From d02b15e7a2d281c2384eef0cb10526db3b554684 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Sun, 14 Jan 2024 00:43:21 +0000
Subject: [PATCH] vpn

---
 Unbound/docker-compose-vpn.yaml | 90 +++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 Unbound/docker-compose-vpn.yaml

diff --git a/Unbound/docker-compose-vpn.yaml b/Unbound/docker-compose-vpn.yaml
new file mode 100644
index 0000000..21ec2ab
--- /dev/null
+++ b/Unbound/docker-compose-vpn.yaml
@@ -0,0 +1,90 @@
+version: '3'
+
+networks:
+  dns_net:
+    driver: bridge
+    ipam:
+        config:
+        - subnet: 172.23.0.0/16
+  proxy:
+    external: true
+
+services:
+  gluetun:
+    image: qmcgaw/gluetun
+    networks:
+      dns_net:
+        ipv4_address: 172.23.0.9
+    container_name: gluetun
+    # line above must be uncommented to allow external containers to connect.
+    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    ports:
+      - 6881:6881
+      - 6881:6881/udp
+    volumes:
+      - /home/ubuntu/docker/gluetun:/gluetun
+    environment:
+      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
+      - VPN_SERVICE_PROVIDER=nordvpn
+      - VPN_TYPE=wireguard
+      # OpenVPN:
+      # - OPENVPN_USER=
+      # - OPENVPN_PASSWORD=
+      # Wireguard:
+      - WIREGUARD_PRIVATE_KEY=<YOUR_PRIVATE_KEY> # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/nordvpn.md#obtain-your-wireguard-private-key
+      - WIREGUARD_ADDRESSES=10.5.0.2/32
+      # Timezone for accurate log times
+      - TZ=Europe/London
+      # Server list updater
+      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
+      - UPDATER_PERIOD=24h
+  pihole:
+    container_name: pihole
+    hostname: pihole
+    image: pihole/pihole:latest
+    networks:
+      dns_net:
+        ipv4_address: 172.23.0.7
+      proxy:
+    ports:
+    - "53:53/tcp"
+    - "53:53/udp"
+    - "85:80/tcp"
+    #- "443:443/tcp"
+    environment:
+    - TZ: 'Europe/London'
+    - WEBPASSWORD: 'password'
+    - PIHOLE_DNS_: '172.23.0.8#5053'
+    volumes:
+    - '/home/ubuntu/docker/pihole/etc-pihole/:/etc/pihole/'
+    - '/home/ubuntu/docker/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pihole.entrypoints=http"
+      - "traefik.http.routers.pihole.rule=Host(`pihole.yourdomain.com`)"
+      - "traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.pihole.middlewares=pihole-https-redirect"
+      - "traefik.http.routers.pihole-secure.entrypoints=https"
+      - "traefik.http.routers.pihole-secure.rule=Host(`pihole.yourdomain.com`)"
+      - "traefik.http.routers.pihole-secure.tls=true"
+      - "traefik.http.routers.pihole-secure.service=pihole"
+      - "traefik.http.services.pihole.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxy"
+  unbound:
+    container_name: unbound
+    image: mvance/unbound:latest
+    networks:
+      dns_net:
+        ipv4_address: 172.23.0.8
+        network_mode: "service:gluetun"
+    volumes:
+    - /home/ubuntu/docker/unbound:/opt/unbound/etc/unbound
+    ports:
+    - "5053:53/tcp"
+    - "5053:53/udp"
+    restart: unless-stopped
\ No newline at end of file