Agregando nueva configuración para instalar pihole

2025-11-08 21:38:24 -03:00
parent 6abc71f90e
commit 056f0cdb1d
11 changed files with 2033 additions and 0 deletions
--- a/proxmox/pihole/README.md
+++ b/proxmox/pihole/README.md
@@ -0,0 +1,58 @@
 # Pi-hole instalation
 These files allow you to install Pi-hole in an idempotent way. Terraform creates
 the VM on Proxmox, and Ansible installs Pi-hole unattended, using the configuration
 defined in `pihole.toml`.
 ## Terraform execution
 To create the VM with Terraform, the configuration must be defined in the `terraform.tfvars`
 file. You can use `terraform.tfvars.example` as a base.
 Then to execute the following commands:
 1. Intialize terraform
    ```bash
    terraform init
    ```
 2. Review the plan
    ```bash
    terraform plan
    ```
 3. Apply the plan.
  This step might take a few minutes but if it takes significantly longer,
  there may be an issue with cloud-init.
  ```bash
  terraform apply
  ```
 After execution, the `ansible` folder should contain a new `inventory.yaml` file.
 ## Ansible execution
 To install Pi-hole with Ansible, make sure the `inventory.yaml` file exists,
 and adjust `pihole.toml` if needed.
 Then run:
 ```bash
 ansible-playbook install.yaml
 ```
 ## Reinstallation
 If you need to reinstall everything in the same environment,
 destroy and recreate the Terraform resources using:
 ```bash
 terraform destroy
 ```
 ## Reference
 [Unattended Pi-hole v6 Setup with Ansible](https://www.paulcourt.co.uk/articles/2025/unattended-pihole-ansible)
 [Configure a VM with Cloud-Init](https://registry.terraform.io/providers/bpg/proxmox/latest/docs/guides/cloud-init)
--- a/proxmox/pihole/ansible/.gitignore
+++ b/proxmox/pihole/ansible/.gitignore
@@ -0,0 +1 @@
 pihole.toml
--- a/proxmox/pihole/ansible/ansible.cfg
+++ b/proxmox/pihole/ansible/ansible.cfg
@@ -0,0 +1,3 @@
 [defaults]
 inventory = ./inventory.yaml
 host_key_checking = False
--- a/proxmox/pihole/ansible/install.yaml
+++ b/proxmox/pihole/ansible/install.yaml
@@ -0,0 +1,38 @@
 - name: Install Pihole
  hosts: all
  become: true
  tasks:
    - name: Update packages
      apt:
        update_cache: true
        upgrade: safe
    - name: Install curl
      apt:
        name: curl
    - name: Create pihole directory
      file:
        path: /etc/pihole
        state: directory
        force: false
    - name: Load pihole pre-configuration
      copy:
        src: pihole.toml
        dest: /etc/pihole/pihole.toml
    - name: Download install script
      get_url:
        url: https://install.pi-hole.net
        dest: /tmp/install_pihole.sh
        mode: "0755"
    - name: Install pihole
      command: /tmp/install_pihole.sh --unattended
      args:
        creates: "/usr/local/bin/pihole"
    - name: Update gravity lists
      command: pihole -g
--- a/proxmox/pihole/ansible/inventory.yaml
+++ b/proxmox/pihole/ansible/inventory.yaml
@@ -0,0 +1,8 @@
 all:
  children:
    servers:
      hosts:
        pihole:
          ansible_host: 192.168.3.1
          ansible_user: ubuntu
          ansible_ssh_private_key_file: /home/ryuuji/.ssh/id_ed25519
--- a/proxmox/pihole/ansible/pihole.toml.example
+++ b/proxmox/pihole/ansible/pihole.toml.example
--- a/proxmox/pihole/terraform/.gitignore
+++ b/proxmox/pihole/terraform/.gitignore
@@ -0,0 +1,47 @@
 # Created by https://gitignore.org
 # Terraform.gitignore
 # Local .terraform directories
 .terraform/
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.log
 crash.*.log
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version
 # control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Ignore transient lock info files created by terraform apply
