126 lines
3.2 KiB
Bash
126 lines
3.2 KiB
Bash
|
#!/bin/bash
|
|||
|
|
|||
|
. driglibash-base
|
|||
|
|
|||
|
set -euo pipefail
|
|||
|
|
|||
|
# Working variables
|
|||
|
debian_bind_workdir="/var/cache/bind"
|
|||
|
debian_bind_confdir="/etc/bind"
|
|||
|
keydir="$DATA_DIR/keys"
|
|||
|
|
|||
|
# Install dependencies
|
|||
|
apt install -y bind9 &>/dev/null
|
|||
|
|
|||
|
# Create Directories
|
|||
|
mkdir -p "$keydir"
|
|||
|
chown bind:bind "$keydir" -R
|
|||
|
chown bind:bind "$debian_bind_confdir" -R
|
|||
|
|
|||
|
# Empty bind dir if it is not our git repo
|
|||
|
if [ ! -d "$debian_bind_confdir/.git" ] ; then
|
|||
|
echo "lets delete $debian_bind_confdir"
|
|||
|
rm -rf "$debian_bind_confdir/"{*,.*}
|
|||
|
fi
|
|||
|
|
|||
|
# Sync the git repo
|
|||
|
sudo -u bind git_update.sh -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
|||
|
cd /etc/bind
|
|||
|
sudo -u bind git status
|
|||
|
|
|||
|
### Generate zones from service directory ###
|
|||
|
|
|||
|
servicefile="/docker/services.txt"
|
|||
|
|
|||
|
# Function that simulate a DNS resolve by reading bind zone file
|
|||
|
# Returns all the record line:
|
|||
|
# @ IN A X.X.X.X
|
|||
|
fakeresolve () {
|
|||
|
if [ "$#" -ne 1 ] ; then
|
|||
|
die "Usage: fakeresolve <name>"
|
|||
|
fi
|
|||
|
name="$1"
|
|||
|
|
|||
|
zonefile="$debian_bind_confdir/db.jean-cloud.org"
|
|||
|
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
|
|||
|
|
|||
|
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
# Function that add DNS record in the right file
|
|||
|
addbindline () {
|
|||
|
if [ "$#" -ne 2 ] ; then
|
|||
|
die "Usage: addbindline <name> <target_cname>"
|
|||
|
fi
|
|||
|
|
|||
|
name="$1"
|
|||
|
target="$2"
|
|||
|
|
|||
|
# extract the truc.com part
|
|||
|
domain="$(echo "$name" | grep -o '[^\.]\+\.[^\.]\+$' || true)"
|
|||
|
[ -z "$domain" ] && return 0
|
|||
|
|
|||
|
# extract the subdomain part (www)
|
|||
|
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
|
|||
|
|
|||
|
# bind DB file
|
|||
|
bindfile="$debian_bind_confdir/db.$domain"
|
|||
|
|
|||
|
if [ -z "$shortname" ] ; then
|
|||
|
# CNAME are forbiden for empty shortnames, so we must resolve the target IPs
|
|||
|
while read line ; do
|
|||
|
line_in_file "$line" "$bindfile"
|
|||
|
done < <(fakeresolve "$target")
|
|||
|
else
|
|||
|
line_in_file "$shortname IN CNAME $target." "$bindfile"
|
|||
|
fi
|
|||
|
|
|||
|
#XXX Add CAA records
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
autoconf_separator=";;; Autogeneration. Do not write under this line! ;;;"
|
|||
|
|
|||
|
echo 'Prepare bind: Remove autogenerated part from bind conf files'
|
|||
|
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
|
|||
|
|
|||
|
echo 'Put the separator back'
|
|||
|
for file in $( ls "$debian_bind_confdir"/db.* | grep -v '.signed$\|.jbk$\|.jnl$') ; do
|
|||
|
echo "$autoconf_separator" >> "$file"
|
|||
|
done
|
|||
|
|
|||
|
for file in "$debian_bind_confdir"/db.* ; do
|
|||
|
domain="$(basename "$file" | sed 's/db.//')"
|
|||
|
|
|||
|
# TODO fill header too?
|
|||
|
|
|||
|
# If no NS record in the db file
|
|||
|
if [ -z "$(grep '[^;].*IN.*NS' "$file")" ] ; then
|
|||
|
echo -e "@ IN NS ns.jean-cloud.org\n" >> "$file"
|
|||
|
fi
|
|||
|
|
|||
|
echo -n "
|
|||
|
zone '$domain' {
|
|||
|
allow-update { none; };
|
|||
|
type master;
|
|||
|
file \"$file\";
|
|||
|
};" >> "$debian_bind_confdir/named.conf.local"
|
|||
|
done
|
|||
|
|
|||
|
echo 'Find every used domain and add them to bind db'
|
|||
|
while read line ; do
|
|||
|
read -r service target <<<$(echo "$line")
|
|||
|
addbindline "$service" "$target"
|
|||
|
nginxfile="/docker/$service/nginx_server.conf"
|
|||
|
if [ -f "$nginxfile" ] ; then
|
|||
|
for name in $(extract_domain_nginx_conf.sh "$nginxfile" | template.sh "/docker/$service/.env") ; do
|
|||
|
addbindline "$name" "$target"
|
|||
|
done
|
|||
|
fi
|
|||
|
done <"$servicefile"
|
|||
|
|
|||
|
|
|||
|
echo 'Restart bind9'
|
|||
|
systemctl restart bind9
|