Refactor: Reorganize services into standalone structure

services/standalone/Pihole/pihole_adguard/docker-compose.yml

@@ -0,0 +1,47 @@
+# =============================================================================
+# DNS Chain: Router(:53) → AdGuard(:53,DOH,DOT) → Pi-hole(:5353) → Unbound(:5335)
+# =============================================================================
+# NOTE: For HAOS, use the run_command file instead - compose doesn't work there
+# NOTE: Post-install: Configure AdGuard upstream to <host-ip>:5053
+# NOTE: Pi-hole handles blocking/caching, AdGuard handles DOH/DOT encryption
+# =============================================================================
+
+services:
+  pihole:
+    image: pihole/pihole:latest
+    container_name: pihole
+    network_mode: host
+    environment:
+      TZ: "America/Chicago"
+      WEBPASSWORD: "YOURPASSWORD"
+      FTLCONF_webserver_enabled: "true"
+      FTLCONF_webserver_port: "7300"
+      WEB_BIND_ADDR: "0.0.0.0"
+      FTLCONF_dns_port: "5053"
+      # DNS1/DNS2 are deprecated in Pi-hole v6+, use FTLCONF_dns_upstreams
+      FTLCONF_dns_upstreams: "127.0.0.1#5335"
+    volumes:
+      - pihole_etc:/etc/pihole:rw
+      - pihole_dnsmasq:/etc/dnsmasq.d:rw
+    restart: unless-stopped
+
+  adguardhome:
+    image: adguard/adguardhome:latest
+    container_name: adguardhome
+    network_mode: host
+    environment:
+      TZ: "America/Chicago"
+    volumes:
+      - adguard_conf:/opt/adguardhome/conf:rw
+      - adguard_work:/opt/adguardhome/work:rw
+      - adguard_certs:/opt/adguardhome/conf/certs:ro
+    restart: unless-stopped
+    depends_on:
+      - pihole
+
+volumes:
+  pihole_etc:
+  pihole_dnsmasq:
+  adguard_conf:
+  adguard_work:
+  adguard_certs:

services/standalone/Pihole/pihole_adguard/run_command

@@ -1,3 +1,15 @@
+# =============================================================================
+# DNS Chain: Router(:53) → AdGuard(:53,DOH,DOT) → Pi-hole(:5353) → Unbound(:5335)
+# =============================================================================
+# BE9300 router points to this host on port 53
+# AdGuard handles DOH(443), DOT(853), and standard DNS(53)
+# Pi-hole runs on port 5353 to avoid conflict with AdGuard
+# Unbound provides recursive DNS on 5335 (installed locally)
+# =============================================================================
+
+# Step 1: Start Pi-hole on port 5053 (5353 is used by mDNS/Avahi, 53 is AdGuard)
+# Configure upstream to Unbound on 127.0.0.1#5335
+# NOTE: DNS1/DNS2 are deprecated in Pi-hole v6+, use FTLCONF_dns_upstreams instead
 docker run -d \
     --name pihole \
     --network host \
@@ -6,18 +18,24 @@ docker run -d \
     -e FTLCONF_webserver_enabled=true \
     -e FTLCONF_webserver_port=7300 \
     -e WEB_BIND_ADDR=0.0.0.0 \
-    -e DNS1=127.0.0.1#5335 \
-    -e DNS2=0.0.0.0 \
+    -e FTLCONF_dns_port=5053 \
+    -e FTLCONF_dns_upstreams=127.0.0.1#5335 \
     -v pihole_etc:/etc/pihole:rw \
     -v pihole_dnsmasq:/etc/dnsmasq.d:rw \
     --restart=unless-stopped \
     pihole/pihole:latest
 
+# Step 2: Start AdGuard Home on port 53 (what router sees)
+# After first run, access http://<host-ip>:3000 to configure:
+#   - Upstream DNS: 127.0.0.1:5353 (Pi-hole)
+#   - DNS listen: 0.0.0.0:53
+#   - Enable DOH (port 443) and DOT (port 853)
 docker run -d \
     --name adguardhome \
     --network host \
     -e TZ=America/Chicago \
     -v adguard_conf:/opt/adguardhome/conf:rw \
     -v adguard_work:/opt/adguardhome/work:rw \
+    -v adguard_certs:/opt/adguardhome/conf/certs:ro \
     --restart=unless-stopped \
     adguard/adguardhome:latest