]> gitweb.michael.orlitzky.com - mjo-overlay.git/blob - djbdns/files/djbdns-setup
skel.ebuild: use EAPI=8.
[mjo-overlay.git] / djbdns / files / djbdns-setup
1 #!/bin/bash
2 #
3 # djbdns-setup
4 #
5 # Copyright (C) 2004-2006 Kalin KOZHUHAROV <kalin@thinrope.net>
6 # The latest version of this script can be accessed at:
7 # rsync://rsync.tar.bz/gentoo-portage-pkalin/net-dns/djbdns/files/djbdns-setup
8 #
9 # This program is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU General Public License
11 # as published by the Free Software Foundation; either version 2
12 # of the License, or (at your option) any later version.
13
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 # http://www.gnu.org/copyleft/gpl.html
19 #
20
21 # {{{ Rip off the ewarn code from /sbin/functions.sh
22 WARN=$'\e[33;01m'
23 NORMAL=$'\e[0m'
24 ewarn() {
25 echo -e " ${WARN}*${NORMAL} $*"
26 return 0
27 }
28 # }}}
29
30 # {{{ global vars
31 S_SEPARATOR="--------------------------------------------------------------------------------"
32 D_SEPARATOR="================================================================================"
33
34 REQ_GROUP="nofiles"
35 REQ_USERS="tinydns dnscache dnslog"
36
37 IPs[0]=""
38 IPs[1]=""
39 IPs[2]=""
40 dnscache=0
41 tinydns=1
42 axfrdns=2
43
44 # global vars }}}
45
46 # {{{ functions
47 check_group_users()
48 {
49 echo ": Checking for required group (${REQ_GROUP}) :"
50 grep ${REQ_GROUP} /etc/group &> /dev/null
51 if [ $? -ne 0 ]
52 then
53 ebegin "Adding group ${REQ_GROUP}"
54 /usr/sbin/groupadd ${REQ_GROUP} &>/dev/null && eend 0 || eend 1
55 fi
56
57 echo ": Checking for required users (${REQ_USERS}) :"
58 for user in ${REQ_USERS};
59 do
60 grep ${user} /etc/passwd &> /dev/null
61 if [ $? -ne 0 ]
62 then
63 ebegin "Adding user ${user}"
64 /usr/sbin/useradd -d /dev/null -s /bin/false -g ${REQ_GROUP} ${user} &>/dev/null && eend 0 || eend 1
65 fi
66 done
67 return 0
68 }
69
70 start_services()
71 {
72 local services="$1"
73
74 echo "${SEPARATOR}"
75 echo ": Start services :"
76 echo
77 echo " Your services (${services// /, }) are ready for startup!"
78 echo
79 ewarn " The following requires daemontools to be running!"
80 local answer=""
81 read -p " Would you like ${services// /, } to be started and supervised by daemontools now? [Y|n]> " answer
82 if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
83 then
84
85 ebegin "Checking if daemontools are running"
86 ps -A |grep svscanboot &>/dev/null && eend 0 || eend 1
87
88 ebegin "Linking services in /service"
89 # Don't make symbolic links to / !
90 # use ../ instead as it gives trouble in chrooted environments
91 local fixedroot_path=`echo ${mypath} | sed -e 's#^/#../#'`
92 for service in ${services};
93 do
94 for ip in ${IPs[${service}]};
95 do
96 ln -sf ${fixedroot_path}/${service}/${ip} /service/${service}_${ip}
97 done
98 done
99
100 eend 0
101
102 echo
103 ls -l --color=auto /service/
104 echo
105 ebegin "Waiting 5 seconds for services to start"
106 sleep 5 && eend 0
107
108 echo "${SEPARATOR}"
109 echo ": Check services status :"
110 echo
111 for service in ${services};
112 do
113 for ip in ${IPs[${service}]};
114 do
115 svstat /service/${service}_${ip} /service/${service}_${ip}/log
116 done
117 done
118 fi
119 return 0
120 }
121
122 tinydns_setup()
123 {
124 return 0
125 }
126
127 axfrdns_setup()
128 {
129 echo "${S_SEPARATOR}"
130 echo ": Grant access to axfrdns :"
131 echo
132 TCPRULES_DIR="${mypath}/axfrdns/${myip}/control"
133 echo " axfrdns is accessed by your secondary servers and when response cannot fit UDP packet"
134 echo " You have to specify which IP addresses are allowed to access it"
135 echo " in ${TCPRULES_DIR}/tcp.axfrdns"
136 echo
137 echo " Example:"
138 echo " 1.2.3.4 would allow the host 1.2.3.4"
139 echo " 1.2.3. would allow ALL hosts 1.2.3.x (like 1.2.3.4, 1.2.3.100, etc.)"
140 ewarn "Do NOT forget the trailing dot!"
141 echo
142 echo " Press Enter if you do not want to allow any access now."
