From 873d524ce4290957688121c967ccbf5f0803fd6f Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Thu, 20 Nov 2025 08:10:45 +0100 Subject: [PATCH 1/7] Add container build infrastructure --- .github/workflows/container.yml | 59 +++++++++++++++++++++++++ container/Dockerfile | 77 +++++++++++++++++++++++++++++++++ container/README.md | 5 +++ container/entrypoint.sh | 11 +++++ container/nsd.conf | 11 +++++ 5 files changed, 163 insertions(+) create mode 100644 .github/workflows/container.yml create mode 100644 container/Dockerfile create mode 100644 container/README.md create mode 100644 container/entrypoint.sh create mode 100644 container/nsd.conf diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 000000000..3b4ec5938 --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,59 @@ +name: Build container + +on: + workflow_run: + workflows: + - "Tests" + branches: + - "main" + types: + - completed + release: + types: + - published + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + container: + name: Build and push container + runs-on: ubuntu-latest + if: >- + ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || + (github.event_name == 'release' && github.event.action == 'published') }} + permissions: + actions: write + contents: read + packages: write + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@v4 + - name: Login to GHCR + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} diff --git a/container/Dockerfile b/container/Dockerfile new file mode 100644 index 000000000..873543249 --- /dev/null +++ b/container/Dockerfile @@ -0,0 +1,77 @@ +FROM debian:stable-slim AS builder + +ENV BUILD_PKGS \ + build-essential \ + autoconf \ + libevent-dev \ + libssl-dev \ + protobuf-compiler \ + protobuf-c-compiler \ + libprotobuf-c-dev \ + libfstrm-dev \ + bison \ + flex \ + curl \ + jq \ + git + +# Install dependencies +RUN apt-get update && \ + apt-get install -yqq ${BUILD_PKGS} + +# Fetch source +WORKDIR /nsd-src +COPY . /nsd-src +RUN git submodule update --init + +# Build the project +RUN autoreconf --install && \ + ./configure --with-configdir=/config --localstatedir=/storage --enable-root-server && \ + make && \ + make DESTDIR=/tmp/nsd-install install + +# Save result +RUN tar cvzfC /nsd.tar.gz /tmp/nsd-install usr/local config storage + + +FROM debian:stable-slim + +# Environment +ENV RUNTIME_PKGS \ + procps \ + openssl \ + libssl3 \ + libevent-2.1 \ + libprotobuf-c1 \ + libfstrm-dev + +# Copy artifacts +COPY --from=builder /nsd.tar.gz /tmp +RUN tar xvzpf /tmp/nsd.tar.gz +RUN rm -f /tmp/nsd.tar.gz + +# Install dependencies and create nsd user and group +ARG UID=53 +RUN apt-get update && \ + apt-get install -yqq ${RUNTIME_PKGS} && \ + rm -rf /var/lib/apt/lists/* && \ + ldconfig && \ + useradd --system --user-group -M --home /storage --uid ${UID} nsd && \ + install -d -o nsd -g nsd /config /storage && \ + chown -R nsd:nsd /config /storage + +# Add default config +ADD container/nsd.conf /config + +# Add entrypoint +ADD container/entrypoint.sh / +ENTRYPOINT ["bash", "/entrypoint.sh"] + +# Expose port +EXPOSE 53/udp +EXPOSE 53/tcp +EXPOSE 853/tcp + +# Prepare shared directories +VOLUME /config +VOLUME /storage diff --git a/container/README.md b/container/README.md new file mode 100644 index 000000000..ebdda8a15 --- /dev/null +++ b/container/README.md @@ -0,0 +1,5 @@ +# NSD Container + +Build container using: + + docker build -f container/Dockerfile -t nsd . diff --git a/container/entrypoint.sh b/container/entrypoint.sh new file mode 100644 index 000000000..7dc15a8e4 --- /dev/null +++ b/container/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ ! -d /storage/zones ]; then + install -d -o nsd -g nsd -m 775 /storage/zones +fi + +if [ ! -f /config/nsd_control.key ]; then + nsd-control-setup +fi + +nsd -d $NSD_OPTIONS diff --git a/container/nsd.conf b/container/nsd.conf new file mode 100644 index 000000000..dbaef1027 --- /dev/null +++ b/container/nsd.conf @@ -0,0 +1,11 @@ +# template nsd.conf for containers + +server: + username: nsd + zonesdir: /storage/zones + database: /storage/nsd.db + pidfile: /var/run/nsd.pid + +remote-control: + control-enable: yes + control-interface: lo From 598727b7198d4afd600f3917d7dd86828e3a08f5 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Thu, 20 Nov 2025 08:12:30 +0100 Subject: [PATCH 2/7] Run on master and container, after build-test has succeeded --- .github/workflows/container.