From 0202cd0739d252c538cae7fcfde4cc6cd2ed56f6 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:41:08 -0700 Subject: [PATCH 01/16] Add PiHole --- nas.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nas.yml b/nas.yml index 9078d01067..28cdec6cd6 100644 --- a/nas.yml +++ b/nas.yml @@ -36,6 +36,14 @@ when: (traefik_enabled | default(False)) tags: traefik +- import_tasks: tasks/pihole_with_traefik.yml + when: (pihole_with_traefik_enabled | default(False)) + tags: pihole_with_traefik + + - import_tasks: tasks/pihole_without_traefik.yml + when: (pihole_without_traefik_enabled | default(False)) + tags: pihole_without_traefik + - import_tasks: tasks/heimdall.yml when: (heimdall_enabled | default(False)) tags: heimdall From c2c7eddfdb044fbe5f6902fff66b8b2530ff5af4 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:43:15 -0700 Subject: [PATCH 02/16] add Pi-hole --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 46d1ede6cc..2e64cec9b6 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ Ansible config and a bunch of Docker containers. ## What Ansible-NAS Can Set Up * An awesome dashboard to your home server (Heimdall) +* Network wide ad blocking * Any number of Samba shares or NFS exports for you to store your stuff * A BitTorrent client * A Usenet downloader @@ -65,6 +66,7 @@ Ansible config and a bunch of Docker containers. * [NZBget](https://nzbget.net/) - The most efficient usenet downloader * [Ombi](https://ombi.io/) - web application that automatically gives your users the ability to request content * [openHAB](https://www.openhab.org/) - A vendor and technology agnostic open source automation software for your home +* [Pi-hole](https://pi-hole.net/) - Network-wide ad blocking * [Plex](https://www.plex.tv/) - Plex Media Server * [Portainer](https://portainer.io/) - for managing Docker and running custom images * [pyLoad](https://pyload.net/) - A download manager with a friendly web-interface From d156affe665618a9039ebd3b627c63d3e2bd0617 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:46:57 -0700 Subject: [PATCH 03/16] add Pi-hole --- tasks/pihole_without_traefik.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 tasks/pihole_without_traefik.yml diff --git a/tasks/pihole_without_traefik.yml b/tasks/pihole_without_traefik.yml new file mode 100644 index 0000000000..48a1be8428 --- /dev/null +++ b/tasks/pihole_without_traefik.yml @@ -0,0 +1,32 @@ + +--- +- name: Pi-hole Directory + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ pihole_data_directory }}/etc/pihole" + - "{{ pihole_data_directory }}/var/log/lighttpd" + +- name: Pi-hole Docker Container + docker_container: + name: pihole + image: pihole/pihole:latest + pull: false + volumes: + - "{{ pihole_data_directory }}/etc/pihole:/etc/pihole:rw" + - "{{ pihole_data_directory }}/etc/dnsmasq.d:/etc/dnsmasq.d:rw" + - "{{ pihole_data_directory }}/var/log:/var/log:rw" + ports: + - "53:53/tcp" + - "53:53/udp" + - "8182:80" + - "8183:443" + env: + DNS1: "{{ pihole_dns1 }}" + DNS2: "{{ pihole_dns2 }}" + ServerIP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + WEBPASSWORD: "{{ pihole_WEBPASSWORD }}" + TZ: "{{ ansible_nas_timezone }}" + restart_policy: unless-stopped + memory: 1g From 3174ecf265dc82c3e1da09e720618f9cf616f452 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:48:48 -0700 Subject: [PATCH 04/16] add Pi-hole --- tasks/pihole_with_traefik.yml | 50 +++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 tasks/pihole_with_traefik.yml diff --git a/tasks/pihole_with_traefik.yml