Created
June 19, 2022 09:30
-
-
Save optorun/f2a5fa62f57fe1a0322da52abd45ac6c to your computer and use it in GitHub Desktop.
Pihole + dhcp-helper docker stack with traefik on side (http trafic only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Vars projet | |
COMPOSE_PROJECT_NAME="PIHOLE_PRODUCTION" | |
DEPLOY_TO="t800" # Utilisé pour le déploiement par script | |
AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script | |
FILES_COPY_MAP="99-edns.conf,pihole_data/dnsmasq.d 98-custom-dhcp.conf,pihole_data/dnsmasq.d 97-blacklist.conf,pihole_data/dnsmasq.d" # Utilisé pour le déploiement par script | |
# Version des images | |
PIHOLE_VERSION="2022.05" | |
DHCPHELPER_VERSION="latest" | |
# Subnets | |
SUBNET="10.254.2.0/24" | |
# Expose des ports | |
PIHOLE_DNS_PORTS_PUBLISHED="53" | |
# Traefik | |
TRAEFIK_PIHOLE_HTTP_PORT="80" | |
# Vars app | |
PIHOLE_WEBPASSWORD="<redacted>" # Passer par ansible-vault ou https://github.com/romantomjak/env-vault | |
PIHOLE_FTLCONF_REPLY_ADDR4="192.168.1.8" | |
PIHOLE_VIRTUAL_HOST="<redacted>" | |
PIHOLE_ADMIN_EMAIL="<redacted>" | |
PIHOLE_WEBTHEME="default-dark" | |
PIHOLE_DNS_="1.1.1.1;8.8.8.8" | |
PIHOLE_DNS_FQDN_REQUIRED="true" | |
PIHOLE_DNSSEC="true" | |
PIHOLE_DHCP_ACTIVE="true" | |
PIHOLE_DHCP_START="192.168.1.100" | |
PIHOLE_DHCP_END="192.168.1.200" | |
PIHOLE_DHCP_ROUTER="192.168.1.1" | |
PIHOLE_DHCP_LEASETIME="24" | |
PIHOLE_PIHOLE_DOMAIN="<redacted>" | |
PIHOLE_IPADDR="10.254.2.5" # Nécessaire pour que le dhcp-helper puisse joindre le pihole | |
# Info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Vars projet | |
COMPOSE_PROJECT_NAME="TRAEFIK_PRODUCTION" | |
DEPLOY_TO="t800" # Utilisé pour le déploiement par script | |
AUTO_REDEPLOY_STACK="yes" # Utilisé pour le déploiement par script | |
FILES_COPY_MAP="" # Utilisé pour le déploiement par script | |
# Version des images | |
TRAEFIK_VERSION="v2.7.0" | |
# Subnets | |
SUBNET="10.254.5.0/24" | |
# Expose des ports | |
TRAEFIK_HTTP_PORTS_PUBLISHED="80" | |
# Vars app | |
# Info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "3.8" | |
services: | |
pihole: | |
image: pihole/pihole:${PIHOLE_VERSION} | |
container_name: "${COMPOSE_PROJECT_NAME}_pihole" | |
hostname: "${COMPOSE_PROJECT_NAME}_pihole" | |
restart: always | |
depends_on: | |
- dhcphelper | |
environment: | |
TZ: "Europe/Paris" | |
WEBPASSWORD: ${PIHOLE_WEBPASSWORD} | |
FTLCONF_REPLY_ADDR4: ${PIHOLE_FTLCONF_REPLY_ADDR4} | |
VIRTUAL_HOST: ${PIHOLE_VIRTUAL_HOST} | |
ADMIN_EMAIL: ${PIHOLE_ADMIN_EMAIL} | |
WEBTHEME: ${PIHOLE_WEBTHEME} | |
PIHOLE_DNS_: ${PIHOLE_DNS_} | |
DNSSEC: ${PIHOLE_DNSSEC} | |
DNS_FQDN_REQUIRED: ${PIHOLE_DNS_FQDN_REQUIRED} | |
DHCP_ACTIVE: ${PIHOLE_DHCP_ACTIVE} | |
DHCP_START: ${PIHOLE_DHCP_START} | |
DHCP_END: ${PIHOLE_DHCP_END} | |
DHCP_ROUTER: ${PIHOLE_DHCP_ROUTER} | |
DHCP_LEASETIME: ${PIHOLE_DHCP_LEASETIME} | |
PIHOLE_DOMAIN: ${PIHOLE_PIHOLE_DOMAIN} | |
ports: | |
- target: 53 | |
published: ${PIHOLE_DNS_PORTS_PUBLISHED} | |
protocol: tcp | |
- target: 53 | |
published: ${PIHOLE_DNS_PORTS_PUBLISHED} | |
protocol: udp | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.piholeweb.entrypoints=web" | |
- "traefik.http.routers.piholeweb.rule=PathPrefix(`/admin`)" | |
- "traefik.http.services.piholeweb.loadbalancer.server.port=${TRAEFIK_PIHOLE_HTTP_PORT}" | |
volumes: | |
- /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/pihole:/etc/pihole:rw | |
- /var/local/${COMPOSE_PROJECT_NAME}/data/pihole_data/dnsmasq.d:/etc/dnsmasq.d:rw | |
cap_add: | |
- NET_ADMIN # Needed with DHCP enabled | |
networks: | |
br_pihole: | |
ipv4_address: ${PIHOLE_IPADDR} | |
br_TRAEFIK_PRODUCTION: {} | |
dhcphelper: | |
image: homeall/dhcphelper:${DHCPHELPER_VERSION} | |
container_name: "${COMPOSE_PROJECT_NAME}_dhcphelper" | |
restart: always | |
environment: | |
TZ: "Europe/Paris" | |
IP: ${PIHOLE_IPADDR} | |
cap_add: | |
- NET_ADMIN | |
network_mode: host | |
networks: | |
br_pihole: | |
name: "br_${COMPOSE_PROJECT_NAME}" | |
driver: bridge | |
ipam: | |
config: | |
- subnet: ${SUBNET} | |
br_TRAEFIK_PRODUCTION: | |
external: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
version: "3.8" | |
services: | |
traefik: | |
image: traefik:${TRAEFIK_VERSION} | |
container_name: "${COMPOSE_PROJECT_NAME}_traefik" | |
command: | |
- "--log.level=INFO" | |
- "--api.insecure=false" | |
- "--providers.docker=true" | |
- "--providers.docker.exposedbydefault=false" | |
- "--providers.docker.network=br_${COMPOSE_PROJECT_NAME}" | |
- "--entrypoints.web.address=:80" | |
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.0/24" | |
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.0/24" | |
ports: | |
- target: 80 | |
published: ${TRAEFIK_HTTP_PORTS_PUBLISHED} | |
protocol: tcp | |
volumes: | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
networks: | |
- br_traefik | |
restart: always | |
networks: | |
br_traefik: | |
name: "br_${COMPOSE_PROJECT_NAME}" | |
driver: bridge | |
ipam: | |
config: | |
- subnet: ${SUBNET} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment