diff --git a/.terraform-version b/.terraform-version index e6adeaa..bd0119f 100644 --- a/.terraform-version +++ b/.terraform-version @@ -1 +1 @@ -0.11.12-beta1 +0.11.12 diff --git a/dnscrypt-proxy.tf b/dnscrypt-proxy.tf index 9adb931..1b2e466 100644 --- a/dnscrypt-proxy.tf +++ b/dnscrypt-proxy.tf @@ -1,15 +1,29 @@ +// This is a completely isolated container +// used by pihole module "dnscrypt" { name = "dnscrypt-proxy" source = "modules/container" image = "mattbodholdt/dnscrypt-proxy" - ports = [{ - internal = "53" - external = "553" - ip = "192.168.1.111" - protocol = "udp" + restart = "always" + + networks_advanced = [{ + name = "dns" + aliases = ["dnscrypt", "dnscrypt-proxy"] + ipv4_address = "172.30.0.2" }] dns = ["127.0.0.1"] } + +resource "docker_network" "dns" { + name = "dns" + internal = false + + // 172.20.0.12 - 172.20.0.15 + ipam_config { + subnet = "172.30.0.0/29" + gateway = "172.30.0.1" + } +} diff --git a/modules/container/main.tf b/modules/container/main.tf index 8a58119..32fee8b 100644 --- a/modules/container/main.tf +++ b/modules/container/main.tf @@ -29,6 +29,8 @@ resource "docker_container" "container" { // service is exposed to the web networks = ["${concat(var.networks,compact(split(",",lookup(var.web, "expose", "false") == "false" ? "" :"${data.docker_network.traefik.id}")))}"] + networks_advanced = ["${var.networks_advanced}"] + memory = "${local.resource["memory"]}" memory_swap = "${local.resource["memory_swap"]}" diff --git a/modules/container/vars.tf b/modules/container/vars.tf index 283a9d1..09e9813 100644 --- a/modules/container/vars.tf +++ b/modules/container/vars.tf @@ -12,6 +12,12 @@ variable "ports" { default = [] } +variable "networks_advanced" { + description = "list of networks_advanced" + type = "list" + default = [] +} + variable "networks" { description = "list of networks" type = "list" diff --git a/pihole.tf b/pihole.tf index 2df7c74..787c94c 100644 --- a/pihole.tf +++ b/pihole.tf @@ -1,46 +1,54 @@ -# module "pihole" { -# name = "pihole" -# source = "modules/container" -# web { -# expose = true -# port = "80" -# host = "dns.in.${var.root-domain}" -# } -# image = "pihole/pihole" -# ports = [{ -# internal = "53" -# external = "53" -# ip = "192.168.1.111" -# protocol = "udp" -# }] -# env = [ -# "ServerIP=192.168.1.111", -# "WEBPASSWORD=${var.pihole_password}", -# "DNS1=192.168.1.1:53", -# "DNS2=no", -# "VIRTUAL_HOST=dns.in.${var.root-domain}", -# ] -# ports = [{ -# internal = "53" -# external = "53" -# ip = "192.168.1.111" -# protocol = "udp" -# }] -# volumes = [ -# { -# host_path = "/mnt/xwing/config/pihole" -# container_path = "/etc/pihole" -# }, -# { -# host_path = "/mnt/xwing/config/pihole/dnsmasq" -# container_path = "/etc/pihole/dnsmasq.d" -# }, -# ] -# # networks = [] -# # network_mode = "host" -# capabilities = [{ -# add = ["NET_ADMIN"] -# }] -# dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"] -# } +module "pihole" { + name = "pihole" + source = "modules/container" + web { + expose = true + port = "80" + host = "dns.in.${var.root-domain}" + } + + restart = "always" + + image = "pihole/pihole" + + ports = [{ + internal = "53" + external = "53" + ip = "192.168.1.111" + protocol = "udp" + }] + + env = [ + "ServerIP=192.168.1.111", + "WEBPASSWORD=${var.pihole_password}", + "DNS1=172.30.0.2", + "DNS2=no", + "VIRTUAL_HOST=dns.in.${var.root-domain}", + ] + + volumes = [ + { + host_path = "/mnt/xwing/config/pihole" + container_path = "/etc/pihole" + }, + { + host_path = "/mnt/xwing/config/pihole-dnsmasq.d" + container_path = "/etc/dnsmasq.d" + }, + ] + + networks_advanced = [{ + name = "dns" + }, + { + name = "traefik" + }, + ] + + capabilities = [{ + add = ["NET_ADMIN"] + }] + + dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"] +}