Skip to content

Instantly share code, notes, and snippets.

@bendews
Created April 5, 2018 09:17
  • Star 15 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save bendews/e09edfc60e581ec4c686c4b70297f543 to your computer and use it in GitHub Desktop.
Ansible Playbook to set up PiHole with DNS-Over-HTTPS via cloudflared
!!!!!!!!!!!!!!!
NOTE THIS IS A BASIC EXAMPLE OF A CONFIGURATION.
YOU SHOULD COPY YOUR EXISTING CONFIGURATION FROM /etc/pihole/setupVars.conf
THIS CAN BE USED AS A "STARTER" CONFIGURATION FOR FRESH INSTALLS BUT WILL OVERWRITE ANY EXISTING CONFIG
!!!!!!!!!!!!!!!
PIHOLE_INTERFACE=ens192
IPV4_ADDRESS=10.1.1.250/24
IPV6_ADDRESS=
QUERY_LOGGING=true
INSTALL_WEB=true
LIGHTTPD_ENABLED=1
- hosts: pihole
become: yes
tasks:
- include_role:
name: bendews.cloudflared
vars:
cloudflared_port: 5053
- name: create pihole directory
file:
path: /etc/pihole
state: directory
- name: copy pihole conf
copy:
src: pihole-setupVars.conf
dest: /etc/pihole/setupVars.conf
register: pihole_config
- stat:
path: /usr/local/bin/pihole
register: pihole_binary
- set_fact:
pihole_installed: "{{ pihole_binary.stat.exists | default(false) }}"
- name: download install script
get_url:
url: https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh
dest: ~/pihole-install.sh
mode: u+rwx
when: not pihole_installed
- name: run install script
shell: ~/pihole-install.sh --unattended
when: not pihole_installed
- name: copy dnsmasq conf
copy:
src: pihole-dnsmasq-cloudflared.conf
dest: /etc/dnsmasq.d/50-cloudflared.conf
register: dnsmasq_config
- name: this should be done via a handler but is simplified for this gist
set_fact:
restart_dnsmasq: "{{ true if (pihole_config is changed or dnsmasq_config is changed) else false }}"
- name: restart dnsmasq service (this should be done via a handler but is simplified for this gist)
service:
name: dnsmasq
enabled: true
state: restarted
when: restart_dnsmasq
@TimeTravelersHackedMe
Copy link

@bendews A follow up question: How can we use Ansible to run the installer as a non-privileged user but automatically enter the sudo password when the script is running? i.e. How can we run the PiHole script without become: yes but still enter the password when PiHole runs a command with sudo

@jlagermann
Copy link

jlagermann commented Jul 28, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment