From ae985e01a73e7fd60d6eb39700d1a125b0615250 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sat, 16 Feb 2019 15:42:07 +0530
Subject: [PATCH] Adds dnscrypt-proxy and pihole
pihole commented for now
---
dnscrypt-proxy.tf | 15 +++++++++++++++
pihole.tf | 46 ++++++++++++++++++++++++++++++++++++++++++++++
variables.tf | 1 +
media/radarr.tf | 4 ++++
modules/container/main.tf | 6 +++++-
modules/container/vars.tf | 18 ++++++++++++++++++
6 files changed, 88 insertions(+), 2 deletions(-)
diff --git a/dnscrypt-proxy.tf b/dnscrypt-proxy.tf
new file mode 100644
index 0000000..9adb931 100644
--- /dev/null
+++ a/dnscrypt-proxy.tf
@@ -1,0 +1,15 @@
+module "dnscrypt" {
+ name = "dnscrypt-proxy"
+ source = "modules/container"
+
+ image = "mattbodholdt/dnscrypt-proxy"
+
+ ports = [{
+ internal = "53"
+ external = "553"
+ ip = "192.168.1.111"
+ protocol = "udp"
+ }]
+
+ dns = ["127.0.0.1"]
+}
diff --git a/pihole.tf b/pihole.tf
new file mode 100644
index 0000000..2df7c74 100644
--- /dev/null
+++ a/pihole.tf
@@ -1,0 +1,46 @@
+# module "pihole" {
+# name = "pihole"
+# source = "modules/container"
+# web {
+# expose = true
+# port = "80"
+# host = "dns.in.${var.root-domain}"
+# }
+# image = "pihole/pihole"
+# ports = [{
+# internal = "53"
+# external = "53"
+# ip = "192.168.1.111"
+# protocol = "udp"
+# }]
+# env = [
+# "ServerIP=192.168.1.111",
+# "WEBPASSWORD=${var.pihole_password}",
+# "DNS1=192.168.1.1:53",
+# "DNS2=no",
+# "VIRTUAL_HOST=dns.in.${var.root-domain}",
+# ]
+# ports = [{
+# internal = "53"
+# external = "53"
+# ip = "192.168.1.111"
+# protocol = "udp"
+# }]
+# volumes = [
+# {
+# host_path = "/mnt/xwing/config/pihole"
+# container_path = "/etc/pihole"
+# },
+# {
+# host_path = "/mnt/xwing/config/pihole/dnsmasq"
+# container_path = "/etc/pihole/dnsmasq.d"
+# },
+# ]
+# # networks = []
+# # network_mode = "host"
+# capabilities = [{
+# add = ["NET_ADMIN"]
+# }]
+# dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
+# }
+
diff --git a/variables.tf b/variables.tf
index 7a4dce8..16d8053 100644
--- a/variables.tf
+++ a/variables.tf
@@ -95,3 +95,4 @@
variable "outline_slack_verification_token" {}
variable "syncserver_secret" {}
+variable "pihole_password" {}
diff --git a/media/radarr.tf b/media/radarr.tf
index d7b7095..0b0e6e1 100644
--- a/media/radarr.tf
+++ a/media/radarr.tf
@@ -5,6 +5,10 @@
networks = "${list(docker_network.media.id, data.docker_network.bridge.id)}"
+ // TODO: Create a new separate network for DNS
+ // and use that instead
+ dns = ["192.168.1.111"]
+
web {
expose = true
port = 7878
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 248bb55..8a58119 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -21,8 +21,10 @@
entrypoint = "${var.entrypoint}"
user = "${var.user}"
- network_mode = "bridge"
+ network_mode = "${var.network_mode}"
+ capabilities = ["${var.capabilities}"]
+
// Only attach the traefik network if
// service is exposed to the web
networks = ["${concat(var.networks,compact(split(",",lookup(var.web, "expose", "false") == "false" ? "" :"${data.docker_network.traefik.id}")))}"]
@@ -32,6 +34,8 @@
volumes = ["${var.volumes}"]
devices = ["${var.devices}"]
+
+ dns = ["${var.dns}"]
# Look at this monstrosity
# And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index b77fda6..283a9d1 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -77,6 +77,10 @@
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
}
+variable "network_mode" {
+ default = "bridge"
+}
+
variable "resource" {
description = "Resource usage for the container"
@@ -85,12 +89,24 @@
variable "volumes" {
description = "volumes"
+ type = "list"
+ default = []
+}
+
+variable "capabilities" {
+ description = "capabilities"
type = "list"
default = []
}
variable "devices" {
- description = "volumes"
+ description = "devices"
+ type = "list"
+ default = []
+}
+
+variable "dns" {
+ description = "dns"
type = "list"
default = []
}
--
rgit 0.1.5