Introduce unbound for caching dns and move pihole to macvlan. Use "lan" as local domain name.

development/docker-compose.yaml

@@ -39,7 +39,7 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.gitea-web.entrypoints=web"
-      - "traefik.http.routers.gitea-web.rule=Host(`gitea.localhost`) || Host(`gitea.local`)"
+      - "traefik.http.routers.gitea-web.rule=Host(`gitea.lan`)"
       - "traefik.http.services.gitea-web.loadbalancer.server.port=3000"
 
   nginx-kimai:
@@ -49,7 +49,7 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.kimai.entrypoints=web"
-      - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)"
+      - "traefik.http.routers.kimai.rule=Host(`kimai.lan`)"
       - "traefik.http.services.kimai.loadbalancer.server.port=80"
     depends_on:
       - kimai
@@ -68,7 +68,7 @@ services:
       - ADMINMAIL=christiansteinle@arcor.de
       - ADMINPASS=ZovJdPamHwSNCGTcOPDb
       - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai
-      - TRUSTED_HOSTS=kimai.localhost
+      - TRUSTED_HOSTS=kimai.lan
     networks:
       - internal
     volumes:

development/kimai.conf

@@ -1,7 +1,7 @@
 server {
     listen 80;
     index index.php;
-    server_name kimai.localhost;
+    server_name kimai.lan;
     root /opt/kimai/public;
 
     # cache static asset files

docker-compose.yaml

@@ -37,23 +37,18 @@ services:
       - --providers.docker.swarmMode=false
       - --entryPoints.web.address=:80
       - --entryPoints.websecure.address=:443
-      - --entryPoints.dns.address=:53/tcp
-      - --entryPoints.dns-udp.address=:53/udp
       - --log=true
       - --log.level=DEBUG
       - --accessLog=true
     ports:
       - "80:80"
       - "443:443"
-      - "53:53/tcp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved
-      - "53:53/udp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved
-      - "67:67/udp" # need to route dhcp requests to pihole
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik.entrypoints=web"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`) || Host(`traefik.local`)"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.lan`)"
       - "traefik.http.services.traefik.loadbalancer.server.port=8080"
     networks:
       - proxy
@@ -70,7 +65,7 @@ services:
       - proxy
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.portainer.rule=Host(`portainer.localhost`) || Host(`portainer.local`)"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.lan`)"
       - "traefik.http.routers.portainer.entrypoints=web"
       - "traefik.http.routers.portainer.service=portainer"
       - "traefik.http.services.portainer.loadbalancer.server.port=9000"

networking/docker-compose.yaml

@@ -22,52 +22,58 @@ networks:
     external: true
   internal:
     external: true
+  home:
+    external: false
+    driver: macvlan
+    driver_opts:
+      parent: enp2s0
+    ipam:
+      config:
+        - subnet: 192.168.178.0/24
+          gateway: 192.168.178.1
+          ip_range: 192.168.178.2/30 # .2 and .3
+    name: home
 
 
-services: # check `nslookup google.de` for example and adjust /etc/resolv.conf nameserver to 127.0.0.1
+services:
   pihole:
     image: pihole/pihole
     cap_add:
       - NET_ADMIN
     container_name: pihole
     environment:
+      ServerIP: 192.168.178.2
       TZ: "Europe/Berlin"
       WEBPASSWORD: "lmaa,dw."
+      PIHOLE_DNS_: 192.168.178.3;192.168.178.3
+      VIRTUAL_HOST: pihole.lan
+    hostname: pihole
+    mac_address: d0:ca:ab:cd:ef:01
     networks:
-      - proxy
+      home:
+        ipv4_address: 192.168.178.2
+    ports:
+      - "80:80"
+      - "443:443"
+      - "53:53/tcp"
+      - "53:53/udp"
     restart: unless-stopped
     volumes:
       - pihole:/etc/pihole/
       - dnsmasq:/etc/dnsmasq.d/
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.entrypoints=web"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`) || Host(`pihole.local`)"
-      - "traefik.http.services.pihole.loadbalancer.server.port=80"
 
-      # Normal DNS coming in on 53 TCP, no TLS
-      - "traefik.tcp.routers.dns.rule=HostSNI(`pihole.localhost`)"
-      - "traefik.tcp.routers.dns.entrypoints=dns"
-      - "traefik.tcp.routers.dns.service=pihole"
 
-      # recieves traffic from both the TLS and non-TLS traefik routers
+  unbound:
-      - "traefik.tcp.services.pihole.loadbalancer.server.port=53"
+    image: mvance/unbound
-
+    container_name: unbound
-      # Normal DNS coming in on 53 UDP
+    hostname: unbound
-      - "traefik.udp.routers.dns-udp.entrypoints=dns-udp"
+    networks:
-      - "traefik.udp.routers.dns-udp.service=pihole"
+      home:
-      - "traefik.udp.services.pihole.loadbalancer.server.port=53"
+        ipv4_address: 192.168.178.3
-
+    ports:
-#  unbound:
+      - "53:53/tcp"
-#    image: mvance/unbound
+      - "53:53/udp"
-#    container_name: unbound
+    restart: always
-#    networks:
-#      - internal
-#      - proxy
-#    ports:
-#      - "5753:53/tcp"
-#      - "5753:53/udp"
-#    restart: always
 
 
 #  smokeping:
@@ -86,7 +92,7 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.routers.smokeping.entrypoints=web"
-#      - "traefik.http.routers.smokeping.rule=Host(`smokeping.localhost`) || Host(`smokeping.local`)"
+#      - "traefik.http.routers.smokeping.rule=Host(`smokeping.lan`)"
 #      - "traefik.http.services.smokeping.loadbalancer.server.port=80"
 #
 #  netdata:
@@ -109,5 +115,5 @@ services: # check `nslookup google.de` for example and adjust /etc/resolv.conf n
 #    labels:
 #      - "traefik.enable=true"
 #      - "traefik.http.routers.netdata.entrypoints=web"
-#      - "traefik.http.routers.netdata.rule=Host(`netdata.localhost`) || Host(`netdata.local`)"
+#      - "traefik.http.routers.netdata.rule=Host(`netdata.lan`)"
 #      - "traefik.http.services.netdata.loadbalancer.server.port=19999"

nextcloud/docker-compose.yaml

@@ -34,7 +34,7 @@ services:
       - REDIS_HOST_PASSWORD:${REDIS_PW}
       - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER}
       - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW}
-      - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost
+      - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.lan
       - VIRTUAL_HOST:nextcloud
     depends_on:
       - psql14
@@ -47,7 +47,7 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.nextcloud.entrypoints=web"
-      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)"
+      - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.lan`)"
       - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
     depends_on:
       - nextcloud

nextcloud/nextcloud.conf

@@ -5,7 +5,7 @@ upstream php-handler {
 server {
     listen 80;
     listen [::]:80;
-    server_name nextcloud.localhost cs-nextcloud.ddnss.de;
+    server_name nextcloud.lan cs-nextcloud.ddnss.de;
 
 
     # set max upload size and increase upload timeout:

readme.md

@@ -33,6 +33,8 @@ https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/do
 - pihole
 - unbound
 - wireguard
+- smokeping: Not used at the moment
+- netdata
 
 ### Nextcloud
 
@@ -43,6 +45,10 @@ https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/do
 
 - vaultwarden
 
+### VPN
+
+- wireguard
+
 ### Wiki
 
 - bookstack

security/docker-compose.yaml

@@ -20,7 +20,7 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.vaultwarden.entrypoints=web"
-      - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`) || Host(`vault.local`)"
+      - "traefik.http.routers.vaultwarden.rule=Host(`vault.lan`)"
       - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
     networks:
       - internal

wiki/docker-compose.yaml

@@ -22,7 +22,7 @@ services:
     environment:
       - PUID=1000
       - GUID=1000
-      - APP_URL=http://bookstack.localhost
+      - APP_URL=http://bookstack.lan
       - DB_HOST=mysql8
       - DB_USER=bookstack
       - DB_PASS=sdfl39302klsdjf
@@ -33,5 +33,5 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bookstack.entrypoints=web"
-      - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`) || Host(`bookstack.local`)"
+      - "traefik.http.routers.bookstack.rule=Host(`bookstack.lan`)"
       - "traefik.http.services.bookstack.loadbalancer.server.port=80"