brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added example playbook to run pihole on a raspberry pi

Browse Source
This commit is contained in:
Michele Cereda
2023-02-16 23:45:31 +01:00
parent f41e54ecdf
commit 7ac1447c29
1 changed files with 135 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
examples/ansible/pi.pihole.docker-compose.yaml Normal file
View File

@@ -0,0 +1,135 @@
---
# Assumes pihole is to be run on a Raspberry Pi.
- name: Start Pihole using Docker-compose
gather_facts: false
hosts: all
vars:
pihole_root_dir: "{{ ansible_user_dir }}/containers/pihole"
pre_tasks:
- name: Enable containerization features in the kernel
tags:
- kernel
become: true
ansible.builtin.replace:
path: /boot/cmdline.txt
regexp: '^(?!.*(cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1))(.+)$'
replace: '\2 cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1'
- name: Install and configure Docker
tags:
- docker
block:
- name: Install docker-compose
become: true
ansible.builtin.package:
name: docker-compose
- name: Add user to the 'docker' group
become: true
ansible.builtin.user:
name: "{{ ansible_user_id }}"
groups: docker
append: true
tasks:
- name: Set up Pihole's files
tags:
- pihole
block:
- name: Create the directory tree
ansible.builtin.file:
path: "{{ pihole_root_dir }}"
state: directory
mode: '0755'
- name: Create the compose file
tags:
- docker-compose
ansible.builtin.copy:
dest: "{{ pihole_root_dir }}/docker-compose.yaml"
content: |
version: "3.2"
secrets:
webpassword:
file: ./webpassword
services:
pihole:
container_name: pihole
image: pihole/pihole:2023.01.10
environment:
FTLCONF_LOCAL_IPV4: 127.0.0.1
REV_SERVER_CIDR: 192.168.0.0/24
REV_SERVER_DOMAIN: lan
REV_SERVER_TARGET: 192.168.0.1
REV_SERVER: "true"
SKIPGRAVITYONBOOT: 1
TZ: Europe/Amsterdam
WEBPASSWORD_FILE: /run/secrets/webpassword
volumes:
- ./etc/pihole:/etc/pihole
- ./etc/dnsmasq.d:/etc/dnsmasq.d
dns:
- 127.0.0.1
- 1.1.1.1
restart: unless-stopped
secrets:
- webpassword
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
mode: '0644'
- name: Create the password file
tags:
- password
ansible.builtin.copy:
dest: "{{ pihole_root_dir }}/webpassword"
content: |
CHANGE ME
mode: '0600'
- name: Start the composition
tags:
- docker-compose
community.docker.docker_compose:
project_src: "{{ pihole_root_dir }}"
- name: Create the cron job to update Graviton's DB
tags:
- crontab
- graviton
ansible.builtin.cron:
name: Update Graviton's DB once a week (at 3:00 on Sundays).
minute: 0
hour: 3 # 3 AM
weekday: 0 # Sunday
job: docker ps -f 'name=pihole' -f 'status=running' -f 'health=healthy' -q | xargs -I{} docker exec {} pihole -g
- name: Create the cron job for automatic backups
tags:
- backup
- crontab
- settings
ansible.builtin.cron:
name: Create a complete backup once a week (at 3:30 on Sundays).
minute: 30
hour: 3 # 3 AM
weekday: 0 # Sunday
job: >-
docker ps -f 'name=pihole' -f 'status=running' -f 'health=healthy' -q
| xargs -I{} docker exec {} pihole -a -t /etc/pihole/teleporter_backup.tar.gz
- name: Add adlists from v.firebog.net
tags:
- adlists
- graviton
community.docker.docker_container_exec:
container: pihole
command: >
sqlite3 '/etc/pihole/gravity.db'
"INSERT OR IGNORE INTO adlist (address, enabled, comment) VALUES ('{{ item }}', 1, 'Listed on v.firebog.net');"
# on M1 macs execute `export NO_PROXY=*` first
loop: "{{ lookup('ansible.builtin.url', 'https://v.firebog.net/hosts/lists.php?type=tick', wantlist=True) }}"
async: 600
poll: 5
- name: Upgrade Graviton with the new adlists.
tags:
- graviton
- update
community.docker.docker_container_exec:
container: pihole
command: pihole -g