Skip to content

Pihole

Auto Documentation

Documentation Generated with Python on 2021-04-03

Default Variables

---
# defaults file for ansible-pihole

# PIHOLE
pihole_force_upgrade: no  # if yes, then will reinstall pihole even if it's already installed

# Password for pihole Web Interface must be stored as DOUBLE SHA256 Hash
# (see pihole source code - https://github.com/pi-hole/AdminLTE/blob/master/scripts/pi-hole/php/password.php#L41):
#
# Hash password on Linux:
#   echo -n P@ssw0rd | sha256sum | awk '{printf "%s",$1 }' | sha256sum
#
# Hash password on MacOS:
#   echo -n P@ssw0rd | shasum -a 256 | awk '{printf "%s",$1 }' | shasum -a 256
#
# P@ssword:
pihole_setupVars_conf_WEBPASSWD: 0e69e6a4038df88d4c62c837edd7e04a95ea6368bca9d469e00ad766a2266770

pihole_setupVars_conf: |
  PIHOLE_INTERFACE=wlan0
  IPV4_ADDRESS=192.168.1.2/24
  IPV6_ADDRESS=fdb3:5ed:8a99:0:ba27:ebff:fef2:ef97
  QUERY_LOGGING=true
  INSTALL_WEB=true
  DNSMASQ_LISTENING=single
  PIHOLE_DNS_1=9.9.9.9
  PIHOLE_DNS_2=149.112.122.122
  #PIHOLE_DNS_2=9.9.9.10
  PIHOLE_DNS_3=2620:fe::fe
  PIHOLE_DNS_4=2620:fe::9
  DNS_FQDN_REQUIRED=true
  DNS_BOGUS_PRIV=true
  DNSSEC=true
  TEMPERATUREUNIT=C
  WEBUIBOXEDLAYOUT=traditional
  API_EXCLUDE_DOMAINS=
  API_EXCLUDE_CLIENTS=
  API_QUERY_LOG_SHOW=all
  API_PRIVACY_MODE=false

pihole_dnsmasq_custom_conf: |
  # Local DNS:
  server=/cypherpunk.lan/192.168.1.1


# DOCKER SETTINGS
pihole_docker: no  # Install the pihole as a docker container

pihole_docker_ports:
- 127.0.0.1:53:53/udp
- 0.0.0.0:67:67/udp
- 0.0.0.0:80:80/tcp
- 0.0.0.0:443:443/tcp

pihole_docker_env:
  ServerIP: 192.168.1.247
  #ServerIPv6: fdb3:5ed:8a99:0:ba27:ebff:fe1d:1ed3
  #ServerIPv6: fdb3:5ed:8a99:0:ba27:ebff:fef2:ef97

pihole_docker_dns_servers:
- 127.0.0.1
...

Tasks

main.yml

---
# tasks file for ansible-pihole
# This step needed for both types of installation
- name: "[main] Make sure /etc/pihole directory exists"
  file:
    state: directory
    path: "/etc/pihole"
    owner: root
    group: root
    mode: 0755
  become: yes
  tags: pihole

- name: "[main] Include docker.yaml tasks if using docker"
  include_tasks: docker.yml
  tags: pihole

docker.yml

---
- name: "[docker] Make sure /etc/dnsmasq.d directory exists"
  file:
    state: directory
    path: "/etc/dnsmasq.d"
    owner: root
    group: root
    mode: 0755
  become: yes
  tags: pihole

- name: "[docker] Generate /etc/dnsmasq.d/03-custom.conf"
  template:
    src: 03-custom.conf.j2
    dest: "/etc/dnsmasq.d/03-custom.conf"
  become: yes
  tags: pihole

- name: "[docker] Check the hosts IPv4 (may not work for VPN/tun0)"
  shell: ip route get 8.8.8.8 | awk '{ print $NF; exit }'
  register: pihole_docker_host_ipv4
  changed_when: false
  tags: pihole

- name: "[docker] Check the hosts IPv6 (may not work for VPN/tun0)"
  shell: >
    ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}'
  register: pihole_docker_host_ipv6
  changed_when: false
  tags: pihole

- name: Disabled DNS Services on Ubuntu
  become: yes
  systemd:
    enabled: no
    name: systemd-resolved
    state: "stopped"

- name: deploy resolv.conf template
  template:
    src: ./roles/pihole/templates/resolve.conf.j2
    dest: /etc/resolv.conf
    owner: root
    group: root
    mode: 0644
    backup: yes

- name: "[docker] Run the official pihole docker container"
  docker_container:
    name: pihole
    image: pihole/pihole:latest
    state: started
    # network_mode: host
    networks:
      - name: web
    published_ports:
      - 53:53/udp
      - 53:53/tcp
      - 67:67/udp
      - "{{ proxy.pihole.port }}:80/tcp"
    volumes:
      - "/etc/pihole/:/etc/pihole/"
      - "/etc/dnsmasq.d/:/etc/dnsmasq.d/"
    restart_policy: unless-stopped
    capabilities:
      - NET_ADMIN
    dns_servers:
      - 127.0.0.1
      - 1.1.1.1
      - 1.0.0.1
    env:
      TZ: "America/Anchorage"
      WEBPASSWORD: "{{ pihole_web_pw }}"
      VIRTUAL_HOST: "{{ proxy.pihole.subdomain }}.{{ primary_domain }}"
      VIRTUAL_POST: "8012"
  tags: pihole

Handlers

main.yml

---
# handlers file for ansible-pihole

- name: reload NetworkManager
  service:
    name: network
    state: restarted