From 4fe34b183a0a1ac85f30131bb07e8f5f43b2271f Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Wed, 13 Mar 2019 22:55:06 +0530
Subject: [PATCH] Pihole and Dnscrypt Proxy Setup is done

---
 .terraform-version        |  2 +-
 dnscrypt-proxy.tf         | 24 ++++++++++++++++++++++--
 pihole.tf                 | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------
 modules/container/main.tf |  2 ++
 modules/container/vars.tf |  6 ++++++
 5 files changed, 81 insertions(+), 51 deletions(-)

diff --git a/.terraform-version b/.terraform-version
index e6adeaa..bd0119f 100644
--- a/.terraform-version
+++ a/.terraform-version
@@ -1,1 +1,1 @@
-0.11.12-beta1
+0.11.12
diff --git a/dnscrypt-proxy.tf b/dnscrypt-proxy.tf
index 9adb931..1b2e466 100644
--- a/dnscrypt-proxy.tf
+++ a/dnscrypt-proxy.tf
@@ -1,15 +1,29 @@
+// This is a completely isolated container
+// used by pihole
 module "dnscrypt" {
   name   = "dnscrypt-proxy"
   source = "modules/container"
 
   image = "mattbodholdt/dnscrypt-proxy"
 
-  ports = [{
-    internal = "53"
-    external = "553"
-    ip       = "192.168.1.111"
-    protocol = "udp"
+  restart = "always"
+
+  networks_advanced = [{
+    name         = "dns"
+    aliases      = ["dnscrypt", "dnscrypt-proxy"]
+    ipv4_address = "172.30.0.2"
   }]
 
   dns = ["127.0.0.1"]
+}
+
+resource "docker_network" "dns" {
+  name     = "dns"
+  internal = false
+
+  // 172.20.0.12 - 172.20.0.15
+  ipam_config {
+    subnet  = "172.30.0.0/29"
+    gateway = "172.30.0.1"
+  }
 }
diff --git a/pihole.tf b/pihole.tf
index 2df7c74..787c94c 100644
--- a/pihole.tf
+++ a/pihole.tf
@@ -1,46 +1,54 @@
-# module "pihole" {
-#   name   = "pihole"
-#   source = "modules/container"
-#   web {
-#     expose = true
-#     port   = "80"
-#     host   = "dns.in.${var.root-domain}"
-#   }
-#   image = "pihole/pihole"
-#   ports = [{
-#     internal = "53"
-#     external = "53"
-#     ip       = "192.168.1.111"
-#     protocol = "udp"
-#   }]
-#   env = [
-#     "ServerIP=192.168.1.111",
-#     "WEBPASSWORD=${var.pihole_password}",
-#     "DNS1=192.168.1.1:53",
-#     "DNS2=no",
-#     "VIRTUAL_HOST=dns.in.${var.root-domain}",
-#   ]
-#   ports = [{
-#     internal = "53"
-#     external = "53"
-#     ip       = "192.168.1.111"
-#     protocol = "udp"
-#   }]
-#   volumes = [
-#     {
-#       host_path      = "/mnt/xwing/config/pihole"
-#       container_path = "/etc/pihole"
-#     },
-#     {
-#       host_path      = "/mnt/xwing/config/pihole/dnsmasq"
-#       container_path = "/etc/pihole/dnsmasq.d"
-#     },
-#   ]
-#   # networks     = []
-#   # network_mode = "host"
-#   capabilities = [{
-#     add = ["NET_ADMIN"]
-#   }]
-#   dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
-# }
+module "pihole" {
+  name   = "pihole"
+  source = "modules/container"
 
+  web {
+    expose = true
+    port   = "80"
+    host   = "dns.in.${var.root-domain}"
+  }
+
+  restart = "always"
+
+  image = "pihole/pihole"
+
+  ports = [{
+    internal = "53"
+    external = "53"
+    ip       = "192.168.1.111"
+    protocol = "udp"
+  }]
+
+  env = [
+    "ServerIP=192.168.1.111",
+    "WEBPASSWORD=${var.pihole_password}",
+    "DNS1=172.30.0.2",
+    "DNS2=no",
+    "VIRTUAL_HOST=dns.in.${var.root-domain}",
+  ]
+
+  volumes = [
+    {
+      host_path      = "/mnt/xwing/config/pihole"
+      container_path = "/etc/pihole"
+    },
+    {
+      host_path      = "/mnt/xwing/config/pihole-dnsmasq.d"
+      container_path = "/etc/dnsmasq.d"
+    },
+  ]
+
+  networks_advanced = [{
+    name = "dns"
+  },
+    {
+      name = "traefik"
+    },
+  ]
+
+  capabilities = [{
+    add = ["NET_ADMIN"]
+  }]
+
+  dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
+}
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 8a58119..32fee8b 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -29,6 +29,8 @@
   // service is exposed to the web
   networks = ["${concat(var.networks,compact(split(",",lookup(var.web, "expose", "false") == "false" ? "" :"${data.docker_network.traefik.id}")))}"]
 
+  networks_advanced = ["${var.networks_advanced}"]
+
   memory      = "${local.resource["memory"]}"
   memory_swap = "${local.resource["memory_swap"]}"
 
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 283a9d1..09e9813 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -12,6 +12,12 @@
   default     = []
 }
 
+variable "networks_advanced" {
+  description = "list of networks_advanced"
+  type        = "list"
+  default     = []
+}
+
 variable "networks" {
   description = "list of networks"
   type        = "list"
--
rgit 0.1.5