negeric/.env

## .env
TZ="America/New_York"
WEBPASSWORD="SuperSecretPassword"
DNS1="172.22.2.12#5300"
BIND_IP_PIHOLE="172.22.2.53"
BIND_IP_DNSCRYPT="172.22.2.12"
WEB_HOST="pi.domain.local"
WEB_PORT="80"
DNSMASQ_LISTENING="all"

## .env-dnscrypt
TZ="America/New_York"
BIND_IP_DNSCRYPT="172.22.1.12"

## docker-compose.yaml
version: "3.7"
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      #- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      #- "80:80/tcp"
    expose:
      - "80/tcp"
    env_file:
      - ${PWD}/.env
    volumes:
      - ${PWD}/etc-pihole:/etc/pihole
    cap_add: []
      #- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    labels: # Only use if running behind Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.dns.entrypoints=web,web-secure"
      - "traefik.http.routers.dns.rule=Host(`${WEB_HOST}`)"
      - "traefik.http.routers.dns.tls=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.dns.tls.certresolver=letsencrypt"
      - "traefik.http.services.dns.loadbalancer.server.port=${WEB_PORT}"
    restart: unless-stopped
    depends_on:
     - dnscrypt
    networks:
      traefik:
      dnscrypt:
        ipv4_address: ${BIND_IP_PIHOLE}

  dnscrypt:
    container_name: dnscrypt-proxy
    image: klutchell/dnscrypt-proxy:latest
    networks:
      dnscrypt:
        ipv4_address: ${BIND_IP_DNSCRYPT}
    expose:
      - "5300/udp"
      - "5300/tcp"
    ports:
      - "5300:5300/udp"
      - "5300:5300/tcp"
    env_file:
      - ${PWD}/.env-dnscrypt
    volumes:
      - './etc-dnscrypt-proxy:/config'
    dns:
      - 1.1.1.1
      - 1.0.0.1
    restart: unless-stopped

networks:
  traefik:
    name: traefik
    external: true
  dnscrypt:
    driver: bridge
    external: true
    ipam:
      config:
        - subnet: 172.22.2.0/24
	TZ="America/New_York"
	WEBPASSWORD="SuperSecretPassword"
	DNS1="172.22.2.12#5300"
	BIND_IP_PIHOLE="172.22.2.53"
	BIND_IP_DNSCRYPT="172.22.2.12"
	WEB_HOST="pi.domain.local"
	WEB_PORT="80"
	DNSMASQ_LISTENING="all"
	version: "3.7"
	services:
	pihole:
	container_name: pihole
	image: pihole/pihole:latest
	ports:
	- "53:53/tcp"
	- "53:53/udp"
	#- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
	#- "80:80/tcp"
	expose:
	- "80/tcp"
	env_file:
	- ${PWD}/.env
	volumes:
	- ${PWD}/etc-pihole:/etc/pihole
	cap_add: []
	#- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
	labels: # Only use if running behind Traefik
	- "traefik.enable=true"
	- "traefik.http.routers.dns.entrypoints=web,web-secure"
	- "traefik.http.routers.dns.rule=Host(`${WEB_HOST}`)"
	- "traefik.http.routers.dns.tls=true"
	- "traefik.docker.network=traefik"
	- "traefik.http.routers.dns.tls.certresolver=letsencrypt"
	- "traefik.http.services.dns.loadbalancer.server.port=${WEB_PORT}"
	restart: unless-stopped
	depends_on:
	- dnscrypt
	networks:
	traefik:
	dnscrypt:
	ipv4_address: ${BIND_IP_PIHOLE}

	dnscrypt:
	container_name: dnscrypt-proxy
	image: klutchell/dnscrypt-proxy:latest
	networks:
	dnscrypt:
	ipv4_address: ${BIND_IP_DNSCRYPT}
	expose:
	- "5300/udp"
	- "5300/tcp"
	ports:
	- "5300:5300/udp"
	- "5300:5300/tcp"
	env_file:
	- ${PWD}/.env-dnscrypt
	volumes:
	- './etc-dnscrypt-proxy:/config'
	dns:
	- 1.1.1.1
	- 1.0.0.1
	restart: unless-stopped

	networks:
	traefik:
	name: traefik
	external: true
	dnscrypt:
	driver: bridge
	external: true
	ipam:
	config:
	- subnet: 172.22.2.0/24