Make WireGuard peers use Pi-hole for DNS

2023-05-30 19:07:08 +02:00 · 2023-05-30 19:07:08 +02:00 · 77f03fe531
parent 55d48d27d9
commit 77f03fe531
5 changed files with 21 additions and 8 deletions
--- a/roles/docker_services/defaults/main.yml
+++ b/roles/docker_services/defaults/main.yml
@ -6,6 +6,7 @@ base_volume: "{{ hdd_mount_point }}/apps"
 services:
  caddy:
    volume: "{{ base_volume }}/caddy"
+    docker_ipv4: 172.16.3.2
    version: 2-alpine

  postfix:
@ -34,6 +35,7 @@ services:

  pihole:
    volume: "{{ base_volume }}/pi-hole"
+    docker_ipv4: 172.18.3.2
    version: 2023.05.1
    unbound_version: latest

--- a/roles/docker_services/tasks/services.yml
+++ b/roles/docker_services/tasks/services.yml
@ -8,6 +8,14 @@
        gateway: 172.16.0.1
    state: present

+- name: Create Docker network for Pi-hole and WireGuard
+  community.docker.docker_network:
+    name: pihole_wireguard
+    ipam_config:
+      - subnet: 172.18.0.0/16
+        gateway: 172.18.0.1
+    state: present
+
 - name: Create base directory for Docker volumes
  ansible.builtin.file:
    name: "{{ base_volume }}"
--- a/roles/docker_services/tasks/services/nextcloud.yml
+++ b/roles/docker_services/tasks/services/nextcloud.yml
@ -76,7 +76,7 @@
            SMTP_AUTHTYPE: PLAIN
            SMTP_HOST: postfix
            SMTP_PORT: 587
-            TRUSTED_PROXIES: 172.16.3.2
+            TRUSTED_PROXIES: "{{ services.caddy.docker_ipv4 }}"
            OVERWRITEHOST: "{{ services.nextcloud.domain }}"
            OVERWRITEPROTOCOL: https
            OVERWRITECLIURL: https://{{ services.nextcloud.domain }}
--- a/roles/docker_services/tasks/services/pihole.yml
+++ b/roles/docker_services/tasks/services/pihole.yml
@ -54,6 +54,10 @@
            PIHOLE_DNS_: unbound
            WEBPASSWORD: "{{ secrets.pihole.web_pw }}"
            TZ: "{{ timezone }}"
+          networks:
+            default:
+            pihole_wireguard:
+              ipv4_address: "{{ services.pihole.docker_ipv4 }}"
          volumes:
            - "{{ services.pihole.volume }}/pihole:/etc/pihole:rw"
            - "{{ services.pihole.volume }}/dnsmasq.d:/etc/dnsmasq.d:rw"
@ -69,3 +73,7 @@
          restart: always
          volumes:
            - "{{ services.pihole.volume }}/unbound/forward-records.conf:/opt/unbound/etc/unbound/forward-records.conf:ro"
+
+      networks:
+        pihole_wireguard:
+          external: true
--- a/roles/docker_services/tasks/services/wireguard.yml
+++ b/roles/docker_services/tasks/services/wireguard.yml
@ -7,11 +7,6 @@
    mode: u=rwx,g=rx,o=rx
    state: directory

- name: Create Docker network for Wireguard
-  community.docker.docker_network:
-    name: wireguard
-    state: present
-
 - name: Deploy Wireguard Docker container
  community.docker.docker_container:
    name: wireguard
@ -21,12 +16,12 @@
    restart_policy: always
    default_host_ip: ''
    networks:
-      - name: wireguard
+      - name: pihole_wireguard
    env:
      SERVERURL: "{{ services.wireguard.domain }}"
      SERVERPORT: '51820'
      PEERS: "{{ secrets.wireguard.peers }}"
-      PEERDNS: auto
+      PEERDNS: "{{ services.pihole.docker_ipv4 }}"
      TZ: "{{ timezone }}"
    volumes:
      - "{{ services.wireguard.volume }}:/config:rw"