WIP: ADDITION: Pi-hole

README.md

@@ -9,6 +9,7 @@ Ansible config and a bunch of Docker containers.
 ## What Ansible-NAS Can Set Up
 
 * An awesome dashboard to your home server (Heimdall)
+* Network-wide ad blocking, a black hole for Internet advertisements via Pi-hole.
 * Any number of Samba shares or NFS exports for you to store your stuff
 * A BitTorrent client
 * A Usenet downloader
@@ -65,6 +66,7 @@ Ansible config and a bunch of Docker containers.
 * [NZBget](https://nzbget.net/) - The most efficient usenet downloader
 * [Ombi](https://ombi.io/) - web application that automatically gives your users the ability to request content
 * [openHAB](https://www.openhab.org/) - A vendor and technology agnostic open source automation software for your home
+* [Pi-hole](https://pi-hole.net/) - Network-wide ad blocking
 * [Plex](https://www.plex.tv/) - Plex Media Server
 * [Portainer](https://portainer.io/) - for managing Docker and running custom images
 * [pyLoad](https://pyload.net/) - A download manager with a friendly web-interface

docs/applications/pihole.md

@@ -0,0 +1,14 @@
+
+# Pi-hole
+
+Homepage: [https://pi-hole.net/](https://pi-hole.net/)
+Docker Container: [https://hub.docker.com/r/pihole/pihole](https://hub.docker.com/r/pihole/pihole)
+
+Network-wide ad blocking, a black hole for Internet advertisements.
+
+## Usage
+
+Using Traefik: Set `pihole_with_traefik_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+Not using Traefik: Set `pihole_without_traefik_enabled: true` in your `inventories/<your_inventory>/nas.yml` file.
+
+The Pi-hole web interface can be found at http://ansible_nas_host_or_ip/admin.

docs/configuration/application_ports.md

@@ -42,6 +42,13 @@ By default, applications can be found on the ports listed below.
 | Ombi            | 3579   |              |
 | openHAB         | 7777   | HTTP         |
 | openHAB         | 7778   | HTTPS        |
+| Organizr        | 10081  | HTTP         |
+| Organizr        | 10444  | HTTPS        |
+| Pi-hole         | 53     | TCP & UDP    |
+| Pi-hole         | 80     | w/o Traefik  |
+| Pi-hole         | 443    | w/o Traefik  |
+| Pi-hole         | 8182   | w/ Traefik   |
+| Pi-hole         | 8183   | w/ Traefik   |
 | Plex            | 32400  |              |
 | Portainer       | 9000   |              |
 | pyload          | 8000   |              |

group_vars/all.yml

@@ -86,6 +86,10 @@ mosquitto_enabled: false
 homebridge_enabled: false
 openhab_enabled: false
 
+# Pi-hole
+pihole_with_traefik_enabled: false
+pihole_without_traefik_enabled: false
+
 # Books
 calibre_enabled: false
 
@@ -332,6 +336,14 @@ traefik_docker_image: traefik:v1.7
 traefik_data_directory: "{{ docker_home }}/traefik"
 traefik_debug: "false"
 
+###
+### Pi-hole
+###
+pihole_data_directory: "{{ docker_home }}/pihole"
+pihole_dns1: "1.1.1.1"
+pihole_dns2: "8.8.8.8"
+pihole_WEBPASSWORD: "byebyeads"
+
 ###
 ### Heimdall
 ###

nas.yml

@@ -36,6 +36,14 @@
     when: (traefik_enabled | default(False))
     tags: traefik
 
+- import_tasks: tasks/pihole_with_traefik.yml
+    when: (pihole_with_traefik_enabled | default(False))
+    tags: pihole_with_traefik
+
+  - import_tasks: tasks/pihole_without_traefik.yml
+    when: (pihole_without_traefik_enabled | default(False))
+    tags: pihole_without_traefik
+
   - import_tasks: tasks/heimdall.yml
     when: (heimdall_enabled | default(False))
     tags: heimdall

