From 250d8679fb10b5073ea97f8f5ccfde63b4d88695 Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 11:16:15 +0100 Subject: [PATCH 1/6] Remove dnsuitls and ping command from Dockerfile --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6e34b4f..387c900 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,12 +6,12 @@ LABEL org.opencontainers.image.authors="cytopia@everythingcli.org" ### Install ### RUN set -eux \ - && apt-get update \ - && apt-get install --no-install-recommends --no-install-suggests -y \ + && apt update \ + && apt install --no-install-recommends --no-install-suggests -y \ bind9 \ - dnsutils \ - iputils-ping \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + #nsutils \ + #putils-ping \ + && apt purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -r /var/lib/apt/lists/* \ && mkdir /var/log/named \ && chown bind:bind /var/log/named \ From 23a42e415b2250a03c9ad75286ca197f46c03de3 Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 11:16:39 +0100 Subject: [PATCH 2/6] Update Docker entrypoint --- data/docker-entrypoint.sh | 522 +++++++++++++++++++++----------------- 1 file changed, 292 insertions(+), 230 deletions(-) diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh index 7edc1d2..1fb83d5 100755 --- a/data/docker-entrypoint.sh +++ b/data/docker-entrypoint.sh @@ -12,7 +12,7 @@ fi #################################################################################################### ### -### (1/5) VARIABLES +### (1/6) VARIABLES ### #################################################################################################### @@ -24,6 +24,28 @@ NAMED_DIR="/etc/bind" NAMED_CONF="${NAMED_DIR}/named.conf" NAMED_OPT_CONF="${NAMED_DIR}/named.conf.options" NAMED_LOG_CONF="${NAMED_DIR}/named.conf.logging" +NAMED_CUST_CONF="${NAMED_DIR}/custom/conf" +NAMED_CUST_ZONE="${NAMED_DIR}/custom/zone" + +mkdir -p "${NAMED_CUST_CONF}" +mkdir -p "${NAMED_CUST_ZONE}" + + +### +### FQDN of primary nameserver. +### Defaults to current hostname if not otherwise specified. +### When overwriting, use an FQDN by which this container is reachable. +### http://rscott.org/dns/soa.html +### +DEFAULT_MNAME="$( hostname -A | sed 's/\s$//g' | xargs -0 )" + + +### +### Contact Email +### All dot characters '.' must be escaped with an backslash '\' +### The actual @ character must be an unescaped dot character '.' +### +DEFAULT_RNAME="admin.${DEFAULT_MNAME}" ### @@ -46,7 +68,7 @@ DEFAULT_MAX_CACHE_TIME=10800 #################################################################################################### ### -### (2/5) HELPER FUNCTIONS +### (2/6) HELPER FUNCTIONS ### #################################################################################################### @@ -88,10 +110,12 @@ log() { log_file() { local filename="${1}" + echo printf "%0.s-" {1..80}; echo echo "${filename}" printf "%0.s-" {1..80}; echo cat "${filename}" + printf "%0.s^" {1..80}; echo } @@ -230,7 +254,7 @@ is_address_match_list() { #################################################################################################### ### -### (3/5) ACTION FUNCTIONS +### (3/6) ACTION FUNCTIONS ### #################################################################################################### @@ -247,6 +271,7 @@ add_options() { local forwarders="${3}" local allow_query="${4}" local allow_recursion="${5}" + local response_policy="${6}" { echo "options {" @@ -254,6 +279,9 @@ add_options() { echo " dnssec-validation ${dnssec_validate};" echo " auth-nxdomain no; # conform to RFC1035" echo " listen-on-v6 { any; };" + if [ -n "${response_policy}" ]; then + echo " response-policy { zone \"${response_policy}\"; };" + fi if [ -n "${forwarders}" ]; then echo " forwarders {" printf "%s" "${forwarders}" @@ -278,150 +306,180 @@ add_options() { } -# Add wildcard DNS zone. -# -# @param domain Domain name to create