From 108baeae60f5a426582f7939eadffb9e4a906c7a Mon Sep 17 00:00:00 2001 From: GHOSCHT <31184695+GHOSCHT@users.noreply.github.com> Date: Fri, 3 May 2024 21:01:25 +0200 Subject: [PATCH] Arion: Fix pihole dns for all docker containers i previously had to fall back to cloudflare dns which didn't have all custom dns entries from pihole --- hosts/franz/arion/auth/arion-compose.nix | 2 -- hosts/franz/arion/dashboard/arion-compose.nix | 1 - hosts/franz/arion/dns/arion-compose.nix | 6 ------ hosts/franz/arion/dns/default.nix | 9 ++++++++- hosts/franz/arion/feed/arion-compose.nix | 1 - hosts/franz/arion/git/arion-compose.nix | 1 - hosts/franz/arion/headscale/arion-compose.nix | 13 ++++++------- hosts/franz/arion/infrastructure/arion-compose.nix | 3 --- hosts/franz/arion/matrix/arion-compose.nix | 1 - hosts/franz/arion/media/arion-compose.nix | 6 ------ hosts/franz/arion/nextcloud/arion-compose.nix | 1 - hosts/franz/arion/passwords/arion-compose.nix | 1 - 12 files changed, 14 insertions(+), 31 deletions(-) diff --git a/hosts/franz/arion/auth/arion-compose.nix b/hosts/franz/arion/auth/arion-compose.nix index eed03b3..04fb16a 100644 --- a/hosts/franz/arion/auth/arion-compose.nix +++ b/hosts/franz/arion/auth/arion-compose.nix @@ -39,7 +39,6 @@ in { env_file = [ "/home/ghoscht/.docker/auth/authentik.env" ]; - dns = ["1.1.1.1"]; restart = "always"; depends_on = { redis = {condition = "service_healthy";}; @@ -65,7 +64,6 @@ in { env_file = [ "/home/ghoscht/.docker/auth/authentik.env" ]; - dns = ["1.1.1.1"]; depends_on = { redis = {condition = "service_healthy";}; postgres = {condition = "service_healthy";}; diff --git a/hosts/franz/arion/dashboard/arion-compose.nix b/hosts/franz/arion/dashboard/arion-compose.nix index 28dbfe7..98d7c96 100644 --- a/hosts/franz/arion/dashboard/arion-compose.nix +++ b/hosts/franz/arion/dashboard/arion-compose.nix @@ -17,7 +17,6 @@ "traefik.http.routers.homarr.tls" = "true"; "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt"; }; - dns = ["1.1.1.1"]; environment = { AUTH_PROVIDER = "oidc"; AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr"; diff --git a/hosts/franz/arion/dns/arion-compose.nix b/hosts/franz/arion/dns/arion-compose.nix index 77daf15..3b166be 100644 --- a/hosts/franz/arion/dns/arion-compose.nix +++ b/hosts/franz/arion/dns/arion-compose.nix @@ -49,9 +49,6 @@ ipv4_address = "172.28.1.6"; }; }; - dns = [ - "1.1.1.1" - ]; capabilities = { NET_ADMIN = true; }; @@ -74,9 +71,6 @@ ipv4_address = "172.28.1.5"; }; }; - dns = [ - "1.1.1.1" - ]; }; }; } diff --git a/hosts/franz/arion/dns/default.nix b/hosts/franz/arion/dns/default.nix index 702a503..ef548b2 100644 --- a/hosts/franz/arion/dns/default.nix +++ b/hosts/franz/arion/dns/default.nix @@ -1,7 +1,14 @@ -{ +{pkgs, ...}: { virtualisation.arion = { projects.dns.settings = { imports = [./arion-compose.nix]; }; }; + + # Fix containers not being able to use pihole as dns + networking.resolvconf.useLocalResolver = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [80 443]; + }; } diff --git a/hosts/franz/arion/feed/arion-compose.nix b/hosts/franz/arion/feed/arion-compose.nix index 5123e3c..eb84c76 100644 --- a/hosts/franz/arion/feed/arion-compose.nix +++ b/hosts/franz/arion/feed/arion-compose.nix @@ -24,7 +24,6 @@ "/home/ghoscht/.docker/feed/ttrss.env" ]; restart = "always"; - dns = ["1.1.1.1"]; networks = [ "dmz" "transport" diff --git a/hosts/franz/arion/git/arion-compose.nix b/hosts/franz/arion/git/arion-compose.nix index 1954ac7..37224d0 100644 --- a/hosts/franz/arion/git/arion-compose.nix +++ b/hosts/franz/arion/git/arion-compose.nix @@ -29,7 +29,6 @@ ports = [ "2222:22" ]; - dns = ["1.1.1.1"]; environment = { USER_UID = 1000; USER_GID = 1000; diff --git a/hosts/franz/arion/headscale/arion-compose.nix b/hosts/franz/arion/headscale/arion-compose.nix index 1260c71..9a47398 100644 --- a/hosts/franz/arion/headscale/arion-compose.nix +++ b/hosts/franz/arion/headscale/arion-compose.nix @@ -14,7 +14,6 @@ command = "headscale serve"; labels = { "traefik.enable" = "true"; - "traefik.http.services.headscale.loadbalancer.server.port" = "8080"; "traefik.http.routers.headscale.service" = "headscale"; "traefik.http.routers.headscale.entrypoints" = "websecure-external"; @@ -22,12 +21,12 @@ "traefik.http.routers.headscale.tls" = "true"; "traefik.http.routers.headscale.tls.certresolver" = "letsencrypt"; - # "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080"; - # "traefik.http.routers.headscale-external.service" = "headscale-external"; - # "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)"; - # "traefik.http.routers.headscale-external.entrypoints" = "websecure"; - # "traefik.http.routers.headscale-external.tls" = "true"; - # "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt"; + "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080"; + "traefik.http.routers.headscale-external.service" = "headscale-external"; + "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)"; + "traefik.http.routers.headscale-external.entrypoints" = "websecure"; + "traefik.http.routers.headscale-external.tls" = "true"; + "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt"; }; volumes = [ "/storage/dataset/docker/headscale/headscale_config:/etc/headscale" diff --git a/hosts/franz/arion/infrastructure/arion-compose.nix b/hosts/franz/arion/infrastructure/arion-compose.nix index 89b9c4f..afa89dc 100644 --- a/hosts/franz/arion/infrastructure/arion-compose.nix +++ b/hosts/franz/arion/infrastructure/arion-compose.nix @@ -40,7 +40,6 @@ env_file = [ "/home/ghoscht/.docker/infrastructure/traefik.env" ]; - dns = ["1.1.1.1"]; restart = "always"; networks = [ "dmz" @@ -53,7 +52,6 @@ "/home/ghoscht/.docker/infrastructure/cloudflared.env" ]; restart = "always"; - dns = ["1.1.1.1"]; command = "tunnel --no-autoupdate --protocol http2 run"; networks = [ "dmz" @@ -98,7 +96,6 @@ container_name = "dyndns"; restart = "always"; ports = ["8888:8080"]; - dns = ["1.1.1.1"]; environment = { CLOUDFLARE_ZONES_IPV4 = "ghoscht.com"; }; diff --git a/hosts/franz/arion/matrix/arion-compose.nix b/hosts/franz/arion/matrix/arion-compose.nix index c6e991d..d33be7b 100644 --- a/hosts/franz/arion/matrix/arion-compose.nix +++ b/hosts/franz/arion/matrix/arion-compose.nix @@ -31,7 +31,6 @@ GID = "1000"; TZ = "Europe/Berlin"; }; - dns = ["1.1.1.2" "1.0.0.2" "176.103.130.130" "176.103.130.131" "9.9.9.9" "149.112.112.112" "208.67.222.222" "208.67.220.220"]; restart = "unless-stopped"; networks = [ "dmz" diff --git a/hosts/franz/arion/media/arion-compose.nix b/hosts/franz/arion/media/arion-compose.nix index 40ad3f0..2e8393e 100644 --- a/hosts/franz/arion/media/arion-compose.nix +++ b/hosts/franz/arion/media/arion-compose.nix @@ -33,7 +33,6 @@ PGID = 1000; TZ = "Europe/Berlin"; }; - dns = ["1.1.1.1"]; restart = "always"; networks = [ "dmz" @@ -60,7 +59,6 @@ env_file = [ "/home/ghoscht/.docker/media/navidrome.env" ]; - dns = ["1.1.1.1"]; restart = "always"; networks = [ "dmz" @@ -81,7 +79,6 @@ "/storage/dataset/docker/media/kavita_data:/kavita/config" "/storage/dataset/data/media/manga:/manga" ]; - dns = ["1.1.1.1"]; restart = "always"; networks = [ "dmz" @@ -124,7 +121,6 @@ capabilities = { NET_ADMIN = true; }; - dns = ["1.1.1.1"]; restart = "always"; networks = [ "dmz" @@ -259,7 +255,6 @@ "/storage/dataset/docker/media/bazarr_data:/config" "/storage/dataset/data/:/data" ]; - dns = ["1.1.1.1"]; environment = { PUID = 1000; PGID = 1000; @@ -288,7 +283,6 @@ PGID = 1000; TZ = "Europe/Berlin"; }; - dns = ["1.1.1.1"]; networks = ["dmz"]; restart = "always"; }; diff --git a/hosts/franz/arion/nextcloud/arion-compose.nix b/hosts/franz/arion/nextcloud/arion-compose.nix index 447bd38..284a33c 100644 --- a/hosts/franz/arion/nextcloud/arion-compose.nix +++ b/hosts/franz/arion/nextcloud/arion-compose.nix @@ -29,7 +29,6 @@ REDIS_HOST = "nextcloud-redis"; REDIS_PORT = 6379; }; - dns = ["1.1.1.1"]; restart = "unless-stopped"; networks = [ "dmz" diff --git a/hosts/franz/arion/passwords/arion-compose.nix b/hosts/franz/arion/passwords/arion-compose.nix index c5d4eef..d7eb1e5 100644 --- a/hosts/franz/arion/passwords/arion-compose.nix +++ b/hosts/franz/arion/passwords/arion-compose.nix @@ -17,7 +17,6 @@ "traefik.http.routers.vaultwarden.tls" = "true"; "traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt"; }; - dns = ["1.1.1.1"]; volumes = [ "/storage/dataset/docker/passwords/vaultwarden_data/:/data" ];