From ae985e01a73e7fd60d6eb39700d1a125b0615250 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sat, 16 Feb 2019 15:42:07 +0530 Subject: [PATCH] Adds dnscrypt-proxy and pihole pihole commented for now --- dnscrypt-proxy.tf | 15 +++++++++++++ media/radarr.tf | 4 ++++ modules/container/main.tf | 6 ++++- modules/container/vars.tf | 20 +++++++++++++++-- pihole.tf | 46 +++++++++++++++++++++++++++++++++++++++ variables.tf | 1 + 6 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 dnscrypt-proxy.tf create mode 100644 pihole.tf diff --git a/dnscrypt-proxy.tf b/dnscrypt-proxy.tf new file mode 100644 index 0000000..9adb931 --- /dev/null +++ b/dnscrypt-proxy.tf @@ -0,0 +1,15 @@ +module "dnscrypt" { + name = "dnscrypt-proxy" + source = "modules/container" + + image = "mattbodholdt/dnscrypt-proxy" + + ports = [{ + internal = "53" + external = "553" + ip = "192.168.1.111" + protocol = "udp" + }] + + dns = ["127.0.0.1"] +} diff --git a/media/radarr.tf b/media/radarr.tf index d7b7095..0b0e6e1 100644 --- a/media/radarr.tf +++ b/media/radarr.tf @@ -5,6 +5,10 @@ module "radarr" { networks = "${list(docker_network.media.id, data.docker_network.bridge.id)}" + // TODO: Create a new separate network for DNS + // and use that instead + dns = ["192.168.1.111"] + web { expose = true port = 7878 diff --git a/modules/container/main.tf b/modules/container/main.tf index 248bb55..8a58119 100644 --- a/modules/container/main.tf +++ b/modules/container/main.tf @@ -21,7 +21,9 @@ resource "docker_container" "container" { entrypoint = "${var.entrypoint}" user = "${var.user}" - network_mode = "bridge" + network_mode = "${var.network_mode}" + + capabilities = ["${var.capabilities}"] // Only attach the traefik network if // service is exposed to the web @@ -33,6 +35,8 @@ resource "docker_container" "container" { volumes = ["${var.volumes}"] devices = ["${var.devices}"] + dns = ["${var.dns}"] + # Look at this monstrosity # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618 # for why this is needed diff --git a/modules/container/vars.tf b/modules/container/vars.tf index b77fda6..283a9d1 100644 --- a/modules/container/vars.tf +++ b/modules/container/vars.tf @@ -77,6 +77,10 @@ variable "auth_header" { default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy" } +variable "network_mode" { + default = "bridge" +} + variable "resource" { description = "Resource usage for the container" @@ -89,8 +93,20 @@ variable "volumes" { default = [] } -variable "devices" { - description = "volumes" +variable "capabilities" { + description = "capabilities" + type = "list" + default = [] +} + +variable "devices" { + description = "devices" + type = "list" + default = [] +} + +variable "dns" { + description = "dns" type = "list" default = [] } diff --git a/pihole.tf b/pihole.tf new file mode 100644 index 0000000..2df7c74 --- /dev/null +++ b/pihole.tf @@ -0,0 +1,46 @@ +# module "pihole" { +# name = "pihole" +# source = "modules/container" +# web { +# expose = true +# port = "80" +# host = "dns.in.${var.root-domain}" +# } +# image = "pihole/pihole" +# ports = [{ +# internal = "53" +# external = "53" +# ip = "192.168.1.111" +# protocol = "udp" +# }] +# env = [ +# "ServerIP=192.168.1.111", +# "WEBPASSWORD=${var.pihole_password}", +# "DNS1=192.168.1.1:53", +# "DNS2=no", +# "VIRTUAL_HOST=dns.in.${var.root-domain}", +# ] +# ports = [{ +# internal = "53" +# external = "53" +# ip = "192.168.1.111" +# protocol = "udp" +# }] +# volumes = [ +# { +# host_path = "/mnt/xwing/config/pihole" +# container_path = "/etc/pihole" +# }, +# { +# host_path = "/mnt/xwing/config/pihole/dnsmasq" +# container_path = "/etc/pihole/dnsmasq.d" +# }, +# ] +# # networks = [] +# # network_mode = "host" +# capabilities = [{ +# add = ["NET_ADMIN"] +# }] +# dns = ["127.0.0.1", "9.9.9.9", "1.1.1.1"] +# } + diff --git a/variables.tf b/variables.tf index 7a4dce8..16d8053 100644 --- a/variables.tf +++ b/variables.tf @@ -95,3 +95,4 @@ variable "outline_slack_app_id" {} variable "outline_slack_verification_token" {} variable "syncserver_secret" {} +variable "pihole_password" {}