From 36a5b40cef510d549de113d98ab58b425baacfb9 Mon Sep 17 00:00:00 2001
From: AngeD <ange.duhayon@epitech.eu>
Date: Fri, 29 Dec 2023 18:28:16 +0100
Subject: [PATCH] feat: bind9

---
 bind9/.env                    |  2 ++
 bind9/Dockerfile              |  8 ++++++++
 bind9/bind/named.conf         | 11 +++++++++++
 bind9/bind/named.conf.local   |  7 +++++++
 bind9/bind/named.conf.options | 32 ++++++++++++++++++++++++++++++++
 bind9/compose.yaml            | 28 ++++++++++++++++++++++++++++
 bind9/nginx.conf              | 20 ++++++++++++++++++++
 searxng/config/settings.yml   |  2 +-
 8 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 bind9/.env
 create mode 100644 bind9/Dockerfile
 create mode 100644 bind9/bind/named.conf
 create mode 100644 bind9/bind/named.conf.local
 create mode 100644 bind9/bind/named.conf.options
 create mode 100644 bind9/compose.yaml
 create mode 100644 bind9/nginx.conf

diff --git a/bind9/.env b/bind9/.env
new file mode 100644
index 0000000..66e4c53
--- /dev/null
+++ b/bind9/.env
@@ -0,0 +1,2 @@
+BASE_URL=dns.
+EMAIL=
diff --git a/bind9/Dockerfile b/bind9/Dockerfile
new file mode 100644
index 0000000..21ab87d
--- /dev/null
+++ b/bind9/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/debian:12-slim
+RUN apt-get update                                \
+    && apt-get install -y --no-install-recommends \
+        bind9                                     \
+    && rm -rf /var/lib/apt/lists/*
+COPY bind/ /etc/bind/
+VOLUME /cache/
+CMD ["/usr/sbin/named", "-f"]
diff --git a/bind9/bind/named.conf b/bind9/bind/named.conf
new file mode 100644
index 0000000..bc71baa
--- /dev/null
+++ b/bind9/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/bind9/bind/named.conf.local b/bind9/bind/named.conf.local
new file mode 100644
index 0000000..a1250e3
--- /dev/null
+++ b/bind9/bind/named.conf.local
@@ -0,0 +1,7 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
diff --git a/bind9/bind/named.conf.options b/bind9/bind/named.conf.options
new file mode 100644
index 0000000..6ccb1ca
--- /dev/null
+++ b/bind9/bind/named.conf.options
@@ -0,0 +1,32 @@
+http local-http-server {
+	endpoints { "/dns-query"; };
+};
+
+options {
+	directory "/cache";
+	recursion yes;
+	allow-recursion { any; };
+	listen-on port 53 { any; };
+	http-port 80;
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	listen-on-v6 port 53 { any; };
+};
diff --git a/bind9/compose.yaml b/bind9/compose.yaml
new file mode 100644
index 0000000..5fdcdbc
--- /dev/null
+++ b/bind9/compose.yaml
@@ -0,0 +1,28 @@
+---
+services:
+  install_site:
+    build: install_site
+    environment:
+      - BASE_URL
+      - EMAIL
+    volumes:
+      - ./nginx.conf:/web/bind9.conf
+      - sites:/sites/
+      - certs:/etc/letsencrypt/
+      - certbotroot:/var/www/certbot/
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  bind9:
+    build: .
+    restart: unless-stopped
+    ports:
+      - "53:53"
+    volumes:
+      - cache:/cache/
+
+volumes:
+  certs:
+    external: true
+  certbotroot:
+    external: true
+  cache:
diff --git a/bind9/nginx.conf b/bind9/nginx.conf
new file mode 100644
index 0000000..09e1939
--- /dev/null
+++ b/bind9/nginx.conf
@@ -0,0 +1,20 @@
+server {
+    listen      80;
+    listen [::]:80;
+    server_name $BASE_URL;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen      443 ssl;
+    listen [::]:443 ssl;
+    server_name $BASE_URL;
+
+    ssl_certificate     /etc/letsencrypt/live/$BASE_URL/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$BASE_URL/privkey.pem;
+
+    location / {
+        proxy_pass http://bind9:80;
+    }
+}
diff --git a/searxng/config/settings.yml b/searxng/config/settings.yml
index 3a2b5fd..4b92f77 100644
--- a/searxng/config/settings.yml
+++ b/searxng/config/settings.yml
@@ -1023,7 +1023,7 @@ engines:
     engine: lingva
     shortcut: lv
     # set lingva instance in url, by default it will use the official instance
-    # url: https://lingva.ml
+    # url: https://lingva.thedaviddelta.com/
 
   - name: lobste.rs
     engine: xpath