# =============================================================================
# DNS Chain: Router(:53) → AdGuard(:53,DOH,DOT) → Pi-hole(:5353) → Unbound(:5335)
# =============================================================================
# NOTE: For HAOS, use the run_command file instead - compose doesn't work there
# NOTE: Post-install: Configure AdGuard upstream to <host-ip>:5053
# NOTE: Pi-hole handles blocking/caching, AdGuard handles DOH/DOT encryption
# =============================================================================

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    network_mode: host
    environment:
      TZ: "America/Chicago"
      WEBPASSWORD: "YOURPASSWORD"
      FTLCONF_webserver_enabled: "true"
      FTLCONF_webserver_port: "7300"
      WEB_BIND_ADDR: "0.0.0.0"
      FTLCONF_dns_port: "5053"
      # DNS1/DNS2 are deprecated in Pi-hole v6+, use FTLCONF_dns_upstreams
      FTLCONF_dns_upstreams: "127.0.0.1#5335"
    volumes:
      - pihole_etc:/etc/pihole:rw
      - pihole_dnsmasq:/etc/dnsmasq.d:rw
    restart: unless-stopped

  adguardhome:
    image: adguard/adguardhome:latest
    container_name: adguardhome
    network_mode: host
    environment:
      TZ: "America/Chicago"
    volumes:
      - adguard_conf:/opt/adguardhome/conf:rw
      - adguard_work:/opt/adguardhome/work:rw
      - adguard_certs:/opt/adguardhome/conf/certs:ro
    restart: unless-stopped
    depends_on:
      - pihole

volumes:
  pihole_etc:
  pihole_dnsmasq:
  adguard_conf:
  adguard_work:
  adguard_certs: