From 8f2e192905435c9727d2e08d392f411504edf4e5 Mon Sep 17 00:00:00 2001 From: surtur Date: Sat, 7 Aug 2021 12:38:41 +0200 Subject: [PATCH 1/2] about, posts: add dnscrypt --- config.toml | 17 ++++++++------- content/about.md | 9 +++++++- content/posts/dnscrypt.md | 46 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 9 deletions(-) create mode 100644 content/posts/dnscrypt.md diff --git a/config.toml b/config.toml index a439c02..6e29391 100644 --- a/config.toml +++ b/config.toml @@ -15,14 +15,15 @@ enableEmoji = true dateform = "Jan 2, 2006" dateformShort = "Jan 2" dateformNum = "2006-02-01" - dateformNumTime = "2006-02-01 15:04 +0000" + dateformNumTime = "2006-02-01T15:04+00:00" # Metadata mostly used in document's head description = "dotya.ml homepage" keywords = "homepage, development, git, programming" images = [""] themeColor = "#282a2b" justifyContent = false - relatedPosts = false + relatedPosts = true + gitUrl = "https://git.dotya.ml/dotya.ml/homepage" # Directory name of your blog content (default is `content/posts`) contentTypeName = "content/posts" @@ -70,12 +71,12 @@ enableEmoji = true url = "/about/" alt = "dotya.ml status" weight = 1 - # [[languages.en.menu.main]] - # identifier = "posts" - # name = "posts" - # url = "/posts" - # alt = "dotya.ml posts" - # weight = 2 + [[languages.en.menu.main]] + identifier = "posts" + name = "posts" + url = "/posts/" + alt = "dotya.ml posts" + weight = 2 [[languages.en.menu.main]] identifier = "contact" name = "contact" diff --git a/content/about.md b/content/about.md index 40b074f..1da2b95 100644 --- a/content/about.md +++ b/content/about.md @@ -1,6 +1,6 @@ --- title: "about dotya.ml" -date: 2020-03-07T02:12:03+01:00 +date: 2020-08-06T17:15:03+01:00 draft: false --- @@ -8,6 +8,7 @@ Free services provided for fun as a hobby with passion and :white_heart:\ So far we have: * [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml * [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml +* [DNSCrypt](https://dnscrypt.info/) server ### Onion services > Note: This is a work in progress - more services are to come @@ -29,6 +30,12 @@ PR or an email with anything interesting and worthwile. set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion +### DNS(Crypt) +a non-logging name server, securing connections using DNSCrypt for increased +privacy, that is - as long as we trust our own server. + +see [DNSCrypt](/posts/dnscrypt/) for more. + ### Observability long-term monitoring of trends for services we're running * [prometheus](https://prometheus.io) at https://metrics.dotya.ml diff --git a/content/posts/dnscrypt.md b/content/posts/dnscrypt.md new file mode 100644 index 0000000..82534b0 --- /dev/null +++ b/content/posts/dnscrypt.md @@ -0,0 +1,46 @@ +--- +title: "DNSCrypt" +date: 2021-08-06T23:38:45+02:00 +draft: false +toc: true +enableGitInfo: true +tags: [dnscrypt, dns, privacy, security, censorship] +--- + +### why are you doing this? +There are many publicly available [open resolvers using DoT, DoH or +DNSCrypt](https://dnscrypt.info/public-servers) to secure the traffic. However, +we have still felt the need to run our own, especially since it's such a +critical part of the infrastructure. Since now it's a reality, we're offering +it for public use. + +### so what is it? +What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS +resolver using +[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project. +Our resolver is available over both IPv4 and IPv6. + +### can I haz some plz +> Since the name servers are not (yet) a part of any listing of public +> resolvers, entries have to be added manually. + +Paste one or both of the following entries in the `[static]` section of your +`dnscrypt-proxy.toml` configuration file. + +IPv4 (`144.91.70.62`) +```toml +[static. 'dnscrypt.dotya.ml-ipv4'] + stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA' +``` + +IPv6 (`2a02:c207:2030:396::1`) +```toml +[static. 'dnscrypt.dotya.ml-ipv6'] + stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s' +``` + +### Configuration +Files used to set up and run this service can be found here:\ +https://git.dotya.ml/dotya.ml/dnscrypt-server. +It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI +is handled. -- 2.47.0 From 55d9852c80a77c4b42fe80de9801b4683bbe08bf Mon Sep 17 00:00:00 2001 From: surtur Date: Sun, 8 Aug 2021 00:10:47 +0200 Subject: [PATCH 2/2] fix: make hadolint pass --- .drone.yml | 2 +- Dockerfile | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index de007e9..d9cdec4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -75,7 +75,7 @@ depends_on: steps: - name: hadolint - image: hadolint/hadolint:latest + image: hadolint/hadolint:v2.6.0-alpine commands: - hadolint --version - hadolint Dockerfile diff --git a/Dockerfile b/Dockerfile index 4dc60c0..85e53b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,9 @@ WORKDIR /homepage RUN git submodule init \ && git submodule update --recursive \ && hugo version +# "DL3059 info: Multiple consecutive `RUN` instructions. +# Consider consolidation." +# hadolint ignore=DL3059 RUN hugo --minify --gc=true WORKDIR / -- 2.47.0