Merge branch 'unbound' into 'master'

__unbound type

See merge request ungleich-public/cdist-contrib!7
This commit is contained in:
fnux 2020-06-04 17:07:17 +02:00
commit 25e72d7135
9 changed files with 1182 additions and 0 deletions

View file

@ -1,3 +1,4 @@
# cdist-contrib changes
* 2020-06-03: New type: __unbound (Timothée Floure)
* 2020-04-28: New type: __find_exec (Ander Punnar)

File diff suppressed because it is too large Load diff

74
type/__unbound/man.rst Normal file
View file

@ -0,0 +1,74 @@
cdist-type__unbound(7)
===============================
NAME
----
cdist-type__ungleich_unbound - unbound server deployment for ungleich
DESCRIPTION
-----------
This unbound (dns resolver and cache) deployment provides DNS64 and fetch
answers from specified upstrean DNS server. This is a singleton type.
REQUIRED PARAMETERS
-------------------
dns64_prefix
IPv6 prefix used for DNS64.
forward_addr
DNS servers used to lookup names, can be provided multiple times. It can be
either an IPv4 or IPv6 address but no domain name.
OPTIONAL PARAMETERS
-------------------
interface
Interface to listen on, can be provided multiple times. Defaults to
'127.0.0.1' and '::1'.
access_control
Controls which clients are allowed queries to the unbound service (everything
but localhost is refused by default), can be provided multiple times. The
format is described in unbound.conf(5).
BOOLEAN PARAMETERS
------------------
disable-ip4
Do not answer or issue queries over IPv4. Cannot be used alongside the
`--disable-ip6` flag.
disable-ip6
Do not answer or issue queries over IPv6. Cannot be used alongside the
`--disable-ip4` flag.
EXAMPLES
--------
.. code-block:: sh
__ungleich_unbound \
--interface '::0' \
--dns64_prefix '2a0a:e5c0:2:10::/96' \
--forward_addr '2a0a:e5c0:2:1::5' \
--forward_addr '2a0a:e5c0:2:1::6' \
--access_control '::0/0 deny' \
--access_control '2a0a:e5c0::/29 allow' \
--access_control '2a09:2940::/29 allow' \
--ip6
SEE ALSO
--------
- `unbound.conf(5) <https://nlnetlabs.nl/documentation/unbound/unbound.conf/>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2020 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

83
type/__unbound/manifest Executable file
View file

@ -0,0 +1,83 @@
#!/bin/sh -e
#
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
alpine)
__package unbound --state present
;;
*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
# Required parameters:
DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix")
export DNS64_PREFIX
FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr")
export FORWARD_ADDRS
# Optional parameters:
if [ -f "$__object/parameter/interface" ]; then
INTERFACES=$(cat "$__object/parameter/interface")
export INTERFACES
fi
if [ -f "$__object/parameter/access_control" ]; then
ACCESS_CONTROLS=$(cat "$__object/parameter/access_control")
export ACCESS_CONTROLS
fi
# Boolean parameters:
if [ -f "$__object/parameter/disable_ip4" ] && \
[ -f "$__object/parameter/disable_ip6" ]; then
echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2
exit 1
fi
if [ -f "$__object/parameter/disable_ip4" ]; then
export DO_IP4='no'
else
export DO_IP4='yes'
fi
if [ -f "$__object/parameter/disable_ip6" ]; then
export DO_IP6='no'
else
export DO_IP6='yes'
fi
# Generate and deploy configuration files.
source_file="$__object/files/unbound.conf"
target_file="/etc/unbound/unbound.conf"
mkdir -p "$__object/files"
"$__type/files/unbound.conf.sh" > "$source_file"
require="__package/unbound" __file "$target_file" \
--source "$source_file" \
--owner root \
--mode 644
# Restart unbound server after reconfiguration.
require="__file/$target_file" __service unbound --action restart

View file

@ -0,0 +1,2 @@
disable_ip6
disable_ip4

View file

@ -0,0 +1,2 @@
access_control
interface

View file

@ -0,0 +1 @@
dns64_prefix

View file

@ -0,0 +1 @@
forward_addr

0
type/__unbound/singleton Normal file
View file