version: '2'
services:
  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    volumes:
      - ./pihole_dnsmasq:/etc/dnsmasq.d
      - ./pihole_data:/etc/pihole
    restart: always
    environment:
      - IPv6=True
      - TZ=Europe/Berlin
      - SKIPGRAVITYONBOOT=1
      - VIRTUAL_HOST=pihole.ghoscht.com
      - FTL_CMD="no-daemon"
    ports:
      - 8420:80
      - "53:53/tcp"
      - "53:53/udp"
    cap_add:
      - NET_ADMIN
    networks:
      traefik_net:
      dns_net:
        ipv4_address: 172.28.1.6
    dns:
      - 1.1.1.1
    labels:
      - traefik.enable=true
      - traefik.http.routers.pihole.entrypoints=websecure
      - traefik.http.routers.pihole.rule=Host(`pihole.ghoscht.com`)
      - traefik.http.services.pihole.loadbalancer.server.port=80
      - traefik.docker.network=traefik-net
      - traefik.http.routers.pihole.tls=true
      - traefik.http.routers.pihole.tls.certresolver=lencrypt
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    volumes:
      - ./unbound_data:/opt/unbound/etc/unbound
    dns:
      - 1.1.1.1
    restart: always
    networks:
      traefik_net:
      dns_net:
        ipv4_address: 172.28.1.5
networks:
  traefik_net:
    name: traefik-net
    external: true
  dns_net:
    name: dns-net
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.1.0/24
          ip_range: 172.28.1.5/30
          gateway: 172.28.1.1