From d197909c0571ee0418f099d30a202d7d3a73d301 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Sat, 2 Apr 2022 21:01:42 -0400 Subject: [PATCH] updates for pihole, http site, venv requirements --- ansible.cfg | 2 +- ansible/deploy_home.yml | 3 +- ansible/roles/http/defaults/main.yml | 1 + ansible/roles/http/tasks/http.yml | 9 +++ .../nginx/sites/home.bdebyl.net.conf.j2 | 2 +- .../nginx/sites/pi.bdebyl.net.conf.j2 | 55 +++++++++++++++++++ ansible/roles/partkeepr/tasks/main.yml | 8 +-- ansible/roles/pihole/tasks/php.yml | 13 +++++ requirements.txt | 6 +- 9 files changed, 89 insertions(+), 10 deletions(-) create mode 100644 ansible/roles/http/templates/nginx/sites/pi.bdebyl.net.conf.j2 create mode 100644 ansible/roles/pihole/tasks/php.yml diff --git a/ansible.cfg b/ansible.cfg index fa50a29..82a20a5 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -callback_whitelist = profile_tasks +callback_enabled = profile_tasks # Do not gather facts by default gathering = explicit diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index 109832e..a00d938 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -7,6 +7,7 @@ - role: git - role: ddns - role: ssl + - role: pihole - role: http - role: drone - role: nfs @@ -14,4 +15,4 @@ - role: motion tags: motion - role: partkeepr - tags: partkeepr \ No newline at end of file + tags: partkeepr diff --git a/ansible/roles/http/defaults/main.yml b/ansible/roles/http/defaults/main.yml index a9e488f..51a80d2 100644 --- a/ansible/roles/http/defaults/main.yml +++ b/ansible/roles/http/defaults/main.yml @@ -6,6 +6,7 @@ deps: [ ] ci_server_name: ci.bdebyl.net +pi_server_name: pi.bdebyl.net home_server_name: home.bdebyl.net parts_server_name: parts.bdebyl.net install_path: /usr/share diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml index 73a6f9f..b546b1d 100644 --- a/ansible/roles/http/tasks/http.yml +++ b/ansible/roles/http/tasks/http.yml @@ -36,11 +36,19 @@ mode: 0644 loop: - "{{ ci_server_name }}.http.conf" + - "{{ pi_server_name }}.conf" - "{{ home_server_name }}.conf" - "{{ parts_server_name }}.conf" notify: restart_nginx tags: http +- name: remove pihole from sites-enabled if there + become: true + file: + path: "/etc/nginx/sites-enabled/pi.hole.conf" + state: absent + tags: http + - name: enable desired nginx http sites become: true file: @@ -49,6 +57,7 @@ state: link loop: - "{{ ci_server_name }}.http.conf" + - "{{ pi_server_name }}.conf" - "{{ parts_server_name }}.conf" notify: restart_nginx tags: http diff --git a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 index 5c61136..526eca6 100644 --- a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 +++ b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 @@ -7,7 +7,7 @@ server { listen 80 default_server; server_name {{ home_server_name }}; if ($whitelisted = 1) { - return 302 http://pi.hole; + return 302 http://pi.bdebyl.net; } if ($whitelisted = 0) { diff --git a/ansible/roles/http/templates/nginx/sites/pi.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/pi.bdebyl.net.conf.j2 new file mode 100644 index 0000000..630823f --- /dev/null +++ b/ansible/roles/http/templates/nginx/sites/pi.bdebyl.net.conf.j2 @@ -0,0 +1,55 @@ +# +# /etc/nginx/conf.d/pihole.conf +# +# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration +# + +server { + listen 80; + listen [::]:80; + + root /srv/http/pihole; + server_name pi.bdebyl.net; + autoindex off; + + proxy_intercept_errors on; + error_page 404 /pihole/index.php; + + index pihole/index.php index.php index.html index.htm; + + allow 192.168.1.0/24; + deny all; + + location / { + expires max; + try_files $uri $uri/ =404; + add_header X-Pi-hole "A black hole for Internet advertisements"; + } + + location ~ \.php$ { + include fastcgi.conf; + fastcgi_intercept_errors on; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_param VIRTUAL_HOST open_basedir="/srv/http/pihole:run/pihole-ftl/pihole-FTL.port:run/log/pihole/pihole.log:run/log/pihole-ftl/pihole-FTL.log:etc/pihole:etc/hosts:etc/hostname:etc/dnsmasq.d/02-pihole-dhcp.conf:etc/dnsmasq.d/03-pihole-wildcard.conf:etc/dnsmasq.d/04-pihole-static-dhcp.conf:var/log/lighttpd/error.log:proc/meminfo:proc/cpuinfo:sys/class/thermal/thermal_zone0/temp:tmp"; + } + + location /admin { + root /srv/http/pihole; + index index.php index.html index.htm; + add_header X-Pi-hole "The Pi-hole Web interface is working!"; + add_header X-Frame-Options "DENY"; + } + + location ~ /\.ttf { + add_header Access-Control-Allow-Origin "*"; + } + + location ~ /admin/\. { + deny all; + } + + location ~ /\.ht { + deny all; + } +} + diff --git a/ansible/roles/partkeepr/tasks/main.yml b/ansible/roles/partkeepr/tasks/main.yml index 780b2d2..6f335a7 100644 --- a/ansible/roles/partkeepr/tasks/main.yml +++ b/ansible/roles/partkeepr/tasks/main.yml @@ -3,10 +3,10 @@ docker_volume: name: "{{ item }}" with_items: - - partkeepr-web-vol - - partkeepr-conf-vol - - partkeepr-data-vol - - partkeepr-db-vol + - partkeepr-web-vol + - partkeepr-conf-vol + - partkeepr-data-vol + - partkeepr-db-vol - name: create partkeepr network docker_network: diff --git a/ansible/roles/pihole/tasks/php.yml b/ansible/roles/pihole/tasks/php.yml new file mode 100644 index 0000000..30a84d7 --- /dev/null +++ b/ansible/roles/pihole/tasks/php.yml @@ -0,0 +1,13 @@ +--- +- name: replace pi.hole hostname + become: true + replace: + path: "{{ item }}" + regexp: "pi\\.hole" + replace: "pi.bdebyl.net" + with_items: + - /srv/http/pihole/admin/scripts/pi-hole/php/auth.php + - /srv/http/pihole/pihole/index.php + tags: + - pihole + diff --git a/requirements.txt b/requirements.txt index 6ccad51..201d219 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -ansible-lint==4.3.5 -ansible==2.9.13 -yamllint==1.24.2 +ansible-lint +ansible +yamllint