Merge branch 'renovate/gitlab-runner-0.x' into 'master'

Author: ildoc

ansible/inventory/host_vars/pihole.yml

@@ -1,6 +1,7 @@
 pihole:
-  api_url: "https://pihole.local.ildoc.it/admin"
+  api_url: "https://pihole.local.ildoc.it"
   api_key: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/pihole:api_key') }}"
+  validate_certs: false  # Set to true if you have valid SSL certificates
   check_updates: true
   auto_update: false
 
@@ -10,53 +11,44 @@ pihole:
     - { ip: 192.168.0.11, domain: "pve02" }
     - { ip: 192.168.0.12, domain: "pve03" }
 
-    - { ip: 192.168.0.111, domain: "invidious" }
-    - { ip: 192.168.0.123, domain: "truenas" }
     - { ip: 192.168.0.124, domain: "web" }
     - { ip: 192.168.0.133, domain: "homeassistant" }
-    - { ip: 192.168.0.145, domain: "pihole" }
-    - { ip: 192.168.0.167, domain: "pihole2" }
     - { ip: 192.168.0.183, domain: "ubuntu" }
 
     - { ip: 192.168.0.30, domain: "db" }
     - { ip: 192.168.0.40, domain: "redis" }
     - { ip: 192.168.0.50, domain: "vault" }
 
-    - { ip: 192.168.0.80, domain: "argocd.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "longhorn.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "rancher.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "traefik.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "sonarr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "radarr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "bazarr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "prowlarr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "jackett.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "flaresolverr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "pdf.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "tools.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "change.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "truenas.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "mealie.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "wg.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "uptime.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "homepage.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "speedtest.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "nut.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "romm.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "zipline.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "invidious.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "readarr.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "bookbounty.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "kestra.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "paperless.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "kitchenowl.local.ildoc.it" }
-    - { ip: 192.168.0.80, domain: "audiobookshelf.local.ildoc.it" }
-    - { ip: 192.168.0.25, domain: "gitlab.local.ildoc.it" }
-    - { ip: 192.168.0.25, domain: "registry.gitlab.local.ildoc.it" }
-
-    - { ip: 192.168.0.100, domain: "argocd2.local.ildoc.it" }
-    - { ip: 192.168.0.100, domain: "traefik2.local.ildoc.it" }
-    - { ip: 192.168.0.100, domain: "rancher2.local.ildoc.it" }
+    - { ip: 192.168.0.145, domain: "pihole.local.ildoc.it"}
+    - { ip: 192.168.0.183, domain: "ubuntu.local.ildoc.it"}
+      
+    - { ip: 192.168.0.25, domain: "gitlab.local.ildoc.it"}
+    - { ip: 192.168.0.25, domain: "registry.gitlab.local.ildoc.it"}
+      
+    - { ip: 192.168.0.81, domain: "alertmanager.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "argocd.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "audiobookshelf.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "auth.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "bazarr.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "flaresolverr.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "grafana.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "n8n.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "nut.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "prometheus.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "prowlarr.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "radarr.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "rancher.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "sonar.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "sonarr.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "speedtest.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "tools.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "traefik.local.ildoc.it"}
+      
+    - { ip: 192.168.0.82, domain: "invidious.local.ildoc.it"}
+    - { ip: 192.168.0.82, domain: "pbs.local.ildoc.it"}
+    - { ip: 192.168.0.82, domain: "proxmox.local.ildoc.it"}
+    - { ip: 192.168.0.82, domain: "truenas.local.ildoc.it"}
+    - { ip: 192.168.0.82, domain: "vault.local.ildoc.it"}
 
   dhcp_reservations:
     - { mac: 60:83:E7:AC:6C:68, ip: 192.168.0.175, hostname: archlinux }
@@ -83,59 +75,73 @@ pihole:
     - { mac: aa:bb:cc:22:11:77, ip: 192.168.0.42, hostname: mongodb-db }
 
   adlists:
-    - url: "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
+    - address: "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
+      type: "block"
       comment: "Steven Black's Unified Hosts List"
       enabled: true
 
-    - url: "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
+    - address: "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
+      type: "block"
       comment: "KAD hosts"
       enabled: true
 
