docs: produce website with mkbook (#32)

.github/workflows/docs.yml

@@ -0,0 +1,56 @@
+name: Deploy mdBook site to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["master"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    env:
+      MDBOOK_VERSION: 0.4.21
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install mdBook
+        run: |
+          curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf -y | sh
+          rustup update
+          cargo install --version ${MDBOOK_VERSION} mdbook
+      - name: Setup Pages
+        id: pages
+        uses: actions/configure-pages@v3
+      - name: Build with mdBook
+        run: mdbook build doc
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v2
+        with:
+          path: ./doc/book
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v2

doc/.gitignore

@@ -0,0 +1 @@
+book

doc/book.toml

@@ -0,0 +1,6 @@
+[book]
+authors = ["Cottand"]
+language = "en"
+multilingual = false
+src = "src"
+title = "leng-doc"

doc/src/Blocking.md

@@ -0,0 +1,5 @@
+There are many blocklist resources online, and by default leng is configured to use some of the more popular ones from around the internet for blocking ads and malware domains. Some services exist that will allow you to regularly get blocklist updates automatically from feeds.
+
+## Blocklists
+
+[https://github.com/StevenBlack/hosts/](https://github.com/StevenBlack/hosts/)

doc/src/CNAME‐following-DNS.md

@@ -0,0 +1,58 @@
+Leng implements following CNAME records as specified in [RFC-1034 section 3.6.2](https://www.rfc-editor.org/rfc/rfc1034#section-3.6.2), where it returns all necessary CNAME and A records to fully resolve the query (as opposed to just returning a synthetic A record, which is known as [CNAME flattening](https://developers.cloudflare.com/dns/cname-flattening/cname-flattening-diagram/)).
+
+> ⚠ This is the behaviour of most if not all DNS servers - Leng is only special in this in that it has to deal with cuustom DNS records, the resolvers it proxies, and blocklists. **You should not need to change its default behaviour**, but this page aims to leave it well-documented.
+
+## `dig` request example
+
+```bash
+$> dig first.example
+
+; <<>> DiG 9.18.19 <<>> first.example
+
+;; QUESTION SECTION:
+;first.example.		IN	A
+
+;; ANSWER SECTION:
+first.example.  	300	IN	CNAME	second.example.
+second.example.		300	IN	CNAME	third.example.
+third.example.  	300	IN	A	139.201.133.245
+```
+
+## Behaviour
+
+The resolving for the downstream CNAME records is done with the same question type as the original question. That is, if you ask `AAAA some-cname.com`, the following CNAME queries will be `AAAA` questions too.
+
+### Custom records
+
+If you have set up your own custom records, those can also be part of the CNAME chain.
+
+This makes it easy to alias custom records to external domains:
+```
+customdnsrecords = [
+  "login.vpn       IN CNAME    this.very.long.other.domain.login.login.my-company.xyz"
+]
+```
+
+Querying `login.vpn` will also return the A record corresponding to `this.very.long.other.domain.login.login.my-company.xyz`.
+
+### Blocking
+If any of the domains involved in the CNAME-following is part of a blocklist (that is, it would get blocked if it corresponded to an `A` response, rather than `CNAME`) then the entire request blocked (_unless_ the domain is part of the custom DNS defined in the config)
+
+For the example where we have
+```
+first.example   IN CNAME second.example
+second.example  IN CNAME third.example
+third.example   IN A     10.0.0.0
+```
+
+if any of `first.example`, `second.example` or `third.example` appear in a blocklist, the request for `first.example` will fail.
+
+## Configuration
+
+CNAME-following is enabled by default, but you can disabled with the following:
+
+```toml
+# leng.toml
+
+followCnameDepth = 0
+```

doc/src/Configuration.md

@@ -0,0 +1,104 @@
+If leng.toml is not found the default configuration will be used. If it is found, fields that are set will act as overrides.
+
+Here is the default configuration:
+
+```toml
+# list of sources to pull blocklists from, stores them in ./sources
+sources = [
+	"https://mirror1.malwaredomains.com/files/justdomains",
+	"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts",
+	"https://sysctl.org/cameleon/hosts",
+	"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt",
+	"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt",
+	"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
+]
+
+# list of locations to recursively read blocklists from (warning, every file found is assumed to be a hosts-file or domain list)
+sourcedirs = [
+	"sources"
+]
+
+# log configuration
+# format: comma separated list of options, where options is one of 
+#   file:<filename>@<loglevel>
+#   stderr>@<loglevel>
+#   syslog@<loglevel>
+# loglevel: 0 = errors and important operations, 1 = dns queries, 2 = debug
+# e.g. logconfig = "file:leng.log@2,syslog@1,stderr@2"
+logconfig = "stderr@2"
+
+# apidebug enables the debug mode of the http api library
+apidebug = false
+
+# address to bind to for the DNS server
+bind = "0.0.0.0:53"
+
+# address to bind to for the API server
+api = "127.0.0.1:8080"
+
+# response to blocked queries with a NXDOMAIN
+nxdomain = false
+
+# ipv4 address to forward blocked queries to
+nullroute = "0.0.0.0"
+
+# ipv6 address to forward blocked queries to
+nullroutev6 = "0:0:0:0:0:0:0:0"
+
+# nameservers to forward queries to
+nameservers = ["1.1.1.1:53", "1.0.0.1:53"]
+
+# concurrency interval for lookups in miliseconds
+interval = 200
+
+# query timeout for dns lookups in seconds
+timeout = 5
+
+# cache entry lifespan in seconds
+expire = 600
+
+# cache capacity, 0 for infinite
+maxcount = 0
+
+# question cache capacity, 0 for infinite but not recommended (this is used for storing logs)
+questioncachecap = 5000
+
+# manual blocklist entries
+blocklist = []
+
+# Drbl related settings
+usedrbl = 0
+drblpeersfilename = "drblpeers.yaml"
+drblblockweight = 128
+drbltimeout = 30
+drbldebug = 0
+
+# manual whitelist entries - comments for reference
+whitelist = [
+	# "getsentry.com",
+	# "www.getsentry.com"
+]
+
+# manual custom dns entries - comments for reference
+customdnsrecords = [
+    # "example.mywebsite.tld      IN A       10.0.0.1"
+    # "example.other.tld          IN CNAME   wikipedia.org"
+]
+
+# When this string is queried, toggle leng on and off
+togglename = ""
+
+# If not zero, the delay in seconds before leng automaticall reactivates after
+# having been turned off.
+reactivationdelay = 300
+
+#Dns over HTTPS provider to use.
+DoH = "https://cloudflare-dns.com/dns-query"
+
+# Prometheus metrics - enable 
+[Metrics]
+  enabled = false
+  path = "/metrics"
+```
+
+The most up-to-date version can be found on [config.go](https://github.com/Cottand/leng/blob/master/config.go)

