Adds dnscrypt-proxy and pihole

pihole commented for now

dnscrypt-proxy.tf

@@ -0,0 +1,15 @@
+module "dnscrypt" {
+  name   = "dnscrypt-proxy"
+  source = "modules/container"
+
+  image = "mattbodholdt/dnscrypt-proxy"
+
+  ports = [{
+    internal = "53"
+    external = "553"
+    ip       = "192.168.1.111"
+    protocol = "udp"
+  }]
+
+  dns = ["127.0.0.1"]
+}

media/radarr.tf

@@ -5,6 +5,10 @@ module "radarr" {
 
   networks = "${list(docker_network.media.id, data.docker_network.bridge.id)}"
 
+  // TODO: Create a new separate network for DNS
+  // and use that instead
+  dns = ["192.168.1.111"]
+
   web {
     expose = true
     port   = 7878

modules/container/main.tf

@@ -21,7 +21,9 @@ resource "docker_container" "container" {
   entrypoint = "${var.entrypoint}"
   user       = "${var.user}"
 
-  network_mode = "bridge"
+  network_mode = "${var.network_mode}"
+
+  capabilities = ["${var.capabilities}"]
 
   // Only attach the traefik network if
   // service is exposed to the web
@@ -33,6 +35,8 @@ resource "docker_container" "container" {
   volumes = ["${var.volumes}"]
   devices = ["${var.devices}"]
 
+  dns = ["${var.dns}"]
+
   # Look at this monstrosity
   # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
   # for why this is needed

modules/container/vars.tf

@@ -77,6 +77,10 @@ variable "auth_header" {
   default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
 }
 
+variable "network_mode" {
+  default = "bridge"
+}
+
 variable "resource" {
   description = "Resource usage for the container"
 
@@ -89,8 +93,20 @@ variable "volumes" {
   default     = []
 }
 
-variable "devices" {
-  description = "volumes"
+variable "capabilities" {
+  description = "capabilities"
+  type        = "list"
+  default     = []
+}
+
+variable "devices" {
+  description = "devices"
+  type        = "list"
+  default     = []
+}
+
+variable "dns" {
+  description = "dns"
   type        = "list"
   default     = []
 }

pihole.tf

@@ -0,0 +1,46 @@
+# module "pihole" {
+#   name   = "pihole"
+#   source = "modules/container"
+#   web {
+#     expose = true
+#     port   = "80"
+#     host   = "dns.in.${var.root-domain}"
+#   }
+#   image = "pihole/pihole"
+#   ports = [{
+#     internal = "53"
+#     external = "53"
+#     ip       = "192.168.1.111"
+#     protocol = "udp"
+#   }]
+#   env = [
+#     "ServerIP=192.168.1.111",
+#     "WEBPASSWORD=${var.pihole_password}",
+#     "DNS1=192.168.1.1:53",
+#     "DNS2=no",
+#     "VIRTUAL_HOST=dns.in.${var.root-domain}",
+#   ]
+#   ports = [{
+#     internal = "53"
+#     external = "53"
+#     ip       = "192.168.1.111"
+#     protocol = "udp"
+#   }]
+#   volumes = [
+#     {
+#       host_path      = "/mnt/xwing/config/pihole"
+#       container_path = "/etc/pihole"
+#     },
+#     {
+#       host_path      = "/mnt/xwing/config/pihole/dnsmasq"
+#       container_path = "/etc/pihole/dnsmasq.d"
+#     },
+#   ]
+#   # networks     = []
+#   # network_mode = "host"
+#   capabilities = [{
+#     add = ["NET_ADMIN"]
+#   }]
+#   dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"]
+# }
+

variables.tf

@@ -95,3 +95,4 @@ variable "outline_slack_app_id" {}
 variable "outline_slack_verification_token" {}
 
 variable "syncserver_secret" {}
+variable "pihole_password" {}