b/tasks/pihole_with_traefik.yml new file mode 100644 index 0000000000..f4611d1e73 --- /dev/null +++ b/tasks/pihole_with_traefik.yml @@ -0,0 +1,50 @@ + +--- +- name: Pi-hole (with Traefik) Directories + file: + path: "{{ item }}" + state: directory + with_items: + - "{{ pihole_data_directory }}/etc/pihole" + - "{{ pihole_data_directory }}/var/log/lighttpd" + +- name: Pi-hole (with Traefik) Docker Container + docker_container: + name: pihole + image: pihole/pihole:latest + pull: false + volumes: + - "{{ pihole_data_directory }}/etc/pihole:/etc/pihole:rw" + - "{{ pihole_data_directory }}/etc/dnsmasq.d:/etc/dnsmasq.d:rw" + - "{{ pihole_data_directory }}/var/log:/var/log:rw" + ports: + - "53:53/tcp" + - "53:53/udp" + - "8182:80" + - "8183:443" + env: + DNS1: "{{ pihole_dns1 }}" + DNS2: "{{ pihole_dns2 }}" + ServerIP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + WEBPASSWORD: "{{ pihole_WEBPASSWORD }}" + PROXY_LOCATION: "pihole" + TZ: "{{ ansible_nas_timezone }}" + VIRTUAL_HOST: "pihole.{{ ansible_nas_domain }}" + VIRTUAL_PORT: "80" + restart_policy: unless-stopped + labels: + traefik.enable: "true" + traefik.backend: "pihole" + traefik.port: "80" + traefik.frontend.rule: "HostRegexp:pihole.{{ ansible_nas_domain }},{catchall:.*}" + traefik.frontend.priority: "1" + traefik.frontend.headers.SSLRedirect: "true" + traefik.frontend.headers.STSSeconds: "315360000" + traefik.frontend.headers.browserXSSFilter: "true" + traefik.frontend.headers.contentTypeNosniff: "true" + traefik.frontend.headers.forceSTSHeader: "true" + traefik.frontend.headers.SSLHost: "{{ ansible_nas_domain }}" + traefik.frontend.headers.STSIncludeSubdomains: "true" + traefik.frontend.headers.STSPreload: "true" + traefik.frontend.headers.frameDeny: "true" + memory: 1g From 971c11e1343c21983436d41c2a0c51cafccac351 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:49:59 -0700 Subject: [PATCH 05/16] (without Traefik) visualization --- tasks/pihole_without_traefik.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/pihole_without_traefik.yml b/tasks/pihole_without_traefik.yml index 48a1be8428..53e9689d8b 100644 --- a/tasks/pihole_without_traefik.yml +++ b/tasks/pihole_without_traefik.yml @@ -1,6 +1,6 @@ --- -- name: Pi-hole Directory +- name: Pi-hole (without Traefik) Directories file: path: "{{ item }}" state: directory @@ -8,7 +8,7 @@ - "{{ pihole_data_directory }}/etc/pihole" - "{{ pihole_data_directory }}/var/log/lighttpd" -- name: Pi-hole Docker Container +- name: Pi-hole (without Traefik) Docker Container docker_container: name: pihole image: pihole/pihole:latest From 7bb877598fd85166039aa91eccde787571f0bb71 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 17:52:42 -0700 Subject: [PATCH 06/16] add Pi-hole --- group_vars/all.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/group_vars/all.yml b/group_vars/all.yml index 3bcf3f92c6..c8a8a5604a 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -86,6 +86,10 @@ mosquitto_enabled: false homebridge_enabled: false openhab_enabled: false +# Pi-hole +pihole_with_traefik_enabled: false +pihole_without_traefik_enabled: false + # Books calibre_enabled: false From bb71f39f6827ab35aa50cada75009de85f060d7d Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:00:30 -0700 Subject: [PATCH 07/16] add Pi-hole --- docs/applications/pihole.