Add internal dns container

ansible/roles/docker/files/dnsmasq/dnsmasq.conf

@@ -0,0 +1,7 @@
+bogus-priv
+keep-in-foreground
+server=1.1.1.1
+server=1.0.0.1
+port=53
+expand-hosts
+addn-hosts=/etc/dnsmasq-hosts.conf

ansible/roles/docker/files/dnsmasq/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3"
+services:
+  vpn-dns:
+    image: programster/dnsmasq:latest
+    container_name: vpn-dns
+    ports:
+      - "{{ wireguard.clients.intersect.ip }}:53:53/udp"
+    volumes:
+      - ./dnsmasq.conf:/etc/dnsmasq.conf:ro
+      - ./vpn-hosts.conf:/etc/dnsmasq-hosts.conf:ro
+    restart: unless-stopped

ansible/roles/docker/files/dnsmasq/vpn-hosts.conf

@@ -0,0 +1,3 @@
+{% for host in internal_hostnames %}
+{{ wireguard.clients.intersect.ip }} {{ host }}
+{% endfor %}

ansible/roles/docker/tasks/dnsmasq.yml

@@ -0,0 +1,53 @@
+- name: Include dnsmasq variables
+  include_vars: dnsmasq.yml
+
+- name: Create dnsmasq directory
+  file:
+    path: '/opt/dnsmasq'
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+  become_user: root
+
+- name: Install dnsmasq compose file
+  template:
+    src: files/dnsmasq/docker-compose.yml
+    dest: "/opt/dnsmasq/docker-compose.yml"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  register: compose_file
+  become: true
+  become_user: root
+
+- name: Install dnsmasq config
+  template:
+    src: files/dnsmasq/dnsmasq.conf
+    dest: "/opt/dnsmasq/dnsmasq.conf"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  register: dnsmasq_config
+  become: true
+  become_user: root
+
+- name: Install dnsmasq vpn hosts
+  template:
+    src: files/dnsmasq/vpn-hosts.conf
+    dest: "/opt/dnsmasq/vpn-hosts.conf"
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  register: dnsmasq_vpn_hosts
+  become: true
+  become_user: root
+
+- name: Cycle dnsmasq container
+  docker_compose:
+    project_src: /opt/dnsmasq
+    pull: true
+    remove_orphans: true
+    remove_volumes: true
+    state: "{{ item }}"
+  when: compose_file.changed or dnsmasq_config.changed or dnsmasq_vpn_hosts.changed
+  loop:
+    - absent
+    - present

ansible/roles/docker/tasks/main.yml

@@ -12,3 +12,6 @@
 
 - name: Install portainer
   include: portainer.yml
+
+- name: Install dnsmasq
+  include: dnsmasq.yml

ansible/roles/docker/tasks/netdata.yml

@@ -7,7 +7,7 @@
   become: true
   become_user: root
 
-- name: Install netdata config
+- name: Install netdata compose file
   template:
     src: files/netdata/docker-compose.yml
     dest: "/opt/netdata/docker-compose.yml"

ansible/roles/docker/tasks/portainer.yml

@@ -7,7 +7,7 @@
   become: true
   become_user: root
 
-- name: Install portainer config
+- name: Install portainer compose file
   template:
     src: files/portainer/docker-compose.yml
     dest: "/opt/portainer/docker-compose.yml"

ansible/roles/docker/tasks/watchtower.yml

@@ -7,7 +7,7 @@
   become: true
   become_user: root
 
-- name: Install watchtower config
+- name: Install watchtower compose file
   template:
     src: files/watchtower/docker-compose.yml
     dest: "/opt/watchtower/docker-compose.yml"

ansible/roles/docker/vars/dnsmasq.yml

@@ -0,0 +1,7 @@
+internal_hostnames:
+  - duplicati.jakehoward.tech
+  - traefik.jakehoward.tech
+  - portainer.jakehoward.tech
+  - netdata.jakehoward.tech
+  - deluge.jakehoward.tech
+  - speed.jakehoward.tech