diff options
Diffstat (limited to 'playbooks/roles')
6 files changed, 62 insertions, 1 deletions
diff --git a/playbooks/roles/pihole/tasks/main.yml b/playbooks/roles/pihole/tasks/main.yml new file mode 100644 index 0000000..6990623 --- /dev/null +++ b/playbooks/roles/pihole/tasks/main.yml @@ -0,0 +1,19 @@ +--- + +- name: Build pihole compose dirs + ansible.builtin.file: + state: directory + dest: '{{ pihole_base }}/{{ item.path }}' + with_filetree: '../templates' + when: item.state == 'directory' + +- name: Build pihole compose files + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ pihole_base }}/{{ item.path }}' + with_filetree: '../templates' + when: item.state == 'file' + +- name: Deploy Pihole stack + ansible.builtin.command: + cmd: "docker stack deploy -c {{ pihole_base }}/stacks/docker-compose.yml pihole" diff --git a/playbooks/roles/pihole/templates/stacks/docker-compose.yml b/playbooks/roles/pihole/templates/stacks/docker-compose.yml new file mode 100644 index 0000000..be3150e --- /dev/null +++ b/playbooks/roles/pihole/templates/stacks/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3.2' + +services: + pihole: + image: pihole/pihole:latest + volumes: + - {{ pihole_base }}/volumes/pihole:/etc/pihole + - {{ pihole_base }}/volumes/dnsmasq:/etc/dnsmasq.d + environment: + - TZ={{ timezone }} + - FTLCONF_webserver_api_password={{ pihole_webpwd }} + - FTLCONF_dns_upstreams={{ upstream_dns_servers | join(';') }} + networks: + - proxy + deploy: + mode: replicated + replicas: 1 + labels: + - traefik.enable=true + - traefik.swarm.network=proxy + - traefik.http.routers.piholeweb.tls=true + - traefik.http.routers.piholeweb.tls.certResolver=letsencrypt + - traefik.http.routers.piholeweb.rule=Host(`pihole.{{ traefik_domain }}`) + - traefik.http.routers.piholeweb.entrypoints=websecure + - traefik.http.services.piholeweb.loadbalancer.server.port=80 + # 53/udp + - traefik.udp.routers.pihole-dns-udp.entrypoints=dns_udp + - traefik.udp.routers.pihole-dns-udp.service=pihole-dns-udp + - traefik.udp.services.pihole-dns-udp.loadbalancer.server.port=53 + # 53/tcp + - traefik.tcp.routers.pihole-dns-tcp.rule=HostSNI(`*`) + - traefik.tcp.routers.pihole-dns-tcp.entrypoints=dns_tcp + - traefik.tcp.routers.pihole-dns-tcp.service=pihole-dns-tcp + - traefik.tcp.services.pihole-dns-tcp.loadbalancer.server.port=53 + +networks: + proxy: + external: true diff --git a/playbooks/roles/pihole/templates/volumes/dnsmasq/.gitkeep b/playbooks/roles/pihole/templates/volumes/dnsmasq/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/pihole/templates/volumes/dnsmasq/.gitkeep diff --git a/playbooks/roles/pihole/templates/volumes/pihole/.gitkeep b/playbooks/roles/pihole/templates/volumes/pihole/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/playbooks/roles/pihole/templates/volumes/pihole/.gitkeep diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml index 4504af9..9f999e3 100644 --- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml +++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml @@ -5,6 +5,8 @@ services: ports: - 80:80 - 443:443 + - 53:53 + - 53:53/udp environment: - TZ={{ timezone }} - CF_API_EMAIL={{ cloudflare_email }} diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml index feac37f..5dcb19e 100644 --- a/playbooks/roles/traefik/templates/stacks/traefik.yml +++ b/playbooks/roles/traefik/templates/stacks/traefik.yml @@ -16,8 +16,10 @@ entryPoints: scheme: https websecure: address: ":443" - dns: + dns_udp: address: ":53/udp" + dns_tcp: + address: ":53/tcp" serversTransport: insecureSkipVerify: true providers: |