initial commit

.gitignore

@@ -0,0 +1,27 @@
+
+# Created by https://www.toptal.com/developers/gitignore/api/vim
+# Edit at https://www.toptal.com/developers/gitignore?templates=vim
+
+### Vim ###
+# Swap
+[._]*.s[a-v][a-z]
+!*.svg  # comment out if you don't need vector files
+[._]*.sw[a-p]
+[._]s[a-rt-v][a-z]
+[._]ss[a-gi-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+Sessionx.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
+# Persistent undo
+[._]*.un~
+
+# End of https://www.toptal.com/developers/gitignore/api/vim
+

README.md

@@ -0,0 +1,3 @@
+# dnscrypt-server
+
+this repo holds configuration files for dotya.ml's DNSCrypt installation.

docker-compose.yml

@@ -0,0 +1,19 @@
+version: "3"
+
+services:
+  dnscrypt:
+    image: zquestz/dnscrypt-server:latest
+    container_name: dnscrypt
+    restart: always
+    command: "start -N dnscrypt.dotya.ml -E '144.91.70.62:5443,[2a02:c207:2030:396::1]:5443' -M 0.0.0.0:9101"
+    ports:
+      - '5443:5443/udp'
+      - '5443:5443/tcp'
+      - '9101:9101/tcp'
+    volumes:
+      - ./keys:/opt/encrypted-dns/etc/keys
+    environment:
+      - TZ='UTC'
+
+volumes:
+  keys:

systemd/dnscrypt-server.service

@@ -0,0 +1,14 @@
+# dnscrypt-server service file
+[Unit]
+Description=A Docker image for a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/docker-compose -p dnscrypt-server -f /etc/dnscrypt/docker-compose.yml up --remove-orphans
+ExecStop=/usr/bin/docker-compose -p dnscrypt-server -f /etc/dnscrypt/docker-compose.yml stop
+StartLimitBurst=5
+StartLimitInterval=60s
+Slice=dnscrypt-server.slice
+
+[Install]
+WantedBy=multi-user.target

systemd/dnscrypt-server.slice

@@ -0,0 +1,11 @@
+# dnscrypt-server.slice
+[Unit]
+Description=Slice that limits the resources available to dnscrypt-server
+
+[Slice]
+CPUAccounting=true
+# 100% is an equivalent of full utilization on a single core
+CPUQuota=60%
+MemoryAccounting=true
+MemoryHigh=900M
+MemoryMax=1.5G