├── .circleci └── config.yml ├── .github └── stale.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── VERSION ├── docker-compose.yml ├── entrypoint.sh ├── kubernetes ├── pod.yml └── service.yml └── scripts └── release-notes.sh /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | version: 2.1 2 | 3 | orbs: 4 | shellcheck: circleci/shellcheck@1.3.16 5 | docker: circleci/docker@1.0.1 6 | go: circleci/go@1.1.1 7 | 8 | commands: 9 | docker-build: 10 | description: | 11 | Build and optionally deploy a Docker images 12 | parameters: 13 | dockerfile: 14 | default: Dockerfile 15 | description: 'Name of dockerfile to use, defaults to Dockerfile' 16 | type: string 17 | extra_build_args: 18 | default: '' 19 | description: > 20 | Extra flags to pass to docker build. For examples, see 21 | https://docs.docker.com/engine/reference/commandline/build 22 | type: string 23 | registry: 24 | default: docker.io 25 | description: | 26 | Comma separated list of registry to use, defaults to docker.io 27 | type: string 28 | image: 29 | description: Name of image to build 30 | type: string 31 | tag: 32 | default: $CIRCLE_SHA1 33 | description: 'Image tag, defaults to the value of $CIRCLE_SHA1' 34 | type: string 35 | path: 36 | default: . 37 | description: > 38 | Path to the directory containing your Dockerfile and build context, 39 | defaults to . (working directory) 40 | type: string 41 | cache_from: 42 | default: '' 43 | description: > 44 | Comma-separated list of images, images will first be pulled, then passed 45 | as the --cache-from build argument 46 | https://docs.docker.com/engine/reference/commandline/build/ 47 | type: string 48 | no_output_timeout: 49 | default: 10m 50 | description: | 51 | No output timeout for build step 52 | type: string 53 | steps: 54 | - when: 55 | condition: <> 56 | steps: 57 | - run: 58 | name: Build image for <> 59 | no_output_timeout: <> 60 | command: > 61 | echo "<>" | sed -n 1'p' | tr ',' '\n' | 62 | while read image; do 63 | echo "Pulling ${image}"; 64 | docker pull ${image} || true 65 | done 66 | 67 | docker_tag_args="" 68 | 69 | IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" 70 | 71 | for registry in "${DOCKER_REGISTRIES[@]}"; do 72 | IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" 73 | 74 | for tag in "${DOCKER_TAGS[@]}"; do 75 | docker_tag_args="$docker_tag_args -t $registry/<>:${tag}" 76 | done 77 | done 78 | 79 | docker build 80 | <<#parameters.extra_build_args>><><> 81 | \ 82 | --cache-from <> \ 83 | -f <>/<> \ 84 | $docker_tag_args \ 85 | <> 86 | - unless: 87 | condition: <> 88 | steps: 89 | - run: 90 | name: Building image for <> 91 | no_output_timeout: <> 92 | command: > 93 | docker_tag_args="" 94 | 95 | IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" 96 | 97 | for registry in "${DOCKER_REGISTRIES[@]}"; do 98 | IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" 99 | 100 | for tag in "${DOCKER_TAGS[@]}"; do 101 | docker_tag_args="$docker_tag_args -t $registry/<>:${tag}" 102 | done 103 | done 104 | 105 | docker build 106 | <<#parameters.extra_build_args>><><> 107 | \ 108 | -f <>/<> \ 109 | $docker_tag_args \ 110 | <> 111 | 112 | docker-save: 113 | description: | 114 | Save one or more images to a tar archive 115 | parameters: 116 | registry: 117 | default: docker.io 118 | description: | 119 | Comma separated list of registry to