add pihole stack

2023-05-10 11:30:20 +02:00 · 2023-05-10 11:30:20 +02:00 · 1b8571a501
commit 1b8571a501
parent 7c640ae576
5 changed files with 66 additions and 0 deletions
--- a/ansible/inventory/host_vars/manager.yml
+++ b/ansible/inventory/host_vars/manager.yml
@ -22,3 +22,4 @@ docker_node_labels:
      seafile: "true"
      freshrss: "true"
      nextcloud: "true"
+      pihole: "true"
--- a/ansible/playbooks/stacks.yml
+++ b/ansible/playbooks/stacks.yml
@ -16,3 +16,4 @@
    - {role: swarm_dashboard, tags: swarm_dashboard}
    - {role: shephard, tags: shephard}
    - {role: jitsi, tags: jitsi}
+    - {role: pihole, tags: pihole}
--- a/ansible/roles/pihole/docker-stack.yml.j2
+++ b/ansible/roles/pihole/docker-stack.yml.j2
@ -0,0 +1,41 @@
+# vi: ft=yaml
+version: "3"
+
+networks:
+  traefik:
+    external: true
+  pihole:
+
+services:
+  pihole:
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    network_mode: "host"
+    environment:
+      TZ: 'Europe/Amsterdam'
+      WEBPASSWORD: {{ pihole_password }}
+      PIHOLE_DNS_: '192.168.30.1'
+    volumes:
+      - type: bind
+        source: /mnt/data/pihole/data
+        target: /etc/pihole
+      - type: bind
+        source: /mnt/data/pihole/dnsmasq
+        target: /etc/dnsmasq.d
+    networks:
+      - traefik
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.pihole == true"
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.pihole.entrypoints=localsecure
+        - traefik.http.routers.pihole.rule=Host(`pihole.pim.kunis.nl`)
+        - traefik.http.routers.pihole.tls=true
+        - traefik.http.routers.pihole.tls.certresolver=letsencrypt
+        - traefik.http.routers.pihole.service=pihole
+        - traefik.http.services.pihole.loadbalancer.server.port=80
+        - traefik.docker.network=traefik
--- a/ansible/roles/pihole/tasks/main.yml
+++ b/ansible/roles/pihole/tasks/main.yml
@ -0,0 +1,15 @@
+- name: Create working directory
+  file:
+    path: /srv/pihole
+    state: directory
+
+- name: Copy Docker stack file
+  template:
+    src: "{{ role_path }}/docker-stack.yml.j2"
+    dest: /srv/pihole/docker-stack.yml
+
+- name: Deploy Docker stack
+  docker_stack:
+    name: pihole
+    compose:
+      - /srv/pihole/docker-stack.yml
--- a/ansible/roles/pihole/vars/main.yml
+++ b/ansible/roles/pihole/vars/main.yml
@ -0,0 +1,8 @@
+pihole_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  38616134666661363535303137373633613063613731383766303633336533373233363736333263
+  3461336138663861623134633031663631633666393939340a396561643132333665373430343466
+  36626633366232376236383434336166353638653733666566336266373739663236636334373866
+  3261303962613966610a643765613762396335643233383432613737316361386234663365656566
+  30336535326437336437383336393838306161333662346165333262383735616137653766653165
+  3361333436346130376261316133323963393338633838303031