Just wondering how I should set up to get Adguard and Unbound to work together.

• The docker/Readme.md has a section where it says "See here for tips" but doesn't link anywhere and was never linked in past commits.

• When setting up AdguardHome, what should the WebAdmin listen port and DNS server listen port be?

• Unbound container has always been unhealthy for me with the log only showing in the logs:

OCI runtime exec failed: exec failed: unable to start container process: exec: "dig -p 5335 sigok.verteiltesysteme.net @127.0.0.1": executable file not found in $PATH: unknown

Perhaps removing the volume from this issue could be causing problems.

Even if that is the case, I'm having trouble conceptualizing how Unbound and AdguardHome should be working together, as the current config has Unbound on it's own network and AdguardHome is on the host's network. Could you help this noobie out?

Have you read this?
https://github.com/zilexa/Homeserver/blob/master/Applications-Overview.md#safe-browsing-ad--and-malware-free-via-adguardhome---documentation

All basic info to get started + link to adguard documentation is there.

The "unhealthy" status of Unbound is explained here: klutchell/unbound-docker#77

Unbound works flawlessly, just the container health check is incorrect. I'll remove it from the compose, since the maintainer also removed it from his documentation.
You don't need it, I never had it.

Regarding how Unbound and adguard work together: Adguard needs to be on Host network, to be reachable for other devices.
Unbound only needs to be reachable by AdGuard, which is easy, since in Compose you map it's port (53) to host network port 5335:

It IS possible to run Adguard in an isolated docker network, but this adds huge complexity, you would need to configure 2 MACVLANs, one in docker through compose (which is slightly complex but doable) and one from your host machine to docker (which is more complex and needs extra attention to reconfigure automatically after reboot).
Then for VPN you might need additional configuration/MACVLAN.

That's why AdGuard runs on host network. It saves you a couple of headaches.

I prefer privacy and security with adequate practicality and performance. Macvlans is really where I hit a wall at some point. I'm sure it can be done, but don't see added benefit.

Have you read this?
https://github.com/zilexa/Homeserver/blob/master/Applications-Overview.md#safe-browsing-ad--and-malware-free-via-adguardhome---documentation

Yes I have. It would make sense that is what you were wanting to link together. It does mention to go through the setup wizard on port 3000 but doesn't go into detail like which the listen ports for WebAdmin and DNS should be during setup, which is what I was asking as a noob.

My assumption is my gateway not allowing any modification to the DHCP/DNS addresses is what's tripping me up and why I'm not able to get the results I'm expecting.

The "unhealthy" status of Unbound is explained here: klutchell/unbound-docker#77

That would explain it, thank you.

Overall, amazing guide. As a noobie, all this information you've put together has been THE best resource I have come across and I really appreciate the depths and breadth of this guide. I must have gone over it multiple times and gleaned a lot of useful information every time.

Well, you already access webadmin on port 3000, so no need to ask which port you need to configure ;)
Also, changing the port in the webadmin = changing the port within the container. Not the host port, which you configured in the "ports" section in Compose.
There isn't a single usecase where you would need to change the container port, because you use AGH in docker.
So, hopefully you understand to never change the port in the webadmin.. it wouldn't make sense.
Please look at your ports section in your Compose and please find the docker and docker compose documentation, understand what that ports section does, before you do anything else.

If you need port 3000 (outside of the container) for something else, because you use port 3000 for some other container already, all you have to do is change the first number in that "ports" section.

The next issue you have is a familiar one: if you want to use unbound, you have to follow your compose: it runs on your host so IP is 127.0.0.1 (this is always localhost IP on every operating system). The port is the one in your compose so for DNS you fill in 127.0.0.1:5335

Your third issue:
Some ISP modem-routers are a bit weird and don't have the option to set an IP address for your LAN. In that case you can simply configure it by disabling DHCP, set your server IP as DHCP server and using AdGuard Home as your DHCP server. This is very popular but really out of scope for this guide as its simply part of your personalisation. --> for this stuff, you should really use AdGuard documentation, forum, Reddit whatever. Your usecase is far from unique so plenty info, especially since many noobs have had the same issue.