-
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
bfren edited this page Sep 15, 2023
·
5 revisions
I have long been wanting to migrate my setup to Docker, but with Pi-Hole at the heart of my network, there be dragons! The upcoming (presumably) release of Raspberry Pi OS based on Bookworm made me decide to bite the bullet.
So here we have it: a Docker Compose file that will fire up Unbound as the DNS resolver, Pi-Hole for network-level ad blocking, and WireGuard so I can enjoy the benefits of my ad blocking wherever I am in the world.
To make full use of it you need a proxy server (e.g. mine) so you can access the Pi-Hole admin interface over HTTPS.
You also need to map and open up some ports so you can access WireGuard from outside your network. The setup below uses default values but you could very easily change them to be more obscure.
# timezone to share between the containers
TIMEZONE=Europe/London
# the IP range you want the DNS containers to run in
IP_RANGE=10.5.0
# the external IP Address / domain peers will use to connect to WireGuard
WIREGUARD_EXTERNAL_ADDRESS=
# space-separate list of WireGuard peers
WIREGUARD_PEERS=
# the name of the Pi-Hole host (otherwise you get a hash)
PIHOLE_HOST=pihole
# password to secure the Pi-Hole administration site
PIHOLE_ADMIN_PASSWORD=
version: "3.8"
services:
unbound:
image: bfren/unbound
container_name: unbound
restart: unless-stopped
environment:
- TZ=${TIMEZONE}
networks:
dns:
ipv4_address: ${IP_RANGE}.2
pihole:
image: pihole/pihole
container_name: pihole
depends_on:
- unbound
restart: unless-stopped
ports:
- "0.0.0.0:53:53/tcp"
- "0.0.0.0:53:53/udp"
environment:
- TZ=${TIMEZONE}
- VIRTUAL_HOST=${PIHOLE_HOST}
- WEBPASSWORD=${PIHOLE_ADMIN_PASSWORD}
volumes:
- ./v/pihole:/etc/pihole
- ./v/dnsmasq:/etc/dnsmasq.d
networks:
dns:
ipv4_address: ${IP_RANGE}.3
proxy:
wireguard:
image: bfren/wireguard
container_name: wireguard
restart: unless-stopped
depends_on:
- pihole
cap_add:
- NET_ADMIN
ports:
- "0.0.0.0:51820:51820/udp"
environment:
- TZ=${TIMEZONE}
- WIREGUARD_EXTERNAL_ADDRESS=${WIREGUARD_EXTERNAL_ADDRESS}
- WIREGUARD_PEERS=${WIREGUARD_PEERS}
- WIREGUARD_DNS=${IP_RANGE}.3
volumes:
- ./v/wireguard:/config
networks:
dns:
ipv4_address: ${IP_RANGE}.4
networks:
dns:
name: dns
ipam:
driver: default
config:
- subnet: ${IP_RANGE}.0/16
proxy:
external: true