diff --git a/ansible/inventory/host_vars/manager.yml b/ansible/inventory/host_vars/manager.yml index 8deb75b..3414360 100644 --- a/ansible/inventory/host_vars/manager.yml +++ b/ansible/inventory/host_vars/manager.yml @@ -22,3 +22,4 @@ docker_node_labels: seafile: "true" freshrss: "true" nextcloud: "true" + pihole: "true" diff --git a/ansible/playbooks/stacks.yml b/ansible/playbooks/stacks.yml index 1ee439b..c77bcad 100644 --- a/ansible/playbooks/stacks.yml +++ b/ansible/playbooks/stacks.yml @@ -16,3 +16,4 @@ - {role: swarm_dashboard, tags: swarm_dashboard} - {role: shephard, tags: shephard} - {role: jitsi, tags: jitsi} + - {role: pihole, tags: pihole} diff --git a/ansible/roles/pihole/docker-stack.yml.j2 b/ansible/roles/pihole/docker-stack.yml.j2 new file mode 100644 index 0000000..637eb78 --- /dev/null +++ b/ansible/roles/pihole/docker-stack.yml.j2 @@ -0,0 +1,41 @@ +# vi: ft=yaml +version: "3" + +networks: + traefik: + external: true + pihole: + +services: + pihole: + image: pihole/pihole:latest + ports: + - "53:53/tcp" + - "53:53/udp" + network_mode: "host" + environment: + TZ: 'Europe/Amsterdam' + WEBPASSWORD: {{ pihole_password }} + PIHOLE_DNS_: '192.168.30.1' + volumes: + - type: bind + source: /mnt/data/pihole/data + target: /etc/pihole + - type: bind + source: /mnt/data/pihole/dnsmasq + target: /etc/dnsmasq.d + networks: + - traefik + deploy: + placement: + constraints: + - "node.labels.pihole == true" + labels: + - traefik.enable=true + - traefik.http.routers.pihole.entrypoints=localsecure + - traefik.http.routers.pihole.rule=Host(`pihole.pim.kunis.nl`) + - traefik.http.routers.pihole.tls=true + - traefik.http.routers.pihole.tls.certresolver=letsencrypt + - traefik.http.routers.pihole.service=pihole + - traefik.http.services.pihole.loadbalancer.server.port=80 + - traefik.docker.network=traefik diff --git a/ansible/roles/pihole/tasks/main.yml b/ansible/roles/pihole/tasks/main.yml new file mode 100644 index 0000000..368d822 --- /dev/null +++ b/ansible/roles/pihole/tasks/main.yml @@ -0,0 +1,15 @@ +- name: Create working directory + file: + path: /srv/pihole + state: directory + +- name: Copy Docker stack file + template: + src: "{{ role_path }}/docker-stack.yml.j2" + dest: /srv/pihole/docker-stack.yml + +- name: Deploy Docker stack + docker_stack: + name: pihole + compose: + - /srv/pihole/docker-stack.yml diff --git a/ansible/roles/pihole/vars/main.yml b/ansible/roles/pihole/vars/main.yml new file mode 100644 index 0000000..8bb3b29 --- /dev/null +++ b/ansible/roles/pihole/vars/main.yml @@ -0,0 +1,8 @@ +pihole_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38616134666661363535303137373633613063613731383766303633336533373233363736333263 + 3461336138663861623134633031663631633666393939340a396561643132333665373430343466 + 36626633366232376236383434336166353638653733666566336266373739663236636334373866 + 3261303962613966610a643765613762396335643233383432613737316361386234663365656566 + 30336535326437336437383336393838306161333662346165333262383735616137653766653165 + 3361333436346130376261316133323963393338633838303031