Move pihole from infrastructure to core stack

Changes: - docker-compose/core/docker-compose.yml: Added pihole service with full Traefik configuration - docker-compose/infrastructure/docker-compose.yml: Removed pihole service - docker-compose/dockge/docker-compose.yml.template: Deleted (no longer needed) Pihole is now part of core infrastructure alongside Traefik, Authelia, and DuckDNS. This ensures DNS services are always available on the core server.
2026-02-08 15:11:52 -05:00
parent 043e1cb64a
commit 9e71d202cb
3 changed files with 52 additions and 114 deletions
--- a/docker-compose/core/docker-compose.yml
+++ b/docker-compose/core/docker-compose.yml
@@ -90,6 +90,56 @@ services:
      - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
      - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'

+  pihole:
+    image: pihole/pihole:2024.01.0
+    deploy:
+      resources:
+        limits:
+          cpus: '0.25'
+          memory: 128M
+          pids: 256
+        reservations:
+          cpus: '0.10'
+          memory: 64M
+    container_name: pihole
+    restart: unless-stopped
+    networks:
+      - homelab-network
+      - traefik-network
+    ports:
+      - '53:53/tcp'    # DNS TCP
+      - '53:53/udp'    # DNS UDP
+    volumes:
+      - ./pihole/etc-pihole:/etc/pihole
+      - ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d
+    environment:
+      - TZ=America/New_York
+      - WEBPASSWORD=${PIHOLE_PASSWORD}
+      - FTLCONF_LOCAL_IPV4=192.168.4.4
+    dns:
+      - 127.0.0.1
+      - 1.1.1.1
+    cap_add:
+      - NET_ADMIN
+    labels:
+      # TRAEFIK CONFIGURATION
+      # ==========================================
+      # Service metadata
+      - 'homelab.category=infrastructure'
+      - 'homelab.description=Network-wide ad blocking and DNS'
+      # Traefik reverse proxy (comment/uncomment to disable/enable)
+      # IMPORTANT: On REMOTE SERVERS (where Traefik runs elsewhere):
+      #   - COMMENT OUT all traefik.* labels below (don't delete them)
+      #   - Routes are configured via external YAML files on the core server
+      #   - This prevents conflicts between Docker labels and file provider
+      - 'traefik.enable=true'
+      - 'traefik.docker.network=traefik-network'
+      - 'traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)'
+      - 'traefik.http.routers.pihole.entrypoints=websecure'
+      - 'traefik.http.routers.pihole.tls.certresolver=letsencrypt'
+      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
+      - 'traefik.http.services.pihole.loadbalancer.server.port=80'
+
 networks:
  traefik-network:
    external: true
@@ -100,3 +150,5 @@ x-dockge:
    - http://${SERVER_IP}:9091
    - https://traefik.${DOMAIN}
    - http://${SERVER_IP}:8080
+    - https://pihole.${DOMAIN}
+    - http://${SERVER_IP}:53
--- a/docker-compose/dockge/docker-compose.yml.template
+++ b/docker-compose/dockge/docker-compose.yml.template
@@ -1,63 +0,0 @@
-# Dockge Stack
-# Docker Compose Stack Manager
-# Place in /opt/dockge/docker-compose.yml
-
-# RESTART POLICY GUIDE:
-# - unless-stopped: Core infrastructure services that should always run
-# - no: Services with Sablier lazy loading (start on-demand)
-# - See individual service comments for specific reasoning
-
-# Service Access URLs:
-# - Dockge: https://dockge.${DOMAIN}
-
-services:
-  # Dockge - Docker Compose Stack Manager (PRIMARY - preferred over Portainer)
-  # Access at: https://dockge.${DOMAIN}
-  # Stack management interface should always run for container management
-  dockge:
-    image: louislam/dockge:1
-    deploy:
-      resources:
-        limits:
-          cpus: '0.50'
-          memory: 256M
-          pids: 512
-        reservations:
-          cpus: '0.25'
-          memory: 128M
-    container_name: dockge
-    restart: unless-stopped
-    networks:
-      - homelab-network
-      - traefik-network
-    ports:
-      - "5001:5001"  # Optional: direct access
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /opt/stacks:/opt/stacks  # Dockge manages stacks in this directory
-      - ./data:/app/data
-      - /usr/bin/docker:/usr/bin/docker:ro  # Mount docker binary for CLI access
-    environment:
-      - DOCKGE_STACKS_DIR=/opt/stacks
-      - DOCKGE_ENABLE_CONSOLE=true
-    labels:
-      # TRAEFIK CONFIGURATION
-      # ==========================================
-      # Service metadata
-      - "homelab.category=infrastructure"
-      - "homelab.description=Docker Compose stack manager (PRIMARY)"
-      # Traefik reverse proxy (comment/uncomment to disable/enable)
-      # If Traefik is on a remote server: these labels are NOT USED; 
-      #   configure external yml files in /traefik/dynamic folder instead.
-      - "traefik.enable=true"
-      - "traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)"
-      - "traefik.http.routers.dockge.entrypoints=websecure"
-      - "traefik.http.routers.dockge.tls.certresolver=letsencrypt"
-      - "traefik.http.routers.dockge.middlewares=authelia@docker"
-      - "traefik.http.services.dockge.loadbalancer.server.port=5001"
-
-networks:
-  homelab-network:
-    external: true
-  traefik-network:
-    external: true
--- a/docker-compose/infrastructure/docker-compose.yml
+++ b/docker-compose/infrastructure/docker-compose.yml
@@ -36,57 +36,6 @@ services:
      - homelab.category=infrastructure
      - homelab.description=Docker socket proxy for security

