change reverse zone
This commit is contained in:
parent
2a1e001cb5
commit
200c53966a
@ -1,10 +1,12 @@
|
|||||||
{
|
{
|
||||||
"zone": {
|
"zone": {
|
||||||
"soa": "ns1.higgsboson.tk.",
|
"soa": "ns1.higgsboson.tk.",
|
||||||
"serial": 175,
|
"serial": 200,
|
||||||
"refresh": "1H",
|
"refresh": "1H",
|
||||||
"hostmaster": "hostmaster.higgsboson.tk",
|
"hostmaster": "hostmaster.higgsboson.tk",
|
||||||
"domain": "eve.higgsboson.tk",
|
"ipv6-domain": "eve.higgsboson.tk",
|
||||||
|
"ipv4-domain": "eve.evenet.dn42",
|
||||||
|
"ula-domain": "eve.evenet.dn42",
|
||||||
"ttl": 300,
|
"ttl": 300,
|
||||||
"a": "148.251.132.243",
|
"a": "148.251.132.243",
|
||||||
"aaaa": "2a01:4f8:210:31fd::1",
|
"aaaa": "2a01:4f8:210:31fd::1",
|
||||||
@ -13,7 +15,9 @@
|
|||||||
"minimum": "1D",
|
"minimum": "1D",
|
||||||
"v4_subnet": "172.23.75.0/26",
|
"v4_subnet": "172.23.75.0/26",
|
||||||
"ula_subnet": "fdc0:4992:6a6d::/80",
|
"ula_subnet": "fdc0:4992:6a6d::/80",
|
||||||
"v6_subnet": "2a01:4f8:210:31fd:1::/80"
|
"v6_subnet": "2a01:4f8:210:31fd:1::/80",
|
||||||
|
"lxc_root": "/data/containers/",
|
||||||
|
"lxc-config": "/etc/lxc/default.conf"
|
||||||
},
|
},
|
||||||
"network": {
|
"network": {
|
||||||
"eve": {
|
"eve": {
|
||||||
@ -38,9 +42,9 @@
|
|||||||
"lxc": false
|
"lxc": false
|
||||||
},
|
},
|
||||||
"base": {
|
"base": {
|
||||||
"ipv4": "172.23.75.63/32",
|
"ipv4": "172.23.75.62/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::3f/128",
|
"ipv6": "2a01:4f8:210:31fd:1::3e/128",
|
||||||
"ula": "fdc0:4992:6a6d::3f/128"
|
"ula": "fdc0:4992:6a6d::3e/128"
|
||||||
},
|
},
|
||||||
"ldap": {
|
"ldap": {
|
||||||
"ipv4": "172.23.75.3/32",
|
"ipv4": "172.23.75.3/32",
|
||||||
@ -56,10 +60,13 @@
|
|||||||
"istwiki": {
|
"istwiki": {
|
||||||
"srv/http/ist.devkid.net": true
|
"srv/http/ist.devkid.net": true
|
||||||
},
|
},
|
||||||
|
"letsencrypt": {
|
||||||
|
"/etc/letsencrypt/": true
|
||||||
|
},
|
||||||
"git": {
|
"git": {
|
||||||
"usr/share/webapps/gitlab": true,
|
"usr/share/webapps/gitlab/public": true,
|
||||||
"var/lib/gitlab/assets": true,
|
"srv/http/higgsboson.tk": true,
|
||||||
"var/lib/gitlab/uploads": true
|
"srv/http/blog.higgsboson.tk": true
|
||||||
},
|
},
|
||||||
"halfcode": {
|
"halfcode": {
|
||||||
"srv/http/halfco.de": true
|
"srv/http/halfco.de": true
|
||||||
@ -73,6 +80,9 @@
|
|||||||
"rainloop": {
|
"rainloop": {
|
||||||
"srv/http/mail.higgsboson.tk": true
|
"srv/http/mail.higgsboson.tk": true
|
||||||
},
|
},
|
||||||
|
"limesurvey": {
|
||||||
|
"usr/share/webapps/limesurvey": true
|
||||||
|
},
|
||||||
"etherpad": {
|
"etherpad": {
|
||||||
"/usr/share/webapps/etherpad-lite/src/static": "/srv/http/pad.higgsboson.tk/static"
|
"/usr/share/webapps/etherpad-lite/src/static": "/srv/http/pad.higgsboson.tk/static"
