version: "3"
services:
  dns-server:
    container_name: technitium-dns
    hostname: technitium-dns
    image: technitium/dns-server:latest
    ports:
      - "5380:5380/tcp" # Web Console
      - "53:53/udp"     # DNS
      - "53:53/tcp"     # DNS
      - "853:853/tcp"   # DNS-over-TLS
      - "8443:443/tcp"  # DNS-over-HTTPS
      # Uncomment if using DHCP
      # - "67:67/udp"
    environment:
      - DNS_SERVER_DOMAIN=dns-server
      # - DNS_SERVER_ADMIN_PASSWORD=password # Set via UI on first login
    volumes:
      - ./config:/etc/dns/config
      # Mount AdGuard certs for migration/usage
      # Path in container: /etc/dns/certs
      - adguard_certs:/etc/dns/certs:ro
    restart: unless-stopped
    sysctls:
      - net.ipv4.ip_local_port_range=1024 65000
    networks:
      - traefik-public
    labels:
      - "traefik.enable=true"
      # Web Console
      - "traefik.http.routers.technitium.rule=Host(`dns.sterl.xyz`)"
      - "traefik.http.routers.technitium.entrypoints=websecure"
      - "traefik.http.routers.technitium.tls.certresolver=cfresolver"
      - "traefik.http.services.technitium.loadbalancer.server.port=5380"
      - "docktail.enable=true"
      - "docktail.name=technitium"
      - "docktail.container_port=5380"

networks:
  traefik-public:
    external: true

volumes:
  adguard_certs:
    external: true
    # Volume created by docker run
    name: adguard_certs