aboutsummaryrefslogtreecommitdiff
path: root/roles/pihole/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/pihole/tasks')
-rw-r--r--roles/pihole/tasks/k8s.yaml15
-rw-r--r--roles/pihole/tasks/main.yaml10
-rw-r--r--roles/pihole/tasks/pihole.yaml73
3 files changed, 98 insertions, 0 deletions
diff --git a/roles/pihole/tasks/k8s.yaml b/roles/pihole/tasks/k8s.yaml
new file mode 100644
index 0000000..a4fcb81
--- /dev/null
+++ b/roles/pihole/tasks/k8s.yaml
@@ -0,0 +1,15 @@
+- name: Deploy PiHole
+ kubernetes.core.helm:
+ name: pihole
+ chart_ref: "{{ lookup('env', 'PWD') }}/roles/pihole/files/pihole"
+ namespace: default
+ state: "{%- if pihole.enabled -%} present {%- else -%} absent {%- endif -%}"
+ values:
+ replicas: "{{ pihole.replicas }}"
+ image: "{{ pihole.image }}"
+ version: "{{ pihole.version }}"
+ nfs:
+ server: "{{ nfs.server }}"
+ path: "{{ nfs.path }}"
+ delegate_to: localhost
+ run_once: true
diff --git a/roles/pihole/tasks/main.yaml b/roles/pihole/tasks/main.yaml
new file mode 100644
index 0000000..7fa1cef
--- /dev/null
+++ b/roles/pihole/tasks/main.yaml
@@ -0,0 +1,10 @@
+---
+- name: Setup PiHole (cluster)
+ import_tasks: k8s.yaml
+ when: not pihole.baremetal
+
+- name: Setup PiHole (baremetal)
+ import_tasks: pihole.yaml
+ when: pihole.enabled and pihole.baremetal and inventory_hostname in group["pi"]
+
+
diff --git a/roles/pihole/tasks/pihole.yaml b/roles/pihole/tasks/pihole.yaml
new file mode 100644
index 0000000..c4b1959
--- /dev/null
+++ b/roles/pihole/tasks/pihole.yaml
@@ -0,0 +1,73 @@
+---
+- name: Ensure podman exists
+ ansible.builtin.dnf:
+ name: podman
+ state: latest
+ become: true
+
+- name: Ensure pip exists
+ ansible.builtin.dnf:
+ name: python3-pip
+ state: latest
+ become: true
+
+- name: Install podman compose via pip
+ pip:
+ name: podman-compose
+ become: true
+
+- name: Create containers directory
+ ansible.builtin.file:
+ path: /opt/containers/
+ state: directory
+ mode: '0755'
+ become: true
+
+- name: Copy compose file to containers directory
+ ansible.builtin.template:
+ src: pihole.yaml.j2
+ dest: /opt/containers/pihole.yaml
+ become: true
+
+- name: Copy pihole service file to systemd directory
+ ansible.builtin.copy:
+ src: pihole.service
+ dest: /etc/systemd/system/
+ become: true
+
+- name: Ensure systemd-resovled is disabled
+ ansible.builtin.systemd_service:
+ enabled: false
+ name: systemd-resolved
+ state: stopped
+ ignore_errors: true
+ become: true
+
+- name: Enable PiHole serivce
+ ansible.builtin.systemd_service:
+ daemon_reload: true
+ enabled: true
+ state: restarted
+ name: pihole
+ become: true
+
+- name: Open DNS Port TCP
+ ansible.posix.firewalld:
+ port: 53/tcp
+ permanent: true
+ state: enabled
+ become: true
+
+- name: Open DNS Port UDP
+ ansible.posix.firewalld:
+ port: 53/udp
+ permanent: true
+ state: enabled
+ become: true
+
+- name: Open Webserver port
+ ansible.posix.firewalld:
+ port: 8000/tcp
+ permanent: true
+ state: enabled
+ become: true
generated by cgit (git 2.34.1) at 2025-09-07 10:44:20 +0000