jean-cloud-services/services/ns1.jean-cloud.org/deploy.sh

126 lines
3.2 KiB
Bash
Raw Normal View History

2023-09-07 17:50:05 +00:00
#!/bin/bash
. driglibash-base
set -euo pipefail
# Working variables
debian_bind_workdir="/var/cache/bind"
debian_bind_confdir="/etc/bind"
keydir="$DATA_DIR/keys"
# Install dependencies
apt install -y bind9 &>/dev/null
# Create Directories
mkdir -p "$keydir"
chown bind:bind "$keydir" -R
chown bind:bind "$debian_bind_confdir" -R
# Empty bind dir if it is not our git repo
if [ ! -d "$debian_bind_confdir/.git" ] ; then
echo "lets delete $debian_bind_confdir"
rm -rf "$debian_bind_confdir/"{*,.*}
fi
# Sync the git repo
sudo -u bind git_update.sh -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind
sudo -u bind git status
### Generate zones from service directory ###
servicefile="/docker/services.txt"
# Function that simulate a DNS resolve by reading bind zone file
# Returns all the record line:
# @ IN A X.X.X.X
fakeresolve () {
if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve <name>"
fi
name="$1"
zonefile="$debian_bind_confdir/db.jean-cloud.org"
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
}
# Function that add DNS record in the right file
addbindline () {
if [ "$#" -ne 2 ] ; then
die "Usage: addbindline <name> <target_cname>"
fi
name="$1"
target="$2"
# extract the truc.com part
domain="$(echo "$name" | grep -o '[^\.]\+\.[^\.]\+$' || true)"
[ -z "$domain" ] && return 0
# extract the subdomain part (www)
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
# bind DB file
bindfile="$debian_bind_confdir/db.$domain"
if [ -z "$shortname" ] ; then
# CNAME are forbiden for empty shortnames, so we must resolve the target IPs
while read line ; do
line_in_file "$line" "$bindfile"
done < <(fakeresolve "$target")
else
line_in_file "$shortname IN CNAME $target." "$bindfile"
fi
#XXX Add CAA records
}
autoconf_separator=";;; Autogeneration. Do not write under this line! ;;;"
echo 'Prepare bind: Remove autogenerated part from bind conf files'
sed -i -n "/$autoconf_separator/q;p" "$debian_bind_confdir"/*
echo 'Put the separator back'
for file in $( ls "$debian_bind_confdir"/db.* | grep -v '.signed$\|.jbk$\|.jnl$') ; do
echo "$autoconf_separator" >> "$file"
done
for file in "$debian_bind_confdir"/db.* ; do
domain="$(basename "$file" | sed 's/db.//')"
# TODO fill header too?
# If no NS record in the db file
if [ -z "$(grep '[^;].*IN.*NS' "$file")" ] ; then
echo -e "@ IN NS ns.jean-cloud.org\n" >> "$file"
fi
echo -n "
zone '$domain' {
allow-update { none; };
type master;
file \"$file\";
};" >> "$debian_bind_confdir/named.conf.local"
done
echo 'Find every used domain and add them to bind db'
while read line ; do
read -r service target <<<$(echo "$line")
addbindline "$service" "$target"
nginxfile="/docker/$service/nginx_server.conf"
if [ -f "$nginxfile" ] ; then
for name in $(extract_domain_nginx_conf.sh "$nginxfile" | template.sh "/docker/$service/.env") ; do
addbindline "$name" "$target"
done
fi
done <"$servicefile"
echo 'Restart bind9'
systemctl restart bind9