diff --git a/ansible/roles/docker/files/dnsmasq/dnsmasq.conf b/ansible/roles/docker/files/dnsmasq/dnsmasq.conf new file mode 100644 index 0000000..5c937bd --- /dev/null +++ b/ansible/roles/docker/files/dnsmasq/dnsmasq.conf @@ -0,0 +1,7 @@ +bogus-priv +keep-in-foreground +server=1.1.1.1 +server=1.0.0.1 +port=53 +expand-hosts +addn-hosts=/etc/dnsmasq-hosts.conf diff --git a/ansible/roles/docker/files/dnsmasq/docker-compose.yml b/ansible/roles/docker/files/dnsmasq/docker-compose.yml new file mode 100644 index 0000000..4bd2fe2 --- /dev/null +++ b/ansible/roles/docker/files/dnsmasq/docker-compose.yml @@ -0,0 +1,11 @@ +version: "3" +services: + vpn-dns: + image: programster/dnsmasq:latest + container_name: vpn-dns + ports: + - "{{ wireguard.clients.intersect.ip }}:53:53/udp" + volumes: + - ./dnsmasq.conf:/etc/dnsmasq.conf:ro + - ./vpn-hosts.conf:/etc/dnsmasq-hosts.conf:ro + restart: unless-stopped diff --git a/ansible/roles/docker/files/dnsmasq/vpn-hosts.conf b/ansible/roles/docker/files/dnsmasq/vpn-hosts.conf new file mode 100644 index 0000000..71db069 --- /dev/null +++ b/ansible/roles/docker/files/dnsmasq/vpn-hosts.conf @@ -0,0 +1,3 @@ +{% for host in internal_hostnames %} +{{ wireguard.clients.intersect.ip }} {{ host }} +{% endfor %} diff --git a/ansible/roles/docker/tasks/dnsmasq.yml b/ansible/roles/docker/tasks/dnsmasq.yml new file mode 100644 index 0000000..d764cf4 --- /dev/null +++ b/ansible/roles/docker/tasks/dnsmasq.yml @@ -0,0 +1,53 @@ +- name: Include dnsmasq variables + include_vars: dnsmasq.yml + +- name: Create dnsmasq directory + file: + path: '/opt/dnsmasq' + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + become_user: root + +- name: Install dnsmasq compose file + template: + src: files/dnsmasq/docker-compose.yml + dest: "/opt/dnsmasq/docker-compose.yml" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: compose_file + become: true + become_user: root + +- name: Install dnsmasq config + template: + src: files/dnsmasq/dnsmasq.conf + dest: "/opt/dnsmasq/dnsmasq.conf" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: dnsmasq_config + become: true + become_user: root + +- name: Install dnsmasq vpn hosts + template: + src: files/dnsmasq/vpn-hosts.conf + dest: "/opt/dnsmasq/vpn-hosts.conf" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + register: dnsmasq_vpn_hosts + become: true + become_user: root + +- name: Cycle dnsmasq container + docker_compose: + project_src: /opt/dnsmasq + pull: true + remove_orphans: true + remove_volumes: true + state: "{{ item }}" + when: compose_file.changed or dnsmasq_config.changed or dnsmasq_vpn_hosts.changed + loop: + - absent + - present diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index e450377..1a98af9 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -12,3 +12,6 @@ - name: Install portainer include: portainer.yml + +- name: Install dnsmasq + include: dnsmasq.yml diff --git a/ansible/roles/docker/tasks/netdata.yml b/ansible/roles/docker/tasks/netdata.yml index 4c4dc37..8bcd2a9 100644 --- a/ansible/roles/docker/tasks/netdata.yml +++ b/ansible/roles/docker/tasks/netdata.yml @@ -7,7 +7,7 @@ become: true become_user: root -- name: Install netdata config +- name: Install netdata compose file template: src: files/netdata/docker-compose.yml dest: "/opt/netdata/docker-compose.yml" diff --git a/ansible/roles/docker/tasks/portainer.yml b/ansible/roles/docker/tasks/portainer.yml index 11f3749..4387467 100644 --- a/ansible/roles/docker/tasks/portainer.yml +++ b/ansible/roles/docker/tasks/portainer.yml @@ -7,7 +7,7 @@ become: true become_user: root -- name: Install portainer config +- name: Install portainer compose file template: src: files/portainer/docker-compose.yml dest: "/opt/portainer/docker-compose.yml" diff --git a/ansible/roles/docker/tasks/watchtower.yml b/ansible/roles/docker/tasks/watchtower.yml index da8def7..784a510 100644 --- a/ansible/roles/docker/tasks/watchtower.yml +++ b/ansible/roles/docker/tasks/watchtower.yml @@ -7,7 +7,7 @@ become: true become_user: root -- name: Install watchtower config +- name: Install watchtower compose file template: src: files/watchtower/docker-compose.yml dest: "/opt/watchtower/docker-compose.yml" diff --git a/ansible/roles/docker/vars/dnsmasq.yml b/ansible/roles/docker/vars/dnsmasq.yml new file mode 100644 index 0000000..02c29a3 --- /dev/null +++ b/ansible/roles/docker/vars/dnsmasq.yml @@ -0,0 +1,7 @@ +internal_hostnames: + - duplicati.jakehoward.tech + - traefik.jakehoward.tech + - portainer.jakehoward.tech + - netdata.jakehoward.tech + - deluge.jakehoward.tech + - speed.jakehoward.tech