wgeasy-pihole-unbound/docker-compose.yml

version: "3.7"

services:
  wgeasy:
    container_name: wgeasy
    hostname: wgeasy
    image: ghcr.io/wg-easy/wg-easy:13
    env_file: .env
    restart: unless-stopped
    environment:
      TZ: Europe/Copenhagen
      WG_HOST: ${PUBLIC_IP}
      PASSWORD: ${WGEASY_PASS}
      WG_DEFAULT_DNS: 10.8.1.3
      WG_DEFAULT_ADDRESS: 10.8.0.x
    volumes:
      - ./config/wgeasy:/etc/wireguard
    ports:
      - 51820:51820/udp
      - 51821:51821/tcp
    cap_add:
      - NET_ADMIN
      #- SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      wgeasy:
        ipv4_address: 10.8.1.5

  pihole-unbound:
    container_name: pihole-unbound
    hostname: pihole
    domainname: pihole.local
    image: docker.io/rlabinc/pihole-unbound:2024.07.0-1.20.0
    env_file: .env
    restart: unless-stopped
    environment:
      TZ: Europe/Copenhagen
      FTLCONF_LOCAL_IPV4: ${FTLCONF_LOCAL_IPV4}
      WEBPASSWORD: ${PIHOLE_PASS}
      WEBTHEME: default-dark
      REV_SERVER: "true"
      REV_SERVER_TARGET: ${REV_SERVER_TARGET}
      REV_SERVER_DOMAIN: ${REV_SERVER_DOMAIN}
      REV_SERVER_CIDR: ${REV_SERVER_CIDR}
      PIHOLE_DNS_: 127.0.0.1#5335
      DNSSEC: "true"
      DNSMASQ_LISTENING: "all"
    volumes:
      - ./config/pihole/etc_pihole-unbound:/etc/pihole:rw
      - ./config/pihole/etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
    ports:
      - 444:443/tcp
      - 53:53/tcp
      - 53:53/udp
      - 8080:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
      - 5335:5335/tcp # Uncomment to enable unbound access on local server
    networks:
      wgeasy:
        ipv4_address: 10.8.1.3

networks:
  wgeasy:
    ipam:
      config:
        - subnet: 10.8.1.0/24