cdist-contrib/type/__unbound/manifest

#!/bin/sh -xe
#
# 2020 Joachim Desroches (joachim.desroches@epfl.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#


os=$(cat "${__global:?}/explorer/os")

case "$os" in
alpine)
	__package unbound
	openssl_package=openssl
	;;
*)
	printf "%s is currently not supported by __unbound\n" "$os" >&2
	printf "Please contribute an implementation for it if you can.\n" >&2
	exit 1
	;;
esac

# Optional parameters:
if [ -f "${__object:?}/parameter/verbosity" ];
then
	VERBOSITY=$(cat "${__object:?}/parameter/verbosity")
	export VERBOSITY
fi

if [ -f "${__object:?}/parameter/port" ];
then
	PORT=$(cat "${__object:?}/parameter/port")
	export PORT
fi

if [ -f "${__object:?}/parameter/control-port" ];
then
	CONTROL_PORT=$(cat "${__object:?}/parameter/control-port")
	export CONTROL_PORT
fi

if [ -f "${__object:?}/parameter/dns64-prefix" ];
then
	PREFIX64=$(cat "${__object:?}/parameter/dns64-prefix")
	export PREFIX64
fi

# Boolean parameters:
if [ -f "${__object:?}/parameter/ip-transparent" ];
then
	IP_TRANSPARENT=yes
	export IP_TRANSPARENT
fi

if [ -f "${__object:?}/parameter/dns64" ];
then
	DNS64=yes
	export DNS64
fi

if [ -f "${__object:?}/parameter/enable-rc" ];
then
	ENABLE_RC=yes
	export ENABLE_RC
fi

if [ -f "${__object:?}/parameter/disable-ip4" ];
then
	DISABLE_IPV4=yes
	export DISABLE_IPV4
fi

if [ -f "${__object:?}/parameter/disable-ip6" ];
then
	DISABLE_IPV6=yes
	export DISABLE_IPV6
fi

if [ -f "${__object:?}/parameter/control-use-certs" ];
then
	__package "$openssl_package"
	export CONTROL_USE_CERTS=yes
fi

# Certs for remote control, generated if --generate-certs is given.
export RC_SERVER_KEY_FILE='/etc/unbound/unbound_server.key'
export RC_SERVER_CERT_FILE='/etc/unbound/unbound_server.pem'
export RC_CONTROL_KEY_FILE='/etc/unbound/unbound_control.key'
export RC_CONTROL_CERT_FILE='/etc/unbound/unbound_control.pem'

export require='__package/unbound'
# If object_id is different from 'unbound', we consider that we are launching a
# different instance of unbound and create the appropriate init service.
if [ "${__object_id:?}" != "unbound" ];
then
	__link "/etc/init.d/${__object_id:?}" \
		--type symbolic --source /etc/init.d/unbound

	# The unbound init service checks the proper configuration file but does not
	# specify to load it, so we add a daemon configuration file.
	__file "/etc/conf.d/${__object_id:?}" \
		--owner root --mode 0600 --source - <<- EOF
		# Generated by cdist.
		command_args="-c /etc/unbound/\$RC_SVCNAME.conf"
		EOF

	require="__link/etc/init.d/${__object_id:?}" \
		__start_on_boot "${__object_id:?}"
else
		__start_on_boot unbound
fi
unset require

# Generate and deploy configuration files.
source_file="${__object:?}/files/unbound.conf"
target_file="/etc/unbound/${__object_id:?}.conf"

mkdir -p "$__object/files"
"${__type:?}/files/unbound.conf.sh" > "$source_file"
require="__package/unbound" __file "$target_file" \
    --source "$source_file" \
    --owner root --mode 644