Pihole
Auto Documentation
Documentation Generated with Python on 2021-04-03
Default Variables
---
# defaults file for ansible-pihole
# PIHOLE
pihole_force_upgrade: no # if yes, then will reinstall pihole even if it's already installed
# Password for pihole Web Interface must be stored as DOUBLE SHA256 Hash
# (see pihole source code - https://github.com/pi-hole/AdminLTE/blob/master/scripts/pi-hole/php/password.php#L41):
#
# Hash password on Linux:
# echo -n P@ssw0rd | sha256sum | awk '{printf "%s",$1 }' | sha256sum
#
# Hash password on MacOS:
# echo -n P@ssw0rd | shasum -a 256 | awk '{printf "%s",$1 }' | shasum -a 256
#
# P@ssword:
pihole_setupVars_conf_WEBPASSWD: 0e69e6a4038df88d4c62c837edd7e04a95ea6368bca9d469e00ad766a2266770
pihole_setupVars_conf: |
PIHOLE_INTERFACE=wlan0
IPV4_ADDRESS=192.168.1.2/24
IPV6_ADDRESS=fdb3:5ed:8a99:0:ba27:ebff:fef2:ef97
QUERY_LOGGING=true
INSTALL_WEB=true
DNSMASQ_LISTENING=single
PIHOLE_DNS_1=9.9.9.9
PIHOLE_DNS_2=149.112.122.122
#PIHOLE_DNS_2=9.9.9.10
PIHOLE_DNS_3=2620:fe::fe
PIHOLE_DNS_4=2620:fe::9
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSSEC=true
TEMPERATUREUNIT=C
WEBUIBOXEDLAYOUT=traditional
API_EXCLUDE_DOMAINS=
API_EXCLUDE_CLIENTS=
API_QUERY_LOG_SHOW=all
API_PRIVACY_MODE=false
pihole_dnsmasq_custom_conf: |
# Local DNS:
server=/cypherpunk.lan/192.168.1.1
# DOCKER SETTINGS
pihole_docker: no # Install the pihole as a docker container
pihole_docker_ports:
- 127.0.0.1:53:53/udp
- 0.0.0.0:67:67/udp
- 0.0.0.0:80:80/tcp
- 0.0.0.0:443:443/tcp
pihole_docker_env:
ServerIP: 192.168.1.247
#ServerIPv6: fdb3:5ed:8a99:0:ba27:ebff:fe1d:1ed3
#ServerIPv6: fdb3:5ed:8a99:0:ba27:ebff:fef2:ef97
pihole_docker_dns_servers:
- 127.0.0.1
...
Tasks
main.yml
---
# tasks file for ansible-pihole
# This step needed for both types of installation
- name: "[main] Make sure /etc/pihole directory exists"
file:
state: directory
path: "/etc/pihole"
owner: root
group: root
mode: 0755
become: yes
tags: pihole
- name: "[main] Include docker.yaml tasks if using docker"
include_tasks: docker.yml
tags: pihole
docker.yml
---
- name: "[docker] Make sure /etc/dnsmasq.d directory exists"
file:
state: directory
path: "/etc/dnsmasq.d"
owner: root
group: root
mode: 0755
become: yes
tags: pihole
- name: "[docker] Generate /etc/dnsmasq.d/03-custom.conf"
template:
src: 03-custom.conf.j2
dest: "/etc/dnsmasq.d/03-custom.conf"
become: yes
tags: pihole
- name: "[docker] Check the hosts IPv4 (may not work for VPN/tun0)"
shell: ip route get 8.8.8.8 | awk '{ print $NF; exit }'
register: pihole_docker_host_ipv4
changed_when: false
tags: pihole
- name: "[docker] Check the hosts IPv6 (may not work for VPN/tun0)"
shell: >
ip -6 route get 2001:4860:4860::8888 | awk '{for(i=1;i<=NF;i++) if ($i=="src") print $(i+1)}'
register: pihole_docker_host_ipv6
changed_when: false
tags: pihole
- name: Disabled DNS Services on Ubuntu
become: yes
systemd:
enabled: no
name: systemd-resolved
state: "stopped"
- name: deploy resolv.conf template
template:
src: ./roles/pihole/templates/resolve.conf.j2
dest: /etc/resolv.conf
owner: root
group: root
mode: 0644
backup: yes
- name: "[docker] Run the official pihole docker container"
docker_container:
name: pihole
image: pihole/pihole:latest
state: started
# network_mode: host
networks:
- name: web
published_ports:
- 53:53/udp
- 53:53/tcp
- 67:67/udp
- "{{ proxy.pihole.port }}:80/tcp"
volumes:
- "/etc/pihole/:/etc/pihole/"
- "/etc/dnsmasq.d/:/etc/dnsmasq.d/"
restart_policy: unless-stopped
capabilities:
- NET_ADMIN
dns_servers:
- 127.0.0.1
- 1.1.1.1
- 1.0.0.1
env:
TZ: "America/Anchorage"
WEBPASSWORD: "{{ pihole_web_pw }}"
VIRTUAL_HOST: "{{ proxy.pihole.subdomain }}.{{ primary_domain }}"
VIRTUAL_POST: "8012"
tags: pihole
Handlers
main.yml
---
# handlers file for ansible-pihole
- name: reload NetworkManager
service:
name: network
state: restarted