optorun/.env_production (pihole stack)

## .env_production (pihole stack)
# Vars projet
COMPOSE_PROJECT_NAME="PIHOLE_PRODUCTION"
DEPLOY_TO="t800" # Utilisé pour le déploiement par script
AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script
FILES_COPY_MAP="99-edns.conf,pihole_data/dnsmasq.d 98-custom-dhcp.conf,pihole_data/dnsmasq.d 97-blacklist.conf,pihole_data/dnsmasq.d" # Utilisé pour le déploiement par script

# Version des images
PIHOLE_VERSION="2022.05"
DHCPHELPER_VERSION="latest"

# Subnets
SUBNET="10.254.2.0/24"

# Expose des ports
PIHOLE_DNS_PORTS_PUBLISHED="53"

# Traefik
TRAEFIK_PIHOLE_HTTP_PORT="80"

# Vars app
PIHOLE_WEBPASSWORD="<redacted>" # Passer par ansible-vault ou https://github.com/romantomjak/env-vault
PIHOLE_FTLCONF_REPLY_ADDR4="192.168.1.8"
PIHOLE_VIRTUAL_HOST="<redacted>"
PIHOLE_ADMIN_EMAIL="<redacted>"
PIHOLE_WEBTHEME="default-dark"
PIHOLE_DNS_="1.1.1.1;8.8.8.8"
PIHOLE_DNS_FQDN_REQUIRED="true"
PIHOLE_DNSSEC="true"
PIHOLE_DHCP_ACTIVE="true"
PIHOLE_DHCP_START="192.168.1.100"
PIHOLE_DHCP_END="192.168.1.200"
PIHOLE_DHCP_ROUTER="192.168.1.1"
PIHOLE_DHCP_LEASETIME="24"
PIHOLE_PIHOLE_DOMAIN="<redacted>"
PIHOLE_IPADDR="10.254.2.5" # Nécessaire pour que le dhcp-helper puisse joindre le pihole

# Info

## .env_production (traefik stack)
# Vars projet
COMPOSE_PROJECT_NAME="TRAEFIK_PRODUCTION"
DEPLOY_TO="t800" # Utilisé pour le déploiement par script
AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script
FILES_COPY_MAP="" # Utilisé pour le déploiement par script

# Version des images
TRAEFIK_VERSION="v2.7.0"

# Subnets
SUBNET="10.254.5.0/24"

# Expose des ports
TRAEFIK_HTTP_PORTS_PUBLISHED="80"

# Vars app

# Info

## docker-compose.yml (pihole stack)
---
version: "3.8"

services:
  pihole:
    image: pihole/pihole:${PIHOLE_VERSION}
    container_name: "${COMPOSE_PROJECT_NAME}_pihole"
    hostname: "${COMPOSE_PROJECT_NAME}_pihole"
    restart: always
    depends_on:
      - dhcphelper
    environment:
      TZ: "Europe/Paris"
      WEBPASSWORD: ${PIHOLE_WEBPASSWORD}
      FTLCONF_REPLY_ADDR4: ${PIHOLE_FTLCONF_REPLY_ADDR4}
      VIRTUAL_HOST: ${PIHOLE_VIRTUAL_HOST}
      ADMIN_EMAIL: ${PIHOLE_ADMIN_EMAIL}
      WEBTHEME: ${PIHOLE_WEBTHEME}
      PIHOLE_DNS_: ${PIHOLE_DNS_}
      DNSSEC: ${PIHOLE_DNSSEC}
      DNS_FQDN_REQUIRED: ${PIHOLE_DNS_FQDN_REQUIRED}
      DHCP_ACTIVE: ${PIHOLE_DHCP_ACTIVE}
      DHCP_START: ${PIHOLE_DHCP_START}
      DHCP_END: ${PIHOLE_DHCP_END}
      DHCP_ROUTER: ${PIHOLE_DHCP_ROUTER}
      DHCP_LEASETIME: ${PIHOLE_DHCP_LEASETIME}
      PIHOLE_DOMAIN: ${PIHOLE_PIHOLE_DOMAIN}
    ports:
      - target: 53
        published: ${PIHOLE_DNS_PORTS_PUBLISHED}
        protocol: tcp
      - target: 53
        published: ${PIHOLE_DNS_PORTS_PUBLISHED}
        protocol: udp
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.piholeweb.entrypoints=web"
      - "traefik.http.routers.piholeweb.rule=PathPrefix(`/admin`)"
      - "traefik.http.services.piholeweb.loadbalancer.server.port=${TRAEFIK_PIHOLE_HTTP_PORT}"
    volumes:
      - /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/pihole:/etc/pihole:rw
      - /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/dnsmasq.d:/etc/dnsmasq.d:rw
    cap_add:
      - NET_ADMIN # Needed with DHCP enabled
    networks:
      br_pihole:
        ipv4_address: ${PIHOLE_IPADDR}
      br_TRAEFIK_PRODUCTION: {}

