commit 9f4b3dc4b718ea4b02fae75d8dbd154af46049d9 Author: surtur Date: Wed Aug 4 01:50:16 2021 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2eedbd --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ + +# Created by https://www.toptal.com/developers/gitignore/api/vim +# Edit at https://www.toptal.com/developers/gitignore?templates=vim + +### Vim ### +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +# End of https://www.toptal.com/developers/gitignore/api/vim + diff --git a/README.md b/README.md new file mode 100644 index 0000000..55d0bf0 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# dnscrypt-server + +this repo holds configuration files for dotya.ml's DNSCrypt installation. diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bcb15f9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +version: "3" + +services: + dnscrypt: + image: zquestz/dnscrypt-server:latest + container_name: dnscrypt + restart: always + command: "start -N dnscrypt.dotya.ml -E '144.91.70.62:5443,[2a02:c207:2030:396::1]:5443' -M 0.0.0.0:9101" + ports: + - '5443:5443/udp' + - '5443:5443/tcp' + - '9101:9101/tcp' + volumes: + - ./keys:/opt/encrypted-dns/etc/keys + environment: + - TZ='UTC' + +volumes: + keys: diff --git a/systemd/dnscrypt-server.service b/systemd/dnscrypt-server.service new file mode 100644 index 0000000..402a385 --- /dev/null +++ b/systemd/dnscrypt-server.service @@ -0,0 +1,14 @@ +# dnscrypt-server service file +[Unit] +Description=A Docker image for a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS resolver + +[Service] +Restart=always +ExecStart=/usr/bin/docker-compose -p dnscrypt-server -f /etc/dnscrypt/docker-compose.yml up --remove-orphans +ExecStop=/usr/bin/docker-compose -p dnscrypt-server -f /etc/dnscrypt/docker-compose.yml stop +StartLimitBurst=5 +StartLimitInterval=60s +Slice=dnscrypt-server.slice + +[Install] +WantedBy=multi-user.target diff --git a/systemd/dnscrypt-server.slice b/systemd/dnscrypt-server.slice new file mode 100644 index 0000000..843aa8e --- /dev/null +++ b/systemd/dnscrypt-server.slice @@ -0,0 +1,11 @@ +# dnscrypt-server.slice +[Unit] +Description=Slice that limits the resources available to dnscrypt-server + +[Slice] +CPUAccounting=true +# 100% is an equivalent of full utilization on a single core +CPUQuota=60% +MemoryAccounting=true +MemoryHigh=900M +MemoryMax=1.5G