Arion: Fix pihole dns for all docker containers

i previously had to fall back to cloudflare dns which didn't have all custom dns entries from pihole
2024-05-03 21:01:25 +02:00 · 2024-05-03 21:01:25 +02:00 · 108baeae60
commit 108baeae60
parent a6d9f57d8e
12 changed files with 14 additions and 31 deletions
--- a/hosts/franz/arion/auth/arion-compose.nix
+++ b/hosts/franz/arion/auth/arion-compose.nix
@ -39,7 +39,6 @@ in {
      env_file = [
        "/home/ghoscht/.docker/auth/authentik.env"
      ];
      dns = ["1.1.1.1"];
      restart = "always";
      depends_on = {
        redis = {condition = "service_healthy";};
@ -65,7 +64,6 @@ in {
      env_file = [
        "/home/ghoscht/.docker/auth/authentik.env"
      ];
      dns = ["1.1.1.1"];
      depends_on = {
        redis = {condition = "service_healthy";};
        postgres = {condition = "service_healthy";};
--- a/hosts/franz/arion/dashboard/arion-compose.nix
+++ b/hosts/franz/arion/dashboard/arion-compose.nix
@ -17,7 +17,6 @@
        "traefik.http.routers.homarr.tls" = "true";
        "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
      };
      dns = ["1.1.1.1"];
      environment = {
        AUTH_PROVIDER = "oidc";
        AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr";
--- a/hosts/franz/arion/dns/arion-compose.nix
+++ b/hosts/franz/arion/dns/arion-compose.nix
@ -49,9 +49,6 @@
          ipv4_address = "172.28.1.6";
        };
      };
      dns = [
        "1.1.1.1"
      ];
      capabilities = {
        NET_ADMIN = true;
      };
@ -74,9 +71,6 @@
          ipv4_address = "172.28.1.5";
        };
      };
      dns = [
        "1.1.1.1"
      ];
    };
  };
 }
--- a/hosts/franz/arion/dns/default.nix
+++ b/hosts/franz/arion/dns/default.nix
@ -1,7 +1,14 @@
-{
+{pkgs, ...}: {
  virtualisation.arion = {
    projects.dns.settings = {
      imports = [./arion-compose.nix];
    };
  };
  # Fix containers not being able to use pihole as dns
  networking.resolvconf.useLocalResolver = true;
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443];
  };
 }
--- a/hosts/franz/arion/feed/arion-compose.nix
+++ b/hosts/franz/arion/feed/arion-compose.nix
@ -24,7 +24,6 @@
        "/home/ghoscht/.docker/feed/ttrss.env"
      ];
      restart = "always";
      dns = ["1.1.1.1"];
      networks = [
        "dmz"
        "transport"
--- a/hosts/franz/arion/git/arion-compose.nix
+++ b/hosts/franz/arion/git/arion-compose.nix
@ -29,7 +29,6 @@
      ports = [
        "2222:22"
      ];
      dns = ["1.1.1.1"];
      environment = {
        USER_UID = 1000;
        USER_GID = 1000;
--- a/hosts/franz/arion/headscale/arion-compose.nix
+++ b/hosts/franz/arion/headscale/arion-compose.nix
@ -14,7 +14,6 @@
      command = "headscale serve";
      labels = {
        "traefik.enable" = "true";
        "traefik.http.services.headscale.loadbalancer.server.port" = "8080";
        "traefik.http.routers.headscale.service" = "headscale";
        "traefik.http.routers.headscale.entrypoints" = "websecure-external";
@ -22,12 +21,12 @@
        "traefik.http.routers.headscale.tls" = "true";
        "traefik.http.routers.headscale.tls.certresolver" = "letsencrypt";
-        # "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
+        "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
-        # "traefik.http.routers.headscale-external.service" = "headscale-external";
+        "traefik.http.routers.headscale-external.service" = "headscale-external";
-        # "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
