- name: install packages
  package:
    name: "{{ pihole_packages }}"

- name: clone pihole repository
  git:
    repo: https://github.com/pi-hole/pi-hole.git
    dest: /tmp/pi-hole
    version: v5.17.1
    depth: 1

- name: create configuration directory
  file:
    path: /etc/pihole
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: copy setupVars.conf
  copy:
    src: "{{ pihole_setupvars }}"
    dest: /etc/pihole/setupVars.conf
    owner: root
    group: root
    mode: '0644'

- name: copy pihole unbound configuration
  notify: restart unbound
  copy:
    src: "{{ pihole_unboundconf }}"
    dest: /etc/unbound/unbound.conf.d/pihole.conf
    owner: root
    group: root
    mode: '0644'

- name: run installation script
  command:
    cmd: "/bin/bash '/tmp/pi-hole/automated install/basic-install.sh' --unattended"
    creates: /etc/pihole/install.log
  ignore_errors: yes
  notify:
    - restart lighttpd
    - restart ftl

- name: change pihole admin password
  register: result
  changed_when: result.rc == 0
  command:
    cmd: "pihole -a -p {{ pihole_password }}"

- name: initialize gravity
  register: result
  changed_when: result.rc == 0
  command:
    cmd: "pihole -g"

- name: allow http (80/tcp) traffic
  ufw:
    rule: allow
    port: '80'
    proto: tcp

- name: allow https (443/tcp) traffic
  ufw:
    rule: allow
    port: '443'
    proto: tcp

- name: allow dns (53/udp) traffic
  ufw:
    rule: allow
    port: '53'
    proto: udp

- name: allow dns tcp (53/tcp) traffic
  ufw:
    rule: allow
    port: '53'
    proto: tcp