From 88357f0fde1e22d704af0f864632f55e249c77b7 Mon Sep 17 00:00:00 2001 From: tolerryan <105945216+tolerryan@users.noreply.github.com> Date: Sun, 23 Feb 2025 01:54:12 -0600 Subject: [PATCH] pihole first setup --- pihole.tf | 40 ++++++++++ roles/ind/grail/docker-compose.yml | 6 +- roles/ind/pihole/cron.vars | 18 +++++ roles/ind/pihole/docker-compose.env | 0 roles/ind/pihole/docker-compose.yml | 34 +++++++++ roles/ind/pihole/pihole-install.yml | 109 ++++++++++++++++++++++++++++ 6 files changed, 204 insertions(+), 3 deletions(-) create mode 100644 pihole.tf create mode 100644 roles/ind/pihole/cron.vars create mode 100644 roles/ind/pihole/docker-compose.env create mode 100644 roles/ind/pihole/docker-compose.yml create mode 100644 roles/ind/pihole/pihole-install.yml diff --git a/pihole.tf b/pihole.tf new file mode 100644 index 0000000..dbb6bf6 --- /dev/null +++ b/pihole.tf @@ -0,0 +1,40 @@ +resource "proxmox_lxc" "pihole" { + target_node = "pve" + hostname = "promgraph" + vmid = 220 + ostemplate = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" + password = "terraform" + unprivileged = true + cores = 5 + memory = 4096 + swap = 1024 + start = true + tags = "terraform" + nameserver = "192.168.0.224" + ssh_public_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFw70PrMsilcsqCrwW1I6PAt3anQbhmVg+t/HUfomug ryan@mxDesktop" + + features { + nesting = true + } + + rootfs { + storage = "local-lvm" + size = "128G" + } + + network { + name = "eth0" + bridge = "vmbr0" + ip = "192.168.0.224/24" + gw = "192.168.0.1" + + } + + provisioner "local-exec" { + command = "./.ansible.d/setup.sh $IP" + environment = { + IP = "192.168.0.224" + } + } + +} diff --git a/roles/ind/grail/docker-compose.yml b/roles/ind/grail/docker-compose.yml index ce7daf6..2e5ae7c 100644 --- a/roles/ind/grail/docker-compose.yml +++ b/roles/ind/grail/docker-compose.yml @@ -139,8 +139,8 @@ services: - UMASK=${UMASK:?err} - TZ=${TIMEZONE:?err} - WEBUI_PORT=8200 - - DOCKER_MODS=ghcr.io/themepark-dev/theme.park:qbittorrent-develop - - TP_THEME=${TP_THEME:?err} + #- DOCKER_MODS=ghcr.io/themepark-dev/theme.park:qbittorrent-develop + #- TP_THEME=${TP_THEME:?err} depends_on: - gluetun @@ -153,7 +153,7 @@ services: environment: - QBITTORRENT_USERNAME=admin - QBITTORRENT_PASSWORD=hammy1 - - QBITTORRENT_BASE_URL=http://192.168.0.5:8200 + - QBITTORRENT_BASE_URL=http://192.168.0.57:8200 radarr: image: ghcr.io/linuxserver/radarr:latest diff --git a/roles/ind/pihole/cron.vars b/roles/ind/pihole/cron.vars new file mode 100644 index 0000000..29f28b2 --- /dev/null +++ b/roles/ind/pihole/cron.vars @@ -0,0 +1,18 @@ +--- +cronjob: + + - name: appdata + job_name: "Daily /data/ Backup" + job_minute: "30" + job_hour: "5" + job_day: "*" + user: "root" + job_command: "/home/docker/restic.sh --backup /data/ " + + - name: weeklydb + job_name: "Weekly /data/ verification" + job_minute: "30" + job_hour: "3" + job_day: "1" + user: "root" + job_command: "/home/docker/restic.sh --verify /data/" \ No newline at end of file diff --git a/roles/ind/pihole/docker-compose.env b/roles/ind/pihole/docker-compose.env new file mode 100644 index 0000000..e69de29 diff --git a/roles/ind/pihole/docker-compose.yml b/roles/ind/pihole/docker-compose.yml new file mode 100644 index 0000000..63da4c0 --- /dev/null +++ b/roles/ind/pihole/docker-compose.yml @@ -0,0 +1,34 @@ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + ports: + # DNS Ports + - "53:53/tcp" + - "53:53/udp" + # Default HTTP Port + - "80:80/tcp" + # Default HTTPs Port. FTL will generate a self-signed certificate + - "443:443/tcp" + # Uncomment