docker-compose.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

version: "3"

services:
  pihole:
    image: pihole/pihole
    container_name: pihole
    hostname: pihole
    cap_add:
      - NET_ADMIN
    env_file:
      - .env
    secrets:
      - webpassword
    environment:
      - ADMIN_EMAIL=$EMAIL
      - TZ=America/Chicago
      - VIRTUAL_HOST=pihole.$DOMAIN
      - ServerIP=$SERVER_IP
      - WEBPASSWORD=/run/secrets/webpassword
      - INTERFACE=$INTERFACE
      - DNS1=172.31.1.3#5053
      - DNS2=172.31.1.3#5053
      - DNSMASQ_LISTENING=all
    volumes:
      - ./data/pihole:/etc/pihole
      - ./data/dnsmasq.d:/etc/dnsmasq.d
    networks:
      proxy:
      default:
        ipv4_address: 172.31.1.2
    dns:
      - 172.31.1.3#5053
      - $UPSTREAM_DNS
    ports:
      - 80:80/tcp
      - 53:53/tcp
      - 53:53/udp
    depends_on:
      - dhcp_helper
    restart: unless-stopped     
    labels: 
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=websecure

  unbound:
    image: klutchell/unbound
    container_name: unbound
    networks:
      default:
        ipv4_address: 172.31.1.3
    ports:
      - 5053:5053/udp
    restart: unless-stopped

  dhcp_helper:
    build: ./dhcp_helper
    container_name: dhcp_helper
    cap_add:
      - NET_ADMIN
    network_mode: "host"
    command: -s 172.31.1.2
    restart: unless-stopped

secrets:
  webpassword:
    file: ./secrets/webpassword

networks:
  proxy:
    external: true
  default:
    name: pihole
    ipam:
      config:
        - subnet: 172.31.1.0/16