diff --git a/certbot/certbot.service b/certbot/certbot.service
index 87a5d54..6b7ddec 100644
--- a/certbot/certbot.service
+++ b/certbot/certbot.service
@@ -3,4 +3,4 @@ Description=Let's Encrypt renewal
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload"
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-0001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-0001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload"
diff --git a/docker-compose.yml b/docker-compose.yml
index 2419029..857766b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -129,6 +129,23 @@ services:
     depends_on:
       - db
 
+  pihole:
+    <<: *logging
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    environment:
+      TZ: "Europe/London"
+      WEBPASSWORD: ${PIHOLE_PASSWORD}
+      VIRTUAL_HOST: net.${DOMAIN}
+    volumes:
+      - "/docker/pihole/etc-pihole:/etc/pihole"
+      - "/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
+    restart: unless-stopped
+    networks:
+      - nginx
+
   jitsi:
     <<: *logging
     image: jitsi/web:stable
@@ -510,6 +527,8 @@ services:
       - nextcloud
       - gitea
       - collabora
+      - pihole
+      - foundry
     ports:
       - 443:443
     networks:
diff --git a/exports b/exports
index d8315e3..382b245 100644
--- a/exports
+++ b/exports
@@ -4,6 +4,7 @@
 #  /srv/home        hostname1(rw,sync) hostname2(ro,sync)
 # Example for NFSv4:
 /mnt/tower/stardust/chris/files 192.168.2.0/24(rw,sync,no_subtree_check)
+/mnt/tower/foundry/Data 192.168.2.0/24(rw,sync,no_subtree_check)
 #/mnt/tower/stardust/chris/files 192.168.1.0/24(rw,sync)
 #  /srv/nfs4	    hostname1(rw,sync,fsid=0)
 #  /srv/nfs4/home   hostname1(rw,sync,nohide)
diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template
index 5ebbb52..7e1fb84 100644
--- a/nginx/nginx.conf.template
+++ b/nginx/nginx.conf.template
@@ -311,6 +311,35 @@ http {
         }
     }
 
+    upstream pihole-handler {
+        server pihole;
+    }
+
+    server {
+        listen 443 ssl http2;
+
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
+
+        server_name net.${DOMAIN};
+
+        client_max_body_size 300M;
+
+        location / {
+          
+            # Set proxy headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # These are important to support WebSockets;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+          
+            proxy_pass http://pihole-handler;
+        }
+    }
+
     upstream jitsi-handler {
         server jitsi:80;
     }