143 echo
144
145 sed -i -e "s#-x tcp.cdb#-x control/tcp.axfrdns.cdb#g" ${mypath}/axfrdns/${myip}/run
146 if [ -e ${TCPRULES_DIR}/tcp.axfrdns ]
147 then
148 ewarn "${TCPRULES_DIR}/tcp.axfrdns exists."
149 read -p " Do you want it cleared? [y|N]: " answer
150 if [ "${answer}" == "y" ]
151 then
152 echo '# sample line: 1.2.3.4:allow,AXFR="heaven.af.mil/3.2.1.in-addr.arpa"' > ${TCPRULES_DIR}/tcp.axfrdns
153 fi
154 fi
155
156 read -p " IP to allow (press Enter to end)> " ipallow
157
158 while [ "$ipallow" != "" ]
159 do
160 echo "${ipallow}:allow" >> ${TCPRULES_DIR}/tcp.axfrdns
161 read -p " IP to allow (press Enter to end)> " ipallow
162 done
163 echo ":deny" >> ${TCPRULES_DIR}/tcp.axfrdns
164
165 echo " Here are the tcprules created so far:"
166 echo
167 cat ${TCPRULES_DIR}/tcp.axfrdns
168 echo
169 local answer=""
170 read -p " Would you like ${TCPRULES_DIR}/tcp.axfrdns.cdb updated? [Y|n]: " answer
171 if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
172 then
173 ebegin "Updating ${TCPRULES_DIR}/tcp.axfrdns.cdb"
174 bash -c "cd ${TCPRULES_DIR} && make" && eend 0 || eend 1
175 fi
176 return 0
177 }
178
179 dnscache_setup()
180 {
181 echo ": Configure forwarding :"
182 echo
183 echo " dnscache can be configured to forward queries to another"
184 echo " DNS cache (such as the one your ISP provides) rather than"
185 echo " performing the lookups itself."
186 echo
187 echo " To enable this forwarding-only mode (usually a good idea),"
188 echo " provide the IPs of the caches to forward to."
189 echo " To have dnscache perform the lookups itself, just press Enter."
190 echo
191 read -p " forward-to IP> " myforward
192 echo
193 if [ "$myforward" != "" ]
194 then
195 echo $myforward > ${mypath}/dnscache/${myip}/root/servers/\@
196 echo -n "1" > ${mypath}/dnscache/${myip}/env/FORWARDONLY
197
198 read -p " forward-to IP (press Enter to end)> " myforward
199 while [ "$myforward" != "" ]
200 do
201 echo $myforward >> ${mypath}/dnscache/${myip}/root/servers/\@
202 read -p " forward-to IP (press Enter to end)> " myforward
203 done
204
205 echo
206 echo " Currently all queries will be forwarded to:"
207 echo
208 cat ${mypath}/dnscache/${myip}/root/servers/\@
209 echo
210 fi
211
212 echo "${SEPARATOR}"
213 echo ": Configuring clients :"
214 echo
215 echo " By default dnscache allows only localhost (127.0.0.1) to"
216 echo " access it. You have to specify the IP addresses of the"
217 echo " clients that shall be allowed to use it."
218 echo
219 echo " Example:"
220 echo " 1.2.3.4 would allow only one host: 1.2.3.4"
221 echo " 1.2.3 would allow all hosts 1.2.3.0/24 (e.g. 1.2.3.4, 1.2.3.100, etc.)"
222 echo
223 echo " Press Enter if you do NOT want to allow external clients!"
224 echo
225
226 read -p " Allowed IP> " myclientip
227
228 while [ "$myclientip" != "" ]
229 do
230 touch ${mypath}/dnscache/${myip}/root/ip/${myclientip}
231 read -p " Allowed IP (press Enter to end)> " myclientip
232 done
233
234 echo
235 echo " All queries from the hosts below will be answered:"
236 echo
237 ls -1 ${mypath}/dnscache/${myip}/root/ip
238 echo
239
240 #TODO
241 #configure cachsize - $mypath/env/CACHESIZE
242
243 #TODO
244 #configure datalimit - $mypath/env/DATALIMIT
245 return 0
246 }
247
248 common_setup()
249 {
250 local service_human="$1"
251 local service_machine="$2"
252 local services="$3"
253
254 echo ": ${service_human} setup :"
255 echo
256
257 for service in ${services};
258 do
259 if [ ! -e ${mypath}/${service} ]
260 then
261 ebegin "Creating ${mypath}/${service}"
262 mkdir -p $mypath/${service} && eend 0 || eend 1
263 fi
264 done
265
266 echo "${SEPARATOR}"
267 echo ": IP address to bind to :"
268 echo
269 echo " Specify an address to which the ${service_human} should bind."
