Compare commits
9 Commits
4e11191eeb
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| d2ad01fd37 | |||
| 3a364b462d | |||
| 49e6e9ce56 | |||
| f27537448c | |||
| 197a87f268 | |||
| 15e959391d | |||
| 288045eb53 | |||
| 67a4f2b02e | |||
| 7d6169a8a0 |
70
.drone.yml
70
.drone.yml
@ -1,23 +1,27 @@
|
||||
kind: pipeline
|
||||
name: default
|
||||
type: docker
|
||||
name: build
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: docker:dind
|
||||
settings:
|
||||
mtu: 1450
|
||||
volumes:
|
||||
- name: dockersock
|
||||
path: /var/run
|
||||
# environment:
|
||||
# DOCKER_PASSWORD:
|
||||
# from_secret: docker_password
|
||||
environment:
|
||||
DOCKER_USERNAME:
|
||||
from_secret: docker_username
|
||||
DOCKER_PASSWORD:
|
||||
from_secret: docker_password
|
||||
commands:
|
||||
- sleep 5 # give docker enough time to start
|
||||
- docker pull pommib/powerdns:4.6-bookworm
|
||||
- docker pull debian:bookworm-slim
|
||||
- docker build --no-cache -t pommib/powerdns:4.6-bookworm ./debian/12/
|
||||
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||
- ./debian/12/build.sh
|
||||
when:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- push
|
||||
|
||||
services:
|
||||
- name: docker
|
||||
@ -26,6 +30,11 @@ services:
|
||||
volumes:
|
||||
- name: dockersock
|
||||
path: /var/run
|
||||
command:
|
||||
- dockerd-entrypoint.sh
|
||||
- dockerd
|
||||
- --host=unix:///var/run/docker.sock
|
||||
- --mtu=1492
|
||||
|
||||
volumes:
|
||||
- name: dockersock
|
||||
@ -36,3 +45,46 @@ trigger:
|
||||
- master
|
||||
event:
|
||||
- push
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: rebuild
|
||||
|
||||
steps:
|
||||
- name: rebuild
|
||||
image: docker:dind
|
||||
volumes:
|
||||
- name: dockersock
|
||||
path: /var/run
|
||||
environment:
|
||||
DOCKER_USERNAME:
|
||||
from_secret: docker_username
|
||||
DOCKER_PASSWORD:
|
||||
from_secret: docker_password
|
||||
commands:
|
||||
- sleep 5 # give docker enough time to start
|
||||
- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||
- ./build/rebuild.sh
|
||||
|
||||
services:
|
||||
- name: docker
|
||||
image: docker:dind
|
||||
privileged: true
|
||||
volumes:
|
||||
- name: dockersock
|
||||
path: /var/run
|
||||
command:
|
||||
- dockerd-entrypoint.sh
|
||||
- dockerd
|
||||
- --host=unix:///var/run/docker.sock
|
||||
- --mtu=1492
|
||||
|
||||
volumes:
|
||||
- name: dockersock
|
||||
temp: {}
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- cron
|
||||
cron:
|
||||
- rebuild
|
||||
|
||||
13
README.md
13
README.md
@ -8,7 +8,6 @@
|
||||
# Supported tags and respective `Dockerfile` links
|
||||
|
||||
- [`4.6-bookworm`, `latest`](https://github.com/pommi/docker-powerdns/blob/master/debian/12/Dockerfile)
|
||||
- [`4.4-bullseye`](https://github.com/pommi/docker-powerdns/blob/master/debian/11/Dockerfile)
|
||||
|
||||
# Usage
|
||||
|
||||
@ -87,3 +86,15 @@ DS = example.tld. IN DS 280 13 1 0dead339b7dacebb6750c7d4e5c9c0f4c19843a9 ; ( SH
|
||||
DS = example.tld. IN DS 280 13 2 f340e93c42b3c2c6fa8ef76e044ad2f064c1cd7484e785bdfca0f51cd548c88d ; ( SHA256 digest )
|
||||
DS = example.tld. IN DS 280 13 4 a793c7e590a7701c7b39365f99655b865d11961c355a5eb59302282cf653aec8b051ddc9e36a9df0843cad29ca50149a ; ( SHA-384 digest )
|
||||
```
|
||||
|
||||
Set `SOA-EDIT` to `INCEPTION-INCREMENT` so that slaves get notified when a rollover has taken place:
|
||||
```
|
||||
$ docker exec -it powerdns pdnsutil set-meta example.tld SOA-EDIT INCEPTION-INCREMENT
|
||||
[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed
|
||||
Set 'example.tld' meta SOA-EDIT = INCEPTION-INCREMENT
|
||||
|
||||
$ docker exec -it powerdns pdnsutil get-meta example.tld
|
||||
[bindbackend] Done parsing domains, 0 rejected, 1 new, 0 removed
|
||||
Metadata for 'example.tld'
|
||||
SOA-EDIT = INCEPTION-INCREMENT
|
||||
```
|
||||
|
||||
@ -1,17 +1,16 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
|
||||
updates_available () {
|
||||
if test "$(docker run -it --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then
|
||||
