samsapti/pi-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Make WireGuard peers use Pi-hole for DNS

Browse source
This commit is contained in:
Sam A. 2023-05-30 19:07:08 +02:00
parent 55d48d27d9
commit 77f03fe531
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 21 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/docker_services/defaults/main.yml
View file

@ -6,6 +6,7 @@ base_volume: "{{ hdd_mount_point }}/apps"
services: services:
caddy: caddy:
volume: "{{ base_volume }}/caddy" volume: "{{ base_volume }}/caddy"
docker_ipv4: 172.16.3.2
version: 2-alpine version: 2-alpine
postfix: postfix:
@ -34,6 +35,7 @@ services:
pihole: pihole:
volume: "{{ base_volume }}/pi-hole" volume: "{{ base_volume }}/pi-hole"
docker_ipv4: 172.18.3.2
version: 2023.05.1 version: 2023.05.1
unbound_version: latest unbound_version: latest

8
roles/docker_services/tasks/services.yml
View file

@ -8,6 +8,14 @@
gateway: 172.16.0.1 gateway: 172.16.0.1
state: present state: present
- name: Create Docker network for Pi-hole and WireGuard
community.docker.docker_network:
name: pihole_wireguard
ipam_config:
- subnet: 172.18.0.0/16
gateway: 172.18.0.1
state: present
- name: Create base directory for Docker volumes - name: Create base directory for Docker volumes
ansible.builtin.file: ansible.builtin.file:
name: "{{ base_volume }}" name: "{{ base_volume }}"

2
roles/docker_services/tasks/services/nextcloud.yml
View file

@ -76,7 +76,7 @@
SMTP_AUTHTYPE: PLAIN SMTP_AUTHTYPE: PLAIN
SMTP_HOST: postfix SMTP_HOST: postfix
SMTP_PORT: 587 SMTP_PORT: 587
TRUSTED_PROXIES: 172.16.3.2 TRUSTED_PROXIES: "{{ services.caddy.docker_ipv4 }}"
OVERWRITEHOST: "{{ services.nextcloud.domain }}" OVERWRITEHOST: "{{ services.nextcloud.domain }}"
OVERWRITEPROTOCOL: https OVERWRITEPROTOCOL: https
OVERWRITECLIURL: https://{{ services.nextcloud.domain }} OVERWRITECLIURL: https://{{ services.nextcloud.domain }}

8
roles/docker_services/tasks/services/pihole.yml
View file

@ -54,6 +54,10 @@
PIHOLE_DNS_: unbound PIHOLE_DNS_: unbound
WEBPASSWORD: "{{ secrets.pihole.web_pw }}" WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
TZ: "{{ timezone }}" TZ: "{{ timezone }}"
networks:
default:
pihole_wireguard:
ipv4_address: "{{ services.pihole.docker_ipv4 }}"
volumes: volumes:
- "{{ services.pihole.volume }}/pihole:/etc/pihole:rw" - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
- "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw" - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
@ -69,3 +73,7 @@
restart: always restart: always
volumes: volumes:
- "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro" - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
networks:
pihole_wireguard:
external: true

9
roles/docker_services/tasks/services/wireguard.yml
View file

@ -7,11 +7,6 @@
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
- name: Create Docker network for Wireguard
community.docker.docker_network:
name: wireguard
state: present
- name: Deploy Wireguard Docker container - name: Deploy Wireguard Docker container
community.docker.docker_container: community.docker.docker_container:
name: wireguard name: wireguard
@ -21,12 +16,12 @@
restart_policy: always restart_policy: always
default_host_ip: '' default_host_ip: ''
networks: networks:
- name: wireguard - name: pihole_wireguard
env: env:
SERVERURL: "{{ services.wireguard.domain }}" SERVERURL: "{{ services.wireguard.domain }}"
SERVERPORT: '51820' SERVERPORT: '51820'
PEERS: "{{ secrets.wireguard.peers }}" PEERS: "{{ secrets.wireguard.peers }}"
PEERDNS: auto PEERDNS: "{{ services.pihole.docker_ipv4 }}"
TZ: "{{ timezone }}" TZ: "{{ timezone }}"
volumes: volumes:
- "{{ services.wireguard.volume }}:/config:rw" - "{{ services.wireguard.volume }}:/config:rw"