shoarma/ansible/roles/pihole/docker-stack.yml.j2

# vi: ft=yaml
version: "3.8"

networks:
  traefik:
    external: true
  pihole:

volumes:
  data:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.30.10,nolock,soft,rw"
      device: ":/mnt/data/pihole/data"
  dnsmasq:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.30.10,nolock,soft,rw"
      device: ":/mnt/data/pihole/dnsmasq"

services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    network_mode: "host"
    environment:
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: {{ pihole_password }}
      PIHOLE_DNS_: '192.168.30.1'
    volumes:
      - type: volume
        source: data
        target: /etc/pihole
        volume:
          nocopy: true
      - type: volume
        source: dnsmasq
        target: /etc/dnsmasq.d
        volume:
          nocopy: true
    networks:
      - traefik
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.pihole.entrypoints=localsecure
        - traefik.http.routers.pihole.rule=Host(`pihole.kun.is`)
        - traefik.http.routers.pihole.tls=true
        - traefik.http.routers.pihole.tls.certresolver=letsencrypt
        - traefik.http.routers.pihole.service=pihole
        - traefik.http.services.pihole.loadbalancer.server.port=80
        - traefik.docker.network=traefik
      placement:
        constraints:
          - node.role == manager