Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
e387f2810c | |||
6dd5b5e143 | |||
98ccd864b5 | |||
f56d19f8f1 | |||
db8d422cf9 |
@ -1,4 +1,40 @@
|
|||||||
include:
|
stages:
|
||||||
- project: dockerized/commons
|
- build
|
||||||
ref: master
|
|
||||||
file: gitlab-ci-template.yml
|
variables:
|
||||||
|
IMAGE_NAME: $CI_REGISTRY/$CI_PROJECT_PATH
|
||||||
|
HUB_IMAGE_NAME: $DOCKER_HUB_LOGIN/$CI_PROJECT_NAME
|
||||||
|
|
||||||
|
build:
|
||||||
|
image: registry.hottis.de/dockerized/docker-bash:latest
|
||||||
|
stage: build
|
||||||
|
tags:
|
||||||
|
- hottis
|
||||||
|
- linux
|
||||||
|
- docker
|
||||||
|
only:
|
||||||
|
- publish
|
||||||
|
script:
|
||||||
|
- VERSION=`cat VERSION`
|
||||||
|
- UPSTREAM_RELEASE_TAG=`cat UPSTREAM_RELEASE_TAG`
|
||||||
|
- docker build --tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||||
|
--tag $IMAGE_NAME:latest
|
||||||
|
--tag $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||||
|
--tag $IMAGE_NAME:${VERSION}
|
||||||
|
--build-arg UNBOUND_TAG=${UPSTREAM_RELEASE_TAG}
|
||||||
|
.
|
||||||
|
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||||
|
- docker push $IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||||
|
- docker push $IMAGE_NAME:latest
|
||||||
|
- docker push $IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||||
|
- docker push $IMAGE_NAME:${VERSION}
|
||||||
|
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
|
||||||
|
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||||
|
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:latest
|
||||||
|
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||||
|
- docker tag $IMAGE_NAME:${CI_COMMIT_SHORT_SHA} $HUB_IMAGE_NAME:${VERSION}
|
||||||
|
- docker push $HUB_IMAGE_NAME:${CI_COMMIT_SHORT_SHA}
|
||||||
|
- docker push $HUB_IMAGE_NAME:latest
|
||||||
|
- docker push $HUB_IMAGE_NAME:${VERSION}-${UPSTREAM_RELEASE_TAG}
|
||||||
|
- docker push $HUB_IMAGE_NAME:${VERSION}
|
||||||
|
|
||||||
|
@ -1,5 +1,8 @@
|
|||||||
FROM alpine:3.13 AS builder
|
FROM alpine:3.13 AS builder
|
||||||
|
|
||||||
|
ARG UNBOUND_TAG="this_invalid_tag_certainly_does_not_exist"
|
||||||
|
ARG UNBOUND_CLONE_URL="https://github.com/NLnetLabs/unbound.git"
|
||||||
|
|
||||||
RUN \
|
RUN \
|
||||||
apk update && \
|
apk update && \
|
||||||
apk add alpine-sdk && \
|
apk add alpine-sdk && \
|
||||||
@ -10,7 +13,7 @@ RUN \
|
|||||||
apk add libevent-dev && \
|
apk add libevent-dev && \
|
||||||
mkdir build && \
|
mkdir build && \
|
||||||
cd build && \
|
cd build && \
|
||||||
git clone https://github.com/NLnetLabs/unbound.git && \
|
git clone --branch ${UNBOUND_TAG} ${UNBOUND_CLONE_URL} && \
|
||||||
cd unbound && \
|
cd unbound && \
|
||||||
./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \
|
./configure --with-libnghttp2 --with-libevent --prefix /opt/unbound --sysconfdir /etc && \
|
||||||
make && \
|
make && \
|
||||||
@ -32,6 +35,7 @@ COPY unbound.conf /etc/unbound/unbound.conf
|
|||||||
|
|
||||||
EXPOSE 53/udp
|
EXPOSE 53/udp
|
||||||
EXPOSE 53/tcp
|
EXPOSE 53/tcp
|
||||||
|
EXPOSE 443/tcp
|
||||||
EXPOSE 853/tcp
|
EXPOSE 853/tcp
|
||||||
|
|
||||||
VOLUME /etc/unbound
|
VOLUME /etc/unbound
|
||||||
|
1
UPSTREAM_RELEASE_TAG
Normal file
1
UPSTREAM_RELEASE_TAG
Normal file
@ -0,0 +1 @@
|
|||||||
|
release-1.13.2
|
@ -1,6 +1,6 @@
|
|||||||
This project provides a Docker image containing the unbound nameserver
|
This project provides a Docker image containing the unbound nameserver
|
||||||
in an Alpine Linux base.
