From 77f03fe53134255feca228146fdfac7b85850ca6 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Tue, 30 May 2023 19:07:08 +0200 Subject: [PATCH] Make WireGuard peers use Pi-hole for DNS --- roles/docker_services/defaults/main.yml | 2 ++ roles/docker_services/tasks/services.yml | 8 ++++++++ roles/docker_services/tasks/services/nextcloud.yml | 2 +- roles/docker_services/tasks/services/pihole.yml | 8 ++++++++ roles/docker_services/tasks/services/wireguard.yml | 9 ++------- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml index 1ff68dd..7024c26 100644 --- a/roles/docker_services/defaults/main.yml +++ b/roles/docker_services/defaults/main.yml @@ -6,6 +6,7 @@ base_volume: "{{ hdd_mount_point }}/apps" services: caddy: volume: "{{ base_volume }}/caddy" + docker_ipv4: 172.16.3.2 version: 2-alpine postfix: @@ -34,6 +35,7 @@ services: pihole: volume: "{{ base_volume }}/pi-hole" + docker_ipv4: 172.18.3.2 version: 2023.05.1 unbound_version: latest diff --git a/roles/docker_services/tasks/services.yml b/roles/docker_services/tasks/services.yml index 58d45d8..df27bc3 100644 --- a/roles/docker_services/tasks/services.yml +++ b/roles/docker_services/tasks/services.yml @@ -8,6 +8,14 @@ gateway: 172.16.0.1 state: present +- name: Create Docker network for Pi-hole and WireGuard + community.docker.docker_network: + name: pihole_wireguard + ipam_config: + - subnet: 172.18.0.0/16 + gateway: 172.18.0.1 + state: present + - name: Create base directory for Docker volumes ansible.builtin.file: name: "{{ base_volume }}" diff --git a/roles/docker_services/tasks/services/nextcloud.yml b/roles/docker_services/tasks/services/nextcloud.yml index 2e8f35b..8871df2 100644 --- a/roles/docker_services/tasks/services/nextcloud.yml +++ b/roles/docker_services/tasks/services/nextcloud.yml @@ -76,7 +76,7 @@ SMTP_AUTHTYPE: PLAIN SMTP_HOST: postfix SMTP_PORT: 587 - TRUSTED_PROXIES: 172.16.3.2 + TRUSTED_PROXIES: "{{ services.caddy.docker_ipv4 }}" OVERWRITEHOST: "{{ services.nextcloud.domain }}" OVERWRITEPROTOCOL: https OVERWRITECLIURL: https://{{ services.nextcloud.domain }} diff --git a/roles/docker_services/tasks/services/pihole.yml b/roles/docker_services/tasks/services/pihole.yml index 15b542c..c4c234b 100644 --- a/roles/docker_services/tasks/services/pihole.yml +++ b/roles/docker_services/tasks/services/pihole.yml @@ -54,6 +54,10 @@ PIHOLE_DNS_: unbound WEBPASSWORD: "{{ secrets.pihole.web_pw }}" TZ: "{{ timezone }}" + networks: + default: + pihole_wireguard: + ipv4_address: "{{ services.pihole.docker_ipv4 }}" volumes: - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw" - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw" @@ -69,3 +73,7 @@ restart: always volumes: - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro" + + networks: + pihole_wireguard: + external: true diff --git a/roles/docker_services/tasks/services/wireguard.yml b/roles/docker_services/tasks/services/wireguard.yml index d5a9563..d5e2d81 100644 --- a/roles/docker_services/tasks/services/wireguard.yml +++ b/roles/docker_services/tasks/services/wireguard.yml @@ -7,11 +7,6 @@ mode: u=rwx,g=rx,o=rx state: directory -- name: Create Docker network for Wireguard - community.docker.docker_network: - name: wireguard - state: present - - name: Deploy Wireguard Docker container community.docker.docker_container: name: wireguard @@ -21,12 +16,12 @@ restart_policy: always default_host_ip: '' networks: - - name: wireguard + - name: pihole_wireguard env: SERVERURL: "{{ services.wireguard.domain }}" SERVERPORT: '51820' PEERS: "{{ secrets.wireguard.peers }}" - PEERDNS: auto + PEERDNS: "{{ services.pihole.docker_ipv4 }}" TZ: "{{ timezone }}" volumes: - "{{ services.wireguard.volume }}:/config:rw"