#!/bin/sh -xe # # 2020 Joachim Desroches (joachim.desroches@epfl.ch) # # This file is part of cdist. # # cdist is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # cdist is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # os=$(cat "${__global:?}/explorer/os") case "$os" in alpine) __package unbound openssl_package=openssl ;; *) printf "%s is currently not supported by __unbound\n" "$os" >&2 printf "Please contribute an implementation for it if you can.\n" >&2 exit 1 ;; esac # Optional parameters: if [ -f "${__object:?}/parameter/verbosity" ]; then VERBOSITY=$(cat "${__object:?}/parameter/verbosity") export VERBOSITY fi if [ -f "${__object:?}/parameter/port" ]; then PORT=$(cat "${__object:?}/parameter/port") export PORT fi if [ -f "${__object:?}/parameter/control-port" ]; then CONTROL_PORT=$(cat "${__object:?}/parameter/control-port") export CONTROL_PORT fi if [ -f "${__object:?}/parameter/dns64-prefix" ]; then PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix") export PREFIX64 fi # Boolean parameters: if [ -f "${__object:?}/parameter/ip-transparent" ]; then IP_TRANSPARENT=yes export IP_TRANSPARENT fi if [ -f "${__object:?}/parameter/dns64" ]; then DNS64=yes export DNS64 fi if [ -f "${__object:?}/parameter/enable-rc" ]; then ENABLE_RC=yes export ENABLE_RC fi if [ -f "${__object:?}/parameter/disable-ip4" ]; then DISABLE_IPV4=yes export DISABLE_IPV4 fi if [ -f "${__object:?}/parameter/disable-ip6" ]; then DISABLE_IPV6=yes export DISABLE_IPV6 fi if [ -f "${__object:?}/parameter/control-use-certs" ]; then __package "$openssl_package" export CONTROL_USE_CERTS=yes fi # Certs for remote control, generated if --generate-certs is given. export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key' export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem' export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key' export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem' export require='__package/unbound' # If object_id is different from 'unbound', we consider that we are launching a # different instance of unbound and create the appropriate init service. if [ "${__object_id:?}" != "unbound" ]; then __link "/etc/init.d/${__object_id:?}" \ --type symbolic --source /etc/init.d/unbound # The unbound init service checks the proper configuration file but does not # specify to load it, so we add a daemon configuration file. __file "/etc/conf.d/${__object_id:?}" \ --owner root --mode 0600 --source - <<- EOF # Generated by cdist. command_args="-c /etc/unbound/\$RC_SVCNAME.conf" EOF require="__link/etc/init.d/${__object_id:?}" \ __start_on_boot "${__object_id:?}" else __start_on_boot unbound fi unset require # Generate and deploy configuration files. source_file="${__object:?}/files/unbound.conf" target_file="/etc/unbound/${__object_id:?}.conf" mkdir -p "$__object/files" "${__type:?}/files/unbound.conf.sh" > "$source_file" require="__package/unbound" __file "$target_file" \ --source "$source_file" \ --owner root --mode 644