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/applications/pihole.md diff --git a/docs/applications/pihole.md b/docs/applications/pihole.md new file mode 100644 index 0000000000..4bd9c9b91e --- /dev/null +++ b/docs/applications/pihole.md @@ -0,0 +1,14 @@ + +# Pi-hole + +Homepage: [https://pi-hole.net/](https://pi-hole.net/) +Docker Homepage: [https://hub.docker.com/r/pihole/pihole](https://hub.docker.com/r/pihole/pihole) + +Network-wide ad blocking, a black hole for Internet advertisements. + +## Usage + +Using Traefik: Set `pihole_with_traefik_enabled: true` in your `inventories//nas.yml` file. +Not using Traefik: Set `pihole_without_traefik_enabled: true` in your `inventories//nas.yml` file. + +The Pi-hole web interface can be found at http://ansible_nas_host_or_ip/admin. From 81c7194832e716b0d4195f0f5c7612ad16ca1488 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:04:55 -0700 Subject: [PATCH 08/16] add Pi-hole --- docs/configuration/application_ports.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md index ee55150e82..9b0884aead 100644 --- a/docs/configuration/application_ports.md +++ b/docs/configuration/application_ports.md @@ -42,6 +42,11 @@ By default, applications can be found on the ports listed below. | Ombi | 3579 | | | openHAB | 7777 | HTTP | | openHAB | 7778 | HTTPS | +| Pi-hole | 53 | TCP & UDP | +| Pi-hole | 80 | w/o Traefik | +| Pi-hole | 443 | w/o Traefik | +| Pi-hole | 8182 | w/ Traefik | +| Pi-hole | 8183 | w/ Traefik | | Plex | 32400 | | | Portainer | 9000 | | | pyload | 8000 | | From a5ceee84481cca4371a1714f8b857f37824b55c1 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:05:31 -0700 Subject: [PATCH 09/16] ports fix --- tasks/pihole_without_traefik.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/pihole_without_traefik.yml b/tasks/pihole_without_traefik.yml index 53e9689d8b..422d214506 100644 --- a/tasks/pihole_without_traefik.yml +++ b/tasks/pihole_without_traefik.yml @@ -20,8 +20,8 @@ ports: - "53:53/tcp" - "53:53/udp" - - "8182:80" - - "8183:443" + - "80:80" + - "443:443" env: DNS1: "{{ pihole_dns1 }}" DNS2: "{{ pihole_dns2 }}" From 4169b7ba588ed46184c714482952ff07e5d89b07 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:08:26 -0700 Subject: [PATCH 10/16] add Pi-hole (variables) --- group_vars/all.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/group_vars/all.yml b/group_vars/all.yml index c8a8a5604a..2adfdbb0c1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -336,6 +336,14 @@ traefik_docker_image: traefik:v1.7 traefik_data_directory: "{{ docker_home }}/traefik" traefik_debug: "false" +### +### Pi-hole +### +pihole_data_directory: "{{ docker_home }}/pihole" +pihole_dns1: "1.1.1.1" +pihole_dns2: "8.8.8.8" +pihole_WEBPASSWORD: "byebyeads" + ### ### Heimdall ### From f2e15c62f0be5c770c2e235c11ed765755edb443 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:09:41 -0700 Subject: [PATCH 11/16] better bullet point wording --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2e64cec9b6..403504793f 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Ansible config and a bunch of Docker containers. ## What Ansible-NAS Can Set Up * An awesome dashboard to your home server (Heimdall) -* Network wide ad blocking +* Network-wide ad blocking, a black hole for Internet advertisements via Pi-hole. * Any number of Samba shares or NFS exports for you to store your stuff * A BitTorrent client * A Usenet downloader From 486d0aa3db787a92bbd8bcce20638fb5ed627a9c Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:14:28 -0700 Subject: [PATCH 12/16] add Pi-hole --- templates/traefik/traefik.