manage lewis with nix

move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform
2023-12-25 19:22:22 +01:00 · 2023-12-25 19:22:22 +01:00 · 111bf68a0a
commit 111bf68a0a
parent d7ef46b642
92 changed files with 2730 additions and 26 deletions
--- a/legacy/projects/docker_swarm/ansible/roles/pihole/docker-stack.yml.j2
+++ b/legacy/projects/docker_swarm/ansible/roles/pihole/docker-stack.yml.j2
@ -0,0 +1,57 @@
+# vi: ft=yaml
+version: "3.8"
+
+networks:
+  traefik:
+    external: true
+  pihole:
+
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/pihole/data"
+  dnsmasq:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/pihole/dnsmasq"
+
+services:
+  pihole:
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    network_mode: "host"
+    environment:
+      TZ: 'Europe/Amsterdam'
+      WEBPASSWORD: {{ pihole_password }}
+      PIHOLE_DNS_: '192.168.30.1'
+    volumes:
+      - type: volume
+        source: data
+        target: /etc/pihole
+        volume:
+          nocopy: true
+      - type: volume
+        source: dnsmasq
+        target: /etc/dnsmasq.d
+        volume:
+          nocopy: true
+    networks:
+      - traefik
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.pihole.entrypoints=localsecure
+        - traefik.http.routers.pihole.rule=Host(`pihole.kun.is`)
+        - traefik.http.routers.pihole.tls=true
+        - traefik.http.routers.pihole.tls.certresolver=letsencrypt
+        - traefik.http.routers.pihole.service=pihole
+        - traefik.http.services.pihole.loadbalancer.server.port=80
+        - traefik.docker.network=traefik
+      placement:
+        constraints:
+          - node.role == manager
--- a/legacy/projects/docker_swarm/ansible/roles/pihole/tasks/main.yml
+++ b/legacy/projects/docker_swarm/ansible/roles/pihole/tasks/main.yml
@ -0,0 +1,5 @@
+- name: Deploy Docker stack
+  docker_stack:
+    name: pihole
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"
--- a/legacy/projects/docker_swarm/ansible/roles/pihole/vars/main.yml
+++ b/legacy/projects/docker_swarm/ansible/roles/pihole/vars/main.yml
@ -0,0 +1,8 @@
+pihole_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  38616134666661363535303137373633613063613731383766303633336533373233363736333263
+  3461336138663861623134633031663631633666393939340a396561643132333665373430343466
+  36626633366232376236383434336166353638653733666566336266373739663236636334373866
+  3261303962613966610a643765613762396335643233383432613737316361386234663365656566
+  30336535326437336437383336393838306161333662346165333262383735616137653766653165
+  3361333436346130376261316133323963393338633838303031