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 3b4ec5938..bf90a6ee3 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -3,9 +3,10 @@ name: Build container on: workflow_run: workflows: - - "Tests" + - "build-test" branches: - - "main" + - "master" + - "container" types: - completed release: From 66944fd5f8d0fc5db9cd6481b6011b20389a5b76 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 24 Nov 2025 13:50:38 +0100 Subject: [PATCH 3/7] rename --- .github/workflows/container.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index bf90a6ee3..e824c3ac5 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -1,4 +1,4 @@ -name: Build container +name: build-container on: workflow_run: From f19980cba67c8481a596ab7785be9f325d74e105 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 24 Nov 2025 14:10:17 +0100 Subject: [PATCH 4/7] Build container on master only --- .github/workflows/container.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index e824c3ac5..b417df77d 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -6,7 +6,6 @@ on: - "build-test" branches: - "master" - - "container" types: - completed release: From 7e56e34222d55d7a72d471ed848842c516ea9fb6 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 24 Nov 2025 14:12:08 +0100 Subject: [PATCH 5/7] Mention volumes --- container/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/container/README.md b/container/README.md index ebdda8a15..a085219d7 100644 --- a/container/README.md +++ b/container/README.md @@ -1,5 +1,11 @@ # NSD Container +## Build + Build container using: docker build -f container/Dockerfile -t nsd . + +## Runtime + +Configuration stored in `/config` and volatile data in `/storage`. From b5217b4f8b281502f3804739ae069f5b4705e6d0 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 1 Dec 2025 13:52:48 +0100 Subject: [PATCH 6/7] Move container infrastructure to contrib & remove workflow --- .github/workflows/container.yml | 59 ------------------- {container => contrib/container}/Dockerfile | 0 {container => contrib/container}/README.md | 0 .../container}/entrypoint.sh | 0 {container => contrib/container}/nsd.conf | 0 5 files changed, 59 deletions(-) delete mode 100644 .github/workflows/container.yml rename {container => contrib/container}/Dockerfile (100%) rename {container => contrib/container}/README.md (100%) rename {container => contrib/container}/entrypoint.sh (100%) rename {container => contrib/container}/nsd.conf (100%) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml deleted file mode 100644 index b417df77d..000000000 --- a/.github/workflows/container.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: build-container - -on: - workflow_run: - workflows: - - "build-test" - branches: - - "master" - types: - - completed - release: - types: - - published - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - container: - name: Build and push container - runs-on: ubuntu-latest - if: >- - ${{ (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || - (github.event_name == 'release' && github.event.action == 'published') }} - permissions: - actions: write - contents: read - packages: write - steps: - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - uses: actions/checkout@v4 - - name: Login to GHCR - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} diff --git a/container/Dockerfile b/contrib/container/Dockerfile similarity index 100% rename from container/Dockerfile rename to contrib/container/Dockerfile diff --git a/container/README.md b/contrib/container/README.md similarity index 100% rename from container/README.md rename to contrib/container/README.md diff --git a/container/entrypoint.sh b/contrib/container/entrypoint.sh similarity index 100% rename from container/entrypoint.sh rename to contrib/container/entrypoint.sh diff --git a/container/nsd.conf b/contrib/container/nsd.conf similarity index 100% rename from container/nsd.conf rename to contrib/container/nsd.conf From aa00b428ac694e145e1da280e317b6d8ae7b5542 Mon Sep 17 00:00:00 2001 From: Jakob Schlyter Date: Mon, 1 Dec 2025 13:53:32 +0100 Subject: [PATCH 7/7] Adjust path to Dockerfile --- contrib/container/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/container/README.md b/contrib/container/README.md index a085219d7..262dabb23 100644 --- a/contrib/container/README.md +++ b/contrib/container/README.md @@ -4,7 +4,7 @@ Build container using: - docker build -f container/Dockerfile -t nsd . + docker build -f contrib/container/Dockerfile -t nsd . ## Runtime