Merge branch 'unbound' into 'master'
__unbound type See merge request ungleich-public/cdist-contrib!7
This commit is contained in:
commit
25e72d7135
9 changed files with 1182 additions and 0 deletions
|
@ -1,3 +1,4 @@
|
||||||
# cdist-contrib changes
|
# cdist-contrib changes
|
||||||
|
|
||||||
|
* 2020-06-03: New type: __unbound (Timothée Floure)
|
||||||
* 2020-04-28: New type: __find_exec (Ander Punnar)
|
* 2020-04-28: New type: __find_exec (Ander Punnar)
|
||||||
|
|
1018
type/__unbound/files/unbound.conf.sh
Executable file
1018
type/__unbound/files/unbound.conf.sh
Executable file
File diff suppressed because it is too large
Load diff
74
type/__unbound/man.rst
Normal file
74
type/__unbound/man.rst
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
cdist-type__unbound(7)
|
||||||
|
===============================
|
||||||
|
|
||||||
|
NAME
|
||||||
|
----
|
||||||
|
cdist-type__ungleich_unbound - unbound server deployment for ungleich
|
||||||
|
|
||||||
|
|
||||||
|
DESCRIPTION
|
||||||
|
-----------
|
||||||
|
This unbound (dns resolver and cache) deployment provides DNS64 and fetch
|
||||||
|
answers from specified upstrean DNS server. This is a singleton type.
|
||||||
|
|
||||||
|
REQUIRED PARAMETERS
|
||||||
|
-------------------
|
||||||
|
dns64_prefix
|
||||||
|
IPv6 prefix used for DNS64.
|
||||||
|
|
||||||
|
forward_addr
|
||||||
|
DNS servers used to lookup names, can be provided multiple times. It can be
|
||||||
|
either an IPv4 or IPv6 address but no domain name.
|
||||||
|
|
||||||
|
OPTIONAL PARAMETERS
|
||||||
|
-------------------
|
||||||
|
interface
|
||||||
|
Interface to listen on, can be provided multiple times. Defaults to
|
||||||
|
'127.0.0.1' and '::1'.
|
||||||
|
|
||||||
|
access_control
|
||||||
|
Controls which clients are allowed queries to the unbound service (everything
|
||||||
|
but localhost is refused by default), can be provided multiple times. The
|
||||||
|
format is described in unbound.conf(5).
|
||||||
|
|
||||||
|
BOOLEAN PARAMETERS
|
||||||
|
------------------
|
||||||
|
disable-ip4
|
||||||
|
Do not answer or issue queries over IPv4. Cannot be used alongside the
|
||||||
|
`--disable-ip6` flag.
|
||||||
|
|
||||||
|
disable-ip6
|
||||||
|
Do not answer or issue queries over IPv6. Cannot be used alongside the
|
||||||
|
`--disable-ip4` flag.
|
||||||
|
|
||||||
|
EXAMPLES
|
||||||
|
--------
|
||||||
|
|
||||||
|
.. code-block:: sh
|
||||||
|
|
||||||
|
__ungleich_unbound \
|
||||||
|
--interface '::0' \
|
||||||
|
--dns64_prefix '2a0a:e5c0:2:10::/96' \
|
||||||
|
--forward_addr '2a0a:e5c0:2:1::5' \
|
||||||
|
--forward_addr '2a0a:e5c0:2:1::6' \
|
||||||
|
--access_control '::0/0 deny' \
|
||||||
|
--access_control '2a0a:e5c0::/29 allow' \
|
||||||
|
--access_control '2a09:2940::/29 allow' \
|
||||||
|
--ip6
|
||||||
|
|
||||||
|
SEE ALSO
|
||||||
|
--------
|
||||||
|
- `unbound.conf(5) <https://nlnetlabs.nl/documentation/unbound/unbound.conf/>`_
|
||||||
|
|
||||||
|
|
||||||
|
AUTHORS
|
||||||
|
-------
|
||||||
|
Timothée Floure <timothee.floure@ungleich.ch>
|
||||||
|
|
||||||
|
|
||||||
|
COPYING
|
||||||
|
-------
|
||||||
|
Copyright \(C) 2020 Timothée Floure. You can redistribute it
|
||||||
|
and/or modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation, either version 3 of the
|
||||||
|
License, or (at your option) any later version.
|
83
type/__unbound/manifest
Executable file
83
type/__unbound/manifest
Executable file
|
@ -0,0 +1,83 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
#
|
||||||
|
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
os=$(cat "$__global/explorer/os")
|
||||||
|
|
||||||
|
case "$os" in
|
||||||
|
alpine)
|
||||||
|
__package unbound --state present
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
|
||||||
|
printf "Please contribute an implementation for it if you can.\n" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Required parameters:
|
||||||
|
DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix")
|
||||||
|
export DNS64_PREFIX
|
||||||
|
FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr")
|
||||||
|
export FORWARD_ADDRS
|
||||||
|
|
||||||
|
# Optional parameters:
|
||||||
|
if [ -f "$__object/parameter/interface" ]; then
|
||||||
|
INTERFACES=$(cat "$__object/parameter/interface")
|
||||||
|
export INTERFACES
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/access_control" ]; then
|
||||||
|
ACCESS_CONTROLS=$(cat "$__object/parameter/access_control")
|
||||||
|
export ACCESS_CONTROLS
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Boolean parameters:
|
||||||
|
if [ -f "$__object/parameter/disable_ip4" ] && \
|
||||||
|
[ -f "$__object/parameter/disable_ip6" ]; then
|
||||||
|
echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/disable_ip4" ]; then
|
||||||
|
export DO_IP4='no'
|
||||||
|
else
|
||||||
|
export DO_IP4='yes'
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$__object/parameter/disable_ip6" ]; then
|
||||||
|
export DO_IP6='no'
|
||||||
|
else
|
||||||
|
export DO_IP6='yes'
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate and deploy configuration files.
|
||||||
|
source_file="$__object/files/unbound.conf"
|
||||||
|
target_file="/etc/unbound/unbound.conf"
|
||||||
|
|
||||||
|
mkdir -p "$__object/files"
|
||||||
|
"$__type/files/unbound.conf.sh" > "$source_file"
|
||||||
|
require="__package/unbound" __file "$target_file" \
|
||||||
|
--source "$source_file" \
|
||||||
|
--owner root \
|
||||||
|
--mode 644
|
||||||
|
|
||||||
|
# Restart unbound server after reconfiguration.
|
||||||
|
require="__file/$target_file" __service unbound --action restart
|
2
type/__unbound/parameter/boolean
Normal file
2
type/__unbound/parameter/boolean
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
disable_ip6
|
||||||
|
disable_ip4
|
2
type/__unbound/parameter/optional_multiple
Normal file
2
type/__unbound/parameter/optional_multiple
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
access_control
|
||||||
|
interface
|
1
type/__unbound/parameter/required
Normal file
1
type/__unbound/parameter/required
Normal file
|
@ -0,0 +1 @@
|
||||||
|
dns64_prefix
|
1
type/__unbound/parameter/required_multiple
Normal file
1
type/__unbound/parameter/required_multiple
Normal file
|
@ -0,0 +1 @@
|
||||||
|
forward_addr
|
0
type/__unbound/singleton
Normal file
0
type/__unbound/singleton
Normal file
Loading…
Reference in a new issue