version: "3"

services:
  pihole:
    image: pihole/pihole
    container_name: pihole
    hostname: pihole
    cap_add:
      - NET_ADMIN
    env_file:
      - .env
    secrets:
      - webpassword
    environment:
      - ADMIN_EMAIL=$EMAIL
      - TZ=America/Chicago
      - VIRTUAL_HOST=pihole.$DOMAIN
      - ServerIP=$SERVER_IP
      - WEBPASSWORD=/run/secrets/webpassword
      - INTERFACE=$INTERFACE
      - DNS1=172.31.1.3#5053
      - DNS2=172.31.1.3#5053
      - DNSMASQ_LISTENING=all
    volumes:
      - ${PROJ_DIR}/data/pihole:/etc/pihole
      - ${PROJ_DIR}/data/dnsmasq.d:/etc/dnsmasq.d
    networks:
      default:
        ipv4_address: 172.31.1.2
    dns:
      - 172.31.1.3#5053
      - $UPSTREAM_DNS
    ports:
      - 80:80/tcp
      - 53:53/tcp
      - 53:53/udp
    depends_on:
      - dhcp_helper
    restart: unless-stopped     
    labels: 
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=websecure

  unbound:
    image: klutchell/unbound:1.13.2
    container_name: unbound
    networks:
      default:
        ipv4_address: 172.31.1.3
    ports:
      - 5053:5053/udp
      - 5053:5053/tcp
    volumes:
      - ${PROJ_DIR}/data/unbound:/etc/unbound
    restart: unless-stopped

  dhcp_helper:
    build: ${PROJ_DIR}/dhcp_helper
    container_name: dhcp_helper
    cap_add:
      - NET_ADMIN
    network_mode: "host"
    command: -s 172.31.1.2
    restart: unless-stopped

secrets:
  webpassword:
    file: ${PROJ_DIR}/secrets/webpassword

networks:
  default:
    name: pihole
    ipam:
      config:
        - subnet: 172.31.1.0/16