Unbound is now also an accessible machine

2021-03-23 11:21:48 +01:00 · 2021-03-23 11:21:48 +01:00 · a4aadc401a
commit a4aadc401a
parent c889cb4283
3 changed files with 124 additions and 20 deletions
--- a/pkg/unbound/Dockerfile
+++ b/pkg/unbound/Dockerfile
@ -1,15 +1,17 @@
 FROM alpine
 MAINTAINER Pierre-Olivier Mercier <nemunaire@nemunai.re>

-RUN apk add --no-cache unbound dnssec-root
-COPY docker-entrypoint.sh /
+RUN apk add --no-cache alpine-baselayout bash busybox unbound unbound-openrc dnssec-root openssh openrc

 VOLUME /etc/unbound

 EXPOSE 53
 EXPOSE 53/udp

-ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD ["/usr/sbin/unbound", "-d"]
+RUN unbound-anchor && mkdir -p /var/log && touch /var/log/unbound.log && chown unbound:unbound /var/log/unbound.log
+RUN rc-update add unbound default && rc-update add sshd default && rc-update add networking default
+COPY sshd_config /etc/ssh/sshd_config
+
+CMD ["/sbin/openrc-init"]

 LABEL org.mobyproject.config='{"binds": ["/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_NET_BIND_SERVICE"]}'