-    - url: https://v.firebog.net/hosts/AdguardDNS.txt
+    - address: https://v.firebog.net/hosts/AdguardDNS.txt
+      type: "block"
       comment: "Adguard DNS"
       enabled: true
 
-    - url: "https://v.firebog.net/hosts/Easyprivacy.txt"
+    - address: "https://v.firebog.net/hosts/Easyprivacy.txt"
+      type: "block"
       comment: "EasyPrivacy"
       enabled: true
 
-    - url: "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
+    - address: "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
+      type: "block"
       comment: "Ads and tracking extended"
       enabled: true
 
-    - url: "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
+    - address: "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
+      type: "block"
       comment: "FadeMind List"
       enabled: true
 
-    - url: "https://v.firebog.net/hosts/static/w3kbl.txt"
+    - address: "https://v.firebog.net/hosts/static/w3kbl.txt"
+      type: "block"
       comment: "Firebog w3kbl list"
       enabled: true
 
-    - url: "https://v.firebog.net/hosts/Prigent-Ads.txt"
+    - address: "https://v.firebog.net/hosts/Prigent-Ads.txt"
+      type: "block"
       comment: "Firebog Prigent ads list"
       enabled: true
 
-    - url: "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt"
+    - address: "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/pro.txt"
+      type: "block"
       comment: "Hagezi Pro Blocklist"
       enabled: true
 
-    - url: "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt"
+    - address: "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt"
+      type: "block"
       comment: "Smart TV AGH Blocklist"
       enabled: true
 
-    - url: "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt"
+    - address: "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt"
+      type: "block"
       comment: "AdAway Hosts"
       enabled: true
 
-    - url: "https://mirror1.malwaredomains.com/files/justdomains"
+    - address: "https://mirror1.malwaredomains.com/files/justdomains"
+      type: "block"
       comment: "Malware Domains"
       enabled: true
 
-    - url: "https://big.oisd.nl"
+    - address: "https://big.oisd.nl"
+      type: "block"
       comment: "OISD Full"
       enabled: true
 
-    - url: "https://someonewhocares.org/hosts/zero/hosts"
+    - address: "https://someonewhocares.org/hosts/zero/hosts"
+      type: "block"
       comment: "Dan Pollock's List"
       enabled: false  # Esempio di lista disabilitata
 

ansible/pihole6.yml

@@ -0,0 +1,26 @@
+---
+# ansible/roles/pihole6/tasks/authenticate.yml
+# Authenticate to Pi-hole API and obtain a session ID (SID)
+
+- name: Authenticate to Pi-hole API
+  ansible.builtin.uri:
+    url: "{{ pihole.api_url }}/api/auth"
+    method: POST
+    body_format: json
+    body:
+      password: "{{ pihole.api_key }}"
+    status_code: [200]
+    validate_certs: "{{ pihole.validate_certs | default(false) }}"
+    return_content: true
+  register: pihole_auth_response
+  no_log: true  # Don't log the password
+
+- name: Extract session ID from authentication response
+  ansible.builtin.set_fact:
+    pihole_session_id: "{{ pihole_auth_response.json.session.sid }}"
+    pihole_session_validity: "{{ pihole_auth_response.json.session.validity }}"
+  no_log: true  # Don't log the session ID
+
+- name: Display session validity
+  ansible.builtin.debug:
+    msg: "Authenticated successfully. Session valid for {{ pihole_session_validity }} seconds"

