version: "3"

services:
  pihole:
    image: ${PH_IMAGE}
    container_name: ${PH_CONTAINER_NAME}
    restart: unless-stopped
    environment:
      - TZ="${PH_TIMEZONE}"
      - WEBPASSWORD="${PH_WEBPASSWORD}"
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-proxy
      ### Section HTTP
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
      # redirect to HTTPS only
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
      ### Section HTTPS
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
      # configure the exposed service
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
      # of course, enable TLS and it's certificate provider
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=true
      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=letsencrypt
      # specify a service so a custom port can be used
      - traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
    networks:
      - traefik-proxy
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
    volumes:
      - ./data/pihole:/etc/pihole/
      - ./data/dnsmasq.d:/etc/dnsmasq.d/

networks:
  traefik-proxy:
    external: true
    name: ${TRAEFIK_NETWORK}