-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
101 lines (95 loc) · 2.46 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
version: "3"
services:
cloudflared:
container_name: cloudflared
restart: unless-stopped
# Cloudflared doesn't have an armvf image, so we build from source
build: https://github.com/cloudflare/cloudflared.git
command: proxy-dns
environment:
# Replace with your Cloudflare Gateway domain or a public DNS over HTTPS server
TUNNEL_DNS_UPSTREAM: "https://XXX.cloudflare-gateway.com/dns-query"
TUNNEL_DNS_BOOTSTRAP: "https://1.1.1.2/dns-query"
TUNNEL_DNS_ADDRESS: "0.0.0.0"
TUNNEL_DNS_PORT: "53"
# I'm pretty sure cloudflared doesn't use the bootstrap server, so we define it here too
dns:
- 1.1.1.2
- 1.1.0.2
networks:
net:
ipv4_address: 10.0.0.2
healthcheck:
test: ["CMD", "cloudflared", "version"]
pihole:
container_name: pihole
restart: unless-stopped
image: pihole/pihole
secrets:
- pihole_web_password
environment:
# Replace with your desired configuration
TZ: America/New_York
DNSSEC: "true"
DNS_BOGUS_PRIV: "true"
DNS_FQDN_REQUIRED: "true"
TEMPERATUREUNIT: f
PIHOLE_DNS_: "10.0.0.2"
WEBPASSWORD_FILE: /run/secrets/pihole_web_password
REV_SERVER: "true"
REV_SERVER_TARGET: "192.168.1.1"
REV_SERVER_CIDR: "192.168.0.0/16"
VIRTUAL_HOST: dns.example.com
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
networks:
net:
ipv4_address: 10.0.0.3
dns:
- "10.0.0.2"
depends_on:
- cloudflared
healthcheck:
test: ["CMD", "dig", "+norecurse", "+retry=0", "@127.0.0.1", "pi.hole"]
caddy:
build:
context: .
dockerfile: caddy.Dockerfile
container_name: caddy
restart: unless-stopped
ports:
- "80:80" # For HTTP -> HTTPS redirects
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
env_file:
- .caddy.env
dns:
- 1.0.0.3
healthcheck:
test: ["CMD", "caddy", "version"]
depends_on:
- pihole
- cloudflared
networks:
net: {}
volumes:
caddy_data:
external: true
caddy_config:
networks:
net:
driver: bridge
ipam:
config:
- subnet: 10.0.0.0/29
# PiHole Web password lives in a .pihole_web_password to keep it out of the config
secrets:
pihole_web_password:
file: .pihole_web_password