adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f7ed1c51eb
jean-cloud-services/services/ns1.jean-cloud.org/deploy.sh
Adrian Amaglio f7ed1c51eb what a piece of commit…
2023-09-07 19:50:05 +02:00

126 lines
3.2 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
. driglibash-base
set -euo pipefail
# Working variables
debian_bind_workdir="/var/cache/bind"
debian_bind_confdir="/etc/bind"
keydir="$DATA_DIR/keys"
# Install dependencies
apt install -y bind9 &>/dev/null
# Create Directories
mkdir -p "$keydir"
chown bind:bind "$keydir" -R
chown bind:bind "$debian_bind_confdir" -R
# Empty bind dir if it is not our git repo
if [ ! -d "$debian_bind_confdir/.git" ] ; then
echo "lets delete $debian_bind_confdir"
rm -rf "$debian_bind_confdir/"{*,.*}
fi
# Sync the git repo
sudo -u bind git_update.sh -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind
sudo -u bind git status
### Generate zones from service directory ###
servicefile="/docker/services.txt"
# Function that simulate a DNS resolve by reading bind zone file
# Returns all the record line:
# @ IN A X.X.X.X
fakeresolve () {
if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve <name>"
fi
name="$1"
zonefile="$debian_bind_confdir/db.jean-cloud.org"
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
}
# Function that add DNS record in the right file
addbindline () {
if [ "$#" -ne 2 ] ; then
die "Usage: addbindline <name> <target_cname>"
fi
name="$1"
target="$2"
# extract the truc.com part
domain="$(echo "$name" | grep -o '[^\.]\+\.[^\.]\+$' || true)"
[ -z "$domain" ] && return 0
# extract the subdomain part (www)
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
# bind DB file
bindfile="$debian_bind_confdir/db.$domain"
if [ -z "$shortname" ] ; then
# CNAME are forbiden for empty shortnames, so we must resolve the target IPs
while read line ; do
line_in_file "$line" "$bindfile"
done < <(fakeresolve "$target")
else
line_in_file "$shortname IN CNAME $target." "$bindfile"
fi
#XXX Add CAA records
}
autoconf_separator=";;; Autogeneration. Do not write under this line! ;;;"
echo 'Prepare bind: Remove autogenerated part from bind conf files'
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
echo 'Put the separator back'
for file in $( ls "$debian_bind_confdir"/db.* | grep -v '.signed$\|.jbk$\|.jnl$') ; do
echo "$autoconf_separator" >> "$file"
done
for file in "$debian_bind_confdir"/db.* ; do
domain="$(basename "$file" | sed 's/db.//')"
# TODO fill header too?
# If no NS record in the db file
if [ -z "$(grep '[^;].*IN.*NS' "$file")" ] ; then
echo -e "@ IN NS ns.jean-cloud.org\n" >> "$file"
fi
echo -n "
zone '$domain' {
allow-update { none; };
type master;
file \"$file\";
};" >> "$debian_bind_confdir/named.conf.local"
done
echo 'Find every used domain and add them to bind db'
while read line ; do
read -r service target <<<$(echo "$line")
addbindline "$service" "$target"
nginxfile="/docker/$service/nginx_server.conf"
if [ -f "$nginxfile" ] ; then
for name in $(extract_domain_nginx_conf.sh "$nginxfile" | template.sh "/docker/$service/.env") ; do
addbindline "$name" "$target"
done
fi
done <"$servicefile"
echo 'Restart bind9'
systemctl restart bind9
Reference in New Issue View Git Blame Copy Permalink