diff --git a/.env b/.env new file mode 100644 index 0000000..9ef2dea --- /dev/null +++ b/.env @@ -0,0 +1,6 @@ +# Unbound Configuration Path +# Select one of the following options: +# - unix: Unix Domain Socket +# - tls: TLS Socket +UNBOUND_CONF_PATH=./unbound-config/unix +# UNBOUND_CONF_PATH=./unbound-config/tls \ No newline at end of file diff --git a/.gitignore b/.gitignore index 51ae12d..0539f8b 100644 --- a/.gitignore +++ b/.gitignore @@ -21,4 +21,6 @@ dist-ssr *.sw? -coverage/ \ No newline at end of file +coverage/ +unbound-config/* +!unbound-config/unbound.conf diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e8e3954 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +services: + unbound-setup: + image: mvance/unbound:latest + volumes: + - ${UNBOUND_CONF_PATH}:/opt/unbound/etc/unbound + restart: "no" + entrypoint: [] + command: >- + /bin/sh -c " + if [ ! -f /opt/unbound/etc/unbound/key/unbound_server.key ]; then + echo 'Setup start' && + unbound-control-setup && + mkdir /opt/unbound/etc/unbound/key && + mv /opt/unbound/etc/unbound/unbound_* /opt/unbound/etc/unbound/key && + echo 'Setup complete'; + else + echo 'Certificates already exist'; + fi + " + unbound: + image: mvance/unbound:latest + container_name: unbound + ports: + - "53:53/tcp" + - "53:53/udp" + - "8953:8953" + volumes: + - ${UNBOUND_CONF_PATH}:/opt/unbound/etc/unbound + restart: unless-stopped + depends_on: + - unbound-setup