dns setup

group_vars/hatecomputers-club.yml

@@ -7,3 +7,4 @@ hatecomputers_club_oauth2_token_url: >
 hatecomputers_club_oauth2_user_info_uri: >
  https://auth.hatecomputers.club/oauth2/openid/{{ hatecomputers_club_oauth2_client_id }}/userinfo
 hatecomputers_club_oauth2_redirect_uri: "https://hatecomputers.club/auth"
+hatecomputers_intra_bind_address: "{{ lookup('community.general.dig', inventory_hostname) }}"

playbooks/roles/hatecomputers-club/tasks/main.yml

@@ -16,6 +16,15 @@
     group: root
     mode: 0700
 
+- name: Allow dns from rfc1918 networks
+  loop: "{{ rfc1918_networks }}"
+  community.general.ufw:
+    port: 53
+    rule: allow
+    from: "{{ item }}"
+    state: "enabled"
+    proto: "udp"
+
 - name: Enable hatecomputers-club
   ansible.builtin.systemd_service:
     state: restarted

playbooks/roles/hatecomputers-club/templates/docker-compose.yml.j2

@@ -2,11 +2,12 @@
 version: '3'
 
 services:
-  kanidm:
+  server:
     image: git.hatecomputers.club/hatecomputers/hatecomputers.club:latest
     restart: always
     ports:
       - 127.0.0.1:9696:8080
+      - {{ hatecomputers_intra_bind_address }}:53:8053/udp
     environment:
       - CLOUDFLARE_TOKEN={{ cloudflare_api_token }}
       - CLOUDFLARE_ZONE={{ cloudflare_zone_id }}
@@ -16,6 +17,6 @@ services:
       - OAUTH_CLIENT_ID={{ hatecomputers_club_oauth2_client_id }}
       - OAUTH_CLIENT_SECRET={{ hatecomputers_club_oauth2_client_secret }}
       - OAUTH_REDIRECT_URI={{ hatecomputers_club_oauth2_redirect_uri }}
-      - OAUTH_USER_INFO_URI={{  hatecomputers_club_oauth2_user_info_uri }} 
+      - OAUTH_USER_INFO_URI={{ hatecomputers_club_oauth2_user_info_uri }} 
     volumes:
       - ./db:/app/db