version: '3.2'

services:
  dnscrypt:
    container_name: dnscrypt-proxy
    image: klutchell/dnscrypt-proxy:2.0.45
    networks:
      containers:
        ipv4_address: 172.20.0.5
    # ports:
    #   - "5300:5300/udp"
    #   - "5300:5300/tcp"
    volumes:
      - ./dnscrypt-proxy/config:/config
      - ./dnscrypt-proxy/cache:/var/cache/dnscrypt-proxy
    restart: unless-stopped

  pihole:
    container_name: pihole
    image: pihole/pihole:v5.7
    hostname: 'hackertech'
    networks:
      containers:
        ipv4_address: 172.20.0.6
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    environment:
      TZ: 'America/Lima'
      WEBPASSWORD: <YOUR-PASSWORD>
      DEFAULT_HOST: <YOUR-IP-SERVER-OR-DOMAIN>
      DNS1: "172.20.0.5#5300"
      DNS2: "no"
    volumes:
      - ./etc-pihole/:/etc/pihole/
      - ./etc-dnsmasq.d/:/etc/dnsmasq.d/
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    depends_on:
      - dnscrypt

  wireguard:
    image: linuxserver/wireguard
    networks:
      containers:
        ipv4_address: 172.20.0.7
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Lima
      - SERVERURL=<YOUR-IP-SERVER>
      - SERVERPORT=51820 #optional
      - PEERS=10 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
    volumes:
      - ./wireguard:/config
      - /lib/modules:/lib/modules
      - /usr/src:/usr/src
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
      - net.ipv6.conf.eth0.proxy_ndp=1
    depends_on:
      - pihole
    dns:
      - 172.20.0.6
    restart: unless-stopped

networks:
  containers:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/24