networks:
  dns_net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/24

services:

  dnscrypt-proxy:
    image: klutchell/dnscrypt-proxy:latest
    container_name: dnscrypt-proxy
    restart: unless-stopped
    networks:
      dns_net:
        ipv4_address: 172.20.0.3
    volumes:
      - ./dnscrypt/dnscrypt-proxy.toml:/config/dnscrypt-proxy.toml:ro
      - ./dnscrypt/cache:/config
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:8053"]
      interval: 10s
      timeout: 5s
      retries: 5

  unbound:
    build: ./unbound
    container_name: unbound
    restart: unless-stopped
    networks:
      dns_net:
        ipv4_address: 172.20.0.2
    volumes:
      - ./unbound/unbound.conf:/etc/unbound/unbound.conf:ro
      - ./unbound/root.hints:/etc/unbound/root.hints:ro

  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    restart: unless-stopped
    networks:
      dns_net:
        ipv4_address: 172.20.0.4
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Asia/Kolkata'
      FTLCONF_webserver_api_password: 'changeme'
      FTLCONF_dns_listeningMode: 'all'
      FTLCONF_dns_upstreams: '172.20.0.2#5335'
    volumes:
      - ./etc-pihole:/etc/pihole
    cap_add:
      - NET_ADMIN