diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4d88116 --- /dev/null +++ b/Makefile @@ -0,0 +1,10 @@ +# Makefile for building packages for CoreDNS. + +# Build the debian packages +.PHONY: debian +debian: + dpkg-buildpackage -us -uc -b --target-arch amd64 + dpkg-buildpackage -us -uc -b --target-arch arm + dpkg-buildpackage -us -uc -b --target-arch arm64 + # debs are one up + ls ../*.deb diff --git a/README.md b/README.md index cd03ee8..fb412e1 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,9 @@ -# deployment +# Deployment + Scripts, utilities, and examples for deploying CoreDNS. - ## MacOS + The default settings will proxy all requests to hostnames not found in your host file to Google's DNS-over-HTTPS. To install: @@ -20,3 +21,18 @@ Using CoreDNS as your default resolver: - Type `127.0.0.1` and hit enter - Click `OK` - Click `Apply` + +# Debian + +On a debian system: + + - Run `dpkg-buildpackage -us -uc -b --target-arch ARCH` + Where ARCH can be any of the released architectures, like "amd64" or "arm". + - Most users will just run: `dpkg-buildpackage -us -uc -b` + +To install: + + - Run `dpkg -i coredns_0.9.10-0~9.20_amd64.deb`. + +This installs the coredns binary in /usr/bin, adds a coredns user (homedir set to /var/lib/coredns) +and a small Corefile /etc/coredns. diff --git a/debian/Corefile b/debian/Corefile new file mode 100644 index 0000000..30eaeef --- /dev/null +++ b/debian/Corefile @@ -0,0 +1,9 @@ +# Default Corefile, see https://coredns.io for more information. + +# Answer every below the root, with the whoami plugin. Log all queries +# and errors on standard output. +. { + whoami # coredns.io/plugins/whoami + log # coredns.io/plugins/log + errors # coredns.io/plugins/errors +} diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..ebe01f2 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +coredns (0-0) UNRELEASED; urgency=medium + + * Package for Debian. + + -- Miek Gieben Sat, 11 Nov 2017 09:52:00 +0000 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..b131167 --- /dev/null +++ b/debian/control @@ -0,0 +1,8 @@ +Source: coredns +Maintainer: Miek Gieben +Build-Depends: debhelper (>= 9), ca-certificates, wget, dh-systemd + +Package: coredns +Architecture: any +Description: DNS server that chains plugins +Depends: adduser diff --git a/debian/coredns.service b/debian/coredns.service new file mode 100644 index 0000000..9fa21a7 --- /dev/null +++ b/debian/coredns.service @@ -0,0 +1,20 @@ +[Unit] +Description=CoreDNS DNS server +Documentation=https://coredns.io +After=network.target + +[Service] +PermissionsStartOnly=true +LimitNOFILE=1048576 +LimitNPROC=512 +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true +User=coredns +WorkingDirectory=~ +ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile +ExecReload=/bin/kill -SIGUSR1 $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6facb67 --- /dev/null +++ b/debian/rules @@ -0,0 +1,29 @@ +#!/usr/bin/make -f + +VERSION := 0.9.10 + +DEB_HOST_ARCH := $(DEB_TARGET_ARCH) +DISTRIBUTION := $(shell lsb_release -sr) +PACKAGEVERSION := $(VERSION)-0~$(DISTRIBUTION)0 +TARBALL := coredns_$(VERSION)_linux_$(DEB_TARGET_ARCH).tgz +URL := https://github.com/coredns/coredns/releases/download/v$(VERSION)/$(TARBALL) + +%: + dh_clean + dh $@ --with systemd + +override_dh_strip: + # don't perform dh_strip + echo dh_strip + +override_dh_auto_clean: +override_dh_auto_test: +override_dh_auto_build: +override_dh_auto_install: + wget -N --progress=dot:mega $(URL) + mkdir -p debian/coredns/usr/bin debian/coredns/etc/coredns + tar -xf $(TARBALL) -C debian/coredns/usr/bin + cp debian/Corefile debian/coredns/etc/coredns/Corefile + +override_dh_gencontrol: + dh_gencontrol -- -v$(PACKAGEVERSION) diff --git a/systemd/README.md b/systemd/README.md index 3e162e7..be8dd0d 100644 --- a/systemd/README.md +++ b/systemd/README.md @@ -1,4 +1,5 @@ # Systemd Service File -Use `coredns.service` as a systemd service file. It defaults to a coredns with a homedir of `/home/coredns` -and the binary lives in `/opt/bin` and the config in `/etc/coredns/Corefile`. +Use `coredns.service` as a systemd service file. It defaults to using a "coredns" user with +a homedir of `/var/lib/coredns` and the binary lives in `/usr/bin` and the config in +`/etc/coredns/Corefile`. diff --git a/systemd/coredns.service b/systemd/coredns.service index f0be1af..9fa21a7 100644 --- a/systemd/coredns.service +++ b/systemd/coredns.service @@ -5,11 +5,14 @@ After=network.target [Service] PermissionsStartOnly=true -LimitNOFILE=8192 +LimitNOFILE=1048576 +LimitNPROC=512 +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=true User=coredns -WorkingDirectory=/home/coredns -ExecStartPre=/sbin/setcap cap_net_bind_service=+ep /opt/bin/coredns -ExecStart=/opt/bin/coredns -conf=/etc/coredns/Corefile +WorkingDirectory=~ +ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile ExecReload=/bin/kill -SIGUSR1 $MAINPID Restart=on-failure