use, defaults to docker.io 120 | type: string 121 | image: 122 | description: Name of image to build 123 | type: string 124 | tag: 125 | default: $CIRCLE_SHA1 126 | description: 'Image tag, defaults to the value of $CIRCLE_SHA1' 127 | type: string 128 | steps: 129 | - run: 130 | name: Save image to tar archive 131 | command: > 132 | docker_images="" 133 | 134 | IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" 135 | 136 | for registry in "${DOCKER_REGISTRIES[@]}"; do 137 | IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" 138 | 139 | for tag in "${DOCKER_TAGS[@]}"; do 140 | docker_images="$docker_images $registry/<>:${tag}" 141 | done 142 | done 143 | 144 | mkdir -p ~/docker/ 145 | 146 | docker save -o ~/docker/docker-images.tar $docker_images 147 | - persist_to_workspace: 148 | root: ~/ 149 | paths: 150 | - docker 151 | 152 | docker-load: 153 | description: | 154 | Load tar archive 155 | steps: 156 | - attach_workspace: 157 | at: ~/ 158 | - run: 159 | name: Load images from tar archive 160 | command: > 161 | docker load -i ~/docker/docker-images.tar 162 | 163 | docker-publish: 164 | description: | 165 | Build and optionally deploy a Docker images 166 | parameters: 167 | pr: 168 | default: '' 169 | type: string 170 | registry: 171 | default: docker.io 172 | description: | 173 | Comma separated list of registry to use, defaults to docker.io 174 | type: string 175 | image: 176 | description: Name of image to build 177 | type: string 178 | tag: 179 | default: $CIRCLE_SHA1 180 | description: 'Image tag, defaults to the value of $CIRCLE_SHA1' 181 | type: string 182 | steps: 183 | - unless: 184 | condition: <> 185 | steps: 186 | - run: 187 | name: Publish image for <> 188 | command: > 189 | IFS="," read -ra DOCKER_REGISTRIES \<<< "<< parameters.registry >>" 190 | 191 | for registry in "${DOCKER_REGISTRIES[@]}"; do 192 | IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" 193 | 194 | for tag in "${DOCKER_TAGS[@]}"; do 195 | docker push $registry/<< parameters.image>>:${tag} 196 | done 197 | done 198 | 199 | jobs: 200 | build: 201 | executor: docker/machine 202 | steps: 203 | - checkout 204 | - docker-build: 205 | registry: docker.io,quay.io 206 | image: sameersbn/bind 207 | tag: ${CIRCLE_TAG:-latest} 208 | cache_from: docker.io/sameersbn/bind:latest 209 | - docker-save: 210 | registry: docker.io,quay.io 211 | image: sameersbn/bind 212 | tag: ${CIRCLE_TAG:-latest} 213 | 214 | test: 215 | executor: docker/machine 216 | steps: 217 | - checkout 218 | - docker-load 219 | - run: 220 | name: Create test network 221 | command: docker network create testnet 222 | - run: 223 | name: Launch bind container 224 | command: docker run --name bind -d --net testnet sameersbn/bind:${CIRCLE_TAG:-latest} 225 | - run: 226 | name: Wait for bootup 227 | command: sleep 15 228 | - run: 229 | name: Container info 230 | command: docker ps 231 | - run: 232 | name: Test image 233 | command: | 234 | docker run --rm --net testnet sameersbn/bind:${CIRCLE_TAG:-latest} host www.google.com bind 235 | 236 | publish-dockerhub: 237 | executor: docker/machine 238 | steps: 239 | - docker-load 240 | - docker/check: 241 | registry: docker.io 242 | docker-username: DOCKER_LOGIN 243 | docker-password: DOCKER_PASSWORD 244 | - docker-publish: 245 | registry: docker.io 246 | image: sameersbn/bind 247 | tag: ${CIRCLE_TAG:-latest} 