services:
  pihole:
    image: pihole/pihole:latest
    ports:
      - "53:53/udp"
      - "53:53/tcp"
    volumes:
      - {{ pihole_base }}/volumes/pihole:/etc/pihole
      - {{ pihole_base }}/volumes/dnsmasq:/etc/dnsmasq.d
    environment:
      - DEPLOYMENT_TIME={{ deployment_time }}
      - TZ={{ timezone }}
      - FTLCONF_webserver_api_password={{ pihole_webpwd }}
      - FTLCONF_dns_upstreams={{ upstream_dns_servers | join(';') }}
    networks:
      - proxy
{% if not homelab_build %}
    healthcheck:
      test: ["CMD-SHELL", "dig loadbalancer.{{ domain }} @127.0.0.1 | grep -q {{ loadbalancer_ip }}"]
      retries: 3
      timeout: 5s
      start_period: 8s
{% endif %}
    deploy:
      mode: replicated
      update_config:
        parallelism: 1
        order: start-first
        failure_action: rollback
        monitor: 10s
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.swarm.network=proxy
        - traefik.http.routers.piholeweb.tls=true
        - traefik.http.routers.piholeweb.tls.certResolver=letsencrypt
        - traefik.http.routers.piholeweb.rule=Host(`{{ pihole_domain }}`)
        - traefik.http.routers.piholeweb.entrypoints=websecure
        - traefik.http.services.piholeweb.loadbalancer.server.port=80

networks:
  proxy:
    external: true