From 6eab68f081222f1aff227241867a4c24274e8bdb Mon Sep 17 00:00:00 2001 From: Joachim Desroches Date: Wed, 12 May 2021 14:48:57 +0200 Subject: [PATCH] __unbound: add missing functionality. --- type/__unbound/files/unbound.conf.sh | 13 +++++ type/__unbound/man.rst | 10 ++++ type/__unbound/manifest | 61 ++++++++++++++-------- type/__unbound/parameter/boolean | 2 + type/__unbound/parameter/optional_multiple | 1 + 5 files changed, 66 insertions(+), 21 deletions(-) diff --git a/type/__unbound/files/unbound.conf.sh b/type/__unbound/files/unbound.conf.sh index 05cf3fa..4b0833c 100755 --- a/type/__unbound/files/unbound.conf.sh +++ b/type/__unbound/files/unbound.conf.sh @@ -10,6 +10,10 @@ EOF # Server logging [ "$VERBOSITY" ] && printf "verbosity: %u\n" "$VERBOSITY" +# IP version +[ "$DISABLE_IPV4" ] && echo "do-ip4: no" +[ "$DISABLE_IPV6" ] && echo "do-ip6: no" + # Interfaces to bind to [ "$PORT" ] && printf "port: %u\n" "$PORT" if [ -f "${__object:?}/parameter/interface" ]; @@ -31,6 +35,15 @@ then done < "${__object:?}/parameter/access-control" fi +# Local data +if [ -f "${__object:?}/parameter/local-data" ]; +then + while read -r data; + do + printf "local-data: \"%s\"\n" "$data" + done < "${__object:?}/parameter/local-data" +fi + # DNS64 printf "module-config: \"%svalidator iterator\"\n" "${DNS64:+dns64 }" [ "$PREFIX64" ] && printf "dns64-prefix: %s\n" "$PREFIX64" diff --git a/type/__unbound/man.rst b/type/__unbound/man.rst index dd71616..f253564 100644 --- a/type/__unbound/man.rst +++ b/type/__unbound/man.rst @@ -58,6 +58,11 @@ forward-zone where the first element is the name of the zone, and the following elements are the IP addresses of the DNS servers; e.g. `example.com,1.2.3.4,4.3.2.1` +local-data + Control the `unbound.conf(5)` local-data parameter. Note that no local-zone + is defined, so the unbound default is to treat this data as a transparent + local zone. + BOOLEAN PARAMETERS ------------------ ip-transparent @@ -74,6 +79,11 @@ control-use-certs for the interaction between `unbound(8)` and `unbound-control(8)`, as well as their inclusion in the configuration file. +disable-ip4 + Disable answering queries over IPv4. + +disable-ip6 + Disable answering queries over IPv6. EXAMPLES -------- diff --git a/type/__unbound/manifest b/type/__unbound/manifest index 4955f41..917dbf0 100755 --- a/type/__unbound/manifest +++ b/type/__unbound/manifest @@ -34,47 +34,66 @@ alpine) esac # Optional parameters: -[ -f "${__object:?}/parameter/verbosity" ] && { +if [ -f "${__object:?}/parameter/verbosity" ]; +then VERBOSITY=$(cat "${__object:?}/parameter/verbosity") export VERBOSITY -} +fi -[ -f "${__object:?}/parameter/port" ] && { +if [ -f "${__object:?}/parameter/port" ]; +then PORT=$(cat "${__object:?}/parameter/port") export PORT -} +fi -[ -f "${__object:?}/parameter/control-port" ] && { +if [ -f "${__object:?}/parameter/control-port" ]; +then CONTROL_PORT=$(cat "${__object:?}/parameter/control-port") export CONTROL_PORT -} +fi -[ -f "${__object:?}/parameter/dns64-prefix" ] && { +if [ -f "${__object:?}/parameter/dns64-prefix" ]; +then PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix") export PREFIX64 -} +fi # Boolean parameters: -[ -f "${__object:?}/parameter/ip-transparent" ] && { +if [ -f "${__object:?}/parameter/ip-transparent" ]; +then IP_TRANSPARENT=yes export IP_TRANSPARENT -} +fi -[ -f "${__object:?}/parameter/dns64" ] && { +if [ -f "${__object:?}/parameter/dns64" ]; +then DNS64=yes export DNS64 -} +fi -[ -f "${__object:?}/parameter/enable-rc" ] && { +if [ -f "${__object:?}/parameter/enable-rc" ]; +then ENABLE_RC=yes export ENABLE_RC -} +fi -[ -f "${__object:?}/parameter/control-use-certs" ] && { +if [ -f "${__object:?}/parameter/disable-ip4" ]; +then + DISABLE_IPV4=yes + export DISABLE_IPV4 +fi + +if [ -f "${__object:?}/parameter/disable-ip6" ]; +then + DISABLE_IPV6=yes + export DISABLE_IPV6 +fi + +if [ -f "${__object:?}/parameter/control-use-certs" ]; +then __package "$openssl_package" - CONTROL_USE_CERTS=yes - export CONTROL_USE_CERTS -} + export CONTROL_USE_CERTS=yes +fi # Certs for remote control, generated if --generate-certs is given. export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key' @@ -82,6 +101,7 @@ export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem' export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key' export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem' +export require='__package/unbound' # If object_id is different from 'unbound', we consider that we are launching a # different instance of unbound and create the appropriate init service. if [ "${__object_id:?}" != "unbound" ]; @@ -102,7 +122,7 @@ then else __start_on_boot unbound fi - +unset require # Generate and deploy configuration files. source_file="${__object:?}/files/unbound.conf" @@ -112,5 +132,4 @@ mkdir -p "$__object/files" "${__type:?}/files/unbound.conf.sh" > "$source_file" require="__package/unbound" __file "$target_file" \ --source "$source_file" \ - --owner root \ - --mode 644 + --owner root --mode 644 diff --git a/type/__unbound/parameter/boolean b/type/__unbound/parameter/boolean index 2ce187e..9825db7 100644 --- a/type/__unbound/parameter/boolean +++ b/type/__unbound/parameter/boolean @@ -2,3 +2,5 @@ ip-transparent dns64 enable-rc control-use-certs +disable-ip4 +disable-ip6 diff --git a/type/__unbound/parameter/optional_multiple b/type/__unbound/parameter/optional_multiple index abfcf47..71816ca 100644 --- a/type/__unbound/parameter/optional_multiple +++ b/type/__unbound/parameter/optional_multiple @@ -2,3 +2,4 @@ interface access-control control-interface forward-zone +local-data