feat: set DNS for containers (#26)

* vars: set vars for container DNS * task(pihole): add task to include pihole in DNS list var * task: set pihole as the first deployment task * template: add option for DNS server for containers * ci(molecule): override DNS server list for containers
netr0m · Dec 20, 2024 · 6364edd · 6364edd
1 parent abf527e
commit 6364edd
Show file tree

Hide file tree

Showing 9 changed files with 66 additions and 5 deletions.
diff --git a/defaults/main/main.yml b/defaults/main/main.yml
@@ -15,6 +15,10 @@ infra_tz: Etc/UTC
 infra_domain: "{{ svc_domain }}"
 # Domain name, external
 infra_domain_ext: ~
+# Whether to override the DNS for containers (does not apply to wireguard, unifi, pihole, and unbound)
+infra_containers_override_dns: true
+# Whether to use pihole as DNS for other containers (requires 'infra_use_pihole' and 'infra_containers_override_dns' to be true)
+infra_containers_use_pihole_dns: true
 
 ### Directories ###
 # Manage directories
@@ -32,6 +36,11 @@ infra_file_mode: 640
 infra_restart_policy: always
 # Max. wait time for compose deployment
 infra_compose_wait_timeout: 120
+# DNS servers to use for containers (does not apply to wireguard, unifi, pihole, and unbound). Requires 'infra_containers_override_dns' to be true
+infra_container_dns_servers:
+  - "{{ ansible_host }}"
+  - 1.1.1.1
+  - 1.0.0.1
 
 ### Services ###
 # Configure Graylog

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -12,6 +12,9 @@
     infra_use_graylog: false  # skip testing due to GH actions space constraint
     infra_use_authentik: false  # skip testing due to GH actions space constraint
     infra_use_unifi: true
+    infra_container_dns_servers: # override to remove '{{ ansible_host }}' for GH actions runner
+      - 1.1.1.1
+      - 1.0.0.1
 
   pre_tasks:
     - name: Update package repository cache

diff --git a/tasks/deploy_pihole.yml b/tasks/deploy_pihole.yml
@@ -167,4 +167,23 @@
       ansible.builtin.file:
         path: "{{ infra_pihole_dnsmasq_edns_conf_file_path }}"
         state: absent
+
+- name: Add Pihole to the container DNS server list
+  when: infra_containers_use_pihole_dns and infra_use_pihole
+  block:
+    - name: Get pihole container settings
+      block:
+        - name: Query for pihole container
+          community.docker.docker_container_info:
+            name: "{{ infra_pihole_service_name }}"
+          register: pihole_container_output
+
+        - name: Set pihole container IP fact
+          ansible.builtin.set_fact:
+            pihole_container_ip: "{{ pihole_container_output.container.NetworkSettings.Networks[svc_docker_network_name].IPAddress }}"
+
+    - name: Update the DNS server variable to include pihole
+      when: pihole_container_ip is defined
+      ansible.builtin.set_fact:
+        infra_container_dns_servers: "{{ [pihole_container_ip] + infra_container_dns_servers }}"
 ...
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -8,16 +8,16 @@
   ansible.builtin.import_tasks: directories.yml
   when: infra_manage_directories
 
-# Manage graylog deployment
-- name: Include 'graylog' tasks
-  ansible.builtin.import_tasks: deploy_graylog.yml
-  when: infra_use_graylog
-
 # Manage pihole deployment
 - name: Include 'pihole' tasks
   ansible.builtin.import_tasks: deploy_pihole.yml
   when: infra_use_pihole
 
+# Manage graylog deployment
+- name: Include 'graylog' tasks
+  ansible.builtin.import_tasks: deploy_graylog.yml
+  when: infra_use_graylog
+
 # Manage unifi deployment
 - name: Include 'unifi' tasks
   ansible.builtin.import_tasks: deploy_unifi.yml

diff --git a/templates/compose/authentik.yml.j2 b/templates/compose/authentik.yml.j2
@@ -13,6 +13,9 @@ services:
     mem_limit: {{ infra_authentik_redis_container_memory }}
     networks:
       - default
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     command: --save 60 1 --loglevel warning
     healthcheck:
       test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
@@ -37,6 +40,9 @@ services:
     mem_limit: {{ infra_authentik_db_container_memory }}
     networks:
       - default
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
       start_period: 20s
@@ -72,6 +78,9 @@ services:
     networks:
       - default
       - {{ svc_docker_network_name }}
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     depends_on:
       - {{ infra_authentik_redis_service_name }}
       - {{ infra_authentik_db_service_name }}
@@ -93,6 +102,9 @@ services:
     mem_limit: {{ infra_authentik_worker_container_memory }}
     networks:
       - default
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     depends_on:
       - {{ infra_authentik_redis_service_name }}
       - {{ infra_authentik_db_service_name }}

diff --git a/templates/compose/godns.yml.j2 b/templates/compose/godns.yml.j2
@@ -14,6 +14,9 @@ services:
     mem_limit: {{ infra_godns_container_memory }}
     networks:
       {{ svc_docker_network_name }}:
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
 
 networks:
   {{ svc_docker_network_name }}:

diff --git a/templates/compose/graylog.yml.j2 b/templates/compose/graylog.yml.j2
@@ -17,6 +17,9 @@ services:
     mem_limit: {{ infra_graylog_db_container_memory }}
     networks:
       - default
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     group_add:
       - {{ infra_group_gid }}
 
@@ -35,6 +38,9 @@ services:
     mem_limit: {{ infra_graylog_opensearch_container_memory }}
     networks:
       - default
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     ulimits:
       memlock:
         soft: {{ infra_graylog_opensearch_ulimits_memlock_soft }}
@@ -74,6 +80,9 @@ services:
     networks:
       - default
       - {{ svc_docker_network_name }}
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
     depends_on:
       - {{ infra_graylog_db_service_name }}
       - {{ infra_graylog_opensearch_service_name }}

diff --git a/templates/compose/uptimekuma.yml.j2 b/templates/compose/uptimekuma.yml.j2
@@ -23,6 +23,9 @@ services:
       traefik.http.routers.{{ infra_uptimekuma_service_name }}-rtr.middlewares: lan-mwr@file
     networks:
       {{ svc_docker_network_name }}:
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
 
 volumes:
   {{ infra_uptimekuma_volume_name_data }}:

diff --git a/templates/compose/vaultwarden.yml.j2 b/templates/compose/vaultwarden.yml.j2
@@ -23,6 +23,9 @@ services:
       traefik.http.routers.{{ infra_vaultwarden_service_name }}-rtr.middlewares: lan-mwr@file
     networks:
       {{ svc_docker_network_name }}:
+{% if infra_containers_override_dns %}
+    dns: {{ infra_container_dns_servers }}
+{% endif %}
 
 volumes:
   {{ infra_vaultwarden_volume_name_data }}: