From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 roles/services/pihole/tasks/main.yml | 80 ++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 roles/services/pihole/tasks/main.yml

(limited to 'roles/services/pihole/tasks')

diff --git a/roles/services/pihole/tasks/main.yml b/roles/services/pihole/tasks/main.yml
new file mode 100644
index 0000000..3f3abde
--- /dev/null
+++ b/roles/services/pihole/tasks/main.yml
@@ -0,0 +1,80 @@
+- name: install packages
+  package:
+    name: "{{ pihole_packages }}"
+
+- name: clone pihole repository
+  git:
+    repo: https://github.com/pi-hole/pi-hole.git
+    dest: /tmp/pi-hole
+    version: v5.17.1
+    depth: 1
+
+- name: create configuration directory
+  file:
+    path: /etc/pihole
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: copy setupVars.conf
+  copy:
+    src: "{{ pihole_setupvars }}"
+    dest: /etc/pihole/setupVars.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: copy pihole unbound configuration
+  notify: restart unbound
+  copy:
+    src: "{{ pihole_unboundconf }}"
+    dest: /etc/unbound/unbound.conf.d/pihole.conf
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: run installation script
+  command:
+    cmd: "/bin/bash '/tmp/pi-hole/automated install/basic-install.sh' --unattended"
+    creates: /etc/pihole/install.log
+  ignore_errors: yes
+  notify:
+    - restart lighttpd
+    - restart ftl
+
+- name: change pihole admin password
+  register: result
+  changed_when: result.rc == 0
+  command:
+    cmd: "pihole -a -p {{ pihole_password }}"
+
+- name: initialize gravity
+  register: result
+  changed_when: result.rc == 0
+  command:
+    cmd: "pihole -g"
+
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+
+- name: allow dns (53/udp) traffic
+  ufw:
+    rule: allow
+    port: '53'
+    proto: udp
+
+- name: allow dns tcp (53/tcp) traffic
+  ufw:
+    rule: allow
+    port: '53'
+    proto: tcp
-- 
cgit v1.2.3