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml index 98a9352d65..f66b8b70e9 100644 --- a/templates/traefik/traefik.toml +++ b/templates/traefik/traefik.toml @@ -205,6 +205,7 @@ onDemand = false # create certificate when container is created "nzbget.{{ ansible_nas_domain }}", "ombi.{{ ansible_nas_domain }}", "openhab.{{ ansible_nas_domain }}", + "pihole.{{ ansible_nas_domain }}", "plex.{{ ansible_nas_domain }}", "portainer.{{ ansible_nas_domain }}", "pyload.{{ ansible_nas_domain }}", From 81e3e5d853d20d21845e1028d31926369cf76343 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:22:41 -0700 Subject: [PATCH 13/16] fix merge conflict --- docs/configuration/application_ports.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuration/application_ports.md b/docs/configuration/application_ports.md index 9b0884aead..ce2d633682 100644 --- a/docs/configuration/application_ports.md +++ b/docs/configuration/application_ports.md @@ -42,6 +42,8 @@ By default, applications can be found on the ports listed below. | Ombi | 3579 | | | openHAB | 7777 | HTTP | | openHAB | 7778 | HTTPS | +| Organizr | 10081 | HTTP | +| Organizr | 10444 | HTTPS | | Pi-hole | 53 | TCP & UDP | | Pi-hole | 80 | w/o Traefik | | Pi-hole | 443 | w/o Traefik | From a603346db41a69635a1cd844344c97d8c72a9a9b Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 18:25:14 -0700 Subject: [PATCH 14/16] merge fix --- templates/traefik/traefik.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/traefik/traefik.toml b/templates/traefik/traefik.toml index f66b8b70e9..32ad424893 100644 --- a/templates/traefik/traefik.toml +++ b/templates/traefik/traefik.toml @@ -205,6 +205,7 @@ onDemand = false # create certificate when container is created "nzbget.{{ ansible_nas_domain }}", "ombi.{{ ansible_nas_domain }}", "openhab.{{ ansible_nas_domain }}", + "organizr.{{ ansible_nas_domain }}", "pihole.{{ ansible_nas_domain }}", "plex.{{ ansible_nas_domain }}", "portainer.{{ ansible_nas_domain }}", From 11494941b9e6d4a5c50e6cc607809a9d91f00397 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 21:19:51 -0700 Subject: [PATCH 15/16] homepage -> container unofficial styleguide fix --- docs/applications/pihole.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/applications/pihole.md b/docs/applications/pihole.md index 4bd9c9b91e..1a2bd31661 100644 --- a/docs/applications/pihole.md +++ b/docs/applications/pihole.md @@ -2,7 +2,7 @@ # Pi-hole Homepage: [https://pi-hole.net/](https://pi-hole.net/) -Docker Homepage: [https://hub.docker.com/r/pihole/pihole](https://hub.docker.com/r/pihole/pihole) +Docker Container: [https://hub.docker.com/r/pihole/pihole](https://hub.docker.com/r/pihole/pihole) Network-wide ad blocking, a black hole for Internet advertisements. From 3a992e719de6eb633cd30e04c409225ea5e54069 Mon Sep 17 00:00:00 2001 From: bcurran3 Date: Sat, 9 May 2020 22:02:34 -0700 Subject: [PATCH 16/16] add Pi-hole --- tasks/general.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tasks/general.yml b/tasks/general.yml index 7ad21cef1f..4e8a189c15 100644 --- a/tasks/general.yml +++ b/tasks/general.yml @@ -36,6 +36,13 @@ # - name: Configure smartmontools +- name: pull Pi-hole image + docker_image: + name: pihole/pihole + state: present + when: + - ( pihole_with_traefik_enabled | default(False)) or ( pihole_without_traefik_enabled | default(False)) + - name: "Set hostname to {{ ansible_nas_hostname }}" hostname: name: "{{ ansible_nas_hostname }}" @@ -52,4 +59,4 @@ group: ansible-nas mode: "u=rwX,g=rwX,o=rX" recurse: false - loop: "{{ samba_shares }}" \ No newline at end of file + loop: "{{ samba_shares }}"