 .terraform.tfstate.lock.info
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
 # Optional: ignore graph output files generated by `terraform graph`
 # *.dot
 # Optional: ignore plan files saved before destroying Terraform configuration
 # Uncomment the line below if you want to ignore planout files.
 # planout
--- a/proxmox/pihole/terraform/.terraform.lock.hcl
+++ b/proxmox/pihole/terraform/.terraform.lock.hcl
@@ -0,0 +1,44 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/bpg/proxmox" {
  version     = "0.86.0"
  constraints = "0.86.0"
  hashes = [
    "h1:0OH908XIuDk42UTevFCfMMEnDdbsqNzSZBLGqjoj8S0=",
    "zh:09b627b92a59848769fadfc3d8103eebf070a3800144bf03cb93f44472327f44",
    "zh:0e19eb7f1047d541e50b97d7ac440ea73685d0c28ed2dbe64217cbe2f0b353e0",
    "zh:20f1e70091ff3056876618c93afd79527c8995f955d153993e8fbb10fa42593b",
    "zh:3920315be565976f5a9da0803f8f1a108221282f1bc9e21160669d793af4e0c8",
    "zh:5133b2a2027428d3926eaa3bcdc0ab65a75305d54f6cbc7c54cce746dfddbc8e",
    "zh:514c588b04738d55c9e6b1c5a4e3fb1ef4041dfb809d2268f14d29839ecfba59",
    "zh:55916034025b4833bd6a93bb5948dfb7d00830a772ef74fa70898c6f7de0da0b",
    "zh:58b485a4b0bde56ca7032fca0ac09cb4c6ff2579e06cf4f2a311bb695baa0df1",
    "zh:75ebe44e6da4108af5fe02a9cd99ed0189985b486a2a56594952098d161ceb3d",
    "zh:a8c870bfb5958a3d49d639db3c2761cfb453c6a6f95e5e241890922b11c8a4d8",
    "zh:c2df2748b9be47a6c3e613667c64874d5cb1d3fbb5b985d6eb9c3af5af298454",
    "zh:c3059668f4f81e450e555a47310e7042044b335f131643262fd51f9ba96f2214",
    "zh:ddbbb23910666f70cf4a9587ba57b45f5f58c53a1f8d7cee1d6f90a3d3ef38ef",
    "zh:e430138b897edcd3b64e4309db34ac872526187782626aa074d8d1647a0abfa8",
    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
  ]
 }
 provider "registry.terraform.io/hashicorp/local" {
  version = "2.5.3"
  hashes = [
    "h1:1Nkh16jQJMp0EuDmvP/96f5Unnir0z12WyDuoR6HjMo=",
    "zh:284d4b5b572eacd456e605e94372f740f6de27b71b4e1fd49b63745d8ecd4927",
    "zh:40d9dfc9c549e406b5aab73c023aa485633c1b6b730c933d7bcc2fa67fd1ae6e",
    "zh:6243509bb208656eb9dc17d3c525c89acdd27f08def427a0dce22d5db90a4c8b",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
    "zh:885d85869f927853b6fe330e235cd03c337ac3b933b0d9ae827ec32fa1fdcdbf",
    "zh:bab66af51039bdfcccf85b25fe562cbba2f54f6b3812202f4873ade834ec201d",
    "zh:c505ff1bf9442a889ac7dca3ac05a8ee6f852e0118dd9a61796a2f6ff4837f09",
    "zh:d36c0b5770841ddb6eaf0499ba3de48e5d4fc99f4829b6ab66b0fab59b1aaf4f",
    "zh:ddb6a407c7f3ec63efb4dad5f948b54f7f4434ee1a2607a49680d494b1776fe1",
    "zh:e0dafdd4500bec23d3ff221e3a9b60621c5273e5df867bc59ef6b7e41f5c91f6",
    "zh:ece8742fd2882a8fc9d6efd20e2590010d43db386b920b2a9c220cfecc18de47",
    "zh:f4c6b3eb8f39105004cf720e202f04f57e3578441cfb76ca27611139bc116a82",
  ]
 }
--- a/proxmox/pihole/terraform/main.tf
+++ b/proxmox/pihole/terraform/main.tf
@@ -0,0 +1,127 @@
 terraform {
  required_providers {
    proxmox = {
      source  = "bpg/proxmox"
      version = "0.86.0"
    }
  }
 }
 data "local_file" "ssh_public_key" {
  filename = var.ssh_pubkey_path
 }
 data "local_file" "proxmox_ssh_private_key" {
  filename = var.proxmox_ssh_privkey_path
 }
 provider "proxmox" {
  endpoint = var.proxmox_endpoint
  username = var.proxmox_user
  password = var.proxmox_password
  insecure = true
  ssh {
    agent       = true
    username    = var.proxmox_ssh_username
    private_key = trimspace(data.local_file.proxmox_ssh_private_key.content)
  }
 }
