From d53ac21adbeeae87f1066131f3967b9626547565 Mon Sep 17 00:00:00 2001
From: root <root@ertest.nixc.us>
Date: Sun, 29 Oct 2023 00:26:22 +0000
Subject: [PATCH] first commit

---
 .woodpecker.yml | 19 ++++++++++
 README.md       |  0
 technitium.yml  | 96 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 115 insertions(+)
 create mode 100644 .woodpecker.yml
 create mode 100644 README.md
 create mode 100644 technitium.yml

diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..39db754
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,19 @@
+# woodpecker.yml
+labels:
+  hostname: "macmini7"
+clone:
+  git:
+    image: woodpeckerci/plugin-git
+    settings:
+      partial: false
+      depth: 1
+steps:
+  deploy:
+    name: deploy
+    image: docker:latest
+    secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
+      - docker stack deploy --with-registry-auth -c ./technitium.yml technitium
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/technitium.yml b/technitium.yml
new file mode 100644
index 0000000..d8f82b5
--- /dev/null
+++ b/technitium.yml
@@ -0,0 +1,96 @@
+version: "3.9"
+services:
+#############
+#############
+#############
+  technitium:
+    # container_name: dns-server
+    # hostname: dns-server
+    image: technitium/dns-server:latest
+    # Use "host" network mode for DHCP deployments
+    # network_mode: "host"
+#    ports:
+#      - target: "53"
+#        published: "53"
+#        protocol: "udp"
+#        mode: "host"
+    ports:
+      - published: 53
+        target: 53
+        protocol: both
+        mode: host
+#      - published: 853
+#        target: 853
+#        protocol: both
+#        mode: host
+      # - "5380:5380/tcp" #DNS web console
+      # Re-enable port 53 when theres an obvious place to put this service.
+      # - "53:53/udp" #DNS service
+      # - "53:53/tcp" #DNS service
+      # - "67:67/udp" #DHCP service
+      # - "853:853/tcp" #DNS-over-TLS service
+      # - "443:443/tcp" #DNS-over-HTTPS service
+      # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
+      # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
+    environment:
+      - DNS_SERVER_DOMAIN=technitium.nixc.us #The primary domain name used by this DNS Server to identify itself.
+      # - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
+      # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
+      # - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
+      - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
+      - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
+      # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
+      - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24, 100.64.0.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
+      # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
+      # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
+      - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
+      # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson
+      # - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
+    volumes:
+      - /mnt/tank/persist/nixc.us/ns1/production/config:/etc/dns
+#    restart: unless-stopped
+# volumes:
+#     config:
+
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+#          - node.labels.role == db
+          - node.hostname == ingress.nixc.us
+#          - node.labels.dns == true
+      labels:
+#        - "us.nixc.autodeploy=true"
+        - "traefik.enable=true"
+        - "traefik.http.routers.nameserver1.tls=true"
+        - "traefik.http.services.nameserver1.loadbalancer.server.port=5380"
+        - "traefik.http.routers.nameserver1.rule=Host(`technitium.nixc.us`)"
+        - "traefik.http.routers.nameserver1.entrypoints=websecure"
+        - "traefik.http.routers.nameserver1.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.nameserver1.service=nameserver1"
+        - "traefik.docker.network=traefik"
+#        - 'traefik.http.routers.nameserver1.middlewares=authelia@docker'
+    networks:
+      - default
+      - traefik
+    dns:
+      - 1.1.1.1
+      - 9.9.9.9
+      update_config:
+        order: stop-first
+        failure_action: rollback
+        delay: 5s
+        delay: 10s
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://log.nixc.us:15124"
+        tag: "technitium_technitium"
+networks:
+  traefik:
+    external: true
+  # default:
+  #   external: false