- Shell 100%
|
|
||
|---|---|---|
| checkmate-capture | ||
| dns | ||
| docker-management | ||
| emulated-roku | ||
| glances | ||
| ser2net | ||
| sispmctl | ||
| speedtest | ||
| vpn | ||
| docker-compose.yml.backup | ||
| Enable-host-to-container-networking.sh | ||
| macvlan_bridge.sh | ||
| manage-services.sh | ||
| README.md | ||
RPi3_DNS Docker Stack
Docker Compose configurations for Raspberry Pi 3 running DNS, monitoring, VPN, and device services.
Docker Compose Stack Structure
The monolithic docker-compose.yml has been split into separate compose files organized by service category.
Directory Structure
Each subdirectory contains a docker-compose.yml file. Services without explicit dependencies are separated into individual directories:
DNS Services
- dns/ - DNS services with dependency (unbound, pihole)
unbound- Recursive DNS resolverpihole- Network-wide ad blocking (depends on unbound)
Docker Management
- docker-management/ - Docker management tools (socket-proxy, tugtainer)
Monitoring & Management
- glances/ - System monitoring and performance analysis
- checkmate-capture/ - System metrics capture
- speedtest/ - Internet speed testing (OpenSpeedTest)
VPN
- vpn/ - WireGuard VPN server
Hardware Devices
- sispmctl/ - SiS-PM control web interface
- ser2net/ - Serial to network bridge
Home Assistant
- emulated-roku/ - Roku device emulator
Network Configuration
All services use a custom bridge network appnet with subnet 172.25.0.0/16. Static IP addresses are assigned to critical services:
172.25.2.52- Unbound DNS172.25.2.53- Pi-hole172.25.2.3- Watchtower172.25.2.4- Docker Socket Proxy172.25.2.5- Glances172.25.2.6- OpenSpeedTest
Usage
Managing All Services
Use the manage-services.sh script to control all service groups at once:
# Start all services
./manage-services.sh start
# Stop all services
./manage-services.sh stop
# Restart all services
./manage-services.sh restart
# Check status of all services
./manage-services.sh status
# Pull latest images for all services
./manage-services.sh pull
# Initialize bind mount directories for all services
./manage-services.sh init
The script will:
- Iterate through all subdirectories
- Execute the specified action on each service group
- Display progress and a summary with success/failure counts
- Exit with error if any service group fails
Managing Individual Service Groups
You can also use the script to manage specific services:
# Start only DNS services
./manage-services.sh start dns
# Restart watchtower
./manage-services.sh restart watchtower
# Check status of VPN service
./manage-services.sh status vpn
# Initialize bind mounts for glances
./manage-services.sh init glances
Or manage services manually:
# Start DNS services
cd dns
docker compose up -d
# Stop watchtower
cd watchtower
docker compose down
# View logs for VPN service
cd vpn
docker compose logs -f
# Restart speedtest
cd speedtest
docker compose restart
Network Scripts
Enable-host-to-container-networking.sh
Configures macvlan bridge for host-to-container communication on the Raspberry Pi 3:
- Interface:
eth1 - Bridge Name:
iotrouteif - IP Address:
192.168.14.54/32 - IP Range:
192.168.14.48/29
This script should be run at boot to enable proper networking. It can be installed as a systemd service or init.d script.
macvlan_bridge.sh
Alternative macvlan bridge configuration script (from Nuc-stack):
- Interface:
enp1s0 - Bridge Name:
dockerrouteif - IP Address:
192.168.10.54/32 - IP Range:
192.168.10.48/29
Adapt the network settings in this script if using different network interfaces or IP ranges.
Data Directories
All persistent data is stored in ../data/ directory relative to the compose files. Required data directories:
DNS
../data/unbound/unbound.conf../data/pihole/../data/dnsmasq.d/../data/pihole.env
Monitoring
../data/watchtower.env../data/glances.env../data/glances/../data/checkmate-capture.env
VPN
../data/wg/config/
Devices
../data/ser2net/ser2net.yaml../data/emulated_roku.env../../Sispmctl_webui/(build context)../../emulated_roku/(build context)
You can use ./manage-services.sh init to automatically create all required bind mount directories.
Service Dependencies
DNS Stack
- Pi-hole depends on Unbound for upstream DNS resolution
- Both services are in the same compose file and should be started together
All Other Services
- Each service runs independently in its own docker-compose.yml
- No explicit dependencies between services in separate directories
- Hardware device services (sispmctl, ser2net, emulated-roku) require specific hardware access
Port Mappings
DNS Services
53:53/tcp, 53:53/udp- Pi-hole DNS80:80/tcp- Pi-hole web interface5253:5335/tcp, 5253:5335/udp- Unbound DNS
Monitoring Services
8082:8080- Watchtower web interface2375:2375- Docker socket proxy61208:61208, 61209:61209- Glances web interface59232:59232- Checkmate Capture3000:3000, 3001:3001- OpenSpeedTest
VPN Services
51828:51828/udp- WireGuard
Device Services
2638:2638- Sispmctl WebUI
Backup
The original monolithic docker-compose.yml has been saved as docker-compose.yml.backup.
Requirements
- Docker Engine
- Docker Compose v2
- Raspberry Pi 3 (or compatible ARM device)
- Required hardware devices for device services
Notes
- Some services use
network_mode: hostfor hardware device access - Watchtower is configured to check for updates daily at 3:45 AM
- Services using
build:directives require local build contexts - Container updates are managed by Watchtower (except those marked with
com.centurylinklabs.watchtower.enable=false)