Hardik
10b772807d
Sets up the complete self-hosted infrastructure on Voyager (HP t630 thin client): DNS Stack (dns/): - Pi-hole for network-wide ad blocking - Unbound as recursive DNS resolver - dnscrypt-proxy for DNS-over-HTTPS via Cloudflare/Quad9 Services: - Vaultwarden - self-hosted password manager (Bitwarden compatible) - Forgejo - self-hosted git mirror (primary on PMS1, mirror here) - Karakeep - self-hosted bookmark manager - Resilio Sync - P2P sync for PMS1 database backups Tunneling: - Newt - Pangolin tunnel client for exposing services via tunnel.pelagiamarine.com without open ports All services exposed externally via Pangolin reverse proxy on PMS1. Local DNS resolves through Pi-hole → Unbound → dnscrypt-proxy chain.
14 lines
583 B
TOML
14 lines
583 B
TOML
# Listen on all interfaces inside the container
|
|
listen_addresses = ['0.0.0.0:5053']
|
|
|
|
# Use these DoH servers (both no-logs, DNSSEC)
|
|
server_names = ['cloudflare', 'quad9-doh-ip4-port443-filter-ecs-pri']
|
|
|
|
[sources.public-resolvers]
|
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md',
|
|
'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
|
|
cache_file = '/config/public-resolvers.md'
|
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
|
|
[anonymized_dns]
|
|
skip_incompatible = true
|