Separate zones from modules and add automatic unbound module

2021-06-02 15:58:23 +00:00 · 2021-06-02 15:58:23 +00:00 · 67cb0bb508
parent 603f40fa90
commit 67cb0bb508
5 changed files with 44 additions and 27 deletions
--- a/config/unbound/APKBUILD
+++ b/config/unbound/APKBUILD
@ -3,37 +3,39 @@

 . ../APKBUILD-config.template

-pkgver=2021.06.01.04
+pkgver=2021.06.02.01
 pkgrel=0
 depends="alpine-baselayout ca-certificates-bundle dns-root-hints dnssec-root"
 checkdepends="unbound"
 options="checkroot"
-_modules="
-	acl
-	rctrl
-	auth_redxen
-	auth_crxn
-	auth_internal
-"
 source="
 	base.conf
+	acl.conf
+	rctrl.conf
+	wireguard.conf
+"
+subpackages="
+	$pkgname-acl
+	$pkgname-rctrl
+	$pkgname-wireguard
 "

-for i in $_modules; do
-	_authname="${i##auth_}"
-	if [ "${i%%_*}" = "auth" ]; then 
-		checkdepends="$checkdepends redxen-data-bindzone-$_authname"
-	fi
-	subpackages="$subpackages $pkgname-$i:_module_ins"
-	source="$source $i.conf"
+_zones="
+	redxen
+	crxn
+	internal
+"
+for i in $_zones; do
+	checkdepends="$checkdepends redxen-data-bindzone-$i"
+	subpackages="$subpackages $pkgname-auth-$i:_zone_ins"
+	source="$source auth-$i.conf"
 done

 check() {
 	msg "Checking configuration validity"
-	/usr/sbin/unbound-checkconf base.conf

-	for i in $_modules; do
-		/usr/sbin/unbound-checkconf "$i".conf
+	for i in $source; do
+		/usr/sbin/unbound-checkconf "$i"
 	done

 }
@ -42,13 +44,24 @@ package() {
 	rx_install base.conf
 }

-_module_ins() {
+acl() {
+	_rx_installdir="$_rx_installdir/module" rx_install acl.conf
+}
+
+rctrl() {
+	_rx_installdir="$_rx_installdir/module" rx_install rctrl.conf
+}
+
+wireguard() {
+	install_if="$pkgname redxen-config-wireguard"
+	_rx_installdir="$_rx_installdir/module" rx_install wireguard.conf
+}
+
+
+_zone_ins() {
 	_modname="${subpkgname##${pkgname}-}"
-	_authname="${_modname##auth_}"
-	if [ "${_modname%%_*}" = "auth" ]; then 
-		msg "Matched auth zone $_authname, adding depends to bindzone"
+	_authname="${_modname##auth-}"
 	depends="$depends redxen-data-bindzone-$_authname"
-	fi
 	_rx_installdir="$_rx_installdir/module" rx_install "$_modname".conf
 }

@ -56,7 +69,8 @@ sha512sums="
 bcb4c8e66d185f56751cc8f44ced802622abbd91bad08bae38b549d0e38438cd876784ac432ddd30347c4f6e5f0c205aafb085beecb1a58224074b3ac2b8f817  base.conf
 75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4  acl.conf
 d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa  rctrl.conf
-a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607  auth_redxen.conf
-e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d  auth_crxn.conf
-b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6  auth_internal.conf
+201fe7cf481cf7b0614d677804d4dee3db57f447bd2cde8c61a1dd337495f81dc1b62dad5cf031fc37934250523aaba6df129441b10b71aa003ceee7e56d057b  wireguard.conf
+a013d162067027aabde0ce0810bfa9ac7e329ad77a52c93afed2faa56f92c73f5933327b70c2ba5e0ef663852462185653aef5138c62da8043c19179cb3e2607  auth-redxen.conf
+e678f22aa89a9df3db35921a20225abd2b0408ff1e6815b12ec135a740d95bc8a0669aebae3d0945e29c3896f43a0da88375a1c241fabcd410a65e47466c1f6d  auth-crxn.conf
+b854e0d09875653676336ffc9e36690b2abe1a565f25fafd9cd0940cb5b6d8bb57e1d43a7a9b072c11fcadc9073e1dceceea9a517e4d55bee1d217fd1bd759e6  auth-internal.conf
 "
--- a/config/unbound/auth-crxn.conf
+++ b/config/unbound/auth-crxn.conf
--- a/config/unbound/auth-internal.conf
+++ b/config/unbound/auth-internal.conf
--- a/config/unbound/auth-redxen.conf
+++ b/config/unbound/auth-redxen.conf
--- a/config/unbound/wireguard.conf
+++ b/config/unbound/wireguard.conf
@ -0,0 +1,3 @@
+server:
+	access-control: 172.22.12.1/24 allow
+	access-control: fd42:42:42::2:1/120 allow