version: '3'

networks:
  dns_net:
    driver: bridge
    ipam:
        config:
        - subnet: 172.23.0.0/16
  proxy:
    external: true

services:
  gluetun:
    image: qmcgaw/gluetun
    networks:
      dns_net:
        ipv4_address: 172.23.0.9
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 6881:6881
      - 6881:6881/udp
    volumes:
      - /home/ubuntu/docker/gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      # OpenVPN:
      # - OPENVPN_USER=
      # - OPENVPN_PASSWORD=
      # Wireguard:
      - WIREGUARD_PRIVATE_KEY=<YOUR_PRIVATE_KEY> # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/nordvpn.md#obtain-your-wireguard-private-key
      - WIREGUARD_ADDRESSES=10.5.0.2/32
      # Timezone for accurate log times
      - TZ=Europe/London
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
  pihole:
    container_name: pihole
    hostname: pihole
    image: pihole/pihole:latest
    networks:
      dns_net:
        ipv4_address: 172.23.0.7
      proxy:
    ports:
    - "53:53/tcp"
    - "53:53/udp"
    - "85:80/tcp"
    #- "443:443/tcp"
    environment:
    - TZ: 'Europe/London'
    - WEBPASSWORD: 'password'
    - PIHOLE_DNS_: '172.23.0.8#5053'
    volumes:
    - '/home/ubuntu/docker/pihole/etc-pihole/:/etc/pihole/'
    - '/home/ubuntu/docker/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.pihole.entrypoints=http"
      - "traefik.http.routers.pihole.rule=Host(`pihole.yourdomain.com`)"
      - "traefik.http.middlewares.pihole-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.pihole.middlewares=pihole-https-redirect"
      - "traefik.http.routers.pihole-secure.entrypoints=https"
      - "traefik.http.routers.pihole-secure.rule=Host(`pihole.yourdomain.com`)"
      - "traefik.http.routers.pihole-secure.tls=true"
      - "traefik.http.routers.pihole-secure.service=pihole"
      - "traefik.http.services.pihole.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
  unbound:
    container_name: unbound
    image: mvance/unbound:latest
    networks:
      dns_net:
        ipv4_address: 172.23.0.8
        network_mode: "service:gluetun"
    volumes:
    - /home/ubuntu/docker/unbound:/opt/unbound/etc/unbound
    ports:
    - "5053:53/tcp"
    - "5053:53/udp"
    restart: unless-stopped