-  # Pi-hole - Network-wide ad blocker and DNS server
-  # DNS service must always run for network-wide ad blocking
-  pihole:
-    image: pihole/pihole:2024.01.0
-    deploy:
-      resources:
-        limits:
-          cpus: '0.25'
-          memory: 128M
-          pids: 256
-        reservations:
-          cpus: '0.10'
-          memory: 64M
-    container_name: pihole
-    restart: unless-stopped
-    networks:
-      - homelab-network
-      - traefik-network
-    ports:
-      - '53:53/tcp'    # DNS TCP
-      - '53:53/udp'    # DNS UDP
-    volumes:
-      - ./pihole/etc-pihole:/etc/pihole
-      - ./pihole/etc-dnsmasq.d:/etc/dnsmasq.d
-    environment:
-      - TZ=America/New_York
-      - WEBPASSWORD=${PIHOLE_PASSWORD}
-      - FTLCONF_LOCAL_IPV4=192.168.4.4
-    dns:
-      - 127.0.0.1
-      - 1.1.1.1
-    cap_add:
-      - NET_ADMIN
-    labels:
-      # TRAEFIK CONFIGURATION
-      # ==========================================
-      # Service metadata
-      - 'homelab.category=infrastructure'
-      - 'homelab.description=Network-wide ad blocking and DNS'
-      # Traefik reverse proxy (comment/uncomment to disable/enable)
-      # IMPORTANT: On REMOTE SERVERS (where Traefik runs elsewhere):
-      #   - COMMENT OUT all traefik.* labels below (don't delete them)
-      #   - Routes are configured via external YAML files on the core server
-      #   - This prevents conflicts between Docker labels and file provider
-      - 'traefik.enable=true'
-      - 'traefik.docker.network=traefik-network'
-      - 'traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)'
-      - 'traefik.http.routers.pihole.entrypoints=websecure'
-      - 'traefik.http.routers.pihole.tls.certresolver=letsencrypt'
-      - 'traefik.http.routers.pihole.middlewares=authelia@docker'
-      - 'traefik.http.services.pihole.loadbalancer.server.port=80'

  # Watchtower - Automatic container updates
  watchtower: