2 files changed, 54 insertions, 0 deletions

diff --git a/roles/pihole/tasks/main.yml b/roles/pihole/tasks/main.yml
new file mode 100644
index 0000000..0467b80
--- /dev/null
+++ b/roles/pihole/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: ensure pihole docker/compose exist
+  file:
+    path: /etc/docker/compose/pihole
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: build pihole docker-compose.yml.j2
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /etc/docker/compose/pihole/docker-compose.yml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: daemon-reload and enable pihole
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@pihole
+
+- name: allow dns queries in vpn/tcp
+  ufw:
+    rule: allow
+    from: '100.64.0.0/10'
+    port: '53'
+    proto: 'tcp'
+
+- name: allow dns queries in vpn/udp
+  ufw:
+    rule: allow
+    from: '100.64.0.0/10'
+    port: '53'
+    proto: 'udp'
diff --git a/roles/pihole/templates/docker-compose.yml.j2 b/roles/pihole/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..ed98d52
--- /dev/null
+++ b/roles/pihole/templates/docker-compose.yml.j2
@@ -0,0 +1,18 @@
+version: "3"
+
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    ports:
+      - "{{ johan_ip }}:53:53/tcp"
+      - "{{ johan_ip }}:53:53/udp"
+      - "127.0.0.1:53:53/tcp"
+      - "127.0.0.1:53:53/udp"
+      - "127.0.0.1:9135:80/tcp"
+    environment:
+      WEBPASSWORD: '{{ pihole_webpwd }}'
+    volumes:
+      - './etc-pihole:/etc/pihole'
+      - './etc-dnsmasq.d:/etc/dnsmasq.d'
+    restart: unless-stopped