248 | 249 | publish-quay: 250 | executor: docker/machine 251 | steps: 252 | - docker-load 253 | - docker/check: 254 | registry: quay.io 255 | docker-username: DOCKER_LOGIN 256 | docker-password: DOCKER_PASSWORD 257 | - docker-publish: 258 | registry: quay.io 259 | image: sameersbn/bind 260 | tag: ${CIRCLE_TAG:-latest} 261 | 262 | release: 263 | executor: 264 | name: go/default 265 | tag: '1.14' 266 | steps: 267 | - checkout 268 | - run: 269 | name: Installing github-release tool 270 | command: go get github.com/meterup/github-release 271 | - run: 272 | name: Creating github release 273 | command: | 274 | PRE_RELEASE=${CIRCLE_TAG/${CIRCLE_TAG%-rc[0-9]*}/} 275 | github-release delete -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} 2>/dev/null ||: 276 | ./scripts/release-notes.sh ${CIRCLE_TAG} | github-release release ${PRE_RELEASE:+-p} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -d - 277 | for f in $(find /tmp/dist -type f); do github-release upload -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -t ${CIRCLE_TAG} -n $(basename ${f}) -f ${f} ; done 278 | 279 | workflows: 280 | build-test-and-release: 281 | jobs: 282 | - shellcheck/check: 283 | name: shellcheck 284 | ignore: SC2086,SC2181,SC2124 285 | filters: 286 | tags: 287 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 288 | - build: 289 | requires: 290 | - shellcheck 291 | filters: 292 | tags: 293 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 294 | - test: 295 | requires: 296 | - build 297 | filters: 298 | tags: 299 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 300 | - publish-dockerhub: 301 | context: dockerhub 302 | requires: 303 | - test 304 | filters: 305 | branches: 306 | only: master 307 | tags: 308 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 309 | - publish-quay: 310 | context: quay 311 | requires: 312 | - test 313 | filters: 314 | tags: 315 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 316 | branches: 317 | only: master 318 | - release: 319 | context: github 320 | requires: 321 | - publish-dockerhub 322 | - publish-quay 323 | filters: 324 | tags: 325 | only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/ 326 | branches: 327 | ignore: /.*/ 328 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Number of days of inactivity before an issue becomes stale 2 | daysUntilStale: 60 3 | # Number of days of inactivity before a stale issue is closed 4 | daysUntilClose: 7 5 | # Issues with these labels will never be considered stale 6 | exemptLabels: 7 | - pinned 8 | - security 9 | # Label to use when marking an issue as stale 10 | staleLabel: wontfix 11 | # Comment to post when marking an issue as stale. Set to `false` to disable 12 | markComment: > 13 | This issue has been automatically marked as stale because it has not had 14 | recent activity. It will be closed if no further activity occurs. Thank you 15 | for your contributions. 