diff --git a/stack.staging.yml b/stack.staging.yml new file mode 100644 index 0000000..56de9af --- /dev/null +++ b/stack.staging.yml @@ -0,0 +1,98 @@ +version: "3.9" +services: +############# +############# +############# + technitium: + # container_name: dns-server + # hostname: dns-server + image: technitium/dns-server:latest + # Use "host" network mode for DHCP deployments + # network_mode: "host" +# ports: +# - target: "53" +# published: "53" +# protocol: "udp" +# mode: "host" + ports: + - published: 54 + target: 53 + protocol: udp + mode: host + - published: 53 + target: 54 + protocol: tcp + mode: host +# - published: 853 +# target: 853 +# protocol: both +# mode: host + # - "5380:5380/tcp" #DNS web console + # Re-enable port 53 when theres an obvious place to put this service. + # - "53:53/udp" #DNS service + # - "53:53/tcp" #DNS service + # - "67:67/udp" #DHCP service + # - "853:853/tcp" #DNS-over-TLS service + # - "443:443/tcp" #DNS-over-HTTPS service + # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal + # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy + environment: + - DNS_SERVER_DOMAIN=technitium.nixc.us #The primary domain name used by this DNS Server to identify itself. + # - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password. + # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user. + # - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled. + - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx. + - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks. + # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option. + - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24, 100.64.0.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option. + # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone. + # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests. + - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses. + # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson + # - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging. + volumes: + - /mnt/tank/persist/nixc.us/ns1/production/config:/etc/dns +# restart: unless-stopped +# volumes: +# config: + networks: + - traefik + dns: + - 1.1.1.1 + - 9.9.9.9 + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == ingress.nixc.us + labels: +# - "us.nixc.autodeploy=true" + - "traefik.enable=true" + - "traefik.http.routers.technitium.tls=true" + - "traefik.http.services.technitium.loadbalancer.server.port=5380" + - "traefik.http.routers.technitium.rule=Host(`staging.technitium.nixc.us`)" + - "traefik.http.routers.technitium.entrypoints=websecure" + - "traefik.http.routers.technitium.tls.certresolver=letsencryptresolver" + - "traefik.http.routers.technitium.service=technitium" + - "traefik.docker.network=traefik" + - 'traefik.http.routers.technitium.middlewares=authelia_authelia@docker' + + update_config: + order: stop-first + failure_action: rollback + delay: 5s + delay: 10s + parallelism: 1 + restart_policy: + condition: on-failure + logging: + driver: "gelf" + options: + gelf-address: "udp://log.nixc.us:15124" + tag: "technitium_technitium" +networks: + traefik: + external: true + # default: + # external: false +