Browse Source

feat: setup pihole

pull/2/head
Karan Sharma 8 months ago
parent
commit
d559220dca
  1. 7
      hydra/terraform/main.tf
  2. 9
      hydra/terraform/modules/caddy/conf/Caddyfile.tpl
  3. 18
      hydra/terraform/modules/caddy/conf/caddy.nomad.tpl
  4. 24
      hydra/terraform/modules/cloudflare/records.tf
  5. 10
      hydra/terraform/modules/digitalocean/firewalls.tf
  6. 2
      hydra/terraform/modules/digitalocean/floyd.tf
  7. 21
      hydra/terraform/modules/digitalocean/gilmour.tf
  8. 5
      hydra/terraform/modules/digitalocean/output.tf
  9. 8
      hydra/terraform/modules/digitalocean/project.tf
  10. 60
      hydra/terraform/modules/pihole/conf/pihole.nomad
  11. 6
      hydra/terraform/modules/pihole/job.tf
  12. 5
      hydra/terraform/variables.tf

7
hydra/terraform/main.tf

@ -20,3 +20,10 @@ module "caddy" {
nomad = nomad
}
}
module "pihole" {
source = "./modules/pihole"
providers = {
nomad = nomad
}
}

9
hydra/terraform/modules/caddy/conf/Caddyfile.tpl

@ -11,3 +11,12 @@ consul.mrkaran.dev {
dns cloudflare "${cloudflare_api_token}"
}
}
pihole.mrkaran.dev {
{{ range service "pihole-admin" }}
reverse_proxy {{ .Address }}:{{ .Port }}
{{ end }}
tls {
dns cloudflare "${cloudflare_api_token}"
}
}

18
hydra/terraform/modules/caddy/conf/caddy.nomad.tpl

@ -5,12 +5,14 @@ job "caddy" {
count = 1
network {
port "http" {
static = 80
to = 80
static = 80
to = 80
host_network = "tailscale"
}
port "https" {
static = 443
to = 443
static = 443
to = 443
host_network = "tailscale"
}
}
service {
@ -53,12 +55,12 @@ job "caddy" {
memory = 100
}
template {
data = <<EOF
data = <<EOF
${caddyfile}
EOF
destination = "configs/Caddyfile" # Rendered template.
change_mode = "signal"
change_signal = "SIGINT"
destination = "configs/Caddyfile" # Rendered template.
# Caddy doesn't support reload via signals as of
change_mode = "restart"
}
}
}

24
hydra/terraform/modules/cloudflare/records.tf

@ -10,18 +10,6 @@ resource "cloudflare_record" "floyd" {
}
resource "cloudflare_record" "gilmour" {
zone_id = cloudflare_zone.mrkaran_dev.id
name = "gilmour"
type = "A"
ttl = "1"
proxied = "false"
value = var.ips["gilmour_floating"]
}
resource "cloudflare_record" "nomad" {
zone_id = cloudflare_zone.mrkaran_dev.id
@ -57,3 +45,15 @@ resource "cloudflare_record" "website" {
value = "mrkaran.netlify.app"
}
resource "cloudflare_record" "pihole" {
zone_id = cloudflare_zone.mrkaran_dev.id
name = "pihole"
type = "A"
ttl = "1"
proxied = "false"
value = var.ips["floyd_tailscale"]
}

10
hydra/terraform/modules/digitalocean/firewalls.tf

@ -9,7 +9,7 @@ data "http" "cloudflare_ip6_addrs" {
resource "digitalocean_firewall" "web" {
name = "allow-http-https-cloudflare"
droplet_ids = [digitalocean_droplet.floyd.id, digitalocean_droplet.gilmour.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
port_range = "80"
@ -33,7 +33,7 @@ resource "digitalocean_firewall" "web" {
resource "digitalocean_firewall" "icmp" {
name = "allow-icmp-all"
droplet_ids = [digitalocean_droplet.floyd.id, digitalocean_droplet.gilmour.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "icmp"
source_addresses = ["0.0.0.0/0", "::/0"]
@ -44,7 +44,7 @@ resource "digitalocean_firewall" "icmp" {
resource "digitalocean_firewall" "vpn" {
name = "allow-all-tailscale-inbound"
droplet_ids = [digitalocean_droplet.floyd.id, digitalocean_droplet.gilmour.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
@ -63,7 +63,7 @@ resource "digitalocean_firewall" "vpn" {
resource "digitalocean_firewall" "ssh" {
name = "ssh-inbound"
droplet_ids = [digitalocean_droplet.floyd.id, digitalocean_droplet.gilmour.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
@ -76,7 +76,7 @@ resource "digitalocean_firewall" "ssh" {
resource "digitalocean_firewall" "outbound-all" {
name = "allow-all-outbound"
droplet_ids = [digitalocean_droplet.floyd.id, digitalocean_droplet.gilmour.id]
droplet_ids = [digitalocean_droplet.floyd.id]
outbound_rule {
protocol = "tcp"

