115 lines
2.8 KiB
YAML
115 lines
2.8 KiB
YAML
---
|
|
- name: Ensure Pi-Hole data directory exists
|
|
file:
|
|
path: "{{ pi_hole_volume_dir }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
become: true
|
|
|
|
- name: Generate Docker Compose file for Pi-Hole
|
|
template:
|
|
src: pi-hole-compose.j2
|
|
dest: /opt/pi-hole/docker-compose.yml
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
become: true
|
|
|
|
- name: Ensure Docker network exists
|
|
community.docker.docker_network:
|
|
name: "{{ docker_network_name }}"
|
|
driver: bridge
|
|
state: present
|
|
|
|
- name: Ensure systemd-resolved is installed
|
|
ansible.builtin.apt:
|
|
name: systemd-resolved
|
|
state: present
|
|
become: true
|
|
|
|
- name: Disable DNSStubListener in resolved.conf
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/systemd/resolved.conf
|
|
regexp: '^#?DNSStubListener='
|
|
line: 'DNSStubListener=no'
|
|
create: true
|
|
mode: '0644' # Secure file permissions
|
|
become: true
|
|
|
|
- name: Restart systemd-resolved service
|
|
ansible.builtin.service:
|
|
name: systemd-resolved
|
|
state: restarted
|
|
become: true
|
|
changed_when: false
|
|
|
|
- name: Verify port 53 is no longer in use by systemd-resolved
|
|
ansible.builtin.command: ss -tuln | grep ':53'
|
|
register: port_check
|
|
failed_when: port_check.rc == 0 and '127.0.0.53:53' in port_check.stdout
|
|
changed_when: false
|
|
become: true
|
|
|
|
- name: Ensure Docker service directory exists
|
|
file:
|
|
path: /etc/systemd/system/docker.service.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
become: true
|
|
|
|
- name: Add custom DNS settings to Docker service
|
|
lineinfile:
|
|
path: /etc/systemd/system/docker.service.d/docker.conf
|
|
create: true
|
|
line: |
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --dns 8.8.8.8 --dns 8.8.4.4
|
|
regexp: '^ExecStart='
|
|
insertafter: '^\[Service\]'
|
|
state: present
|
|
mode: '0644'
|
|
become: true
|
|
|
|
- name: Reload systemd daemon
|
|
systemd:
|
|
daemon_reload: true
|
|
become: true
|
|
|
|
- name: Restart Docker service
|
|
service:
|
|
name: docker
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Deploy Pi-Hole container using Docker Compose V2
|
|
community.docker.docker_compose_v2:
|
|
project_src: /opt/pi-hole
|
|
state: present
|
|
become: true
|
|
|
|
- name: Ensure Pi-Hole container is running
|
|
community.docker.docker_container_info:
|
|
name: "{{ pi_hole_container_name }}"
|
|
register: container_info
|
|
|
|
- name: Restart Pi-Hole container if not running
|
|
community.docker.docker_container:
|
|
name: "{{ pi_hole_container_name }}"
|
|
state: started
|
|
restart: true
|
|
when: not container_info.container.State.Running
|
|
|
|
- name: Wait for the container to be fully operational
|
|
command: docker exec {{ pi_hole_container_name }} pihole status
|
|
register: pihole_status
|
|
until: "'Pi-hole blocking is enabled' in pihole_status.stdout"
|
|
retries: 30
|
|
delay: 5
|
|
ignore_errors: true
|
|
changed_when: false
|