Import __ungleich_unbound type for ungleich's dot-cdist

This commit is contained in:
fnux 2020-06-03 14:58:43 +02:00
parent e4b96ee2a4
commit 3adb5ac4ca
8 changed files with 1177 additions and 0 deletions

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,74 @@
cdist-type__ungleich_unbound(7)
===============================
NAME
----
cdist-type__ungleich_unbound - unbound server deployment for ungleich
DESCRIPTION
-----------
This unbound (dns resolver and cache) deployment provides DNS64 and fetch
answers from specified upstrean DNS server. This is a singleton type.
REQUIRED PARAMETERS
-------------------
dns64_prefix
IPv6 prefix used for DNS64.
forward_addr
DNS servers used to lookup names, can be provided multiple times. It can be
either an IPv4 or IPv6 address but no domain name.
OPTIONAL PARAMETERS
-------------------
interface
Interface to listen on, can be provided multiple times. Defaults to
'127.0.0.1' and '::1'.
access_control
Controls which clients are allowed queries to the unbound service (everything
but localhost is refused by default), can be provided multiple times. The
format is described in unbound.conf(5).
BOOLEAN PARAMETERS
------------------
disable-ip4
Do not answer or issue queries over IPv4. Cannot be used alongside the
`--disable-ip6` flag.
disable-ip6
Do not answer or issue queries over IPv6. Cannot be used alongside the
`--disable-ip4` flag.
EXAMPLES
--------
.. code-block:: sh
__ungleich_unbound \
--interface '::0' \
--dns64_prefix '2a0a:e5c0:2:10::/96' \
--forward_addr '2a0a:e5c0:2:1::5' \
--forward_addr '2a0a:e5c0:2:1::6' \
--access_control '::0/0 deny' \
--access_control '2a0a:e5c0::/29 allow' \
--access_control '2a09:2940::/29 allow' \
--ip6
SEE ALSO
--------
- `unbound.conf(5) <https://nlnetlabs.nl/documentation/unbound/unbound.conf/>`_
AUTHORS
-------
Timothée Floure <timothee.floure@ungleich.ch>
COPYING
-------
Copyright \(C) 2020 Timothée Floure. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

View File

@ -0,0 +1,79 @@
#!/bin/sh -e
#
# 2020 Timothée Floure (timothee.floure@ungleich.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
os=$(cat "$__global/explorer/os")
case "$os" in
alpine)
__package unbound --state present
;;
*)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
printf "Please contribute an implementation for it if you can.\n" >&2
exit 1
;;
esac
# Required parameters:
export DNS64_PREFIX=$(cat "$__object/parameter/dns64_prefix")
export FORWARD_ADDRS=$(cat "$__object/parameter/forward_addr")
# Optional parameters:
if [ -f "$__object/parameter/interface" ]; then
export INTERFACES=$(cat "$__object/parameter/interface")
fi
if [ -f "$__object/parameter/access_control" ]; then
export ACCESS_CONTROLS=$(cat "$__object/parameter/access_control")
fi
# Boolean parameters:
if [ -f "$__object/parameter/disable_ip4" ] && \
[ -f "$__object/parameter/disable_ip6" ]; then
echo "--disable-ip4 and --disable-ip6 cannot be used at the same time." >&2
exit 1
fi
if [ -f "$__object/parameter/disable_ip4" ]; then
export DO_IP4='no'
else
export DO_IP4='yes'
fi
if [ -f "$__object/parameter/disable_ip6" ]; then
export DO_IP6='no'
else
export DO_IP6='yes'
fi
# Generate and deploy configuration files.
source_file="$__object/files/unbound.conf"
target_file="/etc/unbound/unbound.conf"
mkdir -p "$__object/files"
"$__type/files/unbound.conf.sh" > $source_file
require="__package/unbound" __file $target_file \
--source $source_file \
--owner root \
--mode 644
# Restart unbound server after reconfiguration.
require="__file/$target_file" __service unbound --action restart

View File

@ -0,0 +1,2 @@
disable_ip6
disable_ip4

View File

@ -0,0 +1,2 @@
access_control
interface

View File

@ -0,0 +1 @@
dns64_prefix

View File

@ -0,0 +1 @@
forward_addr

View File