connectivity

1# ==============================================================================
2# Pi-hole Docker Compose Configuration
3# ==============================================================================
4#
5# Description: Docker Compose configuration for Pi-hole DNS/ad-blocker
6# Generated by Ansible - DO NOT EDIT MANUALLY
7# Template: pihole-compose.yml.j2
8#
9# ==============================================================================
10
11version: '{{ docker_compose_version }}'
12
13services:
14  {{ pihole_service_name }}:
15    image: {{ pihole_image }}:{{ pihole_image_tag }}
16    container_name: {{ pihole_container_name }}
17    
18    # Network configuration
19    networks:
20      {{ connectivity_network_name }}:
21        ipv4_address: {{ connectivity_subnet | regex_replace('/24$', '') }}.20
22    
23    # Port mapping - critical for DNS functionality
24    ports:
25      - "{{ pihole_web_port }}:80/tcp"           # Web interface
26      - "{{ pihole_dns_port }}:53/udp"           # DNS (UDP)
27      - "{{ pihole_dns_port }}:53/tcp"           # DNS (TCP)
28      {% if pihole_dhcp_enabled %}
29      - "{{ pihole_dhcp_port }}:67/udp"          # DHCP server
30      {% endif %}
31    
32    # Environment variables
33    environment:
34      - TZ={{ pihole_timezone }}
35      - WEBPASSWORD={{ pihole_password }}
36      - DNS1={{ pihole_dns_servers }}
37      - DNS2=no
38      - IPv6={{ 'True' if pihole_ipv6_enabled else 'False' }}
39      - REV_SERVER={{ 'True' if pihole_conditional_forwarding else 'False' }}
40      - PIHOLE_DNS_=127.0.0.1#{{ unbound_port }}
41      - FTLCONF_LOCAL_IPV4={{ connectivity_subnet | regex_replace('/24$', '') }}.20
42      - FTLCONF_LOCAL_IPV6=
43      - VIRTUAL_HOST=pihole.local
44      - ServerIP={{ ansible_default_ipv4.address }}
45    
46    # Volume mounts for persistent data
47    volumes:
48      - {{ docker_base_path }}/pihole/config:/etc/pihole
49      - {{ docker_base_path }}/pihole/dnsmasq.d:/etc/dnsmasq.d
50      - {{ docker_base_path }}/pihole/logs:/var/log
51    
52    # Restart policy
53    restart: {{ default_restart_policy }}
54    
55    # DNS configuration
56    dns:
57      - 127.0.0.1
58      - 1.1.1.1
59    
60    # Capabilities for low-port binding
61    cap_add:
62      - NET_ADMIN
63      - NET_BIND_SERVICE
64    
65    # Security options
66    security_opt:
67      - no-new-privileges:true
68    
69    # Resource limits
70    deploy:
71      resources:
72        limits:
73          memory: 512M
74          cpus: '1.0'
75        reservations:
76          memory: 256M
77          cpus: '0.5'
78    
79    # Health check
80    healthcheck:
81      test: ["CMD", "curl", "-f", "http://localhost:80/admin/"]
82      interval: 30s
83      timeout: 10s
84      retries: 3
85      start_period: 60s
86    
87    # Logging configuration
88    logging:
89      driver: {{ log_driver }}
90      options:
91        max-size: {{ log_max_size }}
92        max-file: "{{ log_max_file }}"
93    
94    # Labels for monitoring and management
95    labels:
96      - "com.centurylinklabs.watchtower.enable=true"
97      - "traefik.enable=false"
98
99networks:
100  {{ connectivity_network_name }}:
101    driver: bridge
102    ipam:
103      config:
104        - subnet: {{ connectivity_subnet }}
105
106# ==============================================================================
107# END OF PI-HOLE DOCKER COMPOSE CONFIGURATION
108# ==============================================================================