Add tasks and roles for my router

group_vars/all/vars.yml

@@ -17,7 +17,7 @@ ntp_timezone: "{{ timezone }}"
 
 locale: en_US.UTF-8
 
-lan_network: "{{ '.'.join(ansible_host.split('.')[0:3]) }}.0/24"
+lan_network: "{{ '.'.join(ansible_default_ipv4.address.split('.')[0:3]) }}.0/24"
 
 fish_prompt_color: blue 
 
@@ -125,6 +125,8 @@ enable_nextcloud: true
 
 enable_swag: true
 
+enable_pihole: true
+
 enable_wireguard: true
 
 enable_ikev2: true

roles/containers/deluge/tasks/main.yml

@@ -37,4 +37,12 @@
       - "{{ docker_dir }}/{{ container_name }}/config:/config"
       - "{{ mergerfs_root }}/Downloads:/home/nobody/Downloads"
       - "/etc/localtime:/etc/localtime:ro"
-    restart_policy: unless-stopped
+    restart_policy: unless-stopped
+
+- name: Add {{ container_name }} to the SWAG network (reverse-proxy)
+  docker_network:
+    name: swag_network
+    connected:
+      - deluge
+    appends: yes
+  when: enable_swag

roles/containers/ikev2/tasks/main.yml

@@ -22,7 +22,8 @@
     restart_policy: unless-stopped
 
 
-- name: Copy the mobileconfig to the local host
+- name: Copy the mobileconfig to the local host (might fail on the first run)
+  ignore_errors: true
   synchronize:
     mode: pull
     delete: yes

roles/containers/pihole/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+container_name: pihole

roles/containers/pihole/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Make sure the {{ container_name }} container is created and running
+  docker_container:
+    name: 'pihole'
+    image: "cbcrowe/pihole-unbound"
+    privileged: yes
+    hostname: "{{ inventory_hostname }}"
+    domainname: "{{ host }}"
+    pull: false
+    state: 'started'
+    env:
+      "ServerIP": "{{ ansible_default_ipv4.address }}"
+      "TZ": "{{ timezone }}"
+      "WEBPASSWORD": "{{ pihole_password }}"
+      "REV_SERVER": "true"
+      "REV_SERVER_DOMAIN": "local"
+      "REV_SERVER_TARGET": "{{ ansible_default_ipv4.gateway }}"
+      "REV_SERVER_CIDR": "{{ '.'.join(ansible_default_ipv4.address.split('.')[0:3]) }}.0/24"
+      "DNS1": "127.0.0.1#5335" # Hardcoded to our Unbound server
+      "DNS2": "127.0.0.1#5335" # Hardcoded to our Unbound server
+      "DNSSEC": "true" # Enable DNSSEC
+      "DOMAIN_NAME": "pihole.local"
+    volumes:
+      - "{{ docker_dir }}/{{ container_name }}/pihole:/etc/pihole"
+      - "{{ docker_dir }}/{{ container_name }}/dnmasq-unbound:/etc/dnsmasq.d"
+    ports:
+      - 443:443/tcp
+      - 81:80/tcp
+      - 53:53/tcp
+      - 53:53/udp
+    restart_policy: unless-stopped

roles/containers/swag/tasks/main.yml

@@ -24,7 +24,7 @@
       "CERTPROVIDER": "zerossl"
       "EMAIL": "{{ email }}"
     ports:
-      #- "80:80"
+      - "80:80"
       - "443:443"
     volumes:
       - "{{ docker_dir }}/{{ container_name }}/config:/config"

