diff --git a/roles/adguardhome/defaults/main.yml b/roles/adguardhome/defaults/main.yml index f49142e..fa13637 100644 --- a/roles/adguardhome/defaults/main.yml +++ b/roles/adguardhome/defaults/main.yml @@ -1,4 +1,7 @@ --- +adguardhome_become: true +adguardhome_become_user: root + adguardhome_version: v0.103.3 adguardhome_tarball_armv7l: AdGuardHome_linux_armv7.tar.gz adguardhome_tarball_armv7l_sha256: 8dcfeca7a345ff3451f8ba20100aaef8bb9f8d05dfb2d9b619c019000fa00edc diff --git a/roles/adguardhome/tasks/main.yml b/roles/adguardhome/tasks/main.yml index 491e314..6b19184 100644 --- a/roles/adguardhome/tasks/main.yml +++ b/roles/adguardhome/tasks/main.yml @@ -1,106 +1,100 @@ --- -- name: ensure adguardhome group exits - group: - name: adguardhome - system: true - become: true +- block: + - name: ensure adguardhome group exits + group: + name: adguardhome + system: true -- name: ensure adguardhome user exists and has restrictive settings - user: - name: adguardhome - groups: adguardhome - password: "*" - create_home: false - system: true - shell: /usr/sbin/nologin - become: true + - name: ensure adguardhome user exists and has restrictive settings + user: + name: adguardhome + groups: adguardhome + password: "*" + create_home: false + system: true + shell: /usr/sbin/nologin -- name: get available groups - getent: - database: group + - name: get available groups + getent: + database: group -- name: add adguardhome user to ssl-cert group - user: - name: adguardhome - groups: ssl-cert - append: true - become: true - when: adguardhome_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group + - name: add adguardhome user to ssl-cert group + user: + name: adguardhome + groups: ssl-cert + append: true + when: adguardhome_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group -- name: ensure that the directory where we deploy AdGuard Home exists - file: - path: "{{ adguardhome_dir }}" - state: directory - owner: adguardhome - group: adguardhome - mode: "0750" - become: true + - name: ensure that the directory where we deploy AdGuard Home exists + file: + path: "{{ adguardhome_dir }}" + state: directory + owner: adguardhome + group: adguardhome + mode: "0750" -# TODO: download only if not installed or a new version. + # TODO: download only if not installed or a new version. -- name: download locally AdGuard Home in /tmp - get_url: - url: "{{ adguardhome_download_url }}" - dest: /tmp - checksum: "sha256:{{ adguardhome_tarball_sha256 }}" - delegate_to: localhost + - name: download locally AdGuard Home in /tmp + get_url: + url: "{{ adguardhome_download_url }}" + dest: /tmp + checksum: "sha256:{{ adguardhome_tarball_sha256 }}" + delegate_to: localhost + become: false -- name: unarchive locally AdGuard Home - unarchive: - src: "/tmp/{{ adguardhome_tarball }}" - dest: /tmp - remote_src: true - delegate_to: localhost + - name: unarchive locally AdGuard Home + unarchive: + src: "/tmp/{{ adguardhome_tarball }}" + dest: /tmp + remote_src: true + delegate_to: localhost + become: false -- name: copy AdGuard Home binary - copy: - src: /tmp/AdGuardHome/AdGuardHome - dest: "{{ adguardhome_dir }}" - owner: adguardhome - group: adguardhome - mode: "0750" - become: true + - name: copy AdGuard Home binary + copy: + src: /tmp/AdGuardHome/AdGuardHome + dest: "{{ adguardhome_dir }}" + owner: adguardhome + group: adguardhome + mode: "0750" -- name: check if the AdGuardHome.yaml configuration exists - stat: - path: "{{ adguardhome_dir }}/AdGuardHome.yaml" - register: adguardhome_yaml_config - become: true + - name: check if the AdGuardHome.yaml configuration exists + stat: + path: "{{ adguardhome_dir }}/AdGuardHome.yaml" + register: adguardhome_yaml_config -# NOTE: python3-passlib must be installed or this will fail silently. -- name: set the AdGuardHome config file - template: - src: templates/AdGuardHome.yaml.j2 - dest: "{{ adguardhome_dir }}/AdGuardHome.yaml" - owner: adguardhome - group: adguardhome - mode: 0640 - become: true - when: not adguardhome_yaml_config.stat.exists - notify: systemctl restart adguardhome + # NOTE: python3-passlib must be installed or this will fail silently. + - name: set the AdGuardHome config file + template: + src: templates/AdGuardHome.yaml.j2 + dest: "{{ adguardhome_dir }}/AdGuardHome.yaml" + owner: adguardhome + group: adguardhome + mode: 0640 + when: not adguardhome_yaml_config.stat.exists + notify: systemctl restart adguardhome -- name: set cap_net_bind_service=+ep on AdGuardHome binary - capabilities: - path: "{{ adguardhome_dir }}/AdGuardHome" - capability: cap_net_bind_service=+ep - become: true + - name: set cap_net_bind_service=+ep on AdGuardHome binary + capabilities: + path: "{{ adguardhome_dir }}/AdGuardHome" + capability: cap_net_bind_service=+ep -- name: install adguardhome systemd unit file - template: - src: etc/systemd/system/adguardhome.service.j2 - dest: /etc/systemd/system/adguardhome.service - notify: - - systemctl daemon-reload - become: true + - name: install adguardhome systemd unit file + template: + src: etc/systemd/system/adguardhome.service.j2 + dest: /etc/systemd/system/adguardhome.service + notify: + - systemctl daemon-reload -- name: systemctl enable adguardhome - systemd: - name: adguardhome - enabled: true - become: true + - name: systemctl enable adguardhome + systemd: + name: adguardhome + enabled: true -- name: ensure AdGuard Home is running - systemd: - name: adguardhome - state: started - become: true + - name: ensure AdGuard Home is running + systemd: + name: adguardhome + state: started + become: "{{ adguardhome_become }}" + become_user: "{{ adguardhome_become_user }}"