doc/src/Custom-DNS-Records.md

@@ -0,0 +1,10 @@
+You can make leng return records of your choosing (which will take precedence over upstream DNS records) by setting `customdnsrecords` in the [[Configuration]].
+
+Custom DNS records are represented as [Resource Record](https://en.wikipedia.org/wiki/Domain_Name_System#Resource_records) strings. Class defaults to IN and TTL defaults to 3600. Full zone file syntax is supported.
+
+```toml
+customdnsrecords = [
+    "example.com.         3600 IN  A       10.10.0.1",
+    "example.cname.com.        IN  CNAME   wikipedia.org",
+]
+```

doc/src/DNS-over-HTTPS-(DoH).md

@@ -0,0 +1,35 @@
+# DNS-over-HTTP(S), aka DoH
+
+Leng supports DNS-over-HTTPS as per [RFC-8484](https://datatracker.ietf.org/doc/html/rfc8484), although it is disabled by default.
+
+Custom DNS records will be served over DoH the same as normal DNS requests.
+
+You can specify your key files yourself to have leng serve HTTPS traffic, or you can let leng serve HTTP traffic and have a proxy manage the HTTPS certificates.
+
+### Specifying Key files (HTTP)
+
+```toml
+[DnsOverHttpServer]
+    enabled = true
+    bind = "0.0.0.0:80"
+    timeoutMs = 5000
+
+    [DnsOverHttpServer.TLS]
+        enabled = true
+        certPath = ""
+        keyPath = ""
+        # if empty, system CAs will be used
+        caPath = ""
+```
+
+### Not specifying key files (TLS disabled, HTTP traffic from leng)
+```toml
+[DnsOverHttpServer]
+    enabled = true
+    bind = "0.0.0.0:80"
+    timeoutMs = 5000
+```
+
+> ⚠ It is not recommended to use HTTP without TLS at all directly. Your queries will be un-encrypted, so they won't be much different than normal UDP queries.
+
+You can use DoH [in most browsers](https://ghacks.net/2021/10/23/how-to-enable-dns-over-https-secure-dns-in-chrome-brave-edge-firefox-and-other-browsers/).

doc/src/Deploying-on-Debian.md

@@ -0,0 +1,60 @@
+# Deploying on Debian
+
+## Installing leng
+
+Installing leng is the easiest when you simply download a release from the [releases](https://github.com/looterz/leng/releases) page. Go ahead and copy the link for leng_linux_x64 and run the following in your terminal.
+
+```
+mkdir ~/grim
+cd ~/grim
+wget <leng release>
+```
+
+This will download the binary to ```~/grim``` which will be leng's working directory. First, lets setup file permissions for leng, by running the following.
+
+```
+chmod a+x ./leng_linux_x64
+```
+
+Setup is pretty much complete, the only thing left to do is run leng and let it generate the default configuration and download the blocklists, but lets set it up as a systemd service so it automatically restarts and updates when starting.
+
+## Setting up the service
+
+Create the leng service by running the following,
+
+```
+nano /etc/systemd/system/leng.service
+```
+
+Now paste in the code for the service below,
+
+```
+[Unit]
+Description=leng dns proxy
+Documentation=https://github.com/looterz/leng
+After=network.target
+
+[Service]
+User=root
+WorkingDirectory=/root/grim
+LimitNOFILE=4096
+PIDFile=/var/run/leng/leng.pid
+ExecStart=/root/grim/leng_linux_x64 -update
+Restart=always
+StartLimitInterval=30
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Save, and now you can start, stop, restart and run status commands on the leng service like follows
+```
+systemctl start leng  # start
+systemctl enable leng # start on boot
+```
+
+The only thing left to do is setup your clients to use your leng dns server.
+
+## Security
+
+Now that leng is setup on your droplet, it's recommended to [secure](https://github.com/looterz/leng/wiki/Securing-on-linux) the installation from non-whitelisted clients.

doc/src/Home.md

@@ -0,0 +1 @@
+Here are some useful guides and resources for working with leng. Contributions welcome!