  dhcphelper:
    image: homeall/dhcphelper:${DHCPHELPER_VERSION}
    container_name: "${COMPOSE_PROJECT_NAME}_dhcphelper"
    restart: always
    environment:
      TZ: "Europe/Paris"
      IP: ${PIHOLE_IPADDR}
    cap_add:
      - NET_ADMIN
    network_mode: host

networks:
  br_pihole:
    name: "br_${COMPOSE_PROJECT_NAME}"
    driver: bridge
    ipam:
      config:
        - subnet: ${SUBNET}
  br_TRAEFIK_PRODUCTION:
    external: true

## docker-compose.yml (traefik stack)
---
version: "3.8"

services:
  traefik:
    image: traefik:${TRAEFIK_VERSION}
    container_name: "${COMPOSE_PROJECT_NAME}_traefik"
    command:
      - "--log.level=INFO"
      - "--api.insecure=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=br_${COMPOSE_PROJECT_NAME}"
      - "--entrypoints.web.address=:80"
      - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.0/24"
      - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.0/24"
    ports:
      - target: 80
        published: ${TRAEFIK_HTTP_PORTS_PUBLISHED}
        protocol: tcp
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - br_traefik
    restart: always

networks:
  br_traefik:
    name: "br_${COMPOSE_PROJECT_NAME}"
    driver: bridge
    ipam:
      config:
        - subnet: ${SUBNET}
	# Vars projet
	COMPOSE_PROJECT_NAME="PIHOLE_PRODUCTION"
	DEPLOY_TO="t800" # Utilisé pour le déploiement par script
	AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script
	FILES_COPY_MAP="99-edns.conf,pihole_data/dnsmasq.d 98-custom-dhcp.conf,pihole_data/dnsmasq.d 97-blacklist.conf,pihole_data/dnsmasq.d" # Utilisé pour le déploiement par script

	# Version des images
	PIHOLE_VERSION="2022.05"
	DHCPHELPER_VERSION="latest"

	# Subnets
	SUBNET="10.254.2.0/24"

	# Expose des ports
	PIHOLE_DNS_PORTS_PUBLISHED="53"

	# Traefik
	TRAEFIK_PIHOLE_HTTP_PORT="80"

	# Vars app
	PIHOLE_WEBPASSWORD="<redacted>" # Passer par ansible-vault ou https://github.com/romantomjak/env-vault
	PIHOLE_FTLCONF_REPLY_ADDR4="192.168.1.8"
	PIHOLE_VIRTUAL_HOST="<redacted>"
	PIHOLE_ADMIN_EMAIL="<redacted>"
	PIHOLE_WEBTHEME="default-dark"
	PIHOLE_DNS_="1.1.1.1;8.8.8.8"
	PIHOLE_DNS_FQDN_REQUIRED="true"
	PIHOLE_DNSSEC="true"
	PIHOLE_DHCP_ACTIVE="true"
	PIHOLE_DHCP_START="192.168.1.100"
	PIHOLE_DHCP_END="192.168.1.200"
	PIHOLE_DHCP_ROUTER="192.168.1.1"
	PIHOLE_DHCP_LEASETIME="24"
	PIHOLE_PIHOLE_DOMAIN="<redacted>"
	PIHOLE_IPADDR="10.254.2.5" # Nécessaire pour que le dhcp-helper puisse joindre le pihole

	# Info
	# Vars projet
	COMPOSE_PROJECT_NAME="TRAEFIK_PRODUCTION"
	DEPLOY_TO="t800" # Utilisé pour le déploiement par script
	AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script
	FILES_COPY_MAP="" # Utilisé pour le déploiement par script

