# Infrastructure Services # Core services that other services depend on # NOTE: Traefik, Authelia, DuckDNS, and Gluetun have their own compose files # See traefik.yml, authelia.yml, duckdns.yml, and gluetun.yml services: # Pi-hole - Network-wide ad blocker and DNS server # Access at: http://server-ip:8080/admin or https://pihole.yourdomain.duckdns.org pihole: image: pihole/pihole:2024.01.0 container_name: pihole restart: unless-stopped networks: - homelab-network - traefik-network ports: - "53:53/tcp" # DNS TCP - "53:53/udp" # DNS UDP - "8082:80/tcp" # Web interface (changed from 8080 to avoid conflicts) volumes: - /opt/stacks/pihole/etc-pihole:/etc/pihole - /opt/stacks/pihole/etc-dnsmasq.d:/etc/dnsmasq.d environment: - TZ=${TZ:-America/New_York} - WEBPASSWORD=${PIHOLE_PASSWORD:-changeme} - FTLCONF_LOCAL_IPV4=${SERVER_IP} dns: - 127.0.0.1 - 1.1.1.1 cap_add: - NET_ADMIN labels: - "homelab.category=infrastructure" - "homelab.description=Network-wide ad blocking and DNS" # Traefik labels - "traefik.enable=true" - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)" - "traefik.http.routers.pihole.entrypoints=websecure" - "traefik.http.routers.pihole.tls.certresolver=letsencrypt" - "traefik.http.routers.pihole.middlewares=authelia@docker" - "traefik.http.services.pihole.loadbalancer.server.port=80" ports: - "53:53/tcp" # DNS TCP - "53:53/udp" # DNS UDP - "8080:80/tcp" # Web interface volumes: - ./config/pihole/etc-pihole:/etc/pihole - ./config/pihole/etc-dnsmasq.d:/etc/dnsmasq.d environment: - TZ=${TZ:-America/New_York} - WEBPASSWORD=${PIHOLE_PASSWORD:-changeme} - FTLCONF_LOCAL_IPV4=${SERVER_IP} dns: - 127.0.0.1 - 1.1.1.1 cap_add: - NET_ADMIN labels: - "homelab.category=infrastructure" - "homelab.description=Network-wide ad blocking and DNS" # Portainer - Docker management UI # Access at: https://portainer.yourdomain.duckdns.org portainer: image: portainer/portainer-ce:2.19.4 container_name: portainer restart: unless-stopped networks: - homelab-network - traefik-network volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer-data:/data security_opt: - no-new-privileges:true labels: - "homelab.category=infrastructure" - "homelab.description=Docker container management UI" # Traefik labels - "traefik.enable=true" - "traefik.http.routers.portainer.rule=Host(`portainer.${DOMAIN}`)" - "traefik.http.routers.portainer.entrypoints=websecure" - "traefik.http.routers.portainer.tls.certresolver=letsencrypt" - "traefik.http.routers.portainer.middlewares=authelia@docker" - "traefik.http.services.portainer.loadbalancer.server.port=9000" # Watchtower - Automatic container updates # Runs silently in background, no UI watchtower: image: containrrr/watchtower:1.7.1 container_name: watchtower restart: unless-stopped networks: - homelab-network volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - WATCHTOWER_CLEANUP=true - WATCHTOWER_INCLUDE_RESTARTING=true - WATCHTOWER_SCHEDULE=0 0 4 * * * # 4 AM daily - WATCHTOWER_NOTIFICATIONS=shoutrrr - WATCHTOWER_NOTIFICATION_URL=${WATCHTOWER_NOTIFICATION_URL} labels: - "homelab.category=infrastructure" - "homelab.description=Automatic Docker container updates" volumes: portainer-data: driver: local networks: homelab-network: external: true traefik-network: external: true