---
- name: ensure pihole docker/compose exist
  file:
    path: /etc/docker/compose/pihole
    state: directory
    owner: root
    group: root
    mode: 0700

- name: build pihole docker-compose.yml.j2
  template:
    src: ../templates/docker-compose.yml.j2
    dest: /etc/docker/compose/pihole/docker-compose.yml
    owner: root
    group: root
    mode: u=rw,g=r,o=r

- name: daemon-reload and enable pihole
  ansible.builtin.systemd_service:
    state: restarted
    enabled: true
    name: docker-compose@pihole

- name: allow dns queries in vpn/tcp
  ufw:
    rule: allow
    from: '100.64.0.0/10'
    port: '53'
    proto: 'tcp'

- name: allow dns queries in vpn/udp
  ufw:
    rule: allow
    from: '100.64.0.0/10'
    port: '53'
    proto: 'udp'