270 echo " Currently accessible IPs:"
271 local addrs=`ifconfig -a | grep "inet addr" | cut -f2 -d":" | cut -f1 -d" "`
272 echo " "$addrs
273 echo
274
275 while [ "${myip}" == "" ]
276 do
277 read -p " IP to bind to> " myip
278 done
279 echo
280
281 for service in ${services};
282 do
283 IPs[${service}]="${IPs[${service}]} ${myip}"
284 done
285
286 local dnscache_INSTALL="/usr/bin/dnscache-conf dnscache dnslog ${mypath}/dnscache/${myip} $myip"
287 local tinydns_INSTALL="/usr/bin/tinydns-conf tinydns dnslog ${mypath}/tinydns/${myip} $myip"
288 local axfrdns_INSTALL="\
289 /usr/bin/axfrdns-conf tinydns dnslog ${mypath}/axfrdns/${myip} ${mypath}/tinydns/${myip} $myip &&\
290 mkdir -p ${mypath}/axfrdns/${myip}/control &&\
291 echo -e \"tcp.axfrdns.cdb:\ttcp.axfrdns\n\ttcprules tcp.axfrdns.cdb .tcp.axfrdns.cdb.tmp < tcp.axfrdns\" > ${mypath}/axfrdns/${myip}/control/Makefile &&\
292 rm -f ${mypath}/axfrdns/${myip}/tcp ${mypath}/axfrdns/${myip}/Makefile"
293
294 for service in ${services};
295 do
296 if [ ! -e ${mypath}/${service}/${myip} ]
297 then
298 ebegin "Setting up ${service} in ${mypath}/${service}/${myip}"
299 eval command=\$${service}_INSTALL
300 /bin/bash -c "${command}" && eend 0 || eend 1
301 else
302 ewarn "${service} directory ${mypath}/${service}/${myip} exists, nothing done."
303 fi
304 done
305
306 }
307
308 # functions }}}
309
310 # {{{ main script
311
312 if [ `id -u` -ne 0 ]
313 then
314 ewarn "You must be root to run this script, sorry."
315 exit 1
316 else
317
318 echo "${D_SEPARATOR}"
319 echo ": DJB DNS setup :"
320 echo
321 echo " This script will help you setup the following:"
322 echo
323 echo " DNS server(s): to publish addresses of Internet hosts"
324 echo
325 echo " DNS cache(s) : to find addresses of Internet hosts"
326 echo
327 echo " For further information see:"
328 echo " http://cr.yp.to/djbdns/blurb/overview.html"
329 echo
330 ewarn "If you have already setup your services,"
331 ewarn "either exit now, or setup in different directories."
332 echo
333
334 answer=""
335 read -p " Would you like to continue with setup? [Y|n]> " answer
336 if [ "${answer}" == "n" ] || [ "${answer}" == "N" ]
337 then
338 ewarn "Aborting setup"
339 exit 1
340 fi
341
342 echo "${D_SEPARATOR}"
343 echo ": Choose install location :"
344 echo
345 default_path="/var"
346 echo " The default (${default_path}) will install them"
347 echo " in ${default_path}/\${service}/\${IP_ADDRESS}"
348 echo
349 echo " For example:"
350 echo " /var/tinydns /1.2.3.4"
351 echo " /192.168.33.1"
352 echo " /axfrdns /1.2.3.4"
353 echo " /192.168.33.1"
354 echo " /dnscache/127.0.0.1"
355 echo
356 ewarn "Do NOT enter trailing slash"
357 echo " Where do you want services installed?"
358 read -p "[${default_path}] > " mypath
359 echo
360
361 if [ "${mypath}" == "" ]
362 then
363 mypath=${default_path}
364 fi
365
366 echo "${D_SEPARATOR}"
367 check_group_users
368
369 answer=""
370 another=""
371 until [ "$answer" == "n" ]
372 do
373 echo "${D_SEPARATOR}"
374 answer=""
375 read -p " Would you like to setup ${another}dnscache? [Y|n]> " answer
376 if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
377 then
378 myip=""
379 echo "${S_SEPARATOR}"
380 common_setup "DNS cache" "dnscache" "dnscache"
381 if [ $? == 0 ]
382 then
383 dnscache_setup
384 else
385 ewarn "Skipping dnscache specific setup."
386 fi
387 fi
388 another="another "
389 done
390
391 answer=""
392 another=""
393 until [ "$answer" == "n" ]
394 do
395 echo "${D_SEPARATOR}"
396 answer=""
397 read -p " Would you like to setup ${another}DNS server? [Y|n]> " answer
398 if [ "${answer}" == "Y" ] || [ "${answer}" == "" ]
399 then
400 myip=""
401 echo "${S_SEPARATOR}"
402 common_setup "DNS server" "{tinydns,afxrdns}" "tinydns axfrdns"
403 if [ $? == 0 ]
404 then
405 tinydns_setup
406 axfrdns_setup
407 else
408 ewarn "Skipping tinydns and axfrdns specific setup."
409 fi
410 fi
411 another="another "
412 done
413
414 echo "${D_SEPARATOR}"
415
416 start_services "tinydns axfrdns dnscache"
417
418 echo "${D_SEPARATOR}"
419 fi
420 # main script }}}
421 # vim: set ts=4 fenc=utf-8 foldmethod=marker: