# This is the Docker Compose stack I'm currently using. Private details are redacted (x) # You won't be able to deploy the stack, it's purpose is solely for comparing your setup with mine # The stack consists of the following services: # - Pi-hole # - Unbound # - Redis # - Redis socket host services: pihole: container_name: pihole image: pihole/pihole:latest hostname: pihole domainname: domain.private mac_address: x:x:x:x:x:x depends_on: unbound: condition: service_healthy cap_add: - NET_BIND_SERVICE networks: docker: ipv4_address: x.x.x.x docker-bridge: ipv4_address: x.x.x.x ports: - 53:53/tcp - 53:53/udp environment: TZ: "Europe/Berlin" FTLCONF_webserver_api_password: '' #Set your password FTLCONF_dns_upstreams: 'x.x.x.x#5335;' #Your unbound ipv4 address FTLCONF_dns_revServers: 'true,x.x.x.x/x,x.x.x.x#53,domain.private' #Conditional forwarding, comma separated FTLCONF_webserver_port: '443s' #SSL on port 443 volumes: - /etc/localtime:/etc/localtime:ro - ./pihole/etc/dnsmasq.d/:/etc/dnsmasq.d/:rw - ./pihole/etc/lighttpd/pihole.pem:/etc/lighttpd/pihole.pem:ro - ./pihole/etc/lighttpd/pihole.key:/etc/lighttpd/pihole.key:ro - ./pihole/etc/lighttpd/root_ca.pem:/etc/lighttpd/root_ca.pem:ro - ./pihole/etc/lighttpd/external.conf:/etc/lighttpd/conf-enabled/external.conf:rw - ./pihole/etc/pihole/:/etc/pihole/:rw - ./pihole/etc/hosts.list:/etc/hosts:rw - ./pihole/etc/resolv.conf:/etc/resolv.conf:rw - ./pihole/etc/hostname:/etc/hostname:rw restart: always unbound: container_name: unbound image: madnuttah/unbound:latest mac_address: x:x:x:x:x:x hostname: unbound domainname: domain.private networks: docker: ipv4_address: x.x.x.x environment: TZ: "Europe/Berlin" UNBOUND_UID: 1000 UNBOUND_GID: 1000 HEALTHCHECK_PORT: 5335 EXTENDED_HEALTHCHECK: true EXTENDED_HEALTHCHECK_DOMAIN: "nlnetlabs.nl" ENABLE_STATS: true volumes: - /etc/localtime:/etc/localtime:ro - ./unbound/usr/local/unbound/sbin/healthcheck.sh:/usr/local/unbound/sbin/healthcheck.sh:ro - ./unbound/unbound.conf:/usr/local/unbound/unbound.conf:rw - ./unbound/conf.d/:/usr/local/unbound/conf.d/:rw - ./unbound/log.d/unbound.log:/usr/local/unbound/log.d/unbound.log:rw - ./unbound/log.d/unbound-stats.log:/usr/local/unbound/log.d/unbound-stats.log:rw - ./unbound/zones.d/:/usr/local/unbound/zones.d/:rw - cachedb.d:/usr/local/unbound/cachedb.d/ restart: always depends_on: unbound-db: condition: service_healthy healthcheck: test: /usr/local/unbound/sbin/healthcheck.sh interval: 60s retries: 3 start_period: 5s timeout: 15s unbound-db-socket: image: busybox container_name: unbound-db-socket init: true tty: true command: /bin/sh -c "chown -R 999:1000 /usr/local/unbound/cachedb.d/" volumes: - cachedb.d:/usr/local/unbound/cachedb.d/ networks: - docker-bridge unbound-db: container_name: unbound-db image: redis:alpine mac_address: x:x:x:x:x:x hostname: unbound-db domainname: domain.private command: redis-server /usr/local/etc/redis/redis.conf volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./unbound-db/data:/data/ - ./unbound-db/redis.conf:/usr/local/etc/redis/redis.conf - ./unbound-db/sysctl.conf:/etc/sysctl.conf - ./unbound-db/healthcheck.sh:/usr/local/sbin/healthcheck.sh:ro - cachedb.d:/usr/local/unbound/cachedb.d/ healthcheck: test: /usr/local/sbin/healthcheck.sh interval: 10s retries: 3 start_period: 5s timeout: 15s depends_on: - unbound-db-socket networks: - docker-bridge networks: docker: driver: macvlan driver_opts: parent: eth0 ipam: config: - subnet: x.x.x.x/x gateway: x.x.x.x ip_range: x.x.x.x/x docker-bridge: driver: bridge ipam: config: - subnet: x.x.x.x/x volumes: cachedb.d: