connectivity

1# ==============================================================================
2# DNS Stack Docker Compose Configuration
3# ==============================================================================
4#
5# Description: Combined Docker Compose for Pi-hole + Unbound DNS stack
6# Generated by Ansible - DO NOT EDIT MANUALLY
7# Template: dns-stack-compose.yml.j2
8#
9# ==============================================================================
10
11version: '{{ docker_compose_version }}'
12
13services:
14  # ========================================================================
15  # UNBOUND DNS RESOLVER
16  # ========================================================================
17  {{ unbound_service_name }}:
18    image: {{ unbound_image }}:{{ unbound_image_tag }}
19    container_name: {{ unbound_container_name }}
20    
21    networks:
22      {{ connectivity_network_name }}:
23        ipv4_address: {{ connectivity_subnet | regex_replace('/24$', '') }}.10
24    
25    ports:
26      - "{{ unbound_port }}:{{ unbound_port }}/udp"
27      - "{{ unbound_port }}:{{ unbound_port }}/tcp"
28    
29    volumes:
30      - {{ docker_base_path }}/unbound/config:/opt/unbound/etc/unbound
31      - {{ docker_base_path }}/unbound/logs:/opt/unbound/var/log
32    
33    environment:
34      - TZ={{ pihole_timezone | default('UTC') }}
35      - PUID=1000
36      - PGID=1000
37    
38    restart: {{ default_restart_policy }}
39    
40    cap_add:
41      - NET_BIND_SERVICE
42    
43    deploy:
44      resources:
45        limits:
46          memory: 256M
47          cpus: '0.5'
48        reservations:
49          memory: 128M
50          cpus: '0.25'
51    
52    healthcheck:
53      test: ["CMD", "unbound-control", "status"]
54      interval: 30s
55      timeout: 10s
56      retries: 3
57      start_period: 40s
58    
59    logging:
60      driver: {{ log_driver }}
61      options:
62        max-size: {{ log_max_size }}
63        max-file: "{{ log_max_file }}"
64
65  # ========================================================================
66  # PI-HOLE DNS/AD-BLOCKER
67  # ========================================================================
68  {{ pihole_service_name }}:
69    image: {{ pihole_image }}:{{ pihole_image_tag }}
70    container_name: {{ pihole_container_name }}
71    
72    depends_on:
73      - {{ unbound_service_name }}
74    
75    networks:
76      {{ connectivity_network_name }}:
77        ipv4_address: {{ connectivity_subnet | regex_replace('/24$', '') }}.20
78    
79    ports:
80      - "{{ pihole_web_port }}:80/tcp"
81      - "{{ pihole_dns_port }}:53/udp"
82      - "{{ pihole_dns_port }}:53/tcp"
83      {% if pihole_dhcp_enabled %}
84      - "{{ pihole_dhcp_port }}:67/udp"
85      {% endif %}
86    
87    environment:
88      - TZ={{ connectivity_pihole_timezone }}
89      - WEBPASSWORD={{ connectivity_pihole_password }}
90      - DNS1={{ connectivity_pihole_dns_servers }}
91      - DNS2=no
92      - IPv6={{ 'True' if connectivity_pihole_ipv6_enabled else 'False' }}
93      - REV_SERVER={{ 'True' if connectivity_pihole_conditional_forwarding else 'False' }}
94      - PIHOLE_DNS_=127.0.0.1#{{ connectivity_unbound_port }}
95      - FTLCONF_LOCAL_IPV4={{ connectivity_subnet | regex_replace('/24$', '') }}.20
96      - FTLCONF_LOCAL_IPV6=
97      - VIRTUAL_HOST=pihole.local
98      - ServerIP={{ ansible_default_ipv4.address }}
99    
100    volumes:
101      - {{ docker_base_path }}/pihole/config:/etc/pihole
102      - {{ docker_base_path }}/pihole/dnsmasq.d:/etc/dnsmasq.d
103      - {{ docker_base_path }}/pihole/logs:/var/log
104    
105    restart: {{ default_restart_policy }}
106    
107    dns:
108      - 127.0.0.1
109      - 1.1.1.1
110    
111    cap_add:
112      - NET_ADMIN
113      - NET_BIND_SERVICE
114    
115    security_opt:
116      - no-new-privileges:true
117    
118    deploy:
119      resources:
120        limits:
121          memory: 512M
122          cpus: '1.0'
123        reservations:
124          memory: 256M
125          cpus: '0.5'
126    
127    healthcheck:
128      test: ["CMD", "curl", "-f", "http://localhost:80/admin/"]
129      interval: 30s
130      timeout: 10s
131      retries: 3
132      start_period: 60s
133    
134    logging:
135      driver: {{ log_driver }}
136      options:
137        max-size: {{ log_max_size }}
138        max-file: "{{ log_max_file }}"
139
140  # ========================================================================
141  # DNS STACK HEALTH MONITOR (optional)
142  # ========================================================================
143  dns-health-monitor:
144    image: alpine:latest
145    container_name: dns-health-monitor
146    
147    depends_on:
148      - {{ pihole_service_name }}
149      - {{ unbound_service_name }}
150    
151    networks:
152      {{ connectivity_network_name }}:
153    
154    volumes:
155      - {{ docker_base_path }}/scripts/dns-health-check.sh:/usr/local/bin/dns-health-check.sh
156    
157    command: >
158      sh -c "
159      echo 'DNS Stack Health Monitor started' &&
160      while true; do
161        /usr/local/bin/dns-health-check.sh &&
162        sleep 300
163      done
164      "
165    
166    restart: unless-stopped
167    
168    deploy:
169      resources:
170        limits:
171          memory: 32M
172          cpus: '0.1'
173
174networks:
175  {{ connectivity_network_name }}:
176    driver: bridge
177    ipam:
178      config:
179        - subnet: {{ connectivity_subnet }}
180
181# ==============================================================================
182# END OF DNS STACK DOCKER COMPOSE CONFIGURATION
183# ==============================================================================