adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
13a9891e71
jean-cloud-services/services/ns1.jean-cloud.org/helper_functions.sh
Adrian Amaglio 13a9891e71 pouloulou…
2023-09-13 10:46:02 +02:00

163 lines
4.1 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

set -euo pipefail
fakeresolve_ip_list () {
if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve_ip_list <name>"
fi
grep -oP "^$1[[:space:]]+IN[[:space:]]+A{1,4}[[:space:]]+\K[^;\s]+" "$debian_bind_confdir/$server_zone_file" | tr '\n' ';'
}
prepare () {
# Install dependencies
apt install -y bind9 &>/dev/null
# Create Directories
if [ -n "$keydir" ] ; then
mkdir -p "$keydir"
chown bind:bind "$keydir" -R
chown bind:bind "$debian_bind_confdir" -R
fi
# Sync the git repo
sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind
echo 'Prepare bind: Remove autogenerated part from bind conf files'
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
echo 'Put the separator back'
for file in $( ls "$debian_bind_confdir"/template.db.* | grep -v '.signed$\|.jbk$\|.jnl$') ; do
echo "$autoconf_separator" >> "$file"
done
}
restart () {
echo 'Restart bind9'
systemctl restart bind9
}
# Function that simulate a DNS resolve by reading bind zone file
# Returns all the record line:
# @ IN A X.X.X.X
fakeresolve () {
if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve <name>"
fi
name="$1"
zonefile="$debian_bind_confdir/$server_zone_file"
# Split full name if there are dots
shortname="$name"
if [ -n "$(echo "$name" | grep -o '\.')" ] ; then
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
fi
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
}
# Function that add DNS record in the right file
addbindline () {
if [ "$#" -ne 2 ] ; then
die "Usage: addbindline <name> <target_cname>"
fi
name="$1"
target="$2"
# extract the truc.com part
domain="$(echo "$name" | grep -o '[^\.]\+\.[^\.]\+$' || true)"
[ -z "$domain" ] && return 0
# extract the subdomain part (www)
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
# bind DB file
bindfile="$debian_bind_confdir/db.$domain"
# Only append if db file exists
[ ! -f "$bindfile" ] && return 0
if [ -z "$shortname" ] ; then
# CNAME are forbiden for empty shortnames, so we must resolve the target IPs
while read line ; do
line_in_file "$line" "$bindfile"
done < <(fakeresolve "$target")
else
line_in_file "$shortname IN CNAME $target." "$bindfile"
fi
#XXX Add CAA records
}
list_template_db_files () {
ls "$debian_bind_confdir"/template.db.*
}
create_primary_files () {
# Compact the default SOA
SOA="$(grep -o '^[^;]*' SOA | sed -z -e 's/[[:space:]]\{2,\}/ /g' -e 's/\n/\\n/')"
for file in $(list_template_db_files) ; do
domain="$(basename "$file" | sed 's/template.db.//')"
new_db_file="$(echo "$file" | sed 's/template.db./db./')"
# Set the default SOA if needed
sed "s/^;JC_AUTOSOA$/$SOA/" "$file" > "$new_db_file"
# If no NS record in the db file
if [ -z "$(grep '[^;].*IN.*NS' "$new_db_file")" ] ; then
echo "@ IN NS $default_dns_name" >> "$new_db_file"
fi
cat >> "$debian_bind_confdir/named.conf.local" <<EOF
zone "$domain" {
# https://kb.isc.org/docs/aa-00723
#allow-update { !{!{$secondary_ips};any;}; key update-key; };
allow-transfer { $secondary_ips };
also-notify { $secondary_ips };
notify yes;
type master;
file "$new_db_file";
dnssec-policy default;
inline-signing yes;
key-directory "$DATA_DIR/keys";
};
EOF
done
echo 'Find every used domain and add them to bind db'
while read line ; do
read -r service target < <(echo "$line")
addbindline "$service" "$target"
nginxfile="/docker/$service/nginx_server.conf"
if [ -f "$nginxfile" ] ; then
for name in $(extract_domain_nginx_conf.sh "$nginxfile" | template.sh "/docker/$service/.env") ; do
addbindline "$name" "$target"
done
fi
done <"$servicefile"
}
create_secondary_files () {
primary_ips="$(echo "$primary_ips" | sed 's/^;//')"
for file in "$debian_bind_confdir"/template.db.* ; do
file="$(echo "$file" | sed 's/template.db.//')"
domain="$(basename "$file")"
echo -n "
zone \"$domain\" {
masters { $primary_ips };
type slave;
file \"$file\";
};" >> "$debian_bind_confdir/named.conf.local"
done
}
Reference in New Issue View Git Blame Copy Permalink