pihole/
├── inventory.yml
├── playbook.yml
├── requirements.yml
├── Makefile
└── roles/
    └── pihole/
        ├── tasks/
        │   └── main.yml
        └──templates/
            └── docker-compose.pihole.yml.j2

export

.PHONY: apply check init

PLAYBOOK ?= playbook.yml
ANSIBLE_ARGS ?=

apply:
	ansible-playbook -i inventory.yml $(PLAYBOOK) $(ANSIBLE_ARGS);

init:
	@if [ ! -f host_vars/raspi.yml ]; then \
		cp host_vars/raspi.yml.example host_vars/raspi.yml; \
		echo "Created host_vars/raspi.yml from example"; \
		echo "Please edit host_vars/raspi.yml with your settings"; \
	fi
	@ansible-galaxy install -r requirements.yml

---
collections:
  - name: community.docker
roles:
  # Ref: https://galaxy.ansible.com/ui/standalone/roles/geerlingguy/docker/
  - name: geerlingguy.docker
    version: 7.4.5

raspi_default:
  hosts:
    raspi001.local: ## ホスト名 or ラズパイのIP
  vars:
    ansible_ssh_user: dl10yr ## sshに接続するときのユーザー名
    ansible_ssh_private_key_file: '~/.ssh/id_rsa' ## パスワードログインを禁止したのでkey_fileの場所を指定
    ansible_ssh_port: 33322 ## sshのポートを変更したので指定

---
- name: Pihole
  hosts: all
  become: true
  roles:
    - role: pihole
      vars:
        pihole_password: "UfbHLw54vc" ## 適当なランダム文字列 piholeの管理画面に入るときのパスワード
      tags: ["pihole"]

- name: Create /opt/pihole directory
  become: true
  ansible.builtin.file:
    path: /opt/pihole
    state: directory
    mode: "0755"

- name: Deploy docker-compose file for Pihole
  become: true
  ansible.builtin.template:
    src: docker-compose.pihole.yml.j2
    dest: /opt/pihole/docker-compose.yml
    mode: "0644"

- name: Start Pihole with docker compose
  become: true
  community.docker.docker_compose_v2:
    project_src: /opt/pihole
    files:
      - docker-compose.yml
    state: present

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      # DNS Ports
      - "53:53/tcp"
      - "53:53/udp"
      # Default HTTP Port
      - "80:80/tcp"
      # Default HTTPs Port. FTL will generate a self-signed certificate
      - "443:443/tcp"
      # Uncomment the line below if you are using Pi-hole as your DHCP server
      #- "67:67/udp"
      # Uncomment the line below if you are using Pi-hole as your NTP server
      #- "123:123/udp"
    environment:
      # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g:
      TZ: 'Asia/Tokyo'
      # Set a password to access the web interface. Not setting one will result in a random password being assigned
      FTLCONF_webserver_api_password: {{ pihole_password }}
      # If using Docker's default `bridge` network setting the dns listening mode should be set to 'all'
      FTLCONF_dns_listeningMode: 'all'
    # Volumes store your data between container upgrades
    volumes:
      # For persisting Pi-hole's databases and common configuration file
      - './etc-pihole:/etc/pihole'
      # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true'
      #- './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
      # Required if you are using Pi-hole as your DHCP server, else not needed
      - NET_ADMIN
      # Required if you are using Pi-hole as your NTP client to be able to set the host's system time
      - SYS_TIME
      # Optional, if Pi-hole should get some more processing time
      - SYS_NICE
    restart: unless-stopped

make

ansible raspi_default -m ping