version: '3.2'

services:
  dnscrypt:
    container_name: dnscrypt-proxy
    image: klutchell/dnscrypt-proxy:2.0.45
    networks:
      containers:
        ipv4_address: 172.20.0.5
    # ports:
    #   - "5300:5300/udp"
    #   - "5300:5300/tcp"
    volumes:
      - ./dnscrypt-proxy/config:/config
      - ./dnscrypt-proxy/cache:/var/cache/dnscrypt-proxy
    restart: unless-stopped

  pihole:
    container_name: pihole
    image: pihole/pihole:v5.7
    hostname: 'hackertech'
    networks:
      containers:
        ipv4_address: 172.20.0.6
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    env_file: .pihole.env
    volumes:
      - ./etc-pihole/:/etc/pihole/
      - ./etc-dnsmasq.d/:/etc/dnsmasq.d/
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    depends_on:
      - dnscrypt

  wireguard:
    image: index.docker.io/rusian/wireguard:latest
    networks:
      containers:
        ipv4_address: 172.20.0.7
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    env_file: .wireguard.env
    volumes:
      - ./wireguard:/config
      - /lib/modules:/lib/modules
      - /usr/src:/usr/src
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
      - net.ipv6.conf.eth0.proxy_ndp=1
    depends_on:
      - pihole
    dns:
      - 172.20.0.6
    restart: unless-stopped

networks:
  containers:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/24