	63
	64	- name: allow https (443/tcp) traffic
	65	ufw:
	66	rule: allow
	67	port: '443'
	68	proto: tcp
	69
	70	- name: allow dns (53/udp) traffic
	71	ufw:
	72	rule: allow
	73	port: '53'
	74	proto: udp
	75
	76	- name: allow dns tcp (53/tcp) traffic
	77	ufw:
	78	rule: allow
	79	port: '53'
	80	proto: tcp