From 7ad5d6e51e1614c776255a7e68154e2132a8fb9d Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 14 Dec 2023 21:04:26 +0000 Subject: [PATCH] Deploy coredns as a proxy to Docker's internal DNS --- ansible/main.yml | 1 + ansible/roles/coredns/files/Corefile | 21 +++++++++++++++++++ .../roles/coredns/files/docker-compose.yml | 16 ++++++++++++++ ansible/roles/coredns/handlers/main.yml | 4 ++++ ansible/roles/coredns/tasks/main.yml | 17 +++++++++++++++ 5 files changed, 59 insertions(+) create mode 100644 ansible/roles/coredns/files/Corefile create mode 100644 ansible/roles/coredns/files/docker-compose.yml create mode 100644 ansible/roles/coredns/handlers/main.yml create mode 100644 ansible/roles/coredns/tasks/main.yml diff --git a/ansible/main.yml b/ansible/main.yml index 7943f92..c8fad9c 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -105,6 +105,7 @@ - commento - website - remark42 + - coredns - hosts: jellyfin roles: diff --git a/ansible/roles/coredns/files/Corefile b/ansible/roles/coredns/files/Corefile new file mode 100644 index 0000000..955265a --- /dev/null +++ b/ansible/roles/coredns/files/Corefile @@ -0,0 +1,21 @@ +. { + errors + cancel + + # Only allow requests to `.docker` records + view docker { + expr name() matches '^[a-zA-Z0-9-_]+\\.docker\\.$' + } + + # Strip the `.docker` suffix + rewrite name suffix .docker . answer auto + + # Forward requests to Docker's DNS server + forward . 127.0.0.11 +} + +. { + acl { + block + } +} diff --git a/ansible/roles/coredns/files/docker-compose.yml b/ansible/roles/coredns/files/docker-compose.yml new file mode 100644 index 0000000..0dcad71 --- /dev/null +++ b/ansible/roles/coredns/files/docker-compose.yml @@ -0,0 +1,16 @@ +version: "2.3" + +services: + coredns: + image: coredns/coredns:latest + volumes: + - ./Corefile:/home/nonroot/Corefile:ro + ports: + - "{{ private_ip }}:5353:53/udp" + networks: + - default + - traefik + +networks: + traefik: + external: true diff --git a/ansible/roles/coredns/handlers/main.yml b/ansible/roles/coredns/handlers/main.yml new file mode 100644 index 0000000..9277b60 --- /dev/null +++ b/ansible/roles/coredns/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart coredns + shell: + chdir: /opt/coredns + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/coredns/tasks/main.yml b/ansible/roles/coredns/tasks/main.yml new file mode 100644 index 0000000..8c011ba --- /dev/null +++ b/ansible/roles/coredns/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Create install directory + file: + path: /opt/coredns + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/coredns/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart coredns + become: true