---
version: "3.5"
networks:
  network_pihole:
    ipam:
      driver: default
      config:
        - subnet: 172.16.3.0/24

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - '80:80'
    environment:
      - DEFAULT_HOST: "{{ pihole_hostname }}.{{ pihole_domain }}"
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.6
  pihole:
    image: pihole/pihole:latest
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      - "67:67/udp"
      - '8053:80/tcp'
    networks:
      network_pihole:
        ipv4_address: 172.16.3.2
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      # run `touch ./var-log/pihole.log` first unless you like errors
      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
      # Recommended but not required (DHCP needs NET_ADMIN)
      #   https://github.com/pi-hole/docker-pi-hole# note-on-capabilities
    cap_add:
      - NET_ADMIN
    expose:
      - 80
    environment:
      ServerIP: 10.11.1.10
      PIHOLE_DNS_: unbound# 53;{{ pihole_additional_upstream_dnsservers }}
      PROXY_LOCATION: "{{ pihole_hostname }}"
      VIRTUAL_HOST: "{{ pihole_hostname}}.{{ pihole_domain }}"
      VIRTUAL_PORT: 80
      WEBPASSWORD: "{{ pihole_password }}"
      FTLCONF_LOCAL_IPV4: "{{ pi_ip }}"
      DNSMASQ_LISTENING: all

    extra_hosts:
      # Resolve to nothing domains (terminate connection)
      - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
      # LAN hostnames for other docker containers using nginx-proxy
      - 'yourDomain.lan:192.168.41.55'
      - '{{ pihole_hostname }} {{ pihole_hostname }}.{{ pihole_domain }}:{{ pi_ip }}'
      - 'citadel.tedupnorth.com:10.10.10.10'
      - 'postgres postgres.injust.us:10.11.1.14'
      - 'proxmox proxmox.injust.us:10.11.1.5'
      - 'omv omv.injust.us:10.11.1.12'
      - 'docker-int docker-int.injust.us:10.11.1.13'
      - 'docker-ext docker-ext.injust.us:10.11.1.15'
      - 'linkwarden linkwarden.injust.us:10.11.1.15'
      - 'linkwarden.coxgrunow.ca:10.11.1.15'
      - 'wiki.mycomputer.party:10.11.1.15'
      - 'wiki.coxgrunow.ca:10.11.1.15'
      - 'paperless.injust.us:10.11.1.13'
      - 'wiki.injust.us:10.11.1.13'
      - 'testweb.injust.us:10.11.1.13'
      - 'stalwart.mycomputer.party:10.11.1.15'
      - 'linkace.mycomputer.party:10.11.1.15'
      - 'linkding.mycomputer.party:10.11.1.15'
      - 'wallabag.mycomputer.party:10.11.1.15'
      - 'test.mycomputer.party:10.11.1.15'
      - 'matrix matrix.mycomputer.party:10.11.1.16'
      - 'wiki wiki.injust.us:10.11.1.13'
      - 'git git.mycomputer.party:10.11.1.17'
      - 'gitea gitea.injust.us:10.11.1.18'
      - 'gitea.mycomputer.party:10.11.1.15'


    restart: always

  unbound:
    image: klutchell/unbound
    volumes:
      - ./unbound:/etc/unbound/unbound.conf.d
    ports:
      - '5335:53/tcp'
      - '5335:53/udp'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.3

  porkbunddns:
    image: pavlinchen/porkbun-ddns
    container_name: porkbun-ddns
    restart: always
    pull_policy: always
    environment:
      APIKey: "{{ porkbun_api_key }}"
      SecretAPIKey: "{{ porkbun_secret_api_key }}"
      Domain: "{{ porkbun_domain }}"
      Schedule: "{{ porkbun_cron_sched }}"
      TZ: "{{ porkbun_tz }}"
    networks:
      network_pihole:
        ipv4_address: 172.16.3.4

  porkbunddns2:
    image: pavlinchen/porkbun-ddns
    container_name: porkbun-ddns2
    restart: always
    pull_policy: always
    environment:
      APIKey: "{{ porkbun_api_key }}"
      SecretAPIKey: "{{ porkbun_secret_api_key }}"
      Domain: "{{ porkbun_domain2 }}"
      Schedule: "{{ porkbun_cron_sched }}"
      TZ: "{{ porkbun_tz }}"
    networks:
      network_pihole:
        ipv4_address: 172.16.3.7

  ddclient:
    image: lscr.io/linuxserver/ddclient:latest
    container_name: ddclient
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - ./ddclient/:/config
    restart: unless-stopped

  wireguard:
    depends_on:
      - pihole
    networks:
      network_pihole:
        ipv4_address: 172.16.3.5
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Canada/Eastern
      - SERVERURL=vpn.coxgrunow.ca
      - SERVERPORT=51820
      - PEERS=phone,tedupnorth  # oAdded Docker tags to Ansible playbookptional
      - PEERDNS=172.16.3.2  # optional
      - INTERNAL_SUBNET=10.11.4.0  # optional
      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2  # optional
      - SERVER_ALLOWEDIPS_PEER_tedupnorth=10.10.0.0/16
      - PERSISTENTKEEPALIVE_PEERS=all  # optional - for dynamic DNS
      - LOG_CONFS=true  # optional
    volumes:
      - ./wireguard/config:/config
      - /lib/modules:/lib/modules  # optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped