Support systemd socket activation

[discapes]

This is an almost verbatim copy of AdguardTeam/AdGuardHome#7859:

When running Technitium DNS with rootless Podman, netavark is used as the network stack. In that case, the container is not able to see the real client IP. To the Technitium container it looks like every request is coming from the same client.

One way for a rootless container to see the real client IP would be systemd socket activation. Podman has support for it. However, Technitium currently does not seem to support socket activation.

Besides seing the real client ip, this would also allow activation of Technitium on incoming network requests as well as native network performance for rootless containers.

This would be really helpful for podman users.

[discapes]

Implemented with the help of Claude. Looks pretty clean and simple. Also added support for building the Docker image in CI.

Tested and confirmed to work with rootless podman with netavark bridge networking.

#1822

[discapes]

Feel free to try the Docker image: ghcr.io/discapes/dnsserver

[ShreyasZare]

Thanks for the post. I have no experience using podman so will study it and see how this can be done.

[ShreyasZare]

Can you explain why using something like macvlan/ipvlan is not feasible with such a setup? Using that option will allow reading client IP directly without requiring implementing this specific feature.

[discapes]

Those are only for rootful podman, and don't work for rootless.

Note that pasta mode (on rootless) preserves the source IP but it cant be used for user defined container-to-container networks, where netavark is required and rootlessport is used to forward ports.