docker pull $1
|
||||
if test "$(docker run --rm $1 /bin/sh -c 'apt -qqq update && apt -qq list --upgradable')" != ""; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
if updates_available pommib/powerdns:4.4-bullseye; then
|
||||
./debian/11/build.sh
|
||||
fi
|
||||
|
||||
if updates_available pommib/powerdns:4.6-bookworm; then
|
||||
./debian/12/build.sh
|
||||
fi
|
||||
|
||||
22
debian/11/Dockerfile
vendored
22
debian/11/Dockerfile
vendored
@ -1,22 +0,0 @@
|
||||
FROM debian:bullseye-slim
|
||||
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get upgrade -y; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
pdns-server \
|
||||
pdns-backend-bind \
|
||||
sqlite3 \
|
||||
bind9-dnsutils \
|
||||
inotify-tools \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ADD start.sh /
|
||||
|
||||
EXPOSE 53/tcp 53/udp
|
||||
VOLUME ["/var/lib/powerdns"]
|
||||
|
||||
CMD /start.sh
|
||||
|
||||
HEALTHCHECK CMD dig +timeout=1 @127.0.0.1 || exit 1
|
||||
9
debian/11/build.sh
vendored
9
debian/11/build.sh
vendored
@ -1,9 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
|
||||
IMAGE=pommib/powerdns:4.4-bullseye
|
||||
docker pull $IMAGE
|
||||
docker pull debian:bullseye-slim
|
||||
docker build --no-cache -t $IMAGE ./debian/11/
|
||||
docker push $IMAGE
|
||||
30
debian/11/start.sh
vendored
30
debian/11/start.sh
vendored
@ -1,30 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# create sqlite database for DNSSEC
|
||||
if test ! -e /var/lib/powerdns/bind-dnssec-db.sqlite3; then
|
||||
echo [$0] Initializing /var/lib/powerdns/bind-dnssec-db.sqlite3
|
||||
/usr/bin/pdnsutil create-bind-db /var/lib/powerdns/bind-dnssec-db.sqlite3
|
||||
fi
|
||||
sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db.sqlite3/' /etc/powerdns/pdns.d/bind.conf
|
||||
|
||||
# start powerdns server
|
||||
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
|
||||
|
||||
# watch for zone changes
|
||||
inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" |
|
||||
while read -r path; do
|
||||
zone=$(basename $path)
|
||||
echo [$0] A modification was detected in $path
|
||||
echo [$0] Executing \`/usr/bin/pdns_control bind-reload-now $zone\`
|
||||
/usr/bin/pdns_control bind-reload-now $zone
|
||||
if pdnsutil show-zone $zone 2>/dev/null | grep -q "Zone is not actively secured"; then
|
||||
echo [$0] Zone is not actively secured, skipping \`pdnsutil rectify-zone $zone\`
|
||||
else
|
||||
echo [$0] DNSSEC secured zone. Executing \`pdnsutil rectify-zone $zone\`
|
||||
/usr/bin/pdnsutil rectify-zone $zone
|
||||
fi
|
||||
done &
|
||||
|
||||
wait -n
|
||||
|
||||
exit $?
|
||||
10
debian/12/Dockerfile
vendored
10
debian/12/Dockerfile
vendored
@ -1,15 +1,15 @@
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
RUN set -eux; \
|
||||
apt-get update; \
|
||||
apt-get upgrade -y; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
RUN set -eux && \
|
||||
apt-get update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
|
||||
pdns-server \
|
||||
pdns-backend-bind \
|
||||
sqlite3 \
|
||||
bind9-dnsutils \
|
||||
inotify-tools \
|
||||
; \
|
||||
&& \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ADD start.sh /
|
||||
|
||||
2
debian/12/build.sh
vendored
2
debian/12/build.sh
vendored
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
set -ex
|
||||
|
||||
IMAGE=pommib/powerdns:4.6-bookworm
|
||||
docker pull $IMAGE
|
||||
|
||||
2
debian/12/start.sh
vendored
2
debian/12/start.sh
vendored
@ -11,7 +11,7 @@ sed -i 's/^# bind-dnssec-db=/bind-dnssec-db=\/var\/lib\/powerdns\/bind-dnssec-db
|
||||
/usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no &
|
||||
|
||||
# watch for zone changes
|
||||
inotifywait -mqre modify --exclude '\.git' --exclude '.*\.swp' --format '%w%f' "/var/lib/powerdns/zones/" |
|
||||
inotifywait -mqre modify --exclude '.*(\.git|.*\.swp)' --format '%w%f' "/var/lib/powerdns/zones/" |
|
||||
while read -r path; do
|
||||
zone=$(basename $path)
|
||||
echo [$0] A modification was detected in $path
|
||||
|
||||
Reference in New Issue
Block a user