82 lines
1.8 KiB
YAML
82 lines
1.8 KiB
YAML
---
|
|
- name: create required pihole volumes
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ podman_subuid.stdout }}"
|
|
mode: 0755
|
|
notify: restorecon podman
|
|
loop:
|
|
- "{{ pihole_path }}/config"
|
|
- "{{ pihole_path }}/dnsmasq"
|
|
- "/srv/http/letsencrypt"
|
|
tags: pihole
|
|
|
|
- name: flush handlers
|
|
ansible.builtin.meta: flush_handlers
|
|
tags: pihole
|
|
|
|
- name: create pihole container
|
|
become: true
|
|
become_user: "{{ podman_user }}"
|
|
containers.podman.podman_container:
|
|
name: pihole
|
|
image: docker.io/pihole/pihole:2022.04.3
|
|
recreate: false
|
|
restart: true
|
|
restart_policy: on-failure:3
|
|
log_driver: journald
|
|
cap_add:
|
|
- CAP_NET_BIND_SERVICE
|
|
- NET_ADMIN
|
|
env:
|
|
DNSMASQ_USER: "root"
|
|
INTERFACE: "tap0"
|
|
PIHOLE_UID: 0
|
|
TZ: "America/New_York"
|
|
VIRTUAL_HOST: "{{ pi_server_name }}"
|
|
WEBPASSWORD: "{{ pihole_password }}"
|
|
volumes:
|
|
- "{{ pihole_path }}/config:/etc/pihole"
|
|
- "{{ pihole_path }}/dnsmasq:/etc/dnsmasq.d"
|
|
ports:
|
|
- 1153:53/udp
|
|
- 1153:53/tcp
|
|
- 8082:80
|
|
tags: pihole
|
|
|
|
- name: create systemd startup job for pihole
|
|
include_tasks: systemd-generate.yml
|
|
vars:
|
|
container_name: pihole
|
|
tags: pihole
|
|
|
|
- name: Redirect DNS, DHCP, HTTP and HTTPS to pihole
|
|
become: true
|
|
ansible.builtin.iptables:
|
|
table: nat
|
|
chain: PREROUTING
|
|
in_interface: eno1
|
|
protocol: "{{ item }}"
|
|
match: "{{ item }}"
|
|
destination_port: 53
|
|
jump: REDIRECT
|
|
to_ports: 1153
|
|
comment: Redirect DNS traffic to port 1153
|
|
loop:
|
|
- udp
|
|
- tcp
|
|
tags:
|
|
- pihole
|
|
- firewall
|
|
|
|
- name: Save state of iptables for IPv4
|
|
become: true
|
|
community.general.iptables_state:
|
|
state: saved
|
|
path: /etc/sysconfig/iptables
|
|
tags:
|
|
- pihole
|
|
- firewall
|