From 7ab7a6e958d93895f9a54770a7f27030fde53da7 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Mon, 20 Jan 2025 19:24:44 +0100
Subject: [PATCH] add nsd service

---
 compose.yaml      | 37 +++++++++++++++++++++++++++++++------
 conf/nsd.conf     | 31 +++++++++++++++++++++++++++++++
 nsd.Containerfile |  5 +++++
 3 files changed, 67 insertions(+), 6 deletions(-)
 create mode 100644 conf/nsd.conf
 create mode 100644 nsd.Containerfile

diff --git a/compose.yaml b/compose.yaml
index c71d7be..72ab77e 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -48,9 +48,9 @@ services:
     build:
       dockerfile: knot.Containerfile
     ports:
-      - "[::1]:42053:53/udp"
-      - "[::1]:42053:53/tcp"
-      - "[::1]:42853:853/udp"
+      - "[::1]:42053:42053/udp"
+      - "[::1]:42053:42053/tcp"
+      - "[::1]:42853:42853/udp"
     volumes:
       - ./data/reg/:/srv/servnest/reg/:rw
       - ./data/ns/:/srv/servnest/ns/:rw
@@ -68,13 +68,15 @@ services:
     build:
       dockerfile: knot.Containerfile
     ports:
-      - "[::1]:42054:53/udp"
-      - "[::1]:42054:53/tcp"
-      - "[::1]:42854:853/udp"
+      - "[::1]:42054:42053/udp"
+      - "[::1]:42054:42053/tcp"
+      - "[::1]:42854:42853/udp"
     volumes:
       - ./data/knot-secondary/:/var/lib/knot/:rw
       - ./logs/knot-secondary/:/var/log/knot/:rw
       - ./sock/knot-secondary/:/run/knot/:rw
+    profiles:
+      - secondary
     networks:
       snet:
         ipv4_address: 10.5.0.52
@@ -183,6 +185,29 @@ services:
     networks:
       snet:
         ipv4_address: 10.5.0.56
+  nsd:
+    image: a.invalid/servnest/nsd
+    extends:
+      file: base.yaml
+      service: base
+    build:
+      dockerfile: nsd.Containerfile
+    depends_on:
+      - knot
+    ports:
+      - "[::1]:42055:42053/udp"
+      - "[::1]:42055:42053/tcp"
+    volumes:
+      - ./conf/nsd.conf:/etc/nsd/nsd.conf:ro
+      - ./data/nsd/:/var/lib/nsd/:rw
+      - ./tmp/nsd-run/:/run/:rw
+      - ./tmp/nsd/:/var/db/nsd/:rw
+    mem_limit: 48mb
+    profiles:
+      - secondary
+    networks:
+      snet:
+        ipv4_address: 10.5.0.53
 networks:
   snet:
     driver: bridge
diff --git a/conf/nsd.conf b/conf/nsd.conf
new file mode 100644
index 0000000..e835ecd
--- /dev/null
+++ b/conf/nsd.conf
@@ -0,0 +1,31 @@
+server:
+	ip-address: ::@42053
+	ip-address: 0.0.0.0@42053
+	zonesdir: "/var/lib/nsd"
+	hide-identity: yes
+	version: ""
+	username: ""
+	pidfile: ""
+	verbosity: 9
+
+remote-control:
+	control-enable: yes
+	control-interface: /run/nsd/nsd.control.sock
+
+pattern:
+	name: "member-zone-config"
+	request-xfr: 10.5.0.51 primary-to-secondary.
+	allow-notify: 10.5.0.51 primary-to-secondary.
+
+key:
+	name: "primary-to-secondary."
+	algorithm: "hmac-sha256"
+	secret: "9bgNHmA4DwDnuxbvEicCx432UZafPVEIKbv3XUAbPZQ="
+
+zone:
+	name: "servnest.test.invalid"
+	catalog: consumer
+	catalog-member-pattern: "member-zone-config"
+	request-xfr: 10.5.0.51 primary-to-secondary.
+	allow-notify: 10.5.0.51 primary-to-secondary.
+	#allow-query: BLOCKED
diff --git a/nsd.Containerfile b/nsd.Containerfile
new file mode 100644
index 0000000..f250177
--- /dev/null
+++ b/nsd.Containerfile
@@ -0,0 +1,5 @@
+FROM a.invalid/servnest/alpine
+RUN apk add nsd knot-utils strace tini
+RUN mkdir /var/lib/nsd
+USER nsd
+CMD ["tini", "--", "nsd", "-d"]