 resource "proxmox_virtual_environment_download_file" "ubuntu_cloud_image" {
  content_type = "import"
  datastore_id = var.proxmox_datastore
  node_name    = var.proxmox_node
  url          = "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"
  file_name    = "noble-server-cloudimg-amd64.qcow2"
 }
 resource "proxmox_virtual_environment_file" "user_data_cloud_config" {
  content_type = "snippets"
  datastore_id = var.proxmox_datastore
  node_name    = var.proxmox_node
  source_raw {
    data = <<-EOF
    #cloud-config
    hostname: ${var.vm_name}
    timezone: America/Santiago
    users:
      - default
      - name: ubuntu
        groups:
          - sudo
        shell: /bin/bash
        ssh_authorized_keys:
          - ${trimspace(data.local_file.ssh_public_key.content)}
        sudo: ALL=(ALL) NOPASSWD:ALL
    package_update: true
    packages:
      - qemu-guest-agent
      - net-tools
      - curl
    runcmd:
      - systemctl enable qemu-guest-agent
      - systemctl start qemu-guest-agent
      - echo "done" > /tmp/cloud-config.done
    EOF
    file_name = "user-data-cloud-config.yaml"
  }
 }
 resource "proxmox_virtual_environment_vm" "pihole" {
  name      = var.vm_name
  node_name = var.proxmox_node
  agent { enabled = true }
  cpu {
    cores = 1
    type  = "host"
  }
  memory {
    dedicated = 2048
  }
  disk {
    datastore_id = var.vm_datastore
    import_from  = proxmox_virtual_environment_download_file.ubuntu_cloud_image.id
    interface    = "virtio0"
    iothread     = true
    discard      = "on"
    size         = 20
  }
  initialization {
    datastore_id = var.vm_datastore
    ip_config {
      ipv4 {
        address = "${var.vm_address}/${var.vm_cidr}"
        gateway = var.vm_gateway
      }
    }
    user_data_file_id = proxmox_virtual_environment_file.user_data_cloud_config.id
  }
  network_device {
    bridge = var.bridge
  }
 }
 resource "local_file" "ansible_inventory" {
  filename   = "${path.module}/../ansible/inventory.yaml"
  content    = <<-YAML
  all:
    children:
      servers:
        hosts:
          ${var.vm_name}:
            ansible_host: ${var.vm_address}
            ansible_user: ubuntu
            ansible_ssh_private_key_file: ${var.ssh_privkey_path}
  YAML
  depends_on = [proxmox_virtual_environment_vm.pihole]
 }
--- a/proxmox/pihole/terraform/terraform.tfvars.example
+++ b/proxmox/pihole/terraform/terraform.tfvars.example
@@ -0,0 +1,14 @@
 proxmox_endpoint = "https://192.168.1.1:8006"
 proxmox_user     = "terraform@pam"
 proxmox_password = "secret"
 proxmox_node     = "pve"
 proxmox_ssh_username     = "terraform"
 proxmox_ssh_privkey_path = "/home/user/.ssh/id_ed25519"
 ssh_pubkey_path  = "/home/user/.ssh/id_ed25519.pub"
 ssh_privkey_path = "/home/user/.ssh/id_ed25519"
 vm_address = "192.168.3.1"
 vm_cidr    = "16"
 vm_gateway = "192.168.1.1"
--- a/proxmox/pihole/terraform/variables.tf
+++ b/proxmox/pihole/terraform/variables.tf
@@ -0,0 +1,19 @@
 variable "proxmox_endpoint" {}
 variable "proxmox_user" {}
 variable "proxmox_password" { sensitive = true }
 variable "proxmox_node" { default = "pve" }
 variable "proxmox_ssh_username" {}
 variable "proxmox_ssh_privkey_path" {}
 variable "proxmox_datastore" { default = "local" }
 variable "vm_name" { default = "pihole" }
 variable "vm_datastore" { default = "local-vm" }
 variable "vm_address" {}
 variable "vm_cidr" {}
 variable "vm_gateway" {}
 variable "ssh_pubkey_path" {}
 variable "ssh_privkey_path" {}
 variable "bridge" { default = "vmbr0" }