|
in an Alpine Linux base.
|
||||||
|
|
||||||
unbound will be build including the DNSSEC and DNS-over-TLS features.
|
unbound will be build including the DNSSEC, DNS-over-HTTPS and DNS-over-TLS features.
|
||||||
|
|
||||||
|
|
||||||
|
22
unbound.conf
22
unbound.conf
@ -13,10 +13,13 @@ server:
|
|||||||
# initially create using unbound-anchor -a /etc/unbound/root.key
|
# initially create using unbound-anchor -a /etc/unbound/root.key
|
||||||
auto-trust-anchor-file: /etc/unbound/root.key
|
auto-trust-anchor-file: /etc/unbound/root.key
|
||||||
|
|
||||||
|
# can be created using letsencrypt means, e.g. by a companion Apache httpd with mod_md
|
||||||
tls-service-key: /etc/unbound/privkey.pem
|
tls-service-key: /etc/unbound/privkey.pem
|
||||||
tls-service-pem: /etc/unbound/pubcert.pem
|
tls-service-pem: /etc/unbound/pubcert.pem
|
||||||
interface: 0.0.0.0@853
|
interface: 0.0.0.0@853
|
||||||
tls-port: 853
|
tls-port: 853
|
||||||
|
interface: 0.0.0.0@443
|
||||||
|
https-port: 443
|
||||||
|
|
||||||
num-threads: 2
|
num-threads: 2
|
||||||
|
|
||||||
@ -35,24 +38,5 @@ server:
|
|||||||
access-control: 10.200.200.0/24 allow
|
access-control: 10.200.200.0/24 allow
|
||||||
access-control: 172.17.0.0/16 allow
|
access-control: 172.17.0.0/16 allow
|
||||||
|
|
||||||
local-zone: "nober.de." transparent
|
|
||||||
local-data: "base.hv.nober.de. IN A 172.16.10.41"
|
|
||||||
local-data: "api.hv.nober.de. IN A 172.16.10.41"
|
|
||||||
|
|
||||||
local-zone: "hottis.de." transparent
|
local-zone: "hottis.de." transparent
|
||||||
local-data: "authservice.hottis.de. IN A 172.16.10.41"
|
|
||||||
local-data: "bitwarden.hottis.de. IN A 172.16.10.41"
|
|
||||||
local-data: "smarthome.hottis.de. IN A 172.16.10.41"
|
|
||||||
local-data: "registry.hottis.de. IN A 172.16.10.41"
|
|
||||||
local-data: "home.hottis.de. IN A 172.16.10.41"
|
local-data: "home.hottis.de. IN A 172.16.10.41"
|
||||||
local-data: "sink.hottis.de. IN A 172.16.10.42"
|
|
||||||
local-data: "brkrint.hottis.de. IN A 172.16.2.16"
|
|
||||||
local-data: "vpnhead.hottis.de. IN A 172.16.12.10"
|
|
||||||
local-data: "syslog.hottis.de. IN A 172.16.11.15"
|
|
||||||
|
|
||||||
local-zone: "mainscnt.eu." transparent
|
|
||||||
local-data: "grafana.mainscnt.eu. IN A 172.16.10.41"
|
|
||||||
local-data: "wiki.mainscnt.eu. IN A 172.16.10.41"
|
|
||||||
local-data: "broker.mainscnt.eu. IN A 172.16.10.40"
|
|
||||||
local-data: "db.mainscnt.eu. IN A 172.16.10.27"
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user