vpn/docker-compose.yml at master · StefanoGuerrini/vpn · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
version: "3"

services:

  pihole:
    container_name: pihole
    image: pihole/pihole:v5.8
    environment:
      TZ: 'Italy/Rome'
      WEBPASSWORD: '' # security first!
      DNSSEC: 'true'
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    ports:
      - $PRIVATE_IP:53:53/tcp
      - $PRIVATE_IP:53:53/udp
      - $PRIVATE_IP:67:67/udp
      - $PRIVATE_IP:80:80/tcp
    dns:
      - 1.1.1.1
      - 1.0.0.1
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

  wireguard:
    container_name: wireguard
    image: ghcr.io/linuxserver/wireguard:latest
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Rome
      - SERVERURL=$PUBLIC_IP
      - SERVERPORT=443
      - PEERS=$VPN_PEERS
      - PEERDNS=$PRIVATE_IP #private ip (pihole is dns)
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS=$VPN_PEERS
    volumes:
      - ./wireguard/config:/config
      - ./wireguard/lib/modules:/lib/modules
    ports:
      - 443:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

  dnscrypt:
    image: jedisct1/dnscrypt-server
    container_name: dnscrypt
    command: "init -A -N my.dsn.com -E '$PRIVATE_IP:5554' -M '0.0.0.0:9100'"
    volumes:
      - /etc/dnscrypt/keys:/opt/encrypted-dns/etc/keys
      - /lib/modules:/lib/modules
    ports:
      - $PRIVATE_IP:5554:5554/udp
      - $PRIVATE_IP:5554:5554/tcp
      - $PRIVATE_IP:9100:9100/tcp
    restart: unless-stopped