+        "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
-        # "traefik.http.routers.headscale-external.entrypoints" = "websecure";
+        "traefik.http.routers.headscale-external.entrypoints" = "websecure";
-        # "traefik.http.routers.headscale-external.tls" = "true";
+        "traefik.http.routers.headscale-external.tls" = "true";
-        # "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
+        "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
        "/storage/dataset/docker/headscale/headscale_config:/etc/headscale"
--- a/hosts/franz/arion/infrastructure/arion-compose.nix
+++ b/hosts/franz/arion/infrastructure/arion-compose.nix
@ -40,7 +40,6 @@
      env_file = [
        "/home/ghoscht/.docker/infrastructure/traefik.env"
      ];
      dns = ["1.1.1.1"];
      restart = "always";
      networks = [
        "dmz"
@ -53,7 +52,6 @@
        "/home/ghoscht/.docker/infrastructure/cloudflared.env"
      ];
      restart = "always";
      dns = ["1.1.1.1"];
      command = "tunnel --no-autoupdate --protocol http2 run";
      networks = [
        "dmz"
@ -98,7 +96,6 @@
      container_name = "dyndns";
      restart = "always";
      ports = ["8888:8080"];
      dns = ["1.1.1.1"];
      environment = {
        CLOUDFLARE_ZONES_IPV4 = "ghoscht.com";
      };
--- a/hosts/franz/arion/matrix/arion-compose.nix
+++ b/hosts/franz/arion/matrix/arion-compose.nix
@ -31,7 +31,6 @@
        GID = "1000";
        TZ = "Europe/Berlin";
      };
      dns = ["1.1.1.2" "1.0.0.2" "176.103.130.130" "176.103.130.131" "9.9.9.9" "149.112.112.112" "208.67.222.222" "208.67.220.220"];
      restart = "unless-stopped";
      networks = [
        "dmz"
--- a/hosts/franz/arion/media/arion-compose.nix
+++ b/hosts/franz/arion/media/arion-compose.nix
@ -33,7 +33,6 @@
        PGID = 1000;
        TZ = "Europe/Berlin";
      };
      dns = ["1.1.1.1"];
      restart = "always";
      networks = [
        "dmz"
@ -60,7 +59,6 @@
      env_file = [
        "/home/ghoscht/.docker/media/navidrome.env"
      ];
      dns = ["1.1.1.1"];
      restart = "always";
      networks = [
        "dmz"
@ -81,7 +79,6 @@
        "/storage/dataset/docker/media/kavita_data:/kavita/config"
        "/storage/dataset/data/media/manga:/manga"
      ];
      dns = ["1.1.1.1"];
      restart = "always";
      networks = [
        "dmz"
@ -124,7 +121,6 @@
      capabilities = {
        NET_ADMIN = true;
      };
      dns = ["1.1.1.1"];
      restart = "always";
      networks = [
        "dmz"
@ -259,7 +255,6 @@
        "/storage/dataset/docker/media/bazarr_data:/config"
        "/storage/dataset/data/:/data"
      ];
      dns = ["1.1.1.1"];
      environment = {
        PUID = 1000;
        PGID = 1000;
@ -288,7 +283,6 @@
        PGID = 1000;
        TZ = "Europe/Berlin";
      };
      dns = ["1.1.1.1"];
      networks = ["dmz"];
      restart = "always";
    };
--- a/hosts/franz/arion/nextcloud/arion-compose.nix
+++ b/hosts/franz/arion/nextcloud/arion-compose.nix
@ -29,7 +29,6 @@
        REDIS_HOST = "nextcloud-redis";
        REDIS_PORT = 6379;
      };
      dns = ["1.1.1.1"];
      restart = "unless-stopped";
      networks = [
        "dmz"
--- a/hosts/franz/arion/passwords/arion-compose.nix
+++ b/hosts/franz/arion/passwords/arion-compose.nix
@ -17,7 +17,6 @@
        "traefik.http.routers.vaultwarden.tls" = "true";
        "traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt";
      };
      dns = ["1.1.1.1"];
      volumes = [
        "/storage/dataset/docker/passwords/vaultwarden_data/:/data"
      ];