|
||||||
},
|
},
|
||||||
@ -103,7 +113,6 @@
|
|||||||
"pyload": {
|
"pyload": {
|
||||||
"var/lib/pyload/Downloads": "mnt/pyload"
|
"var/lib/pyload/Downloads": "mnt/pyload"
|
||||||
},
|
},
|
||||||
"phpmyadmin": true,
|
|
||||||
"ttrss": {
|
"ttrss": {
|
||||||
"usr/share/webapps/tt-rss": true,
|
"usr/share/webapps/tt-rss": true,
|
||||||
"var/lib/tt-rss/feed-icons": true
|
"var/lib/tt-rss/feed-icons": true
|
||||||
@ -111,17 +120,17 @@
|
|||||||
},
|
},
|
||||||
"ula": "fdc0:4992:6a6d::5/128"
|
"ula": "fdc0:4992:6a6d::5/128"
|
||||||
},
|
},
|
||||||
"ns1": {
|
"ns1.evenet.dn42": {
|
||||||
"ns": true,
|
"ns": true,
|
||||||
"lxc": false,
|
"lxc": false,
|
||||||
"ipv4": "148.251.132.243/32",
|
"ipv4": "172.23.75.6",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::6/128"
|
"ipv6": "fdc0:4992:6a6d::6"
|
||||||
},
|
},
|
||||||
"ns2": {
|
"ns2.evenet.dn42": {
|
||||||
"ns": true,
|
"ns": true,
|
||||||
"lxc": false,
|
"lxc": false,
|
||||||
"ipv4": "188.226.214.194/32",
|
"ipv4": "172.23.75.70",
|
||||||
"ipv6": "2a03:b0c0:0:1010::3d:b002/128"
|
"ipv6": "fdc0:4992:6a6d:300::6"
|
||||||
},
|
},
|
||||||
"dns": {
|
"dns": {
|
||||||
"ipv4": "172.23.75.6/32",
|
"ipv4": "172.23.75.6/32",
|
||||||
@ -132,12 +141,17 @@
|
|||||||
"dn42": {
|
"dn42": {
|
||||||
"ipv4": "172.23.75.1/32",
|
"ipv4": "172.23.75.1/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::1/128",
|
"ipv6": "2a01:4f8:210:31fd:1::1/128",
|
||||||
"ula": "fdc0:4992:6a6d::1/128"
|
"ula": "fdc0:4992:6a6d::1/128",
|
||||||
|
"mounts": {
|
||||||
|
"web": {
|
||||||
|
"srv/http/dl.higgsboson.tk": true
|
||||||
|
}
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"dn42-2": {
|
"dn42-2": {
|
||||||
"ipv4": "172.23.75.64/32",
|
"ipv4": "172.23.75.65/32",
|
||||||
"ipv6": "2a03:b0c0:0:1010::3d:b001",
|
"ipv6": "2a03:b0c0:0:1010::3d:b001",
|
||||||
"ula": "fdc0:4992:6a6d::1/128",
|
"ula": "fdc0:4992:6a6d:300::1",
|
||||||
"lxc": false
|
"lxc": false
|
||||||
},
|
},
|
||||||
"faces": {
|
"faces": {
|
||||||
@ -224,6 +238,12 @@
|
|||||||
"ipv4": "172.23.75.16/32",
|
"ipv4": "172.23.75.16/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::10/128",
|
"ipv6": "2a01:4f8:210:31fd:1::10/128",
|
||||||
"rdns6": "mail.higgsboson.tk",
|
"rdns6": "mail.higgsboson.tk",
|
||||||
|
"mounts": {
|
||||||
|
"letsencrypt": {
|
||||||
|
"/etc/letsencrypt/live/": true,
|
||||||
|
"/etc/letsencrypt/archive/": true
|
||||||
|
}
|
||||||
|
},
|
||||||
"backup-paths": [
|
"backup-paths": [
|
||||||
"var/vmail"
|
"var/vmail"
|
||||||
],
|
],
|
||||||
@ -334,6 +354,12 @@
|
|||||||
"backup-paths": [
|
"backup-paths": [
|
||||||
"var/lib/prosody"
|
"var/lib/prosody"
|
||||||
],
|
],
|
||||||
|
"mounts": {
|
||||||
|
"letsencrypt": {
|
||||||
|
