# vi: ft=yaml
version: "3"

networks:
  traefik:
    external: true
  pihole:

services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    network_mode: "host"
    environment:
      TZ: 'Europe/Amsterdam'
      WEBPASSWORD: {{ pihole_password }}
      PIHOLE_DNS_: '192.168.30.1'
    volumes:
      - type: bind
        source: /mnt/data/pihole/data
        target: /etc/pihole
      - type: bind
        source: /mnt/data/pihole/dnsmasq
        target: /etc/dnsmasq.d
    networks:
      - traefik
    deploy:
      placement:
        constraints:
          - "node.labels.pihole == true"
      labels:
        - traefik.enable=true
        - traefik.http.routers.pihole.entrypoints=localsecure
        - traefik.http.routers.pihole.rule=Host(`pihole.pim.kunis.nl`)
        - traefik.http.routers.pihole.tls=true
        - traefik.http.routers.pihole.tls.certresolver=letsencrypt
        - traefik.http.routers.pihole.service=pihole
        - traefik.http.services.pihole.loadbalancer.server.port=80
        - traefik.docker.network=traefik