From 450fbfb8d65fec35ffdb6fda3757c4645e369d99 Mon Sep 17 00:00:00 2001
From: Benji Vesterby <benji@devnw.com>
Date: Fri, 21 Apr 2023 16:16:38 -0400
Subject: [PATCH] fix: correct the postinstall script to disable running dns
 server and update k8s script to use daemon set

---
 config.yaml                       | 121 ++++++++++++++++++++++++++++++
 deployment/k8s/deploy.yaml        |  53 ++++---------
 deployment/scripts/postinstall.sh |  30 +++++---
 3 files changed, 153 insertions(+), 51 deletions(-)
 create mode 100644 config.yaml

diff --git a/config.yaml b/config.yaml
new file mode 100644
index 0000000..366c9e6
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,121 @@
+# Void DNS Sink Hole and local DNS Resolver Config File
+#
+# This file is used to configure the Void DNS Sink Hole and local DNS Resolver.
+# The configuration file can be in YAML, JSON, or TOML format, named config
+# with the appropriate extension.
+#
+# The configuration file is loaded from the following locations, in order:
+#  - /etc/void/config.yaml
+#  - $HOME/.void/config.yaml
+#  - ./config.yaml
+#
+# The configuration file can be overridden with the --config flag.
+#
+# There are three types of dns entries:
+# - local:  A list of local domains that will be resolved by Void.
+# - allow:  A list of domains that will be resolved upstream, bypassing
+#          Void's DNS sink hole.
+# - block: A list of domains that will be blocked by Void's DNS sink hole.
+#
+# DNS resolution is performed in the following order:
+#
+# 1. If the domain is in the local list, resolve the domain locally.
+# 2. If the domain is in the allow list, resolve the domain upstream.
+# 3. If the domain is in the block list, return empty response.
+#
+# Void supports local and remote lists, or lists of lists.
+#
+# Lists can be regular expressions, wildcard domains, or exact domains. They
+# can also be lists that point to other lists (requires additional config, see
+# below) that contain regex, wildcard, or exact domains. Direct lists do not
+# require the `format` to be specified, but regex and wildcard lists do.
+#
+# NOTE: The file extension is not used to determine the format of the list,
+# it is the `format` field that determines the format of the list.
+#
+# Direct List Example
+# - path: "/etc/void/local.hosts"
+#
+# Regex List Example
+# - path: "/etc/void/hosts.regex"
+#   format: regex
+#
+# Wildcard List Example
+# - path: "/etc/void/hosts.wild"
+#   format: wildcard
+#
+# List of Lists Example
+# - path: "/etc/void/hosts.lists"
+#   lists: true
+#   format: direct # Optional, defaults to direct if not specified
+#
+#
+# Void understands lists in hostfile format, or line delimited format.
+#
+# Void supports either local or remote files (urls beginning with http:// or
+# https://). Remote files are cached locally in the configured cache directory.
+# 
+# Defaults
+# -------
+# The default configuration is:
+#
+# Port: 53
+# 
+# Upstream is Cloudflare TLS encrypted DNS:
+# - tcp-tls://1.1.1.1:853
+# - tcp-tls://1.0.0.1:853
+#
+#
+# Cache: /etc/void/cache
+
+# Logger configures the log location and log rotation settings.
+#
+# Uses configuration from https://github.com/natefinch/lumberjack/tree/v2.0
+logger:
+  filename: "/var/log/void/void.log"
+  maxage: 30
+  # maxsize: 100 # MB
+  # maxbackups: 10
+  # localtime: false
+  compress: true
+
+verbose: true 
+
+dns:
+  #port: 53 # default
+  #upstream: [ # default
+  #  "tcp-tls://1.1.1.1:853",
+  #  "tcp-tls://1.0.0.1:853",
+  #]
+  local:
+    - path: "/etc/void/local.hosts"
+      format: direct
+    - path: "/etc/void/local.wild"
+      format: wildcard
+  allow:
+    - path: "/etc/void/custom_allow.hosts"
+      format: direct
+    - path: https://raw.githubusercontent.com/mmotti/pihole-regex/master/whitelist.list
+      format: direct
+    - path: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
+      format: direct
+    - path: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt
+      format: direct
+  block:
+    - path: https://v.firebog.net/hosts/lists.php?type=nocross
+      lists: true
+      format: direct
+    - path: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+      format: direct
+    - path: https://raw.githubusercontent.com/mmotti/pihole-regex/master/regex.list
+      format: regex
+    - path: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
+      format: direct
+    - path: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
+      format: direct
+    - path: https://www.github.developerdan.com/hosts/lists/dating-services-extended.txt
+      format: direct
+    - path: https://www.github.developerdan.com/hosts/lists/hate-and-junk-extended.txt
+      format: direct
+    - path: https://www.github.developerdan.com/hosts/lists/tracking-aggressive-extended.txt
+      format: direct
diff --git a/deployment/k8s/deploy.yaml b/deployment/k8s/deploy.yaml
index d2eef14..cb133d1 100644
--- a/deployment/k8s/deploy.yaml
+++ b/deployment/k8s/deploy.yaml
@@ -1,9 +1,8 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
-  name: void-deployment
+  name: void-daemonset
 spec:
-  replicas: 3
   selector:
     matchLabels:
       app: void
@@ -12,43 +11,19 @@ spec:
       labels:
         app: void
     spec:
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
       containers:
       - name: void-container
-        image: ghcr.io/devnw/void:v0.0.10-beta2
+        image: ghcr.io/devnw/void:latest
         ports:
         - containerPort: 53
-        resources:
-          limits:
-            cpu: 500m
-          requests:
-            cpu: 250m
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: void-loadbalancer
-spec:
-  selector:
-    app: void
-  ports:
-    - protocol: UDP
-      port: 53
-      targetPort: 53
-  type: LoadBalancer
-
----
-
-apiVersion: autoscaling/v1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: void-autoscaler
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: void-deployment
-  minReplicas: 3
-  maxReplicas: 10
-  targetCPUUtilizationPercentage: 80
+          protocol: UDP
+        volumeMounts:
+        - name: void-storage
+          mountPath: /etc/void
+  volumes:
+  - name: void-storage
+    hostPath:
+      path: /etc/void
+      type: DirectoryOrCreate
diff --git a/deployment/scripts/postinstall.sh b/deployment/scripts/postinstall.sh
index 5e4f4cd..9c14e34 100755
--- a/deployment/scripts/postinstall.sh
+++ b/deployment/scripts/postinstall.sh
@@ -3,24 +3,30 @@ set -e
 
 configure()
 {
-    systemctl enable void.service
+	# Set DNSStubListener=no in /etc/systemd/resolved.conf
+	sed -i 's/#DNSStubListener=yes/DNSStubListener=no/' /etc/systemd/resolved.conf
 
-    systemctl daemon-reload
+	# Restart the systemd-resolved service
+	systemctl restart systemd-resolved
 
-    systemctl start void.service
+	systemctl enable void.service
+	
+	systemctl daemon-reload
+	
+	systemctl start void.service
 }
 
 case $1 in
-    configure)
-        configure
-        ;;
+	configure)
+		configure
+		;;
 
-    abort-upgrade)
-        ;;
+	abort-upgrade)
+		;;
 
-    abort-remove)
-        ;;
+	abort-remove)
+		;;
 
-    abort-deconfigure)
-        ;;
+	abort-deconfigure)
+		;;
 esac