pihole: add Pi-hole + Unbound stack

services/pihole/config/dnsmasq.d/local.conf

@@ -0,0 +1,5 @@
+# Lokale Domain nicht upstream weiterleiten
+local=/home.dnlm.de/
+
+# Wildcard: *.dama.casa → dell01 (Traefik), umgeht Cloudflare lokal
+address=/.dama.casa/192.168.188.211

services/pihole/docker-compose.yaml

@@ -0,0 +1,46 @@
+services:
+  unbound:
+    image: mvance/unbound:latest
+    container_name: unbound
+    restart: unless-stopped
+    networks:
+      - dns
+
+  pihole:
+    image: pihole/pihole:latest
+    container_name: pihole
+    restart: unless-stopped
+    depends_on:
+      - unbound
+    ports:
+      - "192.168.188.211:53:53/tcp"
+      - "192.168.188.211:53:53/udp"
+    environment:
+      TZ: Europe/Berlin
+      WEBPASSWORD: ${PIHOLE_PASSWORD}
+      FTLCONF_LOCAL_IPV4: "192.168.188.211"
+      FTLCONF_dns_upstreams: "unbound#53"
+      FTLCONF_dns_hosts: >-
+        192.168.188.130 home.dnlm.de,
+        192.168.188.130 dm-nas02.fritz.box,
+        192.168.188.118 octopi.fritz.box
+    volumes:
+      - ./data/etc-pihole:/etc/pihole
+      - ./config/dnsmasq.d:/etc/dnsmasq.d
+    networks:
+      - proxy
+      - dns
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.pihole.rule=Host(`pihole.${DOMAIN}`)"
+      - "traefik.http.routers.pihole.entrypoints=websecure"
+      - "traefik.http.routers.pihole.tls=true"
+      - "traefik.http.routers.pihole.tls.certresolver=cloudflare"
+      - "traefik.http.services.pihole.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxy"
+
+networks:
+  proxy:
+    external: true
+  dns:
+    internal: true