docker-compose.yml

version: "3.8"

services:
  wg-easy:
    environment:
      - WG_HOST=CHANGE_ME_TO_YOUR_PUBLIC_IP_ADDRESS
      - PASSWORD=CHANGE_ME
      - WG_DEFAULT_DNS=10.8.1.3
    image: weejewel/wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - 51820:51820/udp
      - 51821:51821/tcp
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      wg-easy:
        ipv4_address: 10.8.1.2

  pihole:
    container_name: pihole
    image: cbcrowe/pihole-unbound:latest
    ports:
      - 443:443/tcp
      - 53:53/tcp
      - 53:53/udp
      - 80:80/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
      # - 5335:5335/tcp # Uncomment to enable unbound access on local server
      # - 22/tcp # Uncomment to enable SSH
    environment:
      - FTLCONF_LOCAL_IPV4=10.8.1.3
      - TZ=CHANGE_ME
      - WEBPASSWORD=CHANGE_ME
      - REV_SERVER=false
      - REV_SERVER_DOMAIN=local
      - REV_SERVER_TARGET=192.168.1.1
      - REV_SERVER_CIDR=192.168.0.0/16
      - HOSTNAME=pihole
      - DOMAIN_NAME=pihole.local
      - PIHOLE_WEBPORT=80
      - WEBTHEME=default-light
      - PIHOLE_DNS_=127.0.0.1#5335
      - DNSSEC="true"
      - DNSMASQ_LISTENING=single
    volumes:
      - etc_pihole-unbound:/etc/pihole:rw
      - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
      - /root/adlists.list:/etc/pihole/adlists.list:rw
    restart: unless-stopped
    networks:
      wg-easy:
        ipv4_address: 10.8.1.3

volumes:
  etc_pihole-unbound:
  etc_pihole_dnsmasq-unbound:

networks:
  wg-easy:
    ipam:
      config:
        - subnet: 10.8.1.0/24