diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml
index 8bdef52..7e98154 100644
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@@ -10,6 +10,10 @@ nfs_shares:
     path: /mnt/data/freshrss/data
   - name: freshrss_extensions
     path: /mnt/data/freshrss/extensions
+  - name: pihole_data
+    path: /mnt/data/pihole/data
+  - name: pihole_dnsmasq
+    path: /mnt/data/pihole/dnsmasq
 
 database_passwords:
   nextcloud: !vault |
diff --git a/ansible/roles/pihole/docker-stack.yml.j2 b/ansible/roles/pihole/docker-stack.yml.j2
index 637eb78..b9f82fc 100644
--- a/ansible/roles/pihole/docker-stack.yml.j2
+++ b/ansible/roles/pihole/docker-stack.yml.j2
@@ -1,11 +1,23 @@
 # vi: ft=yaml
-version: "3"
+version: "3.8"
 
 networks:
   traefik:
     external: true
   pihole:
 
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/pihole/data"
+  dnsmasq:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/pihole/dnsmasq"
+
 services:
   pihole:
     image: pihole/pihole:latest
@@ -18,18 +30,19 @@ services:
       WEBPASSWORD: {{ pihole_password }}
       PIHOLE_DNS_: '192.168.30.1'
     volumes:
-      - type: bind
-        source: /mnt/data/pihole/data
+      - type: volume
+        source: data
         target: /etc/pihole
-      - type: bind
-        source: /mnt/data/pihole/dnsmasq
+        volume:
+          nocopy: true
+      - type: volume
+        source: dnsmasq
         target: /etc/dnsmasq.d
+        volume:
+          nocopy: true
     networks:
       - traefik
     deploy:
-      placement:
-        constraints:
-          - "node.labels.pihole == true"
       labels:
         - traefik.enable=true
         - traefik.http.routers.pihole.entrypoints=localsecure