roles/docker/tasks/main.yml

@@ -1,16 +1,30 @@
 ---
+- name: Include OS-specific variables
+  include_vars: "{{ ansible_facts['distribution'] }}.yml"
+
 - name: Install required system packages
-  apt: 
-    name:
-      - 'apt-transport-https'
-      - 'ca-certificates'
-      - 'curl'
-      - 'software-properties-common'
-      - 'python3-pip'
-      - 'virtualenv'
-      - 'python3-setuptools'
-    state: latest 
-    update_cache: yes
+  package: 
+    state: latest
+    name: "{{ docker_packages }}"
+
+- name: Install Docker packages
+  when: ansible_facts['distribution'] == 'Ubuntu'
+  block:
+  - name: Add Docker GPG apt Key
+    apt_key:
+      url: https://download.docker.com/linux/ubuntu/gpg
+      state: present
+
+  - name: Add Docker Repository
+    apt_repository:
+      repo: deb https://download.docker.com/linux/ubuntu bionic stable
+      state: present
+
+  - name: Update apt and install docker-ce
+    apt: 
+      update_cache: yes 
+      name: docker-ce 
+      state: latest
 
 - name: Ensure group docker exists
   group:
@@ -24,26 +38,10 @@
       - docker
     append: yes
 
-- name: Add Docker GPG apt Key
-  apt_key:
-    url: https://download.docker.com/linux/ubuntu/gpg
-    state: present
-
-- name: Add Docker Repository
-  apt_repository:
-    repo: deb https://download.docker.com/linux/ubuntu bionic stable
-    state: present
-
 - name: Install Docker Module for Python
   pip:
     name: docker
 
-- name: Update apt and install docker-ce
-  apt: 
-    update_cache: yes 
-    name: docker-ce 
-    state: latest
-
 - name: Make sure Docker is running and enabled
   service: 
     name: docker 
@@ -67,28 +65,32 @@
   when: not lookup('vars', 'enable_' + item.path.split('/')[-1])
   with_items: "{{ containers.files }}"
 
-- name: Check if the persistent data folder exists on the remote machine
-  stat:
-    path: "{{ docker_dir }}"
-  register: persistent_data
+- name: Handle persistent data
+  when: "'fragile' in inventory_hostname"
+  block:
+  - name: Check if the persistent data folder exists on the remote machine
+    stat:
+      path: "{{ docker_dir }}"
+    register: persistent_data
 
-- name: Check if the persistent data folder is empty
-  find:
-    paths: 
-      - "{{ docker_dir }}/"
-    recurse: yes
-  register: persistent_data_find
+  - name: Check if the persistent data folder is empty
+    when: "'fragile' in inventory_hostname"
+    find:
+      paths: 
+        - "{{ docker_dir }}/"
+      recurse: yes
+    register: persistent_data_find
 
-- name: Create the persistent data folder on the remote machine
-  file:
-    dest: "{{ docker_dir }}"
-    state: directory
-    owner: "{{ username }}"
-    group: "{{ username }}"
-    recurse: yes
-  when: persistent_data.stat.exists == false
+  - name: Create the persistent data folder on the remote machine
+    file:
+      dest: "{{ docker_dir }}"
+      state: directory
+      owner: "{{ username }}"
+      group: "{{ username }}"
+      recurse: yes
+    when: persistent_data.stat.exists == false
 
-- name: Restore the "{{ docker_dir }}" folder from the MergerFS array
-  shell:
-    cmd: "rsync -avz --delete {{ mergerfs_root }}/docker_data {{ docker_dir }}"
-  when: persistent_data_find.matched < 20 or persistent_data.stat.exists == false
+  - name: Restore the "{{ docker_dir }}" folder from the MergerFS array
+    shell:
+      cmd: "rsync -avz --delete {{ mergerfs_root }}/docker_data {{ docker_dir }}"
+    when: persistent_data_find.matched < 20 or persistent_data.stat.exists == false

roles/docker/vars/Alpine.yml

@@ -0,0 +1,7 @@
+---
+docker_packages:
+  - 'curl'
+  - 'py3-setuptools'
+  - 'py3-pip'
+  - 'docker'
+  - 'py3-virtualenv'