16 | # Comment to post when closing a stale issue. Set to `false` to disable 17 | closeComment: false 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.deb 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:focal-20200423 AS add-apt-repositories 2 | 3 | RUN apt-get update \ 4 | && DEBIAN_FRONTEND=noninteractive apt-get install -y gnupg \ 5 | && apt-key adv --fetch-keys http://www.webmin.com/jcameron-key.asc \ 6 | && echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list 7 | 8 | FROM ubuntu:focal-20200423 9 | 10 | LABEL maintainer="sameer@damagehead.com" 11 | 12 | ENV BIND_USER=bind \ 13 | BIND_VERSION=9.16.1 \ 14 | WEBMIN_VERSION=1.941 \ 15 | DATA_DIR=/data 16 | 17 | COPY --from=add-apt-repositories /etc/apt/trusted.gpg /etc/apt/trusted.gpg 18 | 19 | COPY --from=add-apt-repositories /etc/apt/sources.list /etc/apt/sources.list 20 | 21 | RUN rm -rf /etc/apt/apt.conf.d/docker-gzip-indexes \ 22 | && apt-get update \ 23 | && DEBIAN_FRONTEND=noninteractive apt-get install -y \ 24 | bind9=1:${BIND_VERSION}* bind9-host=1:${BIND_VERSION}* dnsutils \ 25 | webmin=${WEBMIN_VERSION}* \ 26 | && rm -rf /var/lib/apt/lists/* 27 | 28 | COPY entrypoint.sh /sbin/entrypoint.sh 29 | 30 | RUN chmod 755 /sbin/entrypoint.sh 31 | 32 | EXPOSE 53/udp 53/tcp 10000/tcp 33 | 34 | ENTRYPOINT ["/sbin/entrypoint.sh"] 35 | 36 | CMD ["/usr/sbin/named"] 37 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Sameer Naik 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | 3 | build: 4 | @docker build --tag=sameersbn/bind . 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Circle CI](https://circleci.com/gh/sameersbn/docker-bind.svg?style=shield)](https://circleci.com/gh/sameersbn/docker-bind) [![Docker Repository on Quay.io](https://quay.io/repository/sameersbn/bind/status "Docker Repository on Quay.io")](https://quay.io/repository/sameersbn/bind) 2 | 3 | # sameersbn/bind:9.16.1-20200524 4 | 5 | - [Introduction](#introduction) 6 | - [Contributing](#contributing) 7 | - [Issues](#issues) 8 | - [Getting started](#getting-started) 9 | - [Installation](#installation) 10 | - [Quickstart](#quickstart) 11 | - [Command-line arguments](#command-line-arguments) 12 | - [Persistence](#persistence) 13 | - [Maintenance](#maintenance) 14 | - [Upgrading](#upgrading) 15 | - [Shell Access](#shell-access) 16 | 17 | # Introduction 18 | 19 | `Dockerfile` to create a [Docker](https://www.docker.com/) container image for [BIND](https://www.isc.org/downloads/bind/) DNS server bundled with the [Webmin](http://www.webmin.com/) interface. 20 | 21 | BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. 22 | 23 | ## Contributing 24 | 25 | If you find this image useful here's how you can help: 26 | 27 | - Send a pull request with your awesome features and bug fixes 28 | - Help users resolve their [issues](../../issues?q=is%3Aopen+is%3Aissue). 29 | - Support the development of this image with a [donation](http://www.damagehead.com/donate/) 30 | 31 | ## Issues 32 | 33 | Before reporting your issue please try updating Docker to the latest version and check if it resolves the issue. Refer to the Docker [installation guide](https://docs.docker.com/installation) for instructions. 34 | 35 | SELinux users should try disabling SELinux using the command `setenforce 0` to see if it resolves the issue. 36 | 37 | If the above recommendations do not help then [report your issue](../../issues/new) along with the following information: 38 | 39 | - Output of the `docker version` and `docker info` commands 40 | - The `docker run` command or `docker-compose.yml` used to start the image. Mask out the sensitive bits. 41 | - Please state if you are using [Boot2Docker](http://www.boot2docker.io), [VirtualBox](https://www.virtualbox.org), etc. 42 | 43 | # Getting started 44 | 45 | ## Installation 46 | 47 | Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/sameersbn/bind) and is the recommended method of installation. 