version: '3.8'

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8053:80"  # Web UI on 8053 to avoid conflict with Jellyfin on 8096
    environment:
      TZ: 'America/Chicago'
      WEBPASSWORD: ${WEBPASSWORD}
      # DNS settings
      PIHOLE_DNS_: '8.8.8.8;8.8.4.4'  # Google DNS as upstream (match primary)
      # Performance settings
      DNSSEC: 'true'
      FTLCONF_dns_listeningMode: 'all'  # Listen on all interfaces (Pi-hole v6+)
      FTLCONF_webserver_port: '8053'  # Web UI on port 8053 to avoid port 80 conflict
      DNSMASQ_LISTENING: 'all'  # Fallback for older versions
      # Privacy settings
      QUERY_LOGGING: 'true'
      INSTALL_WEB_SERVER: 'true'
      INSTALL_WEB_INTERFACE: 'true'
    volumes:
      - './config:/etc/pihole'
      - './dnsmasq:/etc/dnsmasq.d'
    restart: unless-stopped
    network_mode: host  # Required for proper DNS resolution
    cap_add:
      - NET_ADMIN  # Required for DHCP functionality (optional)
    dns:
      - 127.0.0.1  # Use itself for DNS after startup
      - 8.8.8.8    # Fallback during startup

networks:
  default:
    driver: bridge