2021-05-11 10:00:02 +00:00
|
|
|
#!/bin/sh -xe
|
2020-06-03 12:58:43 +00:00
|
|
|
#
|
2021-05-11 10:00:02 +00:00
|
|
|
# 2020 Joachim Desroches (joachim.desroches@epfl.ch)
|
2020-06-03 12:58:43 +00:00
|
|
|
#
|
|
|
|
# This file is part of cdist.
|
|
|
|
#
|
|
|
|
# cdist is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# cdist is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#
|
|
|
|
|
|
|
|
|
2021-05-11 10:00:02 +00:00
|
|
|
os=$(cat "${__global:?}/explorer/os")
|
2020-06-03 12:58:43 +00:00
|
|
|
|
|
|
|
case "$os" in
|
2021-05-11 10:00:02 +00:00
|
|
|
alpine)
|
|
|
|
__package unbound
|
|
|
|
openssl_package=openssl
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
printf "%s is currently not supported by __unbound\n" "$os" >&2
|
|
|
|
printf "Please contribute an implementation for it if you can.\n" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
2020-06-03 12:58:43 +00:00
|
|
|
esac
|
|
|
|
|
|
|
|
# Optional parameters:
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/verbosity" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
VERBOSITY=$(cat "${__object:?}/parameter/verbosity")
|
|
|
|
export VERBOSITY
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/port" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
PORT=$(cat "${__object:?}/parameter/port")
|
|
|
|
export PORT
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/control-port" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
CONTROL_PORT=$(cat "${__object:?}/parameter/control-port")
|
|
|
|
export CONTROL_PORT
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/dns64-prefix" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix")
|
|
|
|
export PREFIX64
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2020-07-10 08:41:20 +00:00
|
|
|
|
2020-06-03 12:58:43 +00:00
|
|
|
# Boolean parameters:
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/ip-transparent" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
IP_TRANSPARENT=yes
|
|
|
|
export IP_TRANSPARENT
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/dns64" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
DNS64=yes
|
|
|
|
export DNS64
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/enable-rc" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
ENABLE_RC=yes
|
|
|
|
export ENABLE_RC
|
2021-05-12 12:48:57 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "${__object:?}/parameter/disable-ip4" ];
|
|
|
|
then
|
|
|
|
DISABLE_IPV4=yes
|
|
|
|
export DISABLE_IPV4
|
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
if [ -f "${__object:?}/parameter/disable-ip6" ];
|
|
|
|
then
|
|
|
|
DISABLE_IPV6=yes
|
|
|
|
export DISABLE_IPV6
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "${__object:?}/parameter/control-use-certs" ];
|
|
|
|
then
|
2021-05-11 10:00:02 +00:00
|
|
|
__package "$openssl_package"
|
2021-05-12 12:48:57 +00:00
|
|
|
export CONTROL_USE_CERTS=yes
|
|
|
|
fi
|
2021-05-11 10:00:02 +00:00
|
|
|
|
|
|
|
# Certs for remote control, generated if --generate-certs is given.
|
2020-06-07 06:46:18 +00:00
|
|
|
export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
|
|
|
|
export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem'
|
|
|
|
export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
|
|
|
|
export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'
|
|
|
|
|
2021-05-12 12:48:57 +00:00
|
|
|
export require='__package/unbound'
|
2021-05-11 10:00:02 +00:00
|
|
|
# If object_id is different from 'unbound', we consider that we are launching a
|
|
|
|
# different instance of unbound and create the appropriate init service.
|
|
|
|
if [ "${__object_id:?}" != "unbound" ];
|
|
|
|
then
|
|
|
|
__link "/etc/init.d/${__object_id:?}" \
|
|
|
|
--type symbolic --source /etc/init.d/unbound
|
|
|
|
|
|
|
|
# The unbound init service checks the proper configuration file but does not
|
|
|
|
# specify to load it, so we add a daemon configuration file.
|
|
|
|
__file "/etc/conf.d/${__object_id:?}" \
|
|
|
|
--owner root --mode 0600 --source - <<- EOF
|
|
|
|
# Generated by cdist.
|
|
|
|
command_args="-c /etc/unbound/\$RC_SVCNAME.conf"
|
|
|
|
EOF
|
|
|
|
|
|
|
|
require="__link/etc/init.d/${__object_id:?}" \
|
|
|
|
__start_on_boot "${__object_id:?}"
|
|
|
|
else
|
|
|
|
__start_on_boot unbound
|
|
|
|
fi
|
2021-05-12 12:48:57 +00:00
|
|
|
unset require
|
2021-05-11 10:00:02 +00:00
|
|
|
|
2020-06-03 12:58:43 +00:00
|
|
|
# Generate and deploy configuration files.
|
2021-05-11 10:00:02 +00:00
|
|
|
source_file="${__object:?}/files/unbound.conf"
|
|
|
|
target_file="/etc/unbound/${__object_id:?}.conf"
|
2020-06-03 12:58:43 +00:00
|
|
|
|
|
|
|
mkdir -p "$__object/files"
|
2021-05-11 10:00:02 +00:00
|
|
|
"${__type:?}/files/unbound.conf.sh" > "$source_file"
|
2020-06-03 13:08:04 +00:00
|
|
|
require="__package/unbound" __file "$target_file" \
|
|
|
|
--source "$source_file" \
|
2021-05-12 12:48:57 +00:00
|
|
|
--owner root --mode 644
|