48 | 49 | > **Note**: Builds are also available on [Quay.io](https://quay.io/repository/sameersbn/bind) 50 | 51 | ```bash 52 | docker pull sameersbn/bind:9.16.1-20200524 53 | ``` 54 | 55 | Alternatively you can build the image yourself. 56 | 57 | ```bash 58 | docker build -t sameersbn/bind github.com/sameersbn/docker-bind 59 | ``` 60 | 61 | ## Quickstart 62 | 63 | Start BIND using: 64 | 65 | ```bash 66 | docker run --name bind -d --restart=always \ 67 | --publish 53:53/tcp --publish 53:53/udp --publish 10000:10000/tcp \ 68 | --volume /srv/docker/bind:/data \ 69 | sameersbn/bind:9.16.1-20200524 70 | ``` 71 | 72 | *Alternatively, you can use the sample [docker-compose.yml](docker-compose.yml) file to start the container using [Docker Compose](https://docs.docker.com/compose/)* 73 | 74 | When the container is started the [Webmin](http://www.webmin.com/) service is also started and is accessible from the web browser at https://localhost:10000. Login to Webmin with the username `root` and password `password`. Specify `--env ROOT_PASSWORD=secretpassword` on the `docker run` command to set a password of your choosing. 75 | 76 | The launch of Webmin can be disabled by adding `--env WEBMIN_ENABLED=false` to the `docker run` command. Note that the `ROOT_PASSWORD` parameter has no effect when the launch of Webmin is disabled. 77 | 78 | Read the blog post [Deploying a DNS Server using Docker](http://www.damagehead.com/blog/2015/04/28/deploying-a-dns-server-using-docker/) for an example use case. 79 | 80 | ## Command-line arguments 81 | 82 | You can customize the launch command of BIND server by specifying arguments to `named` on the `docker run` command. For example the following command prints the help menu of `named` command: 83 | 84 | ```bash 85 | docker run --name bind -it --rm \ 86 | --publish 53:53/tcp --publish 53:53/udp --publish 10000:10000/tcp \ 87 | --volume /srv/docker/bind:/data \ 88 | sameersbn/bind:9.16.1-20200524 -h 89 | ``` 90 | 91 | ## Persistence 92 | 93 | For the BIND to preserve its state across container shutdown and startup you should mount a volume at `/data`. 94 | 95 | > *The [Quickstart](#quickstart) command already mounts a volume for persistence.* 96 | 97 | SELinux users should update the security context of the host mountpoint so that it plays nicely with Docker: 98 | 99 | ```bash 100 | mkdir -p /srv/docker/bind 101 | chcon -Rt svirt_sandbox_file_t /srv/docker/bind 102 | ``` 103 | 104 | ## Reverse Proxying 105 | 106 | If you need to run Webmin behind a reverse-proxy such as Nginx, you can tweak the following environment variables: 107 | 108 | * `WEBMIN_INIT_SSL_ENABLED`: If Webmin should be served via SSL or not. Defaults to `true`. 109 | If you do the SSL termination at an earlier stage, set this to false. 110 | 111 | * `WEBMIN_INIT_REDIRECT_PORT`: The port Webmin is served from. 112 | Set this to your reverse proxy port, such as `443`. Defaults to `10000`. 113 | 114 | * `WEBMIN_INIT_REFERERS`: Sets the allowed referrers to Webmin. 115 | Set this to your domain name of the reverse proxy. Example: `mywebmin.example.com`. 116 | Defaults to empty (no referrer). 