mirror of
https://github.com/natelandau/ansible-homelab-config.git
synced 2025-11-18 18:03:40 -05:00
156 lines
4.2 KiB
HCL
156 lines
4.2 KiB
HCL
job "pihole" {
|
|
region = "global"
|
|
datacenters = ["{{ datacenter_name }}"]
|
|
type = "service"
|
|
|
|
constraint {
|
|
attribute = "${node.unique.name}"
|
|
operator = "regexp"
|
|
value = "rpi(2|3)"
|
|
}
|
|
|
|
update {
|
|
max_parallel = 1
|
|
health_check = "checks"
|
|
min_healthy_time = "10s"
|
|
healthy_deadline = "5m"
|
|
progress_deadline = "10m"
|
|
auto_revert = true
|
|
canary = 0
|
|
stagger = "30s"
|
|
}
|
|
|
|
group "pihole-group" {
|
|
|
|
network {
|
|
port "web" {
|
|
static = "80"
|
|
to = "80"
|
|
}
|
|
port "dns" {
|
|
static = "53"
|
|
to = "53"
|
|
}
|
|
// port "dhcp" {
|
|
// static = "67"
|
|
// to = "67"
|
|
// }
|
|
}
|
|
|
|
task "await_filesytem" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "busybox:latest"
|
|
command = "sh"
|
|
network_mode = "host"
|
|
args = [
|
|
"-c",
|
|
"echo -n 'Waiting for /mnt/pi-cluster/pihole5 to be mounted'; until [ -f /etc/pihole/gravity.db ]; do echo '.'; sleep 2; done",
|
|
]
|
|
volumes = [
|
|
"/mnt/pi-cluster/pihole5:/etc/pihole/"
|
|
]
|
|
}
|
|
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = false
|
|
}
|
|
} // /await-filesystem
|
|
|
|
task "pihole" {
|
|
env {
|
|
// REV_SERVER_DOMAIN = ""
|
|
ADMIN_EMAIL = "{{ my_email_address }}"
|
|
DHCP_ACTIVE = "false"
|
|
DNS_BOGUS_PRIV = "false"
|
|
DNS_FQDN_REQUIRED = "false"
|
|
DNSSEC = "false"
|
|
FTLCONF_REPLY_ADDR4 = "${attr.unique.network.ip-address}"
|
|
IPv6 = "false"
|
|
PIHOLE_DNS_ = "10.0.30.1#53"
|
|
QUERY_LOGGING = "true"
|
|
REV_SERVER = "true"
|
|
REV_SERVER_CIDR = "10.0.0.0/16"
|
|
REV_SERVER_TARGET = "10.0.30.1"
|
|
TEMPERATUREUNIT = "f"
|
|
TZ = "America/New_York"
|
|
WEBTHEME = "default-light"
|
|
WEBUIBOXEDLAYOUT = "traditional"
|
|
}
|
|
|
|
driver = "docker"
|
|
config {
|
|
image = "pihole/pihole:latest"
|
|
hostname = "${NOMAD_JOB_NAME}"
|
|
dns_servers = [
|
|
"127.0.0.1",
|
|
"1.1.1.1"
|
|
]
|
|
extra_hosts = [
|
|
"laptopVPN:10.0.90.2",
|
|
"FiddleStixPhoneVPN:10.0.90.3"
|
|
]
|
|
volumes = [
|
|
"${meta.nfsStorageRoot}/pi-cluster/pihole5:/etc/pihole/",
|
|
"${meta.nfsStorageRoot}/pi-cluster/pihole5/dnsmasq.d:/etc/dnsmasq.d/"
|
|
// "${meta.nfsStorageRoot}/pi-cluster/pihole5/logs/pihole.log:/var/log/pihole.log",
|
|
// "${meta.nfsStorageRoot}/pi-cluster/pihole5/logs/pihole-FTL.log:/var/log/pihole-FTL.log"
|
|
]
|
|
ports = ["web", "dns"]
|
|
}
|
|
|
|
resources {
|
|
cpu = 400 # MHz
|
|
memory = 80 # MB
|
|
}
|
|
|
|
service {
|
|
name = "${NOMAD_JOB_NAME}"
|
|
port = "web"
|
|
tags = [
|
|
"traefik.enable=true",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`p.{{ homelab_domain_name }}`)",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.entryPoints=web,websecure",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.service=${NOMAD_JOB_NAME}",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.tls=true",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=cloudflare",
|
|
"traefik.http.middlewares.piholeRedirect.redirectregex.regex=^(https?://p\\.{{ homelab_domain_name }})/?$",
|
|
"traefik.http.middlewares.piholeRedirect.redirectregex.replacement=$${1}/admin/",
|
|
"traefik.http.routers.${NOMAD_JOB_NAME}.middlewares=authelia@file,piholeRedirect"
|
|
]
|
|
check {
|
|
type = "http"
|
|
path = "/admin/"
|
|
port = "web"
|
|
interval = "30s"
|
|
timeout = "2s"
|
|
}
|
|
check_restart {
|
|
limit = 3
|
|
grace = "10m"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "piholeDNStcp"
|
|
port = "dns"
|
|
check {
|
|
type = "tcp"
|
|
port = "dns"
|
|
interval = "30s"
|
|
timeout = "2s"
|
|
}
|
|
check_restart {
|
|
limit = 3
|
|
grace = "60s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
|
|
}
|
|
} // group
|
|
}
|