"/etc/letsencrypt/live/": true,
|
||||||
|
"/etc/letsencrypt/archive/": true
|
||||||
|
}
|
||||||
|
},
|
||||||
"ula": "fdc0:4992:6a6d::16/128"
|
"ula": "fdc0:4992:6a6d::16/128"
|
||||||
},
|
},
|
||||||
"piwik": {
|
"piwik": {
|
||||||
@ -380,11 +406,6 @@
|
|||||||
"ipv6": "2a01:4f8:210:31fd:1::1b/128",
|
"ipv6": "2a01:4f8:210:31fd:1::1b/128",
|
||||||
"ula": "fdc0:4992:6a6d::1b/128"
|
"ula": "fdc0:4992:6a6d::1b/128"
|
||||||
},
|
},
|
||||||
"classifier": {
|
|
||||||
"ipv4": "172.23.75.28/32",
|
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::1c/128",
|
|
||||||
"ula": "fdc0:4992:6a6d::1c/128"
|
|
||||||
},
|
|
||||||
"seafile": {
|
"seafile": {
|
||||||
"ipv4": "172.23.75.29/32",
|
"ipv4": "172.23.75.29/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::1d/128",
|
"ipv6": "2a01:4f8:210:31fd:1::1d/128",
|
||||||
@ -401,6 +422,7 @@
|
|||||||
},
|
},
|
||||||
"vars": {
|
"vars": {
|
||||||
"ssh_ldap": true,
|
"ssh_ldap": true,
|
||||||
|
"install_dn42_ca": false,
|
||||||
"add_repo_in_pacman_conf": false,
|
"add_repo_in_pacman_conf": false,
|
||||||
"additional_admins": [
|
"additional_admins": [
|
||||||
{
|
{
|
||||||
@ -453,6 +475,43 @@
|
|||||||
"ipv4": "172.23.75.37/32",
|
"ipv4": "172.23.75.37/32",
|
||||||
"ipv6": "2a01:4f8:210:31fd:1::25/128",
|
"ipv6": "2a01:4f8:210:31fd:1::25/128",
|
||||||
"ula": "fdc0:4992:6a6d::25/128"
|
"ula": "fdc0:4992:6a6d::25/128"
|
||||||
|
},
|
||||||
|
"honeypot": {
|
||||||
|
"ipv4": "172.23.75.38/32",
|
||||||
|
"ipv6": "2a01:4f8:210:31fd:1::26/128",
|
||||||
|
"ula": "fdc0:4992:6a6d::26/128",
|
||||||
|
"lxc": false
|
||||||
|
},
|
||||||
|
"btsync": {
|
||||||
|
"ipv4": "172.23.75.31/32",
|
||||||
|
"ipv6": "2a01:4f8:210:31fd:1::1f/128",
|
||||||
|
"ula": "fdc0:4992:6a6d::1f/128",
|
||||||
|
"mounts": {
|
||||||
|
"pyload": {
|
||||||
|
"var/lib/pyload/Downloads": "mnt/pyload"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"letsencrypt": {
|
||||||
|
"ipv4": "172.23.75.28/32",
|
||||||
|
"ipv6": "2a01:4f8:210:31fd:1::1c/128",
|
||||||
|
"ula": "fdc0:4992:6a6d::1c/128"
|
||||||
|
},
|
||||||
|
"limesurvey": {
|
||||||
|
"ipv4": "172.23.75.39/32",
|
||||||
|
"ipv6": "2a01:4f8:210:31fd:1::27/128",
|
||||||
|
"ula": "fdc0:4992:6a6d::27/128",
|
||||||
|
"group": "php",
|
||||||
|
"vars": {
|
||||||
|
"php_extensions": [
|
||||||
|
"pgsql",
|
||||||
|
"pdo_pgsql",
|
||||||
|
"gd",
|
||||||
|
"zip",
|
||||||
|
"ldap",
|
||||||
|
"imap"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -5,6 +5,8 @@ lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill l
|
|||||||
# Setup the LXC devices in /dev/lxc/
|
# Setup the LXC devices in /dev/lxc/
|
||||||
lxc.devttydir = lxc
|
lxc.devttydir = lxc
|
||||||
|
|
||||||
|
lxc.init_cmd = /usr/lib/systemd/systemd
|
||||||
|
