docker-compose.yml

version: '3.7'

networks:
  internal:
    ipam:
      config:
        - subnet: 172.20.53.0/24
    driver_opts:
      com.docker.network.driver.mtu: 4096

services:
  pdns-auth:
    build:
      context: pdns
      dockerfile: Dockerfile-auth
    image: desec/pqdnssec-auth:latest
    user: root
    volumes:
      - ./auth.conf:/etc/powerdns/pdns.d/auth.conf
    environment:
      - PDNS_AUTH_API_KEY='insecure'
    ports:
      - "${PUBLIC_TCP_UDP_PORT_PDNS_AUTH:-5301}:53/tcp"
      - "${PUBLIC_TCP_UDP_PORT_PDNS_AUTH:-5301}:53/udp"
      - "127.0.0.1:5391:8081/tcp"
    networks:
      internal:
        ipv4_address: 172.20.53.101

  pdns-recursor:
    build:
      context: pdns
      dockerfile: Dockerfile-recursor
    image: desec/pqdnssec-resolver:latest
    user: root
    volumes:
      - ./recursor.conf:/etc/powerdns/recursor.d/recursor.conf
      - ./recursor.lua:/etc/powerdns/recursor.lua
    environment:
      - PDNS_RECURSOR_API_KEY='insecure'
      - DESEC_DOMAIN
    ports:
      - "${PUBLIC_TCP_UDP_PORT_PDNS_RECURSOR:-5302}:53/tcp"
      - "${PUBLIC_TCP_UDP_PORT_PDNS_RECURSOR:-5302}:53/udp"
      - "127.0.0.1:5392:8082/tcp"
    networks:
      internal:
        ipv4_address: "${IP_PDNS_RECURSOR:-172.20.53.102}"

  bind-auth:
    build:
      context: bind
      dockerfile: Dockerfile-bind-auth
    user: root
    ports:
      - "${PUBLIC_TCP_UDP_PORT_BIND_AUTH:-5303}:53/tcp"
      - "${PUBLIC_TCP_UDP_PORT_BIND_AUTH:-5303}:53/udp"
    networks:
      internal:
        ipv4_address: 172.20.53.103

  bind-recursor:
    build:
      context: bind
      dockerfile: Dockerfile-bind-recursor
    user: root
    volumes:
      - ./rpz.zone:/usr/local/etc/bind/zones/rpz.zone
    environment:
      - DESEC_DOMAIN
    ports:
      - "${PUBLIC_TCP_UDP_PORT_BIND_RECURSOR:-5304}:53/tcp"
      - "${PUBLIC_TCP_UDP_PORT_BIND_RECURSOR:-5304}:53/udp"
    networks:
      internal:
        ipv4_address: "${IP_BIND_RECURSOR:-172.20.53.104}"

  dnsdist:
    image: powerdns/dnsdist-19:latest
    volumes:
      - ./dnsdist.conf:/etc/dnsdist/dnsdist.conf
    ports:
      - "127.0.0.1:5383:80/tcp"
    networks:
      internal:
        ipv4_address: 172.20.53.105

  www:
    image: caddy:2
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
      - ./web/dist:/webapp
    environment:
      - DESEC_DOMAIN
      - DESEC_DOMAIN_PREFIX
    networks:
      internal:
        ipv4_address: 172.20.53.200


volumes:
  caddy_data:
  caddy_config: