From 67cb0bb50834a2c72f0cb90ee5d6748b5d46aa08 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Wed, 2 Jun 2021 15:58:23 +0000 Subject: [PATCH] Separate zones from modules and add automatic unbound module --- config/unbound/APKBUILD | 68 +++++++++++-------- .../{auth_crxn.conf => auth-crxn.conf} | 0 ...{auth_internal.conf => auth-internal.conf} | 0 .../{auth_redxen.conf => auth-redxen.conf} | 0 config/unbound/wireguard.conf | 3 + 5 files changed, 44 insertions(+), 27 deletions(-) rename config/unbound/{auth_crxn.conf => auth-crxn.conf} (100%) rename config/unbound/{auth_internal.conf => auth-internal.conf} (100%) rename config/unbound/{auth_redxen.conf => auth-redxen.conf} (100%) create mode 100644 config/unbound/wireguard.conf diff --git a/config/unbound/APKBUILD b/config/unbound/APKBUILD index 691153f..427a396 100644 --- a/config/unbound/APKBUILD +++ b/config/unbound/APKBUILD @@ -3,37 +3,39 @@ . ../APKBUILD-config.template -pkgver=2021.06.01.04 +pkgver=2021.06.02.01 pkgrel=0 depends="alpine-baselayout ca-certificates-bundle dns-root-hints dnssec-root" checkdepends="unbound" options="checkroot" -_modules=" - acl - rctrl - auth_redxen - auth_crxn - auth_internal -" source=" base.conf + acl.conf + rctrl.conf + wireguard.conf +" +subpackages=" + $pkgname-acl + $pkgname-rctrl + $pkgname-wireguard " -for i in $_modules; do - _authname="${i##auth_}" - if [ "${i%%_*}" = "auth" ]; then - checkdepends="$checkdepends redxen-data-bindzone-$_authname" - fi - subpackages="$subpackages $pkgname-$i:_module_ins" - source="$source $i.conf" +_zones=" + redxen + crxn + internal +" +for i in $_zones; do + checkdepends="$checkdepends redxen-data-bindzone-$i" + subpackages="$subpackages $pkgname-auth-$i:_zone_ins" + source="$source auth-$i.conf" done check() { msg "Checking configuration validity" - /usr/sbin/unbound-checkconf base.conf - for i in $_modules; do - /usr/sbin/unbound-checkconf "$i".conf + for i in $source; do + /usr/sbin/unbound-checkconf "$i" done } @@ -42,13 +44,24 @@ package() { rx_install base.conf } -_module_ins() { +acl() { + _rx_installdir="$_rx_installdir/module" rx_install acl.conf +} + +rctrl() { + _rx_installdir="$_rx_installdir/module" rx_install rctrl.conf +} + +wireguard() { + install_if="$pkgname redxen-config-wireguard" + _rx_installdir="$_rx_installdir/module" rx_install wireguard.conf +} + + +_zone_ins() { _modname="${subpkgname##${pkgname}-}" - _authname="${_modname##auth_}" - if [ "${_modname%%_*}" = "auth" ]; then - msg "Matched auth zone $_authname, adding depends to bindzone" - depends="$depends redxen-data-bindzone-$_authname" - fi + _authname="${_modname##auth-}" + depends="$depends redxen-data-bindzone-$_authname" _rx_installdir="$_rx_installdir/module" rx_install "$_modname".conf } @@ -56,7 +69,8 @@ sha512sums=" bcb4c8e66d185f56751cc8f44ced802622abbd91bad08bae38b549d0e38438cd876784ac432ddd30347c4f6e5f0c205aafb085beecb1a58224074b3ac2b8f817 base.conf 75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4 acl.conf d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf -a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607 auth_redxen.conf -e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d auth_crxn.conf -b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6 auth_internal.conf +201fe7cf481cf7b0614d677804d4dee3db57f447bd2cde8c61a1dd337495f81dc1b62dad5cf031fc37934250523aaba6df129441b10b71aa003ceee7e56d057b wireguard.conf +a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607 auth-redxen.conf +e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d auth-crxn.conf +b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6 auth-internal.conf " diff --git a/config/unbound/auth_crxn.conf b/config/unbound/auth-crxn.conf similarity index 100% rename from config/unbound/auth_crxn.conf rename to config/unbound/auth-crxn.conf diff --git a/config/unbound/auth_internal.conf b/config/unbound/auth-internal.conf similarity index 100% rename from config/unbound/auth_internal.conf rename to config/unbound/auth-internal.conf diff --git a/config/unbound/auth_redxen.conf b/config/unbound/auth-redxen.conf similarity index 100% rename from config/unbound/auth_redxen.conf rename to config/unbound/auth-redxen.conf diff --git a/config/unbound/wireguard.conf b/config/unbound/wireguard.conf new file mode 100644 index 0000000..288a3b5 --- /dev/null +++ b/config/unbound/wireguard.conf @@ -0,0 +1,3 @@ +server: + access-control: 172.22.12.1/24 allow + access-control: fd42:42:42::2:1/120 allow