Pihole and Dnscrypt Proxy Setup is done

2019-03-13 22:55:06 +05:30 · 2019-03-13 22:55:06 +05:30 · 4fe34b183a
parent 16a5a26123
commit 4fe34b183a
5 changed files with 81 additions and 51 deletions
--- a/.terraform-version
+++ b/.terraform-version
@ -1 +1 @@
-0.11.12-beta1
+0.11.12
--- a/dnscrypt-proxy.tf
+++ b/dnscrypt-proxy.tf
@ -1,15 +1,29 @@
+// This is a completely isolated container
+// used by pihole
 module "dnscrypt" {
  name   = "dnscrypt-proxy"
  source = "modules/container"

  image = "mattbodholdt/dnscrypt-proxy"

-  ports = [{
-    internal = "53"
-    external = "553"
-    ip       = "192.168.1.111"
-    protocol = "udp"
+  restart = "always"
+
+  networks_advanced = [{
+    name         = "dns"
+    aliases      = ["dnscrypt", "dnscrypt-proxy"]
+    ipv4_address = "172.30.0.2"
  }]

  dns = ["127.0.0.1"]
 }
+
+resource "docker_network" "dns" {
+  name     = "dns"
+  internal = false
+
+  // 172.20.0.12 - 172.20.0.15
+  ipam_config {
+    subnet  = "172.30.0.0/29"
+    gateway = "172.30.0.1"
+  }
+}
--- a/modules/container/main.tf
+++ b/modules/container/main.tf
@ -29,6 +29,8 @@ resource "docker_container" "container" {
  // service is exposed to the web
  networks = ["${concat(var.networks,compact(split(",",lookup(var.web, "expose", "false") == "false" ? "" :"${data.docker_network.traefik.id}")))}"]

+  networks_advanced = ["${var.networks_advanced}"]
+
  memory      = "${local.resource["memory"]}"
  memory_swap = "${local.resource["memory_swap"]}"

--- a/modules/container/vars.tf
+++ b/modules/container/vars.tf
@ -12,6 +12,12 @@ variable "ports" {
  default     = []
 }

+variable "networks_advanced" {
+  description = "list of networks_advanced"
+  type        = "list"
+  default     = []
+}
+
 variable "networks" {
  description = "list of networks"
  type        = "list"
--- a/pihole.tf
+++ b/pihole.tf
@ -1,46 +1,54 @@
-# module "pihole" {
-#   name   = "pihole"
-#   source = "modules/container"
-#   web {
-#     expose = true
-#     port   = "80"
-#     host   = "dns.in.${var.root-domain}"
-#   }
-#   image = "pihole/pihole"
-#   ports = [{
-#     internal = "53"
-#     external = "53"
-#     ip       = "192.168.1.111"
-#     protocol = "udp"
-#   }]
-#   env = [
-#     "ServerIP=192.168.1.111",
-#     "WEBPASSWORD=${var.pihole_password}",
-#     "DNS1=192.168.1.1:53",
-#     "DNS2=no",
-#     "VIRTUAL_HOST=dns.in.${var.root-domain}",
-#   ]
-#   ports = [{
-#     internal = "53"
-#     external = "53"
-#     ip       = "192.168.1.111"
-#     protocol = "udp"
-#   }]
-#   volumes = [
-#     {
-#       host_path      = "/mnt/xwing/config/pihole"
-#       container_path = "/etc/pihole"
-#     },
-#     {
-#       host_path      = "/mnt/xwing/config/pihole/dnsmasq"
-#       container_path = "/etc/pihole/dnsmasq.d"
-#     },
-#   ]
-#   # networks     = []
-#   # network_mode = "host"
-#   capabilities = [{
-#     add = ["NET_ADMIN"]
-#   }]
-#   dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
-# }
+module "pihole" {
+  name   = "pihole"
+  source = "modules/container"

+  web {
+    expose = true
+    port   = "80"
+    host   = "dns.in.${var.root-domain}"
+  }
+
+  restart = "always"
+
+  image = "pihole/pihole"
+
+  ports = [{
+    internal = "53"
+    external = "53"
+    ip       = "192.168.1.111"
+    protocol = "udp"
+  }]
+
+  env = [
+    "ServerIP=192.168.1.111",
+    "WEBPASSWORD=${var.pihole_password}",
+    "DNS1=172.30.0.2",
+    "DNS2=no",
+    "VIRTUAL_HOST=dns.in.${var.root-domain}",
+  ]
+
+  volumes = [
+    {
+      host_path      = "/mnt/xwing/config/pihole"
+      container_path = "/etc/pihole"
+    },
+    {
+      host_path      = "/mnt/xwing/config/pihole-dnsmasq.d"
+      container_path = "/etc/dnsmasq.d"
+    },
+  ]
+
+  networks_advanced = [{
+    name = "dns"
+  },
+    {
+      name = "traefik"
+    },
+  ]
+
+  capabilities = [{
+    add = ["NET_ADMIN"]
+  }]
+
+  dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
+}