🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2019-03-13 22:55:06.0 +05:30:00
committer Nemo <me@captnemo.in> 2019-03-13 22:55:06.0 +05:30:00
commit 
4fe34b183a0a1ac85f30131bb07e8f5f43b2271f [patch]
tree 
731bdfa5a1db7da41b6dcb9c1145f83addb15fb8
parent 
16a5a26123a0612198b8379df7b00a9e4ed6df95
download 
4fe34b183a0a1ac85f30131bb07e8f5f43b2271f.tar.gz

Pihole and Dnscrypt Proxy Setup is done




Diff


 .terraform-version        |  2 +-
 dnscrypt-proxy.tf         | 24 ++++++++++++++++++++++--
 pihole.tf                 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------
 modules/container/main.tf |  2 ++
 modules/container/vars.tf |  6 ++++++
 5 files changed, 81 insertions(+), 51 deletions(-)

diff --git a/.terraform-version b/.terraform-version
index e6adeaa..bd0119f 100644
--- a/.terraform-version
+++ a/.terraform-version
@@ -1,1 +1,1 @@
0.11.12-beta1
0.11.12
diff --git a/dnscrypt-proxy.tf b/dnscrypt-proxy.tf
index 9adb931..1b2e466 100644
--- a/dnscrypt-proxy.tf
+++ a/dnscrypt-proxy.tf
@@ -1,15 +1,29 @@
// This is a completely isolated container
// used by pihole
module "dnscrypt" {

  name   = "dnscrypt-proxy"
  source = "modules/container"

  image = "mattbodholdt/dnscrypt-proxy"

  ports = [{

    internal = "53"
    external = "553"
    ip       = "192.168.1.111"
    protocol = "udp"
  restart = "always"

  networks_advanced = [{

    name         = "dns"
    aliases      = ["dnscrypt", "dnscrypt-proxy"]
    ipv4_address = "172.30.0.2"
  }]

  dns = ["127.0.0.1"]
}

resource "docker_network" "dns" {

  name     = "dns"
  internal = false

  // 172.20.0.12 - 172.20.0.15
  ipam_config {

    subnet  = "172.30.0.0/29"
    gateway = "172.30.0.1"
  }
}
diff --git a/pihole.tf b/pihole.tf
index 2df7c74..787c94c 100644
--- a/pihole.tf
+++ a/pihole.tf
@@ -1,46 +1,54 @@
# module "pihole" {
#   name   = "pihole"
#   source = "modules/container"
#   web {
#     expose = true
#     port   = "80"
#     host   = "dns.in.${var.root-domain}"
#   }
#   image = "pihole/pihole"
#   ports = [{
#     internal = "53"
#     external = "53"
#     ip       = "192.168.1.111"
#     protocol = "udp"
#   }]
#   env = [
#     "ServerIP=192.168.1.111",
#     "WEBPASSWORD=${var.pihole_password}",
#     "DNS1=192.168.1.1:53",
#     "DNS2=no",
#     "VIRTUAL_HOST=dns.in.${var.root-domain}",
#   ]
#   ports = [{
#     internal = "53"
#     external = "53"
#     ip       = "192.168.1.111"
#     protocol = "udp"
#   }]
#   volumes = [
#     {
#       host_path      = "/mnt/xwing/config/pihole"
#       container_path = "/etc/pihole"
#     },
#     {
#       host_path      = "/mnt/xwing/config/pihole/dnsmasq"
#       container_path = "/etc/pihole/dnsmasq.d"
#     },
#   ]
#   # networks     = []
#   # network_mode = "host"
#   capabilities = [{
#     add = ["NET_ADMIN"]
#   }]
#   dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
# }
module "pihole" {

  name   = "pihole"
  source = "modules/container"

  web {

    expose = true
    port   = "80"
    host   = "dns.in.${var.root-domain}"
  }

  restart = "always"

  image = "pihole/pihole"

  ports = [{

    internal = "53"
    external = "53"
    ip       = "192.168.1.111"
    protocol = "udp"
  }]

  env = [

    "ServerIP=192.168.1.111",
    "WEBPASSWORD=${var.pihole_password}",
    "DNS1=172.30.0.2",
    "DNS2=no",
    "VIRTUAL_HOST=dns.in.${var.root-domain}",
  ]

  volumes = [

    {
      host_path      = "/mnt/xwing/config/pihole"
      container_path = "/etc/pihole"
    },
    {
      host_path      = "/mnt/xwing/config/pihole-dnsmasq.d"
      container_path = "/etc/dnsmasq.d"
    },
  ]

  networks_advanced = [{

    name = "dns"
  },
    {
      name = "traefik"
    },
  ]

  capabilities = [{

    add = ["NET_ADMIN"]
  }]

  dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
}
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 8a58119..32fee8b 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -29,6 +29,8 @@
  // service is exposed to the web
  networks = ["${concat(var.networks,compact(split(",",lookup(var.web, "expose", "false") == "false" ? "" :"${data.docker_network.traefik.id}")))}"]

  networks_advanced = ["${var.networks_advanced}"]

  memory      = "${local.resource["memory"]}"
  memory_swap = "${local.resource["memory_swap"]}"

diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 283a9d1..09e9813 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -12,6 +12,12 @@
  default     = []
}

variable "networks_advanced" {

  description = "list of networks_advanced"
  type        = "list"
  default     = []
}

variable "networks" {

  description = "list of networks"
  type        = "list"