Add info about DNSCrypt resolver (#29)
All checks were successful
continuous-integration/drone/push Build is passing

update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make
sure the linter is up to date and all errors are resolved, resulting ina passing build.
the ignore is added as the issue is not too big of a deal (at least not
ATM).

* 55d9852 - fix: make hadolint pass <surtur>
* 8f2e192 - about, posts: add dnscrypt <surtur>

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #29
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
This commit is contained in:
wanderer 2021-08-08 00:36:37 +02:00
parent 6fcef0ce11
commit 8a1821c416
Signed by: Gitea
GPG Key ID: 0DD13DBC6B5433D3
5 changed files with 67 additions and 10 deletions

@ -75,7 +75,7 @@ depends_on:
steps: steps:
- name: hadolint - name: hadolint
image: hadolint/hadolint:latest image: hadolint/hadolint:v2.6.0-alpine
commands: commands:
- hadolint --version - hadolint --version
- hadolint Dockerfile - hadolint Dockerfile

@ -7,6 +7,9 @@ WORKDIR /homepage
RUN git submodule init \ RUN git submodule init \
&& git submodule update --recursive \ && git submodule update --recursive \
&& hugo version && hugo version
# "DL3059 info: Multiple consecutive `RUN` instructions.
# Consider consolidation."
# hadolint ignore=DL3059
RUN hugo --minify --gc=true RUN hugo --minify --gc=true
WORKDIR / WORKDIR /

@ -15,14 +15,15 @@ enableEmoji = true
dateform = "Jan 2, 2006" dateform = "Jan 2, 2006"
dateformShort = "Jan 2" dateformShort = "Jan 2"
dateformNum = "2006-02-01" dateformNum = "2006-02-01"
dateformNumTime = "2006-02-01 15:04 +0000" dateformNumTime = "2006-02-01T15:04+00:00"
# Metadata mostly used in document's head # Metadata mostly used in document's head
description = "dotya.ml homepage" description = "dotya.ml homepage"
keywords = "homepage, development, git, programming" keywords = "homepage, development, git, programming"
images = [""] images = [""]
themeColor = "#282a2b" themeColor = "#282a2b"
justifyContent = false justifyContent = false
relatedPosts = false relatedPosts = true
gitUrl = "https://git.dotya.ml/dotya.ml/homepage"
# Directory name of your blog content (default is `content/posts`) # Directory name of your blog content (default is `content/posts`)
contentTypeName = "content/posts" contentTypeName = "content/posts"
@ -70,12 +71,12 @@ enableEmoji = true
url = "/about/" url = "/about/"
alt = "dotya.ml status" alt = "dotya.ml status"
weight = 1 weight = 1
# [[languages.en.menu.main]] [[languages.en.menu.main]]
# identifier = "posts" identifier = "posts"
# name = "posts" name = "posts"
# url = "/posts" url = "/posts/"
# alt = "dotya.ml posts" alt = "dotya.ml posts"
# weight = 2 weight = 2
[[languages.en.menu.main]] [[languages.en.menu.main]]
identifier = "contact" identifier = "contact"
name = "contact" name = "contact"

@ -1,6 +1,6 @@
--- ---
title: "about dotya.ml" title: "about dotya.ml"
date: 2020-03-07T02:12:03+01:00 date: 2020-08-06T17:15:03+01:00
draft: false draft: false
--- ---
@ -8,6 +8,7 @@ Free services provided for fun as a hobby with passion and :white_heart:\
So far we have: So far we have:
* [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml * [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml
* [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml * [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml
* [DNSCrypt](https://dnscrypt.info/) server
### Onion services ### Onion services
> Note: This is a work in progress - more services are to come > Note: This is a work in progress - more services are to come
@ -29,6 +30,12 @@ PR or an email with anything interesting and worthwile.
set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion
### DNS(Crypt)
a non-logging name server, securing connections using DNSCrypt for increased
privacy, that is - as long as we trust our own server.
see [DNSCrypt](/posts/dnscrypt/) for more.
### Observability ### Observability
long-term monitoring of trends for services we're running long-term monitoring of trends for services we're running
* [prometheus](https://prometheus.io) at https://metrics.dotya.ml * [prometheus](https://prometheus.io) at https://metrics.dotya.ml

46
content/posts/dnscrypt.md Normal file

@ -0,0 +1,46 @@
---
title: "DNSCrypt"
date: 2021-08-06T23:38:45+02:00
draft: false
toc: true
enableGitInfo: true
tags: [dnscrypt, dns, privacy, security, censorship]
---
### why are you doing this?
There are many publicly available [open resolvers using DoT, DoH or
DNSCrypt](https://dnscrypt.info/public-servers) to secure the traffic. However,
we have still felt the need to run our own, especially since it's such a
critical part of the infrastructure. Since now it's a reality, we're offering
it for public use.
### so what is it?
What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
resolver using
[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
Our resolver is available over both IPv4 and IPv6.
### can I haz some plz
> Since the name servers are not (yet) a part of any listing of public
> resolvers, entries have to be added manually.
Paste one or both of the following entries in the `[static]` section of your
`dnscrypt-proxy.toml` configuration file.
IPv4 (`144.91.70.62`)
```toml
[static. 'dnscrypt.dotya.ml-ipv4']
stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
```
IPv6 (`2a02:c207:2030:396::1`)
```toml
[static. 'dnscrypt.dotya.ml-ipv6']
stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
```
### Configuration
Files used to set up and run this service can be found here:\
https://git.dotya.ml/dotya.ml/dnscrypt-server.
It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
is handled.