Deploy coredns as a proxy to Docker's internal DNS

ansible/main.yml

@@ -105,6 +105,7 @@
     - commento
     - website
     - remark42
+    - coredns
 
 - hosts: jellyfin
   roles:

ansible/roles/coredns/files/Corefile

@@ -0,0 +1,21 @@
+. {
+    errors
+    cancel
+
+    # Only allow requests to `.docker` records
+    view docker {
+        expr name() matches '^[a-zA-Z0-9-_]+\\.docker\\.$'
+    }
+
+    # Strip the `.docker` suffix
+    rewrite name suffix .docker . answer auto
+
+    # Forward requests to Docker's DNS server
+    forward . 127.0.0.11
+}
+
+. {
+    acl {
+        block
+    }
+}

ansible/roles/coredns/files/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "2.3"
+
+services:
+  coredns:
+    image: coredns/coredns:latest
+    volumes:
+      - ./Corefile:/home/nonroot/Corefile:ro
+    ports:
+      - "{{ private_ip }}:5353:53/udp"
+    networks:
+      - default
+      - traefik
+
+networks:
+  traefik:
+    external: true

ansible/roles/coredns/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart coredns
+  shell:
+    chdir: /opt/coredns
+    cmd: "{{ docker_update_command }}"

ansible/roles/coredns/tasks/main.yml

@@ -0,0 +1,17 @@
+- name: Create install directory
+  file:
+    path: /opt/coredns
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/coredns/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart coredns
+  become: true