Add PiHole

pihole/docker-compose.yml

@@ -0,0 +1,20 @@
+version: "2.4"
+services:
+  pihole:
+    container_name: pihole
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "67:67/udp"
+      - "8079:80/tcp"
+    environment:
+        TZ: 'Europe/Vienna'
+        PIHOLE_DNS_: '1.1.1.1;1.0.0.1'
+        WEBPASSWORD: ${PIHOLE_PASSWORD}
+    volumes:
+      - './etc-pihole/:/etc/pihole/'
+      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
+    cap_add:
+      - NET_ADMIN
+    restart: unless-stopped

pihole/start.yml

@@ -0,0 +1,27 @@
+---
+- hosts: teier.eu
+  gather_facts: no
+  tasks:
+  - name: Check dc directory
+    stat:
+     path: /dc/pihole
+    register: pihole_dc_dir_stat
+
+  - name: Create pihole dc directory
+    file:
+     path: /dc/pihole
+     state: directory
+     mode: 0755
+     group: root
+     owner: root
+    when: pihole_dc_dir_stat.islnk is not defined
+
+  - name: Copy compose file
+    copy:
+      src: docker-compose.yml
+      dest: /dc/pihole
+
+  - name: Start pihole
+    shell: "cd /dc/pihole && docker-compose up -d"
+    environment:
+      PIHOLE_PASSWORD: "{{ lookup('env', 'PIHOLE_PASSWORD') }}"

pihole/teardown.yml

@@ -0,0 +1,6 @@
+---
+- hosts: teier.eu
+  gather_facts: no
+  tasks:
+  - name: Teardown pihole
+    shell: "cd /dc/pihole && docker-compose down"

start-pihole.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+source ./.env
+
+[ -z "$PIHOLE_PASSWORD" ] && echo "PIHOLE_PASSWORD not set" && exit 1
+ansible-playbook pihole/start.yml

ufw/playbook-ufw.yml

@@ -107,6 +107,24 @@
       port: '27015'
       proto: tcp
 
+  - name: Allow DNS
+    community.general.ufw:
+      rule: allow
+      port: '53'
+      proto: tcp
+  
+  - name: Allow DNS
+    community.general.ufw:
+      rule: allow
+      port: '53'
+      proto: udp
+  
+  - name: Allow DNS
+    community.general.ufw:
+      rule: allow
+      port: '67'
+      proto: udp
+
   - name: Allow all access from RFC1918 networks to this host
     community.general.ufw:
       rule: allow