pihole in extra container verschoben

c3f39a1c · jabertwo · ee3a0253 · c3f39a1c · c3f39a1c · c3f39a1c
Commit c3f39a1c authored 2 months ago by jabertwo
--- a/host_vars/ogg
+++ b/host_vars/ogg
@@ -36,9 +36,8 @@ webserver_domains:
  - "fridgeserver.warpzone.lan"
  - "grafana.warpzone.lan"
  - "services.warpzone.lan"
-  - "ha-.warpzone.lan"
+  - "ha.warpzone.lan"
  - "omada.warpzone.lan"
-  - "pihole.warpzone.lan"
  - "tasmoadmin.warpzone.lan"
  - "zigbee2mqtt.warpzone.lan"

--- a/host_vars/pihole
+++ b/host_vars/pihole
+# Host spezifische Variablen
+motd_lines:
+  - "pihole - Interner pihole DNS @ warpzone"
+  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
+debian_sources:
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
+debian_keys_id:
+debian_keys_url:
+  - "https://download.docker.com/linux/debian/gpg"
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+#ext_ip6: <keine>
+int_ip4: 10.0.0.2
+# Art des Hosts: physical, vm, lxc
+host_type: "lxc"
+# SSL deaktivieren
+webserver_ssl: false
+# Liste der gehosteten Domänen
+webserver_domains:
+  - "pihole.warpzone.lan"
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "3d"
+  - "jabertwo"
+# Monitoring aktivieren
+alert:
+  load:
+    warn: 15
+    crit: 30
+  containers:
+    - { name: "dockerstats-app-1" }
+    - { name: "pihole-app-1" }
+  disks:
+    - { mountpoint: "/", warn: "1 GB", crit: "512 MB" }
\ No newline at end of file
--- a/hosts.yml
+++ b/hosts.yml
@@ -37,6 +37,10 @@ prod:
    carrot:
      ansible_ssh_host: 192.168.0.202
      ansible_user: root
+    pihole:
+      ansible_ssh_host: 10.0.0.2
+      ansible_user: root
    # Öffentlicher Webserver Warpzone
    # VM auf Tiffany

--- a/intern/docker_pihole/templates/dnsmasq/09-localnet.conf
+++ b/intern/docker_pihole/templates/dnsmasq/09-localnet.conf
-# DNS Entries in the Format:
-# address=/double-click.net/127.0.0.1
-{% for domain in webserver_domains %}
-address=/{{domain}}/192.168.0.201
-{% endfor %}
\ No newline at end of file
--- a/intern/docker_pihole/templates/docker-compose.yml
+++ b/intern/docker_pihole/templates/docker-compose.yml
-services:
-  app:
-    image: pihole/pihole:latest
-    restart: always
-    ports:
-      - "53:53/tcp"
-      - "53:53/udp"
-    volumes:
-      - '{{ basedir }}/etc:/etc/pihole'
-      - '{{ basedir }}/dnsmasq:/etc/dnsmasq.d'
-    hostname: pihole
-    environment:
-      TZ: 'Europe/Berlin'
-      FTLCONF_LOCAL_IPV4: '{{ int_ip4 }}'
-      WEBPASSWORD: '{{ admin_password }}'
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
-      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
-      - traefik.http.services.{{ servicename }}.loadBalancer.server.port=80
-    networks:
-      - default
-      - web
-networks:
-  web:
-    external: true
\ No newline at end of file
--- a/intern/docker_pihole/tasks/main.yml
+++ b/intern/docker_pihole/tasks/main.yml
@@ -11,7 +11,6 @@
    - "{{ basedir }}"
    - "{{ basedir }}/secrets"
    - "{{ basedir }}/etc"
-    - "{{ basedir }}/dnsmasq"
 - name: "create config files for {{ servicename }}"
  template:
@@ -19,7 +18,7 @@
    dest: "{{ basedir }}/{{ item }}"
  with_items:
    - docker-compose.yml
-    - dnsmasq/09-localnet.conf
+    - etc/pihole.toml
  register: config
 - name: "stop {{ servicename}} docker"

--- a/pihole/docker_pihole/templates/docker-compose.yml
+++ b/pihole/docker_pihole/templates/docker-compose.yml
+services:
+  app:
+    image: pihole/pihole:2025.02.6
+    restart: always
+    network_mode: host
+    volumes:
+      - '{{ basedir }}/etc:/etc/pihole'
+    hostname: pihole
+    environment:
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: '{{ admin_password }}'
+    cap_add:
+      - NET_ADMIN
+      - SYS_NICE
+      - SYS_TIME
+      - NET_BIND_SERVICE
+      - NET_RAW
--- a/pihole/docker_pihole/templates/etc/pihole.toml
+++ b/pihole/docker_pihole/templates/etc/pihole.toml
--- a/site.yml
+++ b/site.yml
@@ -231,12 +231,6 @@
        omada_port_https: 8043,
        omada_portal_https: 8843
      }
-    - { 
-        role: intern/docker_pihole, tags: pihole,
-        servicename: pihole,
-        basedir: /srv/pihole,
-        domain: "pihole.warpzone.lan"
-      }
    - { 
        role: intern/docker_tasmoadmin, tags: [ tasmoadmin, docker_services ],
        servicename: tasmoadmin,
@@ -256,6 +250,24 @@
        domain: "zigbee2mqtt.warpzone.lan"
      }
+- hosts: pihole
+  remote_user: root
+  roles:
+    - { role: common/cronapt, tags: cronapt }
+    - { role: common/docker, tags: docker }
+    - { role: common/prometheus-node, tags: prometheus-node }
+    - { 
+        role: common/docker_dockerstats, tags: [ dockerstats, docker_services ], 
+        servicename: dockerstats, 
+        basedir: /srv/dockerstats, 
+        metrics_port: 9487 
+      }
+    - { 
+        role: pihole/docker_pihole, tags: pihole,
+        servicename: pihole,
+        basedir: /srv/pihole,
+        domain: "pihole.warpzone.lan"
+      }
 - hosts: webserver
  remote_user: root