version: "3.5"

# https://github.com/pi-hole/docker-pi-hole/blob/master/README.md

networks:
  network_pihole:
    ipam:
      driver: default
      config:
        - subnet: 172.16.3.0/24

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - '80:80'
    environment:
      DEFAULT_HOST: {{ pihole_hostname }}.{{ pihole_domain }}
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.6


  pihole:
    image: pihole/pihole:latest
    ports:
      - '53:53/tcp'
      - '53:53/udp'
      - "67:67/udp"
      - '8053:80/tcp'
    networks:
      network_pihole:
        ipv4_address: 172.16.3.2
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
      # run `touch ./var-log/pihole.log` first unless you like errors
      # - './var-log/pihole.log:/var/log/pihole/pihole.log'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    expose:
      - 80
    environment:
      ServerIP: 10.11.1.10
      PIHOLE_DNS_: unbound#53;{{ pihole_additional_upstream_dnsservers }}
      PROXY_LOCATION: {{ pihole_hostname }}
      VIRTUAL_HOST: {{ pihole_hostname}}.{{ pihole_domain }}
      VIRTUAL_PORT: 80
      WEBPASSWORD: {{ pihole_password }}
      FTLCONF_LOCAL_IPV4: {{ pi_ip }}
      DNSMASQ_LISTENING: all

    extra_hosts:
      # Resolve to nothing domains (terminate connection)
      - 'nw2master.bioware.com nwn2.master.gamespy.com:0.0.0.0'
      # LAN hostnames for other docker containers using nginx-proxy
      - 'yourDomain.lan:192.168.41.55'
      - '{{ pihole_hostname }} {{ pihole_hostname }}.{{ pihole_domain }}:{{ pi_ip }}'
      - 'citadel.tedupnorth.com:10.10.10.10'
    restart: always

  unbound:
    image: klutchell/unbound
    volumes:
      - ./unbound:/etc/unbound/unbound.conf.d
    ports:
      - '5335:53/tcp'
      - '5335:53/udp'
    restart: always
    networks:
      network_pihole:
        ipv4_address: 172.16.3.3

  porkbunddns:
      image: pavlinchen/porkbun-ddns
      container_name: porkbun-ddns
      restart: always
      pull_policy: always
      environment:
          APIKey: {{ porkbun_api_key }}
          SecretAPIKey: {{ porkbun_secret_api_key }}
          Domain: {{ porkbun_domain }}
          Schedule: "{{ porkbun_cron_sched }}"
          TZ: {{ porkbun_tz }}
      networks:
        network_pihole:
          ipv4_address: 172.16.3.4

  wireguard:
    depends_on: 
      - pihole
    networks:
      network_pihole:
        ipv4_address: 172.16.3.5
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Canada/Eastern
      - SERVERURL=justus.mycomputer.party
      - SERVERPORT=51820
      - PEERS=1 #optional
      - PEERDNS=172.16.3.2 #optional
      - INTERNAL_SUBNET=10.11.4.0 #optional
      - ALLOWEDIPS=10.11.1.0/24,172.16.3.2 #optional
      - PERSISTENTKEEPALIVE_PEERS=all #optional - for dynamic DNS
      - LOG_CONFS=true #optional
    volumes:
      - ./wireguard/config:/config
      - /lib/modules:/lib/modules #optional
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

#   Another container you might want to have running through the proxy
#   Note it also have ENV Vars like pihole and a host under pihole's extra_hosts
#  ghost:
#    image: fractalf/ghost
#    ports:
#      - '2368:2368/tcp'
#    volumes:
#      - '/etc/ghost:/ghost-override'
#    environment:
#      PROXY_LOCATION: ghost
#      VIRTUAL_HOST: ghost.yourDomain.lan
#      VIRTUAL_PORT: 2368
#    restart: always