From b6ca57206724c7b1a626415cb7191ebdfe4be066 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 9 Nov 2021 06:13:19 +0100 Subject: [PATCH] Introduce unbound for caching dns and move pihole to macvlan. Use "lan" as local domain name. --- development/docker-compose.yaml | 6 +-- development/kimai.conf | 2 +- docker-compose.yaml | 9 +---- networking/docker-compose.yaml | 68 ++++++++++++++++++--------------- nextcloud/docker-compose.yaml | 4 +- nextcloud/nextcloud.conf | 2 +- readme.md | 6 +++ security/docker-compose.yaml | 2 +- wiki/docker-compose.yaml | 4 +- 9 files changed, 55 insertions(+), 48 deletions(-) diff --git a/development/docker-compose.yaml b/development/docker-compose.yaml index 84d693e..70c2e3a 100644 --- a/development/docker-compose.yaml +++ b/development/docker-compose.yaml @@ -39,7 +39,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.gitea-web.entrypoints=web" - - "traefik.http.routers.gitea-web.rule=Host(`gitea.localhost`) || Host(`gitea.local`)" + - "traefik.http.routers.gitea-web.rule=Host(`gitea.lan`)" - "traefik.http.services.gitea-web.loadbalancer.server.port=3000" nginx-kimai: @@ -49,7 +49,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.kimai.entrypoints=web" - - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)" + - "traefik.http.routers.kimai.rule=Host(`kimai.lan`)" - "traefik.http.services.kimai.loadbalancer.server.port=80" depends_on: - kimai @@ -68,7 +68,7 @@ services: - ADMINMAIL=christiansteinle@arcor.de - ADMINPASS=ZovJdPamHwSNCGTcOPDb - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai - - TRUSTED_HOSTS=kimai.localhost + - TRUSTED_HOSTS=kimai.lan networks: - internal volumes: diff --git a/development/kimai.conf b/development/kimai.conf index ceacb3f..bcbd0e9 100644 --- a/development/kimai.conf +++ b/development/kimai.conf @@ -1,7 +1,7 @@ server { listen 80; index index.php; - server_name kimai.localhost; + server_name kimai.lan; root /opt/kimai/public; # cache static asset files diff --git a/docker-compose.yaml b/docker-compose.yaml index fed5986..66b42ec 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -37,23 +37,18 @@ services: - --providers.docker.swarmMode=false - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 - - --entryPoints.dns.address=:53/tcp - - --entryPoints.dns-udp.address=:53/udp - --log=true - --log.level=DEBUG - --accessLog=true ports: - "80:80" - "443:443" - - "53:53/tcp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved - - "53:53/udp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved - - "67:67/udp" # need to route dhcp requests to pihole volumes: - /var/run/docker.sock:/var/run/docker.sock:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=web" - - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`) || Host(`traefik.local`)" + - "traefik.http.routers.traefik.rule=Host(`traefik.lan`)" - "traefik.http.services.traefik.loadbalancer.server.port=8080" networks: - proxy @@ -70,7 +65,7 @@ services: - proxy labels: - "traefik.enable=true" - - "traefik.http.routers.portainer.rule=Host(`portainer.localhost`) || Host(`portainer.local`)" + - "traefik.http.routers.portainer.rule=Host(`portainer.lan`)" - "traefik.http.routers.portainer.entrypoints=web" - "traefik.http.routers.portainer.service=portainer" - "traefik.http.services.portainer.loadbalancer.server.port=9000" diff --git a/networking/docker-compose.yaml b/networking/docker-compose.yaml index 921b1a0..9ca2f62 100644 --- a/networking/docker-compose.yaml +++ b/networking/docker-compose.yaml @@ -22,52 +22,58 @@ networks: external: true internal: external: true + home: + external: false + driver: macvlan + driver_opts: + parent: enp2s0 + ipam: + config: + - subnet: 192.168.178.0/24 + gateway: 192.168.178.1 + ip_range: 192.168.178.2/30 # .2 and .3 + name: home -services: # check `nslookup google.de` for example and adjust /etc/resolv.conf nameserver to 127.0.0.1 +services: pihole: image: pihole/pihole cap_add: - NET_ADMIN container_name: pihole environment: + ServerIP: 192.168.178.2 TZ: "Europe/Berlin" WEBPASSWORD: "lmaa,dw." + PIHOLE_DNS_: 192.168.178.3;192.168.178.3 + VIRTUAL_HOST: pihole.lan + hostname: pihole + mac_address: d0:ca:ab:cd:ef:01 networks: - - proxy + home: + ipv4_address: 192.168.178.2 + ports: + - "80:80" + - "443:443" + - "53:53/tcp" + - "53:53/udp" restart: unless-stopped volumes: - pihole:/etc/pihole/ - dnsmasq:/etc/dnsmasq.d/ - labels: - - "traefik.enable=true" - - "traefik.http.routers.pihole.entrypoints=web" - - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`) || Host(`pihole.local`)" - - "traefik.http.services.pihole.loadbalancer.server.port=80" - # Normal DNS coming in on 53 TCP, no TLS - - "traefik.tcp.routers.dns.rule=HostSNI(`pihole.localhost`)" - - "traefik.tcp.routers.dns.entrypoints=dns" - - "traefik.tcp.routers.dns.service=pihole" - # recieves traffic from both the TLS and non-TLS traefik routers - - "traefik.tcp.services.pihole.loadbalancer.server.port=53" - - # Normal DNS coming in on 53 UDP - - "traefik.udp.routers.dns-udp.entrypoints=dns-udp" - - "traefik.udp.routers.dns-udp.service=pihole" - - "traefik.udp.services.pihole.loadbalancer.server.port=53" - -# unbound: -# image: mvance/unbound -# container_name: unbound -# networks: -# - internal -# - proxy -# ports: -# - "5753:53/tcp" -# - "5753:53/udp" -# restart: always + unbound: + image: mvance/unbound + container_name: unbound + hostname: unbound + networks: + home: + ipv4_address: 192.168.178.3 + ports: + - "53:53/tcp" + - "53:53/udp" + restart: always # smokeping: @@ -86,7 +92,7 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n # labels: # - "traefik.enable=true" # - "traefik.http.routers.smokeping.entrypoints=web" -# - "traefik.http.routers.smokeping.rule=Host(`smokeping.localhost`) || Host(`smokeping.local`)" +# - "traefik.http.routers.smokeping.rule=Host(`smokeping.lan`)" # - "traefik.http.services.smokeping.loadbalancer.server.port=80" # # netdata: @@ -109,5 +115,5 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n # labels: # - "traefik.enable=true" # - "traefik.http.routers.netdata.entrypoints=web" -# - "traefik.http.routers.netdata.rule=Host(`netdata.localhost`) || Host(`netdata.local`)" +# - "traefik.http.routers.netdata.rule=Host(`netdata.lan`)" # - "traefik.http.services.netdata.loadbalancer.server.port=19999" diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index f54e552..ec951ae 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -34,7 +34,7 @@ services: - REDIS_HOST_PASSWORD:${REDIS_PW} - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER} - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW} - - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost + - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.lan - VIRTUAL_HOST:nextcloud depends_on: - psql14 @@ -47,7 +47,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud.entrypoints=web" - - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)" + - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan`)" - "traefik.http.services.nextcloud.loadbalancer.server.port=80" depends_on: - nextcloud diff --git a/nextcloud/nextcloud.conf b/nextcloud/nextcloud.conf index 19d68cf..d34155f 100644 --- a/nextcloud/nextcloud.conf +++ b/nextcloud/nextcloud.conf @@ -5,7 +5,7 @@ upstream php-handler { server { listen 80; listen [::]:80; - server_name nextcloud.localhost cs-nextcloud.ddnss.de; + server_name nextcloud.lan cs-nextcloud.ddnss.de; # set max upload size and increase upload timeout: diff --git a/readme.md b/readme.md index 3f0ca88..2ccbd8f 100644 --- a/readme.md +++ b/readme.md @@ -33,6 +33,8 @@ https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/do - pihole - unbound - wireguard +- smokeping: Not used at the moment +- netdata ### Nextcloud @@ -43,6 +45,10 @@ https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/do - vaultwarden +### VPN + +- wireguard + ### Wiki - bookstack \ No newline at end of file diff --git a/security/docker-compose.yaml b/security/docker-compose.yaml index db60611..6b4f2eb 100644 --- a/security/docker-compose.yaml +++ b/security/docker-compose.yaml @@ -20,7 +20,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.vaultwarden.entrypoints=web" - - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`) || Host(`vault.local`)" + - "traefik.http.routers.vaultwarden.rule=Host(`vault.lan`)" - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" networks: - internal diff --git a/wiki/docker-compose.yaml b/wiki/docker-compose.yaml index c9b5550..f014bce 100644 --- a/wiki/docker-compose.yaml +++ b/wiki/docker-compose.yaml @@ -22,7 +22,7 @@ services: environment: - PUID=1000 - GUID=1000 - - APP_URL=http://bookstack.localhost + - APP_URL=http://bookstack.lan - DB_HOST=mysql8 - DB_USER=bookstack - DB_PASS=sdfl39302klsdjf @@ -33,5 +33,5 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.bookstack.entrypoints=web" - - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`) || Host(`bookstack.local`)" + - "traefik.http.routers.bookstack.rule=Host(`bookstack.lan`)" - "traefik.http.services.bookstack.loadbalancer.server.port=80"