2
hydra/terraform/modules/digitalocean/floyd.tf

@ -4,7 +4,7 @@ resource "digitalocean_droplet" "floyd" {
name = "floyd"
region = "blr1"
monitoring = true
size = "s-1vcpu-1gb"
size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
tags = [

21
hydra/terraform/modules/digitalocean/gilmour.tf

@ -1,21 +0,0 @@
# `gilmour` is the worker node which runs all the workloads.
resource "digitalocean_droplet" "gilmour" {
image = "ubuntu-20-04-x64"
name = "gilmour"
region = "blr1"
monitoring = true
size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
tags = [
"nomad",
"worker-1"
]
ssh_keys = [digitalocean_ssh_key.mrkaran.fingerprint]
}
# Attach the floating ip to droplet
resource "digitalocean_floating_ip" "gilmour" {
droplet_id = digitalocean_droplet.gilmour.id
region = digitalocean_droplet.gilmour.region
}

5
hydra/terraform/modules/digitalocean/output.tf

@ -2,8 +2,3 @@ output "floating_floyd" {
value = digitalocean_floating_ip.floyd.ip_address
description = "Floating IP of Floyd Node"
}
output "floating_gilmour" {
value = digitalocean_floating_ip.gilmour.ip_address
description = "Floating IP of Gilmour Node"
}

8
hydra/terraform/modules/digitalocean/project.tf

@ -4,9 +4,7 @@ resource "digitalocean_project" "hydra" {
description = "Self hosted Nomad cluster to deploy personal workloads"
purpose = "Web Application"
environment = "Production"
# Tag the droplet IDs and Floating IPs of `floyd` and `gilmour`.
resources = [digitalocean_droplet.floyd.urn,
digitalocean_floating_ip.floyd.urn,
digitalocean_droplet.gilmour.urn,
digitalocean_floating_ip.gilmour.urn]
# Tag the droplet IDs and Floating IPs.
resources = [digitalocean_droplet.floyd.urn, digitalocean_floating_ip.floyd.urn]
}

60
hydra/terraform/modules/pihole/conf/pihole.nomad

@ -0,0 +1,60 @@
job "pihole" {
datacenters = ["hydra"]
type = "service"
group "web" {
count = 1
network {
port "dns" {
static = 53
to = 53
host_network = "tailscale"
}
port "http" {
to = 80
host_network = "tailscale"
}
port "https" {
to = 443
host_network = "tailscale"
}
}
service {
name = "pihole-admin"
tags = ["pihole", "admin"]
port = "http" # Terminate SSL at Caddy.
}
restart {
attempts = 2
interval = "2m"
delay = "30s"
mode = "fail"
}
task "app" {
driver = "docker"
config {
image = "pihole/pihole:v5.6"
# Bind the data directory to preserve config.
mount {
type = "bind"
target = "/etc/dnsmasq.d"
source = "/data/pihole/dnsmasq.d/"
readonly = false
}
mount {
type = "bind"
target = "/etc/pihole"
source = "/data/pihole/conf/"
readonly = false
}
ports = ["http", "https", "dns"]
}
env {
TZ = "Asia/Kolkata"
}
resources {
cpu = 200
memory = 100
}
}
}
}

6
hydra/terraform/modules/pihole/job.tf

@ -0,0 +1,6 @@
resource "nomad_job" "app" {
jobspec = file("${path.module}/conf/pihole.nomad")
hcl2 {
enabled = true
}
}

5
hydra/terraform/variables.tf

@ -1,9 +1,8 @@
locals {
# Map of IPs of all the nodes.
ips = {
floyd_floating = module.servers.floating_floyd
gilmour_floating = module.servers.floating_gilmour
floyd_tailscale = "100.119.138.27"
floyd_floating = module.servers.floating_floyd
floyd_tailscale = "100.119.138.27"
}
}

Loading…
Cancel
Save