feat: add dnsmasq community container for LAN DNS, remove ddclient, add NC_DOMAIN Docker alias

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/7bd0c60a-c5df-404a-a8a5-5cbb97c7a48c

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/ddclient/Dockerfile

@@ -1,16 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM ghcr.io/linuxserver/ddclient:latest
-
-# Auto-configure ddclient for deSEC when NC_DOMAIN and DESEC_TOKEN are provided.
-# The linuxserver base image executes all scripts in /custom-cont-init.d/ before
-# the main service starts, which lets us generate ddclient.conf without any manual step.
-COPY --chmod=755 ddclient-config-gen.sh /custom-cont-init.d/ddclient-config-gen.sh
-
-LABEL com.centurylinklabs.watchtower.enable="false" \
-    wud.watch="false" \
-    org.opencontainers.image.title="DDclient for Nextcloud AIO" \
-    org.opencontainers.image.description="DDclient with automatic deSEC configuration for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/community-containers/ddclient/readme.md"

Containers/ddclient/ddclient-config-gen.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-# Automatically generate /config/ddclient.conf for deSEC dynamic DNS when
-# NC_DOMAIN and DESEC_TOKEN are provided and no config file exists yet.
-#
-# This script is executed by the linuxserver base image from /custom-cont-init.d/
-# before ddclient starts, so no manual configuration step is required.
-
-if [[ -n "${NC_DOMAIN}" && -n "${DESEC_TOKEN}" && ! -f /config/ddclient.conf ]]; then
-    {
-        printf 'daemon=300\nsyslog=yes\nssl=yes\n\n'
-        printf 'use=web, web=https://checkipv4.dedyn.io/\n\n'
-        printf 'protocol=dyndns2\nserver=update.dedyn.io\n'
-        printf 'login=%s\npassword=%s\n%s\n' \
-            "${NC_DOMAIN}" "${DESEC_TOKEN}" "${NC_DOMAIN}"
-    } > /config/ddclient.conf
-    echo "deSEC ddclient config auto-generated for domain ${NC_DOMAIN}"
-fi

Containers/dnsmasq/Dockerfile

@@ -0,0 +1,17 @@
+# syntax=docker/dockerfile:latest
+FROM alpine:3.21
+
+RUN apk add --no-cache dnsmasq iproute2
+
+COPY --chmod=755 start.sh /start.sh
+
+ENTRYPOINT ["/start.sh"]
+
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
+    org.opencontainers.image.title="Dnsmasq for Nextcloud AIO" \
+    org.opencontainers.image.description="Lightweight DNS server that resolves NC_DOMAIN to the local server IP for LAN devices" \
+    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.vendor="Nextcloud" \
+    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/community-containers/dnsmasq/readme.md"

Containers/dnsmasq/start.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+
+if [ -z "$NC_DOMAIN" ]; then
+    echo "ERROR: NC_DOMAIN is not set" >&2
+    exit 1
+fi
+
+# Determine the server's primary LAN IP - use the source address chosen by the kernel
+# for a route to a well-known public IP (1.1.1.1 is used purely to query the routing table;
+# no traffic is sent there).
+LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") {print $(i+1); exit}}')
+
+if [ -z "$LOCAL_IP" ]; then
+    LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
+fi
+
+if [ -z "$LOCAL_IP" ]; then
+    echo "ERROR: Could not determine local IP address" >&2
+    exit 1
+fi
+
+echo "Nextcloud AIO dnsmasq: resolving $NC_DOMAIN -> $LOCAL_IP"
+echo "Configure your router's DHCP to hand out $LOCAL_IP as the DNS server for LAN clients."
+
+mkdir -p /etc/dnsmasq.d
+
+cat > /etc/dnsmasq.d/nextcloud-aio.conf << EOF
+# Auto-generated by Nextcloud AIO dnsmasq container.
+# Resolves NC_DOMAIN (and all its subdomains) to this server's local IP.
+address=/$NC_DOMAIN/$LOCAL_IP
+
+# Bind only to the LAN interface to avoid conflicts with any system DNS resolver.
+bind-interfaces
+listen-address=$LOCAL_IP
+EOF
+
+exec dnsmasq --no-daemon --log-queries --conf-dir=/etc/dnsmasq.d