roles/docker/vars/Ubuntu.yml

@@ -0,0 +1,9 @@
+---
+docker_packages:
+  - 'apt-transport-https'
+  - 'ca-certificates'
+  - 'curl'
+  - 'software-properties-common'
+  - 'python3-pip'
+  - 'virtualenv'
+  - 'python3-setuptools'

roles/essential/tasks/main.yml

@@ -1,48 +1,66 @@
 ---
-# Set up the shell environment and install essential packages
-- name: Suppress login messages
-  file:
-    name: /home/{{ username }}/.hushlogin
-    state: touch
-    modification_time: preserve
-    access_time: preserve
+- name: Include OS-specific variables
+  include_vars: "{{ ansible_facts['distribution'] }}.yml"
 
-- name: Remove cloud-config to avoid boot delay
-  apt: 
-    name: cloud-config
-    state: absent
-
-- name: Make sure iSCSId and Open-iSCSId services are disabled
-  service: 
-    name: "{{ item }}"
-    state: stopped 
-    enabled: no
-  with_items: 
-    - iscsid
-    - open-iscsi
-  ignore_errors: yes
+- name: Ubuntu specific tasks
+  become: yes
+  when: ansible_facts['distribution'] == 'Ubuntu'
+  block:
+  - name: Remove cloud-config to avoid boot delay
+    apt: 
+      name: cloud-config
+      state: absent
 
-- name: Disable cron e-mail notifications
-  cron:
-    name: MAILTO
-    env: yes
-    job: ""
-
-- name: Install the apt mirror list
-  template:
-    src: sources.list.j2
-    dest: /etc/apt/sources.list
-    owner: root
-    group: root
-    mode: 0644
-  tags: mirrors
-
-- name: Update and upgrade apt packages
-  become: true
-  apt:
-    upgrade: "yes"
-    update_cache: yes
-    cache_valid_time: 86400 
+  - name: Generate the locale
+    locale_gen:
+      name: "{{ locale }}"
+      state: present
+
+  - name: Make sure iSCSId and Open-iSCSId services are disabled
+    service: 
+      name: "{{ item }}"
+      state: stopped 
+      enabled: no
+    with_items: 
+      - iscsid
+      - open-iscsi
+    ignore_errors: yes
+
+  - name: Install the apt mirror list
+    template:
+      src: sources.list.j2
+      dest: /etc/apt/sources.list
+      owner: root
+      group: root
+      mode: 0644
+    tags: mirrors
+
+  - name: Update and upgrade apt packages
+    apt:
+      upgrade: "yes"
+      update_cache: yes
+      cache_valid_time: 86400 
+
+- name: Alpine specific tasks
+  become: yes
+  when: ansible_facts['distribution'] == 'Alpine'
+  block:
+  - name: Enable community repository
+    replace:
+      path: /etc/apk/repositories
+      regexp: '^#(http.*community)'
+      replace: '\1'
+
+  - name: Update and upgrade apk packages
+    apk:
+      upgrade: yes
+      update_cache: yes
+
+  - name: Set the default shell
+    replace:
+      path: /etc/passwd
+      regexp: "/home/{{ username }}:/bin/ash"
+      replace: "/home/{{ username }}:{{ shell }}"
 
 - name: Check if reboot required
   stat:
@@ -55,10 +73,9 @@
   when: reboot_required_file.stat.exists == true
 
 - name: Install extra packages
-  apt: 
+  package: 
     name: "{{ extra_packages }}" 
     state: latest 
-    update_cache: yes
 
 - name: Clone the latest dotfiles repo
   git:
@@ -96,7 +113,15 @@
   hostname:
     name: "{{ inventory_hostname }}"
 
-- name: Generate the locale
-  locale_gen:
-    name: "{{ locale }}"
-    state: present
+- name: Suppress login messages
+  file:
+    name: /home/{{ username }}/.hushlogin
+    state: touch
+    modification_time: preserve
+    access_time: preserve
+
+- name: Disable cron e-mail notifications
+  cron:
+    name: MAILTO
+    env: yes
+    job: ""