the below if using Pi-hole as your DHCP Server + #- "67:67/udp" + environment: + # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: + TZ: 'America/Chicago' + # Set a password to access the web interface. Not setting one will result in a random password being assigned + FTLCONF_webserver_api_password: 'e9jWHvRZ' + # Volumes store your data between container upgrades + volumes: + # For persisting Pi-hole's databases and common configuration file + - './etc-pihole:/etc/pihole' + # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true' + #- './etc-dnsmasq.d:/etc/dnsmasq.d' + cap_add: + # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities + # Required if you are using Pi-hole as your DHCP server, else not needed + - NET_ADMIN + # Required if you are using Pi-hole as your NTP client to be able to set the host's system time + - SYS_TIME + # Optional, if Pi-hole should get some more processing time + - SYS_NICE + restart: unless-stopped \ No newline at end of file diff --git a/roles/ind/pihole/pihole-install.yml b/roles/ind/pihole/pihole-install.yml new file mode 100644 index 0000000..98599e7 --- /dev/null +++ b/roles/ind/pihole/pihole-install.yml @@ -0,0 +1,109 @@ +--- +- hosts: all + become: yes + remote_user: ansible + gather_facts: false + + vars: + + tasks: + - name: Upgrade-packages.yml - update packages + include: ../../lib/upgrade-packages.yml + + - name: Install-docker.yml - setting up docker + include: ../../lib/install-docker.yml + + - name: Install Restic and setup + include: ../../lib/setup-restic.yml + + - name: Setup Restic Cron jobs + include: ../../lib/setup-restic-cron.yml + + - name: Install nfs Packages + apt: + name: + - nfs-common + state: present + update_cache: no + + - name: Install Python Packages + apt: + name: + - python3-full + - python3-pip + state: present + update_cache: yes + + - name: Setup Service + copy: + dest: /etc/systemd/system/pihole.service + content: | + [Unit] + Description=Docker Compose service + Requires=docker.service + After=docker.service + + [Service] + Type=oneshot + RemainAfterExit=yes + WorkingDirectory=/home/docker + ExecStart=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml up -d + ExecStop=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml down + + [Install] + WantedBy=multi-user.target + owner: root + group: root + mode: '0644' + + - name: Create /home/docker/ + ansible.builtin.file: + path: /home/docker + owner: docker + group: docker + state: directory + + - name: Write docker-compose.yml + ansible.builtin.copy: + src: docker-compose.yml + dest: /home/docker/docker-compose.yml + owner: docker + group: docker + mode: u=rw,g=r,o=r + + - name: Write docker-compose.env + ansible.builtin.copy: + src: docker-compose.env + dest: /home/docker/docker-compose.env + owner: docker + group: docker + mode: u=rw,g=r,o=r + + #- name: Start services + # community.docker.docker_compose_v2: + # project_src: /home/docker/ + # register: output + + - name: Check if docker config directory exists + stat: + path: /home/docker/docker/qbittorrent + register: docker_stat + + - name: Restore docker config Dir + shell: | + restic --password-file /home/restic/.resticpassword -r sftp:misamisa://home/restic/$(hostname) --target / restore latest + args: + chdir: /home/docker/ + creates: /home/docker/qbitorrent + when: not docker_stat.stat.exists or not docker_stat.stat.isdir + + + - name: Reload systemd daemon + systemd: + daemon_reload: yes + + - name: Start pihole Service + systemd: + name: pihole + state: started + enabled: yes \ No newline at end of file