Make WireGuard peers use Pi-hole for DNS

This commit is contained in:
Sam A. 2023-05-30 19:07:08 +02:00
parent 55d48d27d9
commit 77f03fe531
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 21 additions and 8 deletions

View file

@ -6,6 +6,7 @@ base_volume: "{{ hdd_mount_point }}/apps"
services:
caddy:
volume: "{{ base_volume }}/caddy"
docker_ipv4: 172.16.3.2
version: 2-alpine
postfix:
@ -34,6 +35,7 @@ services:
pihole:
volume: "{{ base_volume }}/pi-hole"
docker_ipv4: 172.18.3.2
version: 2023.05.1
unbound_version: latest

View file

@ -8,6 +8,14 @@
gateway: 172.16.0.1
state: present
- name: Create Docker network for Pi-hole and WireGuard
community.docker.docker_network:
name: pihole_wireguard
ipam_config:
- subnet: 172.18.0.0/16
gateway: 172.18.0.1
state: present
- name: Create base directory for Docker volumes
ansible.builtin.file:
name: "{{ base_volume }}"

View file

@ -76,7 +76,7 @@
SMTP_AUTHTYPE: PLAIN
SMTP_HOST: postfix
SMTP_PORT: 587
TRUSTED_PROXIES: 172.16.3.2
TRUSTED_PROXIES: "{{ services.caddy.docker_ipv4 }}"
OVERWRITEHOST: "{{ services.nextcloud.domain }}"
OVERWRITEPROTOCOL: https
OVERWRITECLIURL: https://{{ services.nextcloud.domain }}

View file

@ -54,6 +54,10 @@
PIHOLE_DNS_: unbound
WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
TZ: "{{ timezone }}"
networks:
default:
pihole_wireguard:
ipv4_address: "{{ services.pihole.docker_ipv4 }}"
volumes:
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
@ -69,3 +73,7 @@
restart: always
volumes:
- "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
networks:
pihole_wireguard:
external: true

View file

@ -7,11 +7,6 @@
mode: u=rwx,g=rx,o=rx
state: directory
- name: Create Docker network for Wireguard
community.docker.docker_network:
name: wireguard
state: present
- name: Deploy Wireguard Docker container
community.docker.docker_container:
name: wireguard
@ -21,12 +16,12 @@
restart_policy: always
default_host_ip: ''
networks:
- name: wireguard
- name: pihole_wireguard
env:
SERVERURL: "{{ services.wireguard.domain }}"
SERVERPORT: '51820'
PEERS: "{{ secrets.wireguard.peers }}"
PEERDNS: auto
PEERDNS: "{{ services.pihole.docker_ipv4 }}"
TZ: "{{ timezone }}"
volumes:
- "{{ services.wireguard.volume }}:/config:rw"