v0.3 gitlab actions (#3)

markushuber · web-flow · commit 25a1c9837674 · 2020-12-23T20:16:21.000+01:00
* Allow global dns queries via dnsdist ACL
* Github actions to build updns images
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,59 @@
+name: updns
+
+on:
+  pull_request:
+    branches:
+      - main
+
+#on: [push]
+
+jobs:
+  build-updns-images:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: usableprivacy
+          password: ${{ secrets.REGISTRY_ACCESS_TOKEN }}
+      -
+        name: Build cryptodns
+        uses: docker/build-push-action@v2
+        with:
+          context: ./cryptodns
+          file: ./cryptodns/Dockerfile
+          platforms: linux/amd64, linux/arm
+          push: true
+          tags: |
+            ghcr.io/usableprivacy/cryptodns:latest
+      -
+        name: Build letsencrypt
+        uses: docker/build-push-action@v2
+        with:
+          context: ./letsencrypt
+          file: ./letsencrypt/Dockerfile
+          platforms: linux/amd64, linux/arm
+          push: true
+          tags: |
+            ghcr.io/usableprivacy/letsencrypt:latest
+      -
+        name: Build nameserver
+        uses: docker/build-push-action@v2
+        with:
+          context: ./nameserver
+          file: ./nameserver/Dockerfile
+          platforms: linux/amd64, linux/arm
+          push: true
+          tags: |
+            ghcr.io/usableprivacy/nameserver:latest
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Basic requirements:
     * `LETSENCRYPT_*` environment variables for certbot
     * `FQDN` domain to use for your DoH / DoT server
 3) Create a `.ini` file with our DNS API credentials for `certbot`
-4) Run **updns**
+4) Deploy **updns** services
    ```
    docker-compose up
    ```
diff --git a/cryptodns/conf/dnsdist.conf b/cryptodns/conf/dnsdist.conf
@@ -7,4 +7,7 @@ addDOHLocal('0.0.0.0:4453', '/certs/live/updns/fullchain.pem', '/certs/live/updn
 -- DoH Resolver behind HTTPS reverse-proxy with x-forwarded-for header
 addDOHLocal('0.0.0.0:8053', nil, nil, {'/', '/query', '/dns-query'}, {trustForwardedForHeader=true})
 -- Limit requests to 255 per class-c IPv4 network
-addAction(MaxQPSIPRule(255, 24, 48), DropAction())
+addAction(MaxQPSIPRule(255, 24, 48), DropAction())
+-- Allow global DNS queries
+addACL('0.0.0.0/0')
+addACL('::/0')
