feat: init

2025-05-12 13:09:43 +02:00
commit 516eb78832
12 changed files with 403 additions and 0 deletions
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,84 @@
+services:
+  dns:
+    image: defreitas/dns-proxy-server:3.32.4
+    restart: unless-stopped
+    entrypoint: /conf/entrypoint.sh
+    environment:
+      MG_LOG_LEVEL: info
+      MG_DOMAIN: docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./config/dns:/conf
+      - dns_config:/app/conf
+    labels:
+      serviceName: dps
+    expose:
+      - "5380"
+    networks:
+      default:
+        ipv4_address: 172.157.5.249
+
+  traefik:
+    image: traefik:3.3
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./config/traefik:/etc/traefik
+      - traefik:/traefik
+      - step:/step:ro
+    network_mode: host
+    environment:
+      LEGO_CA_CERTIFICATES: /step/certs/root_ca.crt
+      LEGO_CA_SERVERNAME: localhost
+    depends_on:
+      step:
+        condition: service_healthy
+        restart: false
+
+  step:
+    image: smallstep/step-ca:latest
+    working_dir: /home/step
+    restart: unless-stopped
+    volumes:
+      - step:/home/step
+    environment:
+      DOCKER_STEPCA_INIT_NAME: Max authority
+      DOCKER_STEPCA_INIT_DNS_NAMES: localhost,step.dev.local
+      DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT: "false"
+      DOCKER_STEPCA_INIT_ACME: "true"
+    labels:
+      serviceName: step
+      traefik.tcp.routers.step.rule: HostSNI(`step.dev.local`)
+      traefik.tcp.routers.step.tls.passthrough: "true"
+    ports:
+      - "9000:9000"
+    command: step-ca --resolver "172.157.5.249:53" --password-file "/home/step/secrets/password" "/home/step/config/ca.json"
+    healthcheck:
+      test: ["CMD", "step", "ca", "health"]
+      interval: 60s
+      start_period: 10s
+      start_interval: 1s
+    dns:
+      - 172.157.5.249
+    depends_on:
+      dns:
+        condition: service_started
+        restart: false
+
+volumes:
+  dns_config: ~
+  traefik: ~
+  step: ~
+
+networks:
+  default:
+    name: dps
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.157.0.0/16
+          ip_range: 172.157.5.0/24
+          gateway: 172.157.5.1
+        - subnet: fc00:5c6f:db50::/64
+          gateway: fc00:5c6f:db50::1