zone for. -# @param address IP address to point all records to. -# @param config_file Configuration file path. -# @param wildcard 1: Enable wildcard, 0: Normal host -# @param reverse String of reverse DNS name or empty for no reverse DNS -# @param debug_level -add_wildcard_zone() { - # DNS setting variables - local domain="${1}" - local address="${2}" - local conf_file="${3}" - local wildcard="${4}" - local reverse="${5}" - # DNS time variables - local ttl_time="${6}" - local refresh_time="${7}" - local retry_time="${8}" - local expiry_time="${9}" - local max_cache_time="${10}" - # Debug level for log function - local debug_level="${11}" - - - local reverse_addr - local reverse_octet - local conf_path - local zone_file - local zone_rev_file - local serial - - # IP address octets - local o1 - local o2 - local o3 - local o4 +### +### Add Reverse zone +### +add_rev_zone() { + # Zone variables + local addr="${1}" # A.B.C.D + local name="${2}" # Domain / FQDN + local zone="${3}" # C.B.A.in-addr.arpa + local ptr="${4}" # D.C.B.A.in-addr.arpa - # Extract IP address octets - o1="$( echo "${address}" | awk -F '.' '{print $1}' )" - o2="$( echo "${address}" | awk -F '.' '{print $2}' )" - o3="$( echo "${address}" | awk -F '.' '{print $3}' )" - o4="$( echo "${address}" | awk -F '.' '{print $4}' )" - - reverse_addr="${o3}.${o2}.${o1}" - reverse_octet="${o4}" - conf_path="$( dirname "${conf_file}" )" - zone_file="${conf_file}.zone" - zone_rev_file="${conf_file}.zone.reverse" + # DNS timing variables + local ttl_time="${5}" + local refresh_time="${6}" + local retry_time="${7}" + local expiry_time="${8}" + local max_cache_time="${9}" + local serial serial="$( date +'%s' )" - # Create config directory if it does not yet exist - if [ ! -d "${conf_path}" ]; then - mkdir -p "${conf_path}" - fi + local debug_level="${10}" - # Config - { - echo "zone \"${domain}\" IN {" - echo " type master;" - echo " allow-transfer { any; };" - echo " allow-update { any; };" - echo " file \"${zone_file}\";" - echo "};" - if [ -n "${reverse}" ]; then - echo "zone \"${reverse_addr}.in-addr.arpa\" {" + # Config file + if [ ! -f "${NAMED_CUST_CONF}/${zone}.conf" ]; then + { + echo "zone \"${zone}\" {" echo " type master;" echo " allow-transfer { any; };" echo " allow-update { any; };" - echo " file \"${zone_rev_file}\";" + echo " file \"${NAMED_CUST_ZONE}/${zone}\";" echo "};" - fi - } > "${conf_file}" + } > "${NAMED_CUST_CONF}/${zone}.conf" - # Output configuration file - log_file "${conf_file}" + # Append config to bind + echo "include \"${NAMED_CUST_CONF}/${zone}.conf\";" >> "${NAMED_CONF}" + fi - # Forward Zone - { - echo "\$TTL ${ttl_time}" - echo "@ IN SOA ${domain}. root.${domain}. (" - echo " ${serial} ; Serial number of zone file" - echo " ${refresh_time} ; Refresh time" - echo " ${retry_time} ; Retry time in case of problem" - echo " ${expiry_time} ; Expiry time" - echo " ${max_cache_time} ) ; Maximum caching time in case of failed lookups" - echo ";" - echo " IN NS ns1.${domain}." - echo " IN NS ns2.${domain}." - echo " IN A ${address}" - echo ";" - echo "ns1 IN A ${address}" - echo "ns2 IN A ${address}" - if [ "${wildcard}" -eq "1" ]; then - echo "* IN A ${address}" + # Reverse zone file + if [ ! -f "${NAMED_CUST_ZONE}/${zone}" ]; then + { + printf "\$TTL %s\n" "${ttl_time}" + printf "%-29s IN SOA %s %s (\n" "@" "${DEFAULT_MNAME}." "${DEFAULT_RNAME}." + printf "%-44s %-15s; Serial number\n" "" "${serial}" + printf "%-44s %-15s; Refresh time\n" "" "${refresh_time}" + printf "%-44s %-15s; Retry time\n" "" "${retry_time}" + printf "%-44s %-15s; Expiry time\n" "" "${expiry_time}" + printf "%-44s %-15s; Negative Cache TTL\n" "" "${max_cache_time}" + echo ")" + echo + echo "; NS Records" + printf "%-29s IN NS %-20s\n" "${zone}." "${DEFAULT_MNAME}." + echo + echo "; PTR Records" + printf "%-29s IN PTR %-20s %s\n" "${ptr}." "${name}." "; ${addr}" + + } > "${NAMED_CUST_ZONE}/${zone}" + else + { + printf "%-29s IN PTR %-20s %s\n" "${ptr}." "${name}." "; ${addr}" + } >> "${NAMED_CUST_ZONE}/${zone}" + fi + + # Validate .conf file + if ! output="$( named-checkconf "${NAMED_CUST_CONF}/${zone}.conf" 2>&1 )"; then + log "err" "Configuration failed." "${debug_level}" + if [ -n "${output}" ]; then + echo "${output}" + fi + log_file "${NAMED_CUST_CONF}/${zone}.conf" + exit 1 + elif [ "${debug_level}" -gt "1" ]; then + if [ -n "${output}" ]; then + echo "${output}" + fi + fi + # Validate reverze zone file + if ! output="$( named-checkzone "${zone}" "${NAMED_CUST_ZONE}/${zone}" 2>&1 )"; then + log "err" "Configuration failed." "${debug_level}" + if [ -n "${output}" ]; then + echo "${output}" fi - } > "${zone_file}" + log_file "${NAMED_CUST_ZONE}/${zone}" + exit 1 + elif [ "${debug_level}" -gt "1" ]; then + if [ -n "${output}" ]; then + echo "${output}" + fi + fi +} - # Output configuration file - log_file "${zone_file}" - # Reverse Zone - if [ -n "${reverse}" ]; then +### +### Add Forward zone (response policy zone) +### +add_fwd_zone() { + # Zone variables + local domain="${1}" # The domain to translate + local record="${2}" # The record type (A, CNAME, etc) + local target="${3}" # The target to translate domain to + + # DNS timing variables + local ttl_time="${4}" + local refresh_time="${5}" + local retry_time="${6}" + local expiry_time="${7}" + local max_cache_time="${8}" + local serial + serial="$( date +'%s' )" + + local debug_level="${9}" + + # Config file + if [ ! -f "${NAMED_CUST_CONF}/rpz.conf" ]; then { - echo "\$TTL ${ttl_time}" - echo "${reverse_addr}.in-addr.arpa. IN SOA ${domain}. root.${domain}. (" - echo " ${serial} ; Serial number of zone file (yyyymmdd##)" - echo " ${refresh_time} ; Refresh time" - echo " ${retry_time} ; Retry time in case of problem" - echo " ${expiry_time} ; Expiry time" - echo " ${max_cache_time} ) ; Maximum caching time in case of failed lookups" - echo ";" - echo "${reverse_addr}.in-addr.arpa. IN NS ns1.${domain}." - echo "${reverse_addr}.in-addr.arpa. IN NS ns2.${domain}." - echo "${reverse_octet}.${reverse_addr}.in-addr.arpa. IN PTR ${reverse}." - } > "${zone_rev_file}" + echo "zone \"rpz\" IN {" + echo " type master;" + echo " allow-transfer { any; };" + echo " allow-update { any; };" + echo " file \"${NAMED_CUST_ZONE}/rpz\";" + echo "};" + } > "${NAMED_CUST_CONF}/rpz.conf" - # Output configuration file - log_file "${zone_rev_file}" + # Append config to bind + echo "include \"${NAMED_CUST_CONF}/rpz.conf\";" >> "${NAMED_CONF}" fi - # named.conf - if ! output="$( named-checkconf "${conf_file}" 2>&1 )"; then - log "err" "Configuration failed." "${debug_level}" - echo "${output}" - exit - elif [ "${debug_level}" -gt "1" ]; then - echo "${output}" + # forward zone file + if [ ! -f "${NAMED_CUST_ZONE}/rpz" ]; then + { + #printf "\$ORIGIN %s\n" "${DEFAULT_MNAME}" + printf "\$TTL %s\n" "${ttl_time}" + printf "%-29s IN SOA %s %s (\n" "@" "${DEFAULT_MNAME}." "${DEFAULT_RNAME}." + printf "%-44s %-15s; Serial number\n" "" "${serial}" + printf "%-44s %-15s; Refresh time\n" "" "${refresh_time}" + printf "%-44s %-15s; Retry time\n" "" "${retry_time}" + printf "%-44s %-15s; Expiry time\n" "" "${expiry_time}" + printf "%-44s %-15s; Negative Cache TTL\n" "" "${max_cache_time}" + echo ")" + echo + echo "; NS Records" + printf "%-29s IN %-7s %s\n" "" "NS" "${DEFAULT_MNAME}." + echo + echo "; Custom Records" + printf "%-29s IN %-7s %s\n" "${domain}" "${record}" "${target}" + } > "${NAMED_CUST_ZONE}/rpz" + else + { + printf "%-29s IN %-7s %s\n" "${domain}" "${record}" "${target}" + } >> "${NAMED_CUST_ZONE}/rpz" fi - # Zone file - if ! output="$( named-checkzone "${domain}" "${zone_file}" 2>&1 )"; then + + # Validate .conf file + if ! output="$( named-checkconf "${NAMED_CUST_CONF}/rpz.conf" 