tasks/general.yml

@@ -36,6 +36,13 @@
 
 #  - name: Configure smartmontools
 
+- name: pull Pi-hole image
+  docker_image:
+    name: pihole/pihole
+    state: present
+  when:
+    - ( pihole_with_traefik_enabled  | default(False)) or ( pihole_without_traefik_enabled  | default(False))
+
 - name: "Set hostname to {{ ansible_nas_hostname }}"
   hostname:
     name: "{{ ansible_nas_hostname }}"
@@ -52,4 +59,4 @@
     group: ansible-nas
     mode: "u=rwX,g=rwX,o=rX"
     recurse: false
-  loop: "{{ samba_shares }}"
+  loop: "{{ samba_shares }}"

tasks/pihole_with_traefik.yml

@@ -0,0 +1,50 @@
+
+---
+- name: Pi-hole (with Traefik) Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ pihole_data_directory }}/etc/pihole"
+    - "{{ pihole_data_directory }}/var/log/lighttpd"
+
+- name: Pi-hole (with Traefik) Docker Container
+  docker_container:
+    name: pihole
+    image: pihole/pihole:latest
+    pull: false
+    volumes:
+      - "{{ pihole_data_directory }}/etc/pihole:/etc/pihole:rw"
+      - "{{ pihole_data_directory }}/etc/dnsmasq.d:/etc/dnsmasq.d:rw"
+      - "{{ pihole_data_directory }}/var/log:/var/log:rw"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "8182:80"
+      - "8183:443"
+    env:
+      DNS1: "{{ pihole_dns1 }}"
+      DNS2: "{{ pihole_dns2 }}"
+      ServerIP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+      WEBPASSWORD: "{{ pihole_WEBPASSWORD }}"
+      PROXY_LOCATION: "pihole"
+      TZ: "{{ ansible_nas_timezone }}"
+      VIRTUAL_HOST: "pihole.{{ ansible_nas_domain }}"
+      VIRTUAL_PORT: "80"
+    restart_policy: unless-stopped
+    labels:
+      traefik.enable: "true"
+      traefik.backend: "pihole"
+      traefik.port: "80"
+      traefik.frontend.rule: "HostRegexp:pihole.{{ ansible_nas_domain }},{catchall:.*}"
+      traefik.frontend.priority: "1"
+      traefik.frontend.headers.SSLRedirect: "true"
+      traefik.frontend.headers.STSSeconds: "315360000"
+      traefik.frontend.headers.browserXSSFilter: "true"
+      traefik.frontend.headers.contentTypeNosniff: "true"
+      traefik.frontend.headers.forceSTSHeader: "true"
+      traefik.frontend.headers.SSLHost: "{{ ansible_nas_domain }}"
+      traefik.frontend.headers.STSIncludeSubdomains: "true"
+      traefik.frontend.headers.STSPreload: "true"
+      traefik.frontend.headers.frameDeny: "true"
+    memory: 1g

tasks/pihole_without_traefik.yml

@@ -0,0 +1,32 @@
+
+---
+- name: Pi-hole (without Traefik) Directories
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "{{ pihole_data_directory }}/etc/pihole"
+    - "{{ pihole_data_directory }}/var/log/lighttpd"
+
+- name: Pi-hole (without Traefik) Docker Container
+  docker_container:
+    name: pihole
+    image: pihole/pihole:latest
+    pull: false
+    volumes:
+      - "{{ pihole_data_directory }}/etc/pihole:/etc/pihole:rw"
+      - "{{ pihole_data_directory }}/etc/dnsmasq.d:/etc/dnsmasq.d:rw"
+      - "{{ pihole_data_directory }}/var/log:/var/log:rw"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "80:80"
+      - "443:443"
+    env:
+      DNS1: "{{ pihole_dns1 }}"
+      DNS2: "{{ pihole_dns2 }}"
+      ServerIP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+      WEBPASSWORD: "{{ pihole_WEBPASSWORD }}"
+      TZ: "{{ ansible_nas_timezone }}"
+    restart_policy: unless-stopped
+    memory: 1g

templates/traefik/traefik.toml

@@ -205,6 +205,8 @@ onDemand = false # create certificate when container is created
           "nzbget.{{ ansible_nas_domain }}",
           "ombi.{{ ansible_nas_domain }}",
           "openhab.{{ ansible_nas_domain }}",
+          "organizr.{{ ansible_nas_domain }}",
+          "pihole.{{ ansible_nas_domain }}",
           "plex.{{ ansible_nas_domain }}",
           "portainer.{{ ansible_nas_domain }}",
           "pyload.{{ ansible_nas_domain }}",