|
||||||
# Set the halt/stop signals
|
# Set the halt/stop signals
|
||||||
lxc.haltsignal=SIGRTMIN+4
|
lxc.haltsignal=SIGRTMIN+4
|
||||||
lxc.stopsignal=SIGRTMIN+14
|
lxc.stopsignal=SIGRTMIN+14
|
||||||
|
|||||||
@ -44,6 +44,7 @@ module Lxc
|
|||||||
FileUtils.touch(local_conf)
|
FileUtils.touch(local_conf)
|
||||||
end
|
end
|
||||||
opts[:local_conf] = local_conf
|
opts[:local_conf] = local_conf
|
||||||
|
opts[:global_conf] = @data["zone"]["lxc-config"]
|
||||||
|
|
||||||
fstab = @container_root.join("fstab")
|
fstab = @container_root.join("fstab")
|
||||||
opts[:fstab] = fstab if File.exists?(fstab)
|
opts[:fstab] = fstab if File.exists?(fstab)
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
module Lxc
|
module Lxc
|
||||||
class RdnsZone
|
class RdnsZone
|
||||||
def initialize(data, subnet)
|
def initialize(data, addr_field, subnet)
|
||||||
@data = data
|
@data = data
|
||||||
|
@addr_field = addr_field
|
||||||
@subnet = NetAddr::CIDR.create(subnet)
|
@subnet = NetAddr::CIDR.create(subnet)
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -12,16 +13,15 @@ module Lxc
|
|||||||
end
|
end
|
||||||
|
|
||||||
def pointers(&blk)
|
def pointers(&blk)
|
||||||
version = @subnet.version
|
|
||||||
|
|
||||||
@data["network"].each do |name, host|
|
@data["network"].each do |name, host|
|
||||||
ip = host["ipv#{version}"]
|
ip = host[@addr_field]
|
||||||
next unless ip
|
next unless ip
|
||||||
arpa = NetAddr::CIDR.create(ip).arpa
|
arpa = NetAddr::CIDR.create(ip).arpa
|
||||||
next unless arpa.end_with?(@subnet.arpa)
|
next unless arpa.end_with?(@subnet.arpa)
|
||||||
host_part = arpa[0, arpa.size - @subnet.arpa.size - 1]
|
host_part = arpa[0, arpa.size - @subnet.arpa.size - 1]
|
||||||
# only allowed characters in FQDN
|
# only allowed characters in FQDN
|
||||||
name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
|
name = name.gsub(/[^a-zA-Z0-9\-]/, "-")
|
||||||
|
# <%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
|
||||||
yield name, host_part
|
yield name, host_part
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -32,7 +32,11 @@ module Lxc
|
|||||||
|
|
||||||
def write_zone_file(path)
|
def write_zone_file(path)
|
||||||
zone_template = Template.new(CONFIG_ROOT.join("hooks/templates/rdns-zone.erb"))
|
zone_template = Template.new(CONFIG_ROOT.join("hooks/templates/rdns-zone.erb"))
|
||||||
zone_template.write(path.join("zones", name), zone: self, data: data)
|
domain = data["zone"]["#{@addr_field}-domain"]
|
||||||
|
zone_template.write(path.join("zones", name),
|
||||||
|
zone: self,
|
||||||
|
data: data,
|
||||||
|
domain: domain)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
lxc.include = /etc/lxc/overlay.conf
|
lxc.include = <%= global_conf %>
|
||||||
lxc.include = <%= local_conf %>
