first commit
This commit is contained in:
root
commit
d53ac21adb
|
|
@ -0,0 +1,19 @@
|
||||||
|
# woodpecker.yml
|
||||||
|
labels:
|
||||||
|
hostname: "macmini7"
|
||||||
|
clone:
|
||||||
|
git:
|
||||||
|
image: woodpeckerci/plugin-git
|
||||||
|
settings:
|
||||||
|
partial: false
|
||||||
|
depth: 1
|
||||||
|
steps:
|
||||||
|
deploy:
|
||||||
|
name: deploy
|
||||||
|
image: docker:latest
|
||||||
|
secrets: [REGISTRY_USER, REGISTRY_PASSWORD]
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
commands:
|
||||||
|
- docker login -u $${REGISTRY_USER} -p $${REGISTRY_PASSWORD} git.nixc.us
|
||||||
|
- docker stack deploy --with-registry-auth -c ./technitium.yml technitium
|
||||||
|
|
@ -0,0 +1,96 @@
|
||||||
|
version: "3.9"
|
||||||
|
services:
|
||||||
|
#############
|
||||||
|
#############
|
||||||
|
#############
|
||||||
|
technitium:
|
||||||
|
# container_name: dns-server
|
||||||
|
# hostname: dns-server
|
||||||
|
image: technitium/dns-server:latest
|
||||||
|
# Use "host" network mode for DHCP deployments
|
||||||
|
# network_mode: "host"
|
||||||
|
# ports:
|
||||||
|
# - target: "53"
|
||||||
|
# published: "53"
|
||||||
|
# protocol: "udp"
|
||||||
|
# mode: "host"
|
||||||
|
ports:
|
||||||
|
- published: 53
|
||||||
|
target: 53
|
||||||
|
protocol: both
|
||||||
|
mode: host
|
||||||
|
# - published: 853
|
||||||
|
# target: 853
|
||||||
|
# protocol: both
|
||||||
|
# mode: host
|
||||||
|
# - "5380:5380/tcp" #DNS web console
|
||||||
|
# Re-enable port 53 when theres an obvious place to put this service.
|
||||||
|
# - "53:53/udp" #DNS service
|
||||||
|
# - "53:53/tcp" #DNS service
|
||||||
|
# - "67:67/udp" #DHCP service
|
||||||
|
# - "853:853/tcp" #DNS-over-TLS service
|
||||||
|
# - "443:443/tcp" #DNS-over-HTTPS service
|
||||||
|
# - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
|
||||||
|
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
|
||||||
|
environment:
|
||||||
|
- DNS_SERVER_DOMAIN=technitium.nixc.us #The primary domain name used by this DNS Server to identify itself.
|
||||||
|
# - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
|
||||||
|
# - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
|
||||||
|
# - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
|
||||||
|
- DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
|
||||||
|
- DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
|
||||||
|
# - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
|
||||||
|
- DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24, 100.64.0.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
|
||||||
|
# - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
|
||||||
|
# - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
|
||||||
|
- DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
|
||||||
|
# - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson
|
||||||
|
# - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
|
||||||
|
volumes:
|
||||||
|
- /mnt/tank/persist/nixc.us/ns1/production/config:/etc/dns
|
||||||
|
# restart: unless-stopped
|
||||||
|
# volumes:
|
||||||
|
# config:
|
||||||
|
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
# - node.labels.role == db
|
||||||
|
- node.hostname == ingress.nixc.us
|
||||||
|
# - node.labels.dns == true
|
||||||
|
labels:
|
||||||
|
# - "us.nixc.autodeploy=true"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.nameserver1.tls=true"
|
||||||
|
- "traefik.http.services.nameserver1.loadbalancer.server.port=5380"
|
||||||
|
- "traefik.http.routers.nameserver1.rule=Host(`technitium.nixc.us`)"
|
||||||
|
- "traefik.http.routers.nameserver1.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.nameserver1.tls.certresolver=letsencryptresolver"
|
||||||
|
- "traefik.http.routers.nameserver1.service=nameserver1"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
# - 'traefik.http.routers.nameserver1.middlewares=authelia@docker'
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
dns:
|
||||||
|
- 1.1.1.1
|
||||||
|
- 9.9.9.9
|
||||||
|
update_config:
|
||||||
|
order: stop-first
|
||||||
|
failure_action: rollback
|
||||||
|
delay: 5s
|
||||||
|
delay: 10s
|
||||||
|
parallelism: 1
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "technitium_technitium"
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
|
# default:
|
||||||
|
# external: false
|
||||||
Loading…
Reference in New Issue