	# Version des images
	TRAEFIK_VERSION="v2.7.0"

	# Subnets
	SUBNET="10.254.5.0/24"

	# Expose des ports
	TRAEFIK_HTTP_PORTS_PUBLISHED="80"

	# Vars app

	# Info
	---
	version: "3.8"

	services:
	pihole:
	image: pihole/pihole:${PIHOLE_VERSION}
	container_name: "${COMPOSE_PROJECT_NAME}_pihole"
	hostname: "${COMPOSE_PROJECT_NAME}_pihole"
	restart: always
	depends_on:
	- dhcphelper
	environment:
	TZ: "Europe/Paris"
	WEBPASSWORD: ${PIHOLE_WEBPASSWORD}
	FTLCONF_REPLY_ADDR4: ${PIHOLE_FTLCONF_REPLY_ADDR4}
	VIRTUAL_HOST: ${PIHOLE_VIRTUAL_HOST}
	ADMIN_EMAIL: ${PIHOLE_ADMIN_EMAIL}
	WEBTHEME: ${PIHOLE_WEBTHEME}
	PIHOLE_DNS_: ${PIHOLE_DNS_}
	DNSSEC: ${PIHOLE_DNSSEC}
	DNS_FQDN_REQUIRED: ${PIHOLE_DNS_FQDN_REQUIRED}
	DHCP_ACTIVE: ${PIHOLE_DHCP_ACTIVE}
	DHCP_START: ${PIHOLE_DHCP_START}
	DHCP_END: ${PIHOLE_DHCP_END}
	DHCP_ROUTER: ${PIHOLE_DHCP_ROUTER}
	DHCP_LEASETIME: ${PIHOLE_DHCP_LEASETIME}
	PIHOLE_DOMAIN: ${PIHOLE_PIHOLE_DOMAIN}
	ports:
	- target: 53
	published: ${PIHOLE_DNS_PORTS_PUBLISHED}
	protocol: tcp
	- target: 53
	published: ${PIHOLE_DNS_PORTS_PUBLISHED}
	protocol: udp
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.piholeweb.entrypoints=web"
	- "traefik.http.routers.piholeweb.rule=PathPrefix(`/admin`)"
	- "traefik.http.services.piholeweb.loadbalancer.server.port=${TRAEFIK_PIHOLE_HTTP_PORT}"
	volumes:
	- /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/pihole:/etc/pihole:rw
	- /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/dnsmasq.d:/etc/dnsmasq.d:rw
	cap_add:
	- NET_ADMIN # Needed with DHCP enabled
	networks:
	br_pihole:
	ipv4_address: ${PIHOLE_IPADDR}
	br_TRAEFIK_PRODUCTION: {}

	dhcphelper:
	image: homeall/dhcphelper:${DHCPHELPER_VERSION}
	container_name: "${COMPOSE_PROJECT_NAME}_dhcphelper"
	restart: always
	environment:
	TZ: "Europe/Paris"
	IP: ${PIHOLE_IPADDR}
	cap_add:
	- NET_ADMIN
	network_mode: host

	networks:
	br_pihole:
	name: "br_${COMPOSE_PROJECT_NAME}"
	driver: bridge
	ipam:
	config:
	- subnet: ${SUBNET}
	br_TRAEFIK_PRODUCTION:
	external: true
	---
	version: "3.8"

	services:
	traefik:
	image: traefik:${TRAEFIK_VERSION}
	container_name: "${COMPOSE_PROJECT_NAME}_traefik"
	command:
	- "--log.level=INFO"
	- "--api.insecure=false"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--providers.docker.network=br_${COMPOSE_PROJECT_NAME}"
	- "--entrypoints.web.address=:80"
	- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.0/24"
	- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.0/24"
	ports:
	- target: 80
	published: ${TRAEFIK_HTTP_PORTS_PUBLISHED}
	protocol: tcp
	volumes:
	- "/var/run/docker.sock:/var/run/docker.sock:ro"
	networks:
	- br_traefik
	restart: always

	networks:
	br_traefik:
	name: "br_${COMPOSE_PROJECT_NAME}"
	driver: bridge
	ipam:
	config:
	- subnet: ${SUBNET}