Host pihole locally, but also make it accessible on remote server?

I want to setup pihole (in docker) on my pi, and connect it with wireguard to my VPS, so when I'm connected to the VPN of my VPS, I also have pihole working.

I'm using this to connect to wireguard, which works correctly: https://unix.stackexchange.com/questions/527705/route-an-specific-docker-network-via-systemd-wireguard-interface

my docker-compose file is:

version: "3"

services:
  pihole-unbound:
    container_name: pihole-unbound
    image: klutchell/unbound
    restart: always
    hostname: "unbound"
    volumes:
      - "unbound:/opt/unbound/etc/unbound/"
    ports:
      - "0.0.0.0:9953:53/tcp"
    networks:
      wireguard:
        ipv4_address: 10.222.111.100

  pihole:
    container_name: pihole
    image: pihole/pihole
    restart: always
    hostname: pihole
    dns:
      - 127.0.0.1
      - 1.1.1.1
#      - 10.222.111.100
    environment:
      TZ: "Europe/London"
      ServerIP: 10.1.0.200
      DNS1: 1.1.1.1
      DNS2: 1.1.1.1
#      DNS1: 10.222.111.100
#      DNS2: 10.222.111.100
    volumes:
      - "pihole:/etc/pihole/"
      - "dnsmasq:/etc/dnsmasq.d/"
    ports:
      - "0.0.0.0:53:53/tcp"
      - "0.0.0.0:53:53/udp"
      - "0.0.0.0:67:67/udp"
      - "0.0.0.0:80:80/tcp"
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    networks:
      wireguard:
        ipv4_address: 10.222.111.200

volumes: 
  unbound:
  pihole:
  dnsmasq:

networks:
  wireguard:
    external: true

Cloudflare DNS works fine (on both my LAN, and VPN), but when I try updating the adlist it hangs forever. And when I add a local DNS entry it doesn't work.

Unbound DNS doesn't work at all (It says OK, sent to pihole-unbound.wireguard#53, reply N/A in query log, and using #9953 doesn't work either).

Did you read this? https://docs.pi-hole.net/guides/vpn/wireguard/server/ It may help you, because it's official doc. :slight_smile:

I don't have wireguard available on my whole system, but rather only for one docker network. And the unbound doesn't work, which is not documented on that?

And pihole is running on the peer which is connected to the server, not the wireguard server itself.