Add info about DNSCrypt resolver (#29)

update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make
sure the linter is up to date and all errors are resolved, resulting ina passing build.
the ignore is added as the issue is not too big of a deal (at least not
ATM).

* 55d9852 - fix: make hadolint pass <surtur>
* 8f2e192 - about, posts: add dnscrypt <surtur>

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #29
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>

.drone.yml

@@ -75,7 +75,7 @@ depends_on:
 
 steps:
 - name: hadolint
-  image: hadolint/hadolint:latest
+  image: hadolint/hadolint:v2.6.0-alpine
   commands:
   - hadolint --version
   - hadolint Dockerfile

Dockerfile

@@ -7,6 +7,9 @@ WORKDIR /homepage
 RUN git submodule init \
 && git submodule update --recursive \
 && hugo version
+# "DL3059 info: Multiple consecutive `RUN` instructions.
+# Consider consolidation."
+# hadolint ignore=DL3059
 RUN hugo --minify --gc=true
 
 WORKDIR /

config.toml

@@ -15,14 +15,15 @@ enableEmoji = true
   dateform        = "Jan 2, 2006"
   dateformShort   = "Jan 2"
   dateformNum     = "2006-02-01"
-  dateformNumTime = "2006-02-01 15:04 +0000"
+  dateformNumTime = "2006-02-01T15:04+00:00"
   # Metadata mostly used in document's head
   description = "dotya.ml homepage"
   keywords = "homepage, development, git, programming"
   images = [""]
   themeColor = "#282a2b"
   justifyContent = false
-  relatedPosts = false
+  relatedPosts = true
+  gitUrl = "https://git.dotya.ml/dotya.ml/homepage"
 
   # Directory name of your blog content (default is `content/posts`)
   contentTypeName = "content/posts"
@@ -70,12 +71,12 @@ enableEmoji = true
         url = "/about/"
         alt = "dotya.ml status"
         weight = 1
-      # [[languages.en.menu.main]]
+      [[languages.en.menu.main]]
-        # identifier = "posts"
+        identifier = "posts"
-        # name = "posts"
+        name = "posts"
-        # url = "/posts"
+        url = "/posts/"
-        # alt = "dotya.ml posts"
+        alt = "dotya.ml posts"
-        # weight = 2
+        weight = 2
       [[languages.en.menu.main]]
         identifier = "contact"
         name = "contact"

content/about.md

@@ -1,6 +1,6 @@
 ---
 title: "about dotya.ml"
-date: 2020-03-07T02:12:03+01:00
+date: 2020-08-06T17:15:03+01:00
 draft: false
 ---
 
@@ -8,6 +8,7 @@ Free services provided for fun as a hobby with passion and :white_heart:\
 So far we have:
 * [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml
 * [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml
+* [DNSCrypt](https://dnscrypt.info/) server
 
 ### Onion services
 > Note: This is a work in progress - more services are to come
@@ -29,6 +30,12 @@ PR or an email with anything interesting and worthwile.
 
 set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion
 
+### DNS(Crypt)
+a non-logging name server, securing connections using DNSCrypt for increased
+privacy, that is - as long as we trust our own server.
+
+see [DNSCrypt](/posts/dnscrypt/) for more.
+
 ### Observability
 long-term monitoring of trends for services we're running
 * [prometheus](https://prometheus.io) at https://metrics.dotya.ml

content/posts/dnscrypt.md

@@ -0,0 +1,46 @@
+---
+title: "DNSCrypt"
+date: 2021-08-06T23:38:45+02:00
+draft: false
+toc: true
+enableGitInfo: true
+tags: [dnscrypt, dns, privacy, security, censorship]
+---
+
+### why are you doing this?
+There are many publicly available [open resolvers using DoT, DoH or
+DNSCrypt](https://dnscrypt.info/public-servers) to secure the traffic. However,
+we have still felt the need to run our own, especially since it's such a
+critical part of the infrastructure.  Since now it's a reality, we're offering
+it for public use.
+
+### so what is it?
+What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
+resolver using
+[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
+Our resolver is available over both IPv4 and IPv6.
+
+### can I haz some plz
+> Since the name servers are not (yet) a part of any listing of public
+> resolvers, entries have to be added manually.
+
+Paste one or both of the following entries in the `[static]` section of your
+`dnscrypt-proxy.toml` configuration file.
+
+IPv4 (`144.91.70.62`)
+```toml
+[static. 'dnscrypt.dotya.ml-ipv4']
+  stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
+```
+
+IPv6 (`2a02:c207:2030:396::1`)
+```toml
+[static. 'dnscrypt.dotya.ml-ipv6']
+  stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
+```
+
+### Configuration
+Files used to set up and run this service can be found here:\
+https://git.dotya.ml/dotya.ml/dnscrypt-server.
+It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
+is handled.