ansible/roles/pihole/handlers/main.yml

@@ -1,26 +1,105 @@
 ---
-- name: Create DNS records file from template
-  ansible.builtin.template:
-    src: custom.list.j2
-    dest: /etc/pihole/custom.list
-    owner: root
-    group: root
-    mode: '0644'
-  register: dns_records_result
-
-- name: Restart pihole dns
-  ansible.builtin.shell: pihole restartdns
-  when: dns_records_result.changed
-
-- name: Create DHCP leases file from template
-  ansible.builtin.template:
-    src: 04-pihole-static-dhcp.conf.j2
-    dest: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
-    owner: root
-    group: root
-    mode: '0644'
-  register: dhcp_conf_result
-
-- name: Update DHCP leases if necessary
-  ansible.builtin.include_tasks: update_dhcp_leases.yml
-  when: dhcp_conf_result.changed
+# ansible/roles/pihole6/tasks/main.yml
+
+- name: Ensure required variables are defined
+  ansible.builtin.assert:
+    that:
+      - pihole.api_key is defined
+      - pihole.api_url is defined
+    fail_msg: "pihole.api_key and pihole.api_url must be defined"
+
+# Authenticate and get session ID
+- name: Authenticate to Pi-hole API
+  ansible.builtin.include_tasks: authenticate.yml
+  tags: ['always']
+
+# DNS Records (managed via /api/config - dns.hosts)
+- name: Manage DNS records via API
+  ansible.builtin.include_tasks: manage_dns_records.yml
+  when: pihole.dns_records is defined
+  tags: ['dns']
+
+# # DHCP Reservations (managed via /api/config - dhcp.hosts)
+# - name: Manage DHCP reservations via API
+#   ansible.builtin.include_tasks: manage_dhcp_reservations.yml
+#   when: pihole.dhcp_reservations is defined
+#   tags: ['dhcp']
+
+# Adlists (managed via /api/lists)
+- name: Manage Adlists via API
+  ansible.builtin.include_tasks: manage_pihole_resource.yml
+  vars:
+    resource_name: "adlists"
+    api_endpoint: "lists"
+    key_attribute: "address"
+    desired_resources: "{{ pihole.adlists }}"
+    is_list: true
+    trigger_gravity: true
+  when: pihole.adlists is defined
+  tags: ['adlists', 'lists']
+
+# Whitelist Domains (managed via /api/domains/allow/exact)
+- name: Manage Whitelist domains via API
+  ansible.builtin.include_tasks: manage_pihole_resource.yml
+  vars:
+    resource_name: "whitelist domains"
+    api_endpoint: "domains/allow/exact"
+    key_attribute: "domain"
+    desired_resources: "{{ pihole.whitelist.domains }}"
+    is_list: false
+    domain_type: "allow"
+    domain_kind: "exact"
+  when: pihole.whitelist.domains is defined
+  tags: ['whitelist', 'domains']
+
+# Whitelist Regex (managed via /api/domains/allow/regex)
+- name: Manage Whitelist regex via API
+  ansible.builtin.include_tasks: manage_pihole_resource.yml
+  vars:
+    resource_name: "whitelist regex"
+    api_endpoint: "domains/allow/regex"
+    key_attribute: "domain"
+    desired_resources: "{{ pihole.whitelist.regex }}"
+    is_list: false
+    domain_type: "allow"
+    domain_kind: "regex"
+  when: pihole.whitelist.regex is defined
+  tags: ['whitelist', 'domains']
+
+# Blacklist Domains (managed via /api/domains/deny/exact)
+- name: Manage Blacklist domains via API
+  ansible.builtin.include_tasks: manage_pihole_resource.yml
+  vars:
+    resource_name: "blacklist domains"
+    api_endpoint: "domains/deny/exact"
+    key_attribute: "domain"
+    desired_resources: "{{ pihole.blacklist.domains }}"
+    is_list: false
+    domain_type: "deny"
+    domain_kind: "exact"
+  when: pihole.blacklist.domains is defined
+  tags: ['blacklist', 'domains']
+
+# Blacklist Regex (managed via /api/domains/deny/regex)
+- name: Manage Blacklist regex via API
+  ansible.builtin.include_tasks: manage_pihole_resource.yml
+  vars:
+    resource_name: "blacklist regex"
+    api_endpoint: "domains/deny/regex"
+    key_attribute: "domain"
+    desired_resources: "{{ pihole.blacklist.regex }}"
+    is_list: false
+    domain_type: "deny"
+    domain_kind: "regex"
+  when: pihole.blacklist.regex is defined
+  tags: ['blacklist', 'domains']
+
+- name: Update gravity if lists changed
+  ansible.builtin.include_tasks: update_gravity.yml
+  when: adlists_changed is defined and adlists_changed
+  tags: ['gravity', 'lists']
+
+- name: Check and update Pi-hole
+  ansible.builtin.include_tasks: update_pihole.yml
+  when: pihole.check_updates | default(true)
+  tags: ['updates']