From 8a1821c4164343e043832fcc1504b08c6513b2ff Mon Sep 17 00:00:00 2001 From: wanderer Date: Sun, 8 Aug 2021 00:36:37 +0200 Subject: [PATCH] Add info about DNSCrypt resolver (#29) update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make sure the linter is up to date and all errors are resolved, resulting ina passing build. the ignore is added as the issue is not too big of a deal (at least not ATM). * 55d9852 - fix: make hadolint pass * 8f2e192 - about, posts: add dnscrypt Co-authored-by: surtur Reviewed-on: https://git.dotya.ml/dotya.ml/homepage/pulls/29 Co-authored-by: wanderer Co-committed-by: wanderer --- .drone.yml | 2 +- Dockerfile | 3 +++ config.toml | 17 ++++++++------- content/about.md | 9 +++++++- content/posts/dnscrypt.md | 46 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 67 insertions(+), 10 deletions(-) create mode 100644 content/posts/dnscrypt.md diff --git a/.drone.yml b/.drone.yml index de007e9..d9cdec4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -75,7 +75,7 @@ depends_on: steps: - name: hadolint - image: hadolint/hadolint:latest + image: hadolint/hadolint:v2.6.0-alpine commands: - hadolint --version - hadolint Dockerfile diff --git a/Dockerfile b/Dockerfile index 4dc60c0..85e53b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,9 @@ WORKDIR /homepage RUN git submodule init \ && git submodule update --recursive \ && hugo version +# "DL3059 info: Multiple consecutive `RUN` instructions. +# Consider consolidation." +# hadolint ignore=DL3059 RUN hugo --minify --gc=true WORKDIR / diff --git a/config.toml b/config.toml index a439c02..6e29391 100644 --- a/config.toml +++ b/config.toml @@ -15,14 +15,15 @@ enableEmoji = true dateform = "Jan 2, 2006" dateformShort = "Jan 2" dateformNum = "2006-02-01" - dateformNumTime = "2006-02-01 15:04 +0000" + dateformNumTime = "2006-02-01T15:04+00:00" # Metadata mostly used in document's head description = "dotya.ml homepage" keywords = "homepage, development, git, programming" images = [""] themeColor = "#282a2b" justifyContent = false - relatedPosts = false + relatedPosts = true + gitUrl = "https://git.dotya.ml/dotya.ml/homepage" # Directory name of your blog content (default is `content/posts`) contentTypeName = "content/posts" @@ -70,12 +71,12 @@ enableEmoji = true url = "/about/" alt = "dotya.ml status" weight = 1 - # [[languages.en.menu.main]] - # identifier = "posts" - # name = "posts" - # url = "/posts" - # alt = "dotya.ml posts" - # weight = 2 + [[languages.en.menu.main]] + identifier = "posts" + name = "posts" + url = "/posts/" + alt = "dotya.ml posts" + weight = 2 [[languages.en.menu.main]] identifier = "contact" name = "contact" diff --git a/content/about.md b/content/about.md index 40b074f..1da2b95 100644 --- a/content/about.md +++ b/content/about.md @@ -1,6 +1,6 @@ --- title: "about dotya.ml" -date: 2020-03-07T02:12:03+01:00 +date: 2020-08-06T17:15:03+01:00 draft: false --- @@ -8,6 +8,7 @@ Free services provided for fun as a hobby with passion and :white_heart:\ So far we have: * [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml * [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml +* [DNSCrypt](https://dnscrypt.info/) server ### Onion services > Note: This is a work in progress - more services are to come @@ -29,6 +30,12 @@ PR or an email with anything interesting and worthwile. set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion +### DNS(Crypt) +a non-logging name server, securing connections using DNSCrypt for increased +privacy, that is - as long as we trust our own server. + +see [DNSCrypt](/posts/dnscrypt/) for more. + ### Observability long-term monitoring of trends for services we're running * [prometheus](https://prometheus.io) at https://metrics.dotya.ml diff --git a/content/posts/dnscrypt.md b/content/posts/dnscrypt.md new file mode 100644 index 0000000..82534b0 --- /dev/null +++ b/content/posts/dnscrypt.md @@ -0,0 +1,46 @@ +--- +title: "DNSCrypt" +date: 2021-08-06T23:38:45+02:00 +draft: false +toc: true +enableGitInfo: true +tags: [dnscrypt, dns, privacy, security, censorship] +--- + +### why are you doing this? +There are many publicly available [open resolvers using DoT, DoH or +DNSCrypt](https://dnscrypt.info/public-servers) to secure the traffic. However, +we have still felt the need to run our own, especially since it's such a +critical part of the infrastructure. Since now it's a reality, we're offering +it for public use. + +### so what is it? +What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS +resolver using +[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project. +Our resolver is available over both IPv4 and IPv6. + +### can I haz some plz +> Since the name servers are not (yet) a part of any listing of public +> resolvers, entries have to be added manually. + +Paste one or both of the following entries in the `[static]` section of your +`dnscrypt-proxy.toml` configuration file. + +IPv4 (`144.91.70.62`) +```toml +[static. 'dnscrypt.dotya.ml-ipv4'] + stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA' +``` + +IPv6 (`2a02:c207:2030:396::1`) +```toml +[static. 'dnscrypt.dotya.ml-ipv6'] + stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s' +``` + +### Configuration +Files used to set up and run this service can be found here:\ +https://git.dotya.ml/dotya.ml/dnscrypt-server. +It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI +is handled.