An Ansible playbook to configure a PiHole DNS server.
I used to use a modified version of geerlingguy/internet-pi but want different things from my Pi than that project provides.
PiHole: Install and configure PiHole to do network-wide DNS blackholing of ads.
Unbound: Install and configure Unbound as a recursive DNS server.
Unbound has a number of features that help increase your online privacy, especially when compared to using Google DNS (8.8.8.8) as your upstream DNS provider for PiHole including DNS-over-TLS and DNS-over-HTTPS.
If you configure DNS-over-TLS (unbound_enable_dot: yes), the default DoT provider is CloudFlare.
You can change this by setting unbound_dot_providers in config.yml.
If you are using CloudFlare as your DoT provider, you can verify DNS-over-TLS is enabled by visiting https://1.1.1.1/help.
- Install Ansible
git clone git@github.com:5donuts/pihole-dns.gitansible-galaxy collection install -r requirements.ymlcp config.defaults.yml config.yml, then modifyconfig.ymlto suit your needs (i.e., change the Pi password, enable & disable components)cp inventory.example.ini inventory.ini, then modifyinventory.inito suit your needs (e.g., set the actual IP address of the Pi on your network, configure connection variables)ansible-playbook -i inventory.ini main.yml
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.