updates for pihole, http site, venv requirements

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-callback_whitelist = profile_tasks
+callback_enabled = profile_tasks
 
 # Do not gather facts by default
 gathering = explicit

ansible/deploy_home.yml

@@ -7,6 +7,7 @@
   - role: git
   - role: ddns
   - role: ssl
+  - role: pihole
   - role: http
   - role: drone
   - role: nfs

ansible/roles/http/defaults/main.yml

@@ -6,6 +6,7 @@ deps: [
 ]
 
 ci_server_name: ci.bdebyl.net
+pi_server_name: pi.bdebyl.net
 home_server_name: home.bdebyl.net
 parts_server_name: parts.bdebyl.net
 install_path: /usr/share

ansible/roles/http/tasks/http.yml

@@ -36,11 +36,19 @@
     mode: 0644
   loop:
     - "{{ ci_server_name }}.http.conf"
+    - "{{ pi_server_name }}.conf"
     - "{{ home_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
   notify: restart_nginx
   tags: http
 
+- name: remove pihole from sites-enabled if there
+  become: true
+  file:
+    path: "/etc/nginx/sites-enabled/pi.hole.conf"
+    state: absent
+  tags: http
+
 - name: enable desired nginx http sites
   become: true
   file:
@@ -49,6 +57,7 @@
     state: link
   loop:
     - "{{ ci_server_name }}.http.conf"
+    - "{{ pi_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
   notify: restart_nginx
   tags: http

ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2

@@ -7,7 +7,7 @@ server {
   listen 80 default_server;
   server_name {{ home_server_name }};
   if ($whitelisted = 1) {
-    return 302 http://pi.hole;
+    return 302 http://pi.bdebyl.net;
   }
 
   if ($whitelisted = 0) {

ansible/roles/http/templates/nginx/sites/pi.bdebyl.net.conf.j2

@@ -0,0 +1,55 @@
+#
+# /etc/nginx/conf.d/pihole.conf
+#
+# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
+#
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	root /srv/http/pihole;
+	server_name pi.bdebyl.net;
+	autoindex off;
+
+	proxy_intercept_errors on;
+	error_page 404 /pihole/index.php;
+
+	index pihole/index.php index.php index.html index.htm;
+
+	allow 192.168.1.0/24;
+	deny all;
+
+	location / {
+		expires max;
+		try_files $uri $uri/ =404;
+		add_header X-Pi-hole "A black hole for Internet advertisements";
+	}
+
+	location ~ \.php$ {
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+		fastcgi_pass  unix:/run/php-fpm/php-fpm.sock;
+		fastcgi_param VIRTUAL_HOST open_basedir="/srv/http/pihole:run/pihole-ftl/pihole-FTL.port:run/log/pihole/pihole.log:run/log/pihole-ftl/pihole-FTL.log:etc/pihole:etc/hosts:etc/hostname:etc/dnsmasq.d/02-pihole-dhcp.conf:etc/dnsmasq.d/03-pihole-wildcard.conf:etc/dnsmasq.d/04-pihole-static-dhcp.conf:var/log/lighttpd/error.log:proc/meminfo:proc/cpuinfo:sys/class/thermal/thermal_zone0/temp:tmp";
+	}
+
+	location /admin {
+		root /srv/http/pihole;
+		index index.php index.html index.htm;
+		add_header X-Pi-hole "The Pi-hole Web interface is working!";
+		add_header X-Frame-Options "DENY";
+	}
+
+	location ~ /\.ttf {
+		add_header Access-Control-Allow-Origin "*";
+	}
+
+	location ~ /admin/\. {
+		deny all;
+	}
+
+	location ~ /\.ht {
+		deny all;
+	}
+}
+

ansible/roles/partkeepr/tasks/main.yml

@@ -3,10 +3,10 @@
   docker_volume:
     name: "{{ item }}"
   with_items:
-  - partkeepr-web-vol
-  - partkeepr-conf-vol
-  - partkeepr-data-vol
-  - partkeepr-db-vol
+    - partkeepr-web-vol
+    - partkeepr-conf-vol
+    - partkeepr-data-vol
+    - partkeepr-db-vol
 
 - name: create partkeepr network
   docker_network:

ansible/roles/pihole/tasks/php.yml

@@ -0,0 +1,13 @@
+---
+- name: replace pi.hole hostname
+  become: true
+  replace:
+    path: "{{ item }}"
+    regexp: "pi\\.hole"
+    replace: "pi.bdebyl.net"
+  with_items:
+    - /srv/http/pihole/admin/scripts/pi-hole/php/auth.php
+    - /srv/http/pihole/pihole/index.php
+  tags:
+    - pihole
+

requirements.txt

@@ -1,3 +1,3 @@
-ansible-lint==4.3.5
-ansible==2.9.13
-yamllint==1.24.2
+ansible-lint
+ansible
+yamllint