From 017861dbaa551457c4cab3419f72da049d20c04c Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 9 May 2023 14:25:26 +0200 Subject: [PATCH] add strong password --- ansible/carwash.yml | 4 ++-- ansible/{docker-compose.yml => docker-compose.yml.j2} | 4 +++- ansible/inventory/host_vars/carwash.yml | 9 +++++++++ ansible/pihole_password | 7 +++++++ 4 files changed, 21 insertions(+), 3 deletions(-) rename ansible/{docker-compose.yml => docker-compose.yml.j2} (80%) create mode 100644 ansible/pihole_password diff --git a/ansible/carwash.yml b/ansible/carwash.yml index 9f62f3b..d757c18 100644 --- a/ansible/carwash.yml +++ b/ansible/carwash.yml @@ -28,8 +28,8 @@ src: resolv.conf dest: /etc/resolv.conf - name: Copy pi-hole docker compose - copy: - src: docker-compose.yml + template: + src: docker-compose.yml.j2 dest: /root/docker-compose.yml - name: Start pi-hole docker_compose: diff --git a/ansible/docker-compose.yml b/ansible/docker-compose.yml.j2 similarity index 80% rename from ansible/docker-compose.yml rename to ansible/docker-compose.yml.j2 index 115e12a..88b63c8 100644 --- a/ansible/docker-compose.yml +++ b/ansible/docker-compose.yml.j2 @@ -1,3 +1,4 @@ +# vi: ft=yaml version: "3" services: @@ -7,11 +8,12 @@ services: network_mode: "host" environment: TZ: 'Europe/Amsterdam' - WEBPASSWORD: 'admin' + WEBPASSWORD: {{ pihole_password }} PIHOLE_DNS_: '192.168.30.1' INTERFACE: wg0 DNSMASQ_LISTENING: single WEB_BIND_ADDR: 192.168.30.128 + FTLCONF_LOCAL_IPV4: 192.168.30.128 volumes: - /mnt/data/pihole:/etc/pihole - /mnt/data/dnsmasq:/etc/dnsmasq.d diff --git a/ansible/inventory/host_vars/carwash.yml b/ansible/inventory/host_vars/carwash.yml index f1b9f90..21d5393 100644 --- a/ansible/inventory/host_vars/carwash.yml +++ b/ansible/inventory/host_vars/carwash.yml @@ -14,3 +14,12 @@ wireguard_unmanaged_peers: pim: public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08=" allowed_ips: "192.168.30.129/32" + +pihole_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64303162663232623966316566333532633666373431323930363661383763666138393034373566 + 6239326365643861653038623231316566373761336535360a623564346531636361353762383331 + 65613634616439303339313436306435313532353464313635613564313030666466323735356665 + 6164383638336232630a323164626530623838386132393737353366646135313635626633343466 + 30383338303939343235653061633263353761376162353932323738633066636362303261343130 + 6366353433636131303365383963323565306139653534383632 diff --git a/ansible/pihole_password b/ansible/pihole_password new file mode 100644 index 0000000..ea358ad --- /dev/null +++ b/ansible/pihole_password @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +64303162663232623966316566333532633666373431323930363661383763666138393034373566 +6239326365643861653038623231316566373761336535360a623564346531636361353762383331 +65613634616439303339313436306435313532353464313635613564313030666466323735356665 +6164383638336232630a323164626530623838386132393737353366646135313635626633343466 +30383338303939343235653061633263353761376162353932323738633066636362303261343130 +6366353433636131303365383963323565306139653534383632