michaelkitson · January 19, 2024 03:18
diff --git a/dnsip.sh b/dnsip.sh
 DIR=`pwd`
 read -p 'Acme Account Thumbprint: ' ACME_THUMBPRINT

 # Basics
 sudo apt update
 sudo apt upgrade -y

 # Turn off systemd DNS resolver
 sudo sed -ri 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
 sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
 sudo systemctl restart systemd-resolved

 # Install Caddy
 sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
 sudo apt update
 sudo apt install -y caddy

 cat <<CADDY | sudo tee /etc/caddy/Caddyfile
 dnsip.io, www.dnsip.io, dnsip.dev, www.dnsip.dev {
 	@achallenge {
 		path_regexp ch ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$
 	}
 	respond @achallenge "{re.ch.1}.$ACME_THUMBPRINT"
 	redir "https://gist.github.com/michaelkitson/6dea89e80124ab5b315592d9dbebd1dd"
 }
 CADDY

 # Install Ruby DNS server
 sudo apt install -y docker.io
 cat <<RUBY > dns.rb
 #!/usr/bin/env ruby

 require "bundler/inline"

 gemfile do
  source "https://rubygems.org"
  gem "rubydns", "~> 2.0.2"
 end

 IN = Resolv::DNS::Resource::IN
 Name = Resolv::DNS::Name
 a = %w[3.18.94.92 3.134.52.66]
 aaaa = %w[2600:1f16:bb1:c300:1b51:ef4f:f14a:9e45 2600:1f16:bb1:c301:549:4e5b:7df6:7d6f]
 bare_regex = /\Adnsip\.(io|dev)\z/
 www_regex = /\A(www\.)?dnsip\.(io|dev)\z/
 ip_regex = /(\d+([-.]\d+){3})\.dnsip\.io\z/
 RubyDNS.run_server do
  match(ip_regex, IN::A) do |tx|
    tx.respond!(tx.name.match(ip_regex).captures.first.tr("-", "."))
  end

  match(bare_regex, IN::SOA) do |tx|
    tx.respond!(Name.create("ns1.#{tx.name}"), Name.create("dns.#{tx.name}"), 1, 86400, 7200, 604800, 3600)
  end

  match(bare_regex, IN::NS) do |tx|
    %w[ns1 ns2].each { tx.respond!(Name.create("#{_1}.#{tx.name}")) }
  end

  match(www_regex, IN::A)    { |tx| a.each    { tx.respond!(_1) } }
  match(www_regex, IN::AAAA) { |tx| aaaa.each { tx.respond!(_1) } }
  match(/dnsip\.(io|dev)\z/) { |tx| tx.fail!(:NXDomain) }
 end
 RUBY

 chmod +x dns.rb
 sudo docker run --name dns -d --restart=always -p53:53/udp -p53:53/tcp -v "$DIR/dns.rb:/dns.rb" ruby:3.3 /dns.rb

 # Wrap up
 sudo reboot
	DIR=`pwd`
	read -p 'Acme Account Thumbprint: ' ACME_THUMBPRINT

	# Basics
	sudo apt update
	sudo apt upgrade -y

	# Turn off systemd DNS resolver
	sudo sed -ri 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
	sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
	sudo systemctl restart systemd-resolved

	# Install Caddy
	sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
	curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \| sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
	curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \| sudo tee /etc/apt/sources.list.d/caddy-stable.list
	sudo apt update
	sudo apt install -y caddy

	cat <<CADDY \| sudo tee /etc/caddy/Caddyfile
	dnsip.io, www.dnsip.io, dnsip.dev, www.dnsip.dev {
	@achallenge {
	path_regexp ch ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$
	}
	respond @achallenge "{re.ch.1}.$ACME_THUMBPRINT"
	redir "https://gist.github.com/michaelkitson/6dea89e80124ab5b315592d9dbebd1dd"
	}
	CADDY

	# Install Ruby DNS server
	sudo apt install -y docker.io
	cat <<RUBY > dns.rb
	#!/usr/bin/env ruby

	require "bundler/inline"

	gemfile do
	source "https://rubygems.org"
	gem "rubydns", "~> 2.0.2"
	end

	IN = Resolv::DNS::Resource::IN
	Name = Resolv::DNS::Name
	a = %w[3.18.94.92 3.134.52.66]
	aaaa = %w[2600:1f16:bb1:c300:1b51:ef4f:f14a:9e45 2600:1f16:bb1:c301:549:4e5b:7df6:7d6f]
	bare_regex = /\Adnsip\.(io\|dev)\z/
	www_regex = /\A(www\.)?dnsip\.(io\|dev)\z/
	ip_regex = /(\d+([-.]\d+){3})\.dnsip\.io\z/
	RubyDNS.run_server do
	match(ip_regex, IN::A) do \|tx\|
	tx.respond!(tx.name.match(ip_regex).captures.first.tr("-", "."))
	end

	match(bare_regex, IN::SOA) do \|tx\|
	tx.respond!(Name.create("ns1.#{tx.name}"), Name.create("dns.#{tx.name}"), 1, 86400, 7200, 604800, 3600)
	end

	match(bare_regex, IN::NS) do \|tx\|
	%w[ns1 ns2].each { tx.respond!(Name.create("#{_1}.#{tx.name}")) }
	end

	match(www_regex, IN::A) { \|tx\| a.each { tx.respond!(_1) } }
	match(www_regex, IN::AAAA) { \|tx\| aaaa.each { tx.respond!(_1) } }
	match(/dnsip\.(io\|dev)\z/) { \|tx\| tx.fail!(:NXDomain) }
	end
	RUBY

	chmod +x dns.rb
	sudo docker run --name dns -d --restart=always -p53:53/udp -p53:53/tcp -v "$DIR/dns.rb:/dns.rb" ruby:3.3 /dns.rb

	# Wrap up
	sudo reboot