|
lxc.include = <%= local_conf %>
|
||||||
lxc.utsname = <%= name %>
|
lxc.utsname = <%= name %>
|
||||||
lxc.rootfs = <%= rootfs %>
|
lxc.rootfs = <%= rootfs %>
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
@ IN SOA <%= data["zone"]["soa"] %> <%= data["zone"]["hostmaster"] %>. (
|
@ IN SOA ns1.evenet.dn42. <%= data["zone"]["hostmaster"] %>. (
|
||||||
<%= data["zone"]["serial"] %> ; serial
|
<%= data["zone"]["serial"] %> ; serial
|
||||||
<%= data["zone"]["refresh"] %> ; refresh
|
<%= data["zone"]["refresh"] %> ; refresh
|
||||||
<%= data["zone"]["retry"] %> ; retry
|
<%= data["zone"]["retry"] %> ; retry
|
||||||
@ -11,5 +11,5 @@
|
|||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
||||||
<% zone.pointers do |name, addr| -%>
|
<% zone.pointers do |name, addr| -%>
|
||||||
<%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>.
|
<%= addr %> PTR <%= fqdn(name) %>.<%= domain %>.
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|||||||
@ -38,7 +38,7 @@ end
|
|||||||
|
|
||||||
registry = Lxc::Registry.new
|
registry = Lxc::Registry.new
|
||||||
registry.data["zone"] ||= {}
|
registry.data["zone"] ||= {}
|
||||||
domain = registry.data["zone"]["domain"] || "lxc"
|
domain = registry.data["zone"]["ipv6-domain"] || "lxc"
|
||||||
subnet = registry.data["zone"]["v6_subnet"]
|
subnet = registry.data["zone"]["v6_subnet"]
|
||||||
if subnet
|
if subnet
|
||||||
subnet_cidr = NetAddr::CIDR.create(subnet)
|
subnet_cidr = NetAddr::CIDR.create(subnet)
|
||||||
|
|||||||
@ -12,16 +12,17 @@ def main
|
|||||||
registry.save
|
registry.save
|
||||||
|
|
||||||
root_path = Lxc::CONFIG_ROOT
|
root_path = Lxc::CONFIG_ROOT
|
||||||
|
|
||||||
|
if subnet = registry.data["zone"]["ula_subnet"]
|
||||||
|
Lxc::RdnsZone.new(registry.data, "ula", subnet).write_zone_file(root_path)
|
||||||
|
end
|
||||||
|
|
||||||
if subnet = registry.data["zone"]["v4_subnet"]
|
if subnet = registry.data["zone"]["v4_subnet"]
|
||||||
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
|
Lxc::RdnsZone.new(registry.data, "ipv4", subnet).write_zone_file(root_path)
|
||||||
end
|
end
|
||||||
|
|
||||||
if subnet = registry.data["zone"]["v6_subnet"]
|
if subnet = registry.data["zone"]["v6_subnet"]
|
||||||
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
|
Lxc::RdnsZone.new(registry.data, "ipv6", subnet).write_zone_file(root_path)
|
||||||
end
|
|
||||||
|
|
||||||
if subnet = registry.data["zone"]["ula_subnet"]
|
|
||||||
Lxc::RdnsZone.new(registry.data, subnet).write_zone_file(root_path)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
root_path = Pathname.new(File.expand_path("../..", __FILE__))
|
root_path = Pathname.new(File.expand_path("../..", __FILE__))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user