pi-hole and cloudflared(dns over https) with ipv6

docker-compose.yml

# Requirements
#1. Enable IPv6 for the docker daemon:
#$ cat /etc/docker/daemon.json
#{
#  "ipv6": true,
#  "fixed-cidr-v6": "2001:db8:1::/64"
#}
#2. reload docker :
#$ sudo systemctl reload docker
#3. start:
#$ docker-compose -f docker-compose.yml up -d

version: "2.1"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  cloudflared:
    container_name: cloudflared
    image: visibilityspots/cloudflared:arm
    restart: unless-stopped
    networks:
        pihole_net:
          ipv4_address: 10.0.0.2
          ipv6_address: 2001:3200:3200::20
    sysctls:
        - net.ipv6.conf.all.disable_ipv6=0  

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "81:80/tcp"
      - "443:443/tcp"
    environment:
      - TZ=Europe/Berlin
      - WEBPASSWORD=YOURPW
      - IPv6=true
      - ServerIP=192.168.178.22 #IPv4 address of docker host
      - ServerIPv6=2a02:908:3710:7ce0:5c5e:cdf1:d051:4026 #IPv6 address of docker host
      - DNS1='10.0.0.2#5054'
      - DNS2='2001:3200:3200::20#5054'
      - DNSMASQ_LISTENING=all
    networks:
        pihole_net:
          ipv4_address: 10.0.0.3
          ipv6_address: 2001:3200:3200::30
    # Volumes store your data between container upgrades
    volumes:
       - './etc-pihole/:/etc/pihole/'
       - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 8.8.8.8
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0  
    restart: unless-stopped

networks:
  pihole_net:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: 10.0.0.0/29
        - subnet: 2001:3200:3200::/64

Thanks again for this additional info. :)

Question: what's the best way to reset things if I need to further modify the docker-compose.yml file? Should I docker-compose down the container and completely start over, or is there a way to load in the new changes without destroying the container?

At this point I've done literally nothing except log into the admin console and stare at it a bit, so deleting the image is no big deal...

Where are you getting your value for "ServerIPv6"? I'm not certain I'm getting a static IP to my host from my router.

My router is configured to give my raspberry pi a static ipv6 address. If you can not configure your router to give your device a static ip you could set the dhcp settings of your device to a static ip address. Here is a link for the raspberry pi: https://www.raspberrypi.org/forums/viewtopic.php?t=268617
Hope this helps.

Awesome!

I will check this out. I'm glad this sounds like an easily solvable problem.
EDIT: The IPv6 address is definitely changing. It has changed since I checked it last night, without any reboot.

Is there a way I can test if the IPv6 routing is working aside from pointing my router's DNS at the pi-hole?

You run the following command and check if you get an IPv6 Address for google.com:
nslookup google.com 2a02:908:3710:7ce0:5c5e:cdf1:d051:4026 (change the ip to your pi.hole´s host ip)

I will try this and see what I get back. My computer has suddenly decided to melt, so I think a restart is in order...

The 10.0.0.1 entry includes an IPv6 address it lists as unable to connect to. None of these addresses are the ones I set in the docker-compose file. Maybe this has something to do with pi-hole only working on localhost?

My entry lists as green:

The rest of the entries are nearly all IPv4. I can´t tell if these should have also an ipv6 address. :/

Mine is ... definitely not. I'll make sure the IPv6 host address is right and try again.