117 | 118 | # Maintenance 119 | 120 | ## Upgrading 121 | 122 | To upgrade to newer releases: 123 | 124 | 1. Download the updated Docker image: 125 | 126 | ```bash 127 | docker pull sameersbn/bind:9.16.1-20200524 128 | ``` 129 | 130 | 2. Stop the currently running image: 131 | 132 | ```bash 133 | docker stop bind 134 | ``` 135 | 136 | 3. Remove the stopped container 137 | 138 | ```bash 139 | docker rm -v bind 140 | ``` 141 | 142 | 4. Start the updated image 143 | 144 | ```bash 145 | docker run -name bind -d \ 146 | [OPTIONS] \ 147 | sameersbn/bind:9.16.1-20200524 148 | ``` 149 | 150 | ## Shell Access 151 | 152 | For debugging and maintenance purposes you may want access the containers shell. If you are using Docker version `1.3.0` or higher you can access a running containers shell by starting `bash` using `docker exec`: 153 | 154 | ```bash 155 | docker exec -it bind bash 156 | ``` 157 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 9.16.1-20200524 2 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | 3 | services: 4 | bind: 5 | restart: always 6 | image: sameersbn/bind:9.16.1-20200524 7 | ports: 8 | - "53:53/udp" 9 | - "53:53/tcp" 10 | - "10000:10000/tcp" 11 | volumes: 12 | - /srv/docker/bind:/data 13 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # usage: file_env VAR [DEFAULT] 5 | # ie: file_env 'XYZ_DB_PASSWORD' 'example' 6 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of 7 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) 8 | file_env() { 9 | local var="$1" 10 | local fileVar="${var}_FILE" 11 | local def="${2:-}" 12 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then 13 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)" 14 | exit 1 15 | fi 16 | local val="$def" 17 | if [ "${!var:-}" ]; then 18 | val="${!var}" 19 | elif [ "${!fileVar:-}" ]; then 20 | val="$(< "${!fileVar}")" 21 | fi 22 | export "$var"="$val" 23 | unset "$fileVar" 24 | } 25 | 26 | file_env 'ROOT_PASSWORD' 27 | 28 | ROOT_PASSWORD=${ROOT_PASSWORD:-password} 29 | WEBMIN_ENABLED=${WEBMIN_ENABLED:-true} 30 | WEBMIN_INIT_SSL_ENABLED=${WEBMIN_INIT_SSL_ENABLED:-true} 31 | WEBMIN_INIT_REDIRECT_PORT=${WEBMIN_INIT_REDIRECT_PORT:-10000} 32 | WEBMIN_INIT_REFERERS=${WEBMIN_INIT_REFERERS:-NONE} 33 | 34 | BIND_DATA_DIR=${DATA_DIR}/bind 35 | WEBMIN_DATA_DIR=${DATA_DIR}/webmin 36 | 37 | create_bind_data_dir() { 38 | mkdir -p ${BIND_DATA_DIR} 39 | 40 | # populate default bind configuration if it does not exist 41 | if [ ! -d ${BIND_DATA_DIR}/etc ]; then 42 | mv /etc/bind ${BIND_DATA_DIR}/etc 43 | fi 44 | rm -rf /etc/bind 45 | ln -sf ${BIND_DATA_DIR}/etc /etc/bind 46 | chmod -R 0775 ${BIND_DATA_DIR} 47 | chown -R ${BIND_USER}:${BIND_USER} ${BIND_DATA_DIR} 48 | 49 | if [ ! -d ${BIND_DATA_DIR}/lib ]; then 50 | mkdir -p ${BIND_DATA_DIR}/lib 51 | chown ${BIND_USER}:${BIND_USER} ${BIND_DATA_DIR}/lib 52 | fi 53 | rm -rf /var/lib/bind 54 | ln -sf ${BIND_DATA_DIR}/lib /var/lib/bind 55 | } 56 | 57 | create_webmin_data_dir() { 58 | mkdir -p ${WEBMIN_DATA_DIR} 59 | chmod -R 0755 ${WEBMIN_DATA_DIR} 60 | chown -R root:root ${WEBMIN_DATA_DIR} 61 | 62 | # populate the default webmin configuration if it does not exist 63 | if [ ! -d ${WEBMIN_DATA_DIR}/etc ]; then 64 | mv /etc/webmin ${WEBMIN_DATA_DIR}/etc 65 | fi 66 | rm -rf /etc/webmin 67 | ln -sf ${WEBMIN_DATA_DIR}/etc /etc/webmin 68 | } 69 | 70 | disable_webmin_ssl() { 71 | sed -i 's/ssl=1/ssl=0/g' /etc/webmin/miniserv.conf 72 | } 73 | 74 | set_webmin_redirect_port() { 75 | echo "redirect_port=$WEBMIN_INIT_REDIRECT_PORT" >> /etc/webmin/miniserv.conf 76 | } 77 | 78 | set_webmin_referers() { 79 | echo "referers=$WEBMIN_INIT_REFERERS" >> /etc/webmin/config 80 | } 81 | 82 | set_root_passwd() { 83 | echo "root:$ROOT_PASSWORD" | chpasswd 84 | } 85 | 86 | create_pid_dir() { 87 | mkdir -p /var/run/named 88 | chmod 0775 /var/run/named 89 | chown root:${BIND_USER} /var/run/named 90 | } 91 | 92 | create_bind_cache_dir() { 93 | mkdir -p /var/cache/bind 94 | chmod 0775 /var/cache/bind 95 | chown root:${BIND_USER} /var/cache/bind 96 | } 97 | 98 | first_init() { 99 | if [ ! -f /data/.initialized ]; then 100 | set_webmin_redirect_port 101 | if [ "${WEBMIN_INIT_SSL_ENABLED}" == "false" ]; then 102 | disable_webmin_ssl 103 | fi 104 | if [ "${WEBMIN_INIT_REFERERS}" != "NONE" ]; then 105 | set_webmin_referers 106 | fi 107 | touch /data/.initialized 108 | fi 109 | } 110 | 111 | create_pid_dir 112 | create_bind_data_dir 113 | create_bind_cache_dir 114 | 115 | # allow arguments to be passed to named 116 | if [[ ${1:0:1} = '-' ]]; then 117 | EXTRA_ARGS="$*" 118 | set -- 119 | elif [[ ${1} == named || ${1} == "$(command -v named)" ]]; then 120 | EXTRA_ARGS="${*:2}" 121 | set -- 122 | fi 123 | 124 | # default behaviour is to launch named 125 | if [[ -z ${1} ]]; then 126 | if [ "${WEBMIN_ENABLED}" == "true" ]; then 127 | create_webmin_data_dir 128 | first_init 129 | set_root_passwd 130 | echo "Starting webmin..." 131 | /etc/init.d/webmin start 132 | fi 133 | 134 | echo "Starting named..." 135 | exec "$(command -v named)" -u ${BIND_USER} -g ${EXTRA_ARGS} 136 | else 137 | exec "$@" 138 | fi 139 | -------------------------------------------------------------------------------- /kubernetes/pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: bind 5 | labels: 6 | name: bind 7 | spec: 8 | containers: 9 | - name: bind 10 | image: sameersbn/bind 11 | env: 12 | - name: WEBMIN_ENABLED 13 | value: false 14 | ports: 15 | - containerPort: 53 16 | protocol: UDP 17 | volumeMounts: 18 | - mountPath: /data 19 | name: data 20 | volumes: 21 | - name: data 22 | emptyDir: {} 23 | -------------------------------------------------------------------------------- /kubernetes/service.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: bind 5 | labels: 6 | name: bind 7 | spec: 8 | type: LoadBalancer 9 | ports: 10 | - port: 53 11 | targetPort: 53 12 | protocol: UDP 13 | selector: 14 | name: bind 15 | -------------------------------------------------------------------------------- /scripts/release-notes.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | RELEASE=${GIT_TAG:-$1} 4 | 5 | if [ -z "${RELEASE}" ]; then 6 | echo "Usage:" 7 | echo "./scripts/release-notes.sh v0.1.0" 8 | exit 1 9 | fi 10 | 11 | if ! git rev-list ${RELEASE} >/dev/null 2>&1; then 12 | echo "${RELEASE} does not exist" 13 | exit 14 | fi 15 | 16 | PREV_RELEASE=${PREV_RELEASE:-$(git describe --tags --abbrev=0 ${RELEASE}^)} 17 | PREV_RELEASE=${PREV_RELEASE:-$(git rev-list --max-parents=0 ${RELEASE}^)} 18 | NOTABLE_CHANGES=$(git cat-file -p ${RELEASE} | sed '/-----BEGIN PGP SIGNATURE-----/,//d' | tail -n +6) 19 | CHANGELOG=$(git log --no-merges --pretty=format:'- [%h] %s (%aN)' ${PREV_RELEASE}..${RELEASE}) 20 | if [ $? -ne 0 ]; then 21 | echo "Error creating changelog" 22 | exit 1 23 | fi 24 | 25 | cat <