2>&1 )"; then log "err" "Configuration failed." "${debug_level}" - echo "${output}" - exit + if [ -n "${output}" ]; then + echo "${output}" + fi + log_file "${NAMED_CUST_CONF}/rpz.conf" + exit 1 elif [ "${debug_level}" -gt "1" ]; then - echo "${output}" + if [ -n "${output}" ]; then + echo "${output}" + fi fi - # Reverse DNS - if [ -n "${reverse}" ]; then - if ! output="$( named-checkzone "${reverse_addr}.in-addr.arpa" "${zone_rev_file}" 2>&1 )"; then - log "err" "Configuration failed." "${debug_level}" + # Validate zone file + if ! output="$( named-checkzone "rpz" "${NAMED_CUST_ZONE}/rpz" 2>&1 )"; then + log "err" "Configuration failed." "${debug_level}" + if [ -n "${output}" ]; then echo "${output}" - exit - elif [ "${debug_level}" -gt "1" ]; then + fi + log_file "${NAMED_CUST_CONF}/rpz.conf" + log_file "${NAMED_CUST_ZONE}/rpz" + exit 1 + elif [ "${debug_level}" -gt "1" ]; then + if [ -n "${output}" ]; then echo "${output}" fi fi @@ -431,7 +489,7 @@ add_wildcard_zone() { #################################################################################################### ### -### (4/5) BOOTSTRAP +### (4/6) BOOTSTRAP ### #################################################################################################### @@ -461,7 +519,7 @@ log "info" "Debug level: ${DEBUG_ENTRYPOINT}" "${DEBUG_ENTRYPOINT}" #################################################################################################### ### -### (5/5) ENTRYPOINT +### (5/6) ENTRYPOINT (DEFAULTS) ### #################################################################################################### @@ -573,127 +631,118 @@ else fi + +#################################################################################################### ### -### Add wildcard DNS -### -if printenv WILDCARD_DNS >/dev/null 2>&1; then - - # Convert 'com=1.2.3.4[=com],de=2.3.4.5' into newline separated string: - # com=1.2.3.4[=com] - # de=2.3.4.5 - echo "${WILDCARD_DNS}" | sed 's/,/\n/g' | while read -r line ; do - my_dom="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" # domain - my_add="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" # IP address - my_rev="$( echo "${line}" | awk -F '=' '{print $3}' | xargs -0 )" # Reverse DNS record - my_cfg="${NAMED_DIR}/devilbox-wildcard_dns.${my_dom}.conf" - - # If a CNAME was provided, try to resolve it to an IP address, otherwhise skip it - if is_cname "${my_add}"; then - # Try ping command first - if ! tmp="$( ping -c1 "${my_add}" 2>&1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1 )"; then - tmp="${my_add}" - fi - if ! is_ip4_addr "${tmp}"; then - # Try dig command second - tmp="$( dig @8.8.8.8 +short "${my_add}" A | head -1 )" - if ! is_ip4_addr "${tmp}"; then - log "warn" "CNAME '${my_add}' could not be resolved. Skipping to add wildcard" "${DEBUG_ENTRYPOINT}" - continue; - fi - fi - log "info" "CNAME '${my_add}' resolved to: ${tmp}" "${DEBUG_ENTRYPOINT}" - my_add="${tmp}" - fi +### (6/6) ENTRYPOINT (ZONES) +### +#################################################################################################### - # If specified address is not a valid IPv4 address, skip it - if ! is_ip4_addr "${my_add}"; then - log "warn" "Invalid IP address '${my_add}': for *.${my_dom} -> ${my_add}. Skipping to add wildcard" "${DEBUG_ENTRYPOINT}" - continue; - fi +REV_ZONES="" +FWD_ZONES="" - if [ -n "${my_rev}" ]; then - log "info" "Adding wildcard DNS: *.${my_dom} -> ${my_add} (PTR: ${my_rev})" "${DEBUG_ENTRYPOINT}" - else - log "info" "Adding wildcard DNS: *.${my_dom} -> ${my_add}" "${DEBUG_ENTRYPOINT}" +### +### Add Reverse DNS +### +if printenv DNS_PTR >/dev/null 2>&1; then + while read -r line; do + line="$( echo "${line}" | xargs -0 )" + if [ -z "${line}" ]; then + continue # For leading or trailing comma in DNS_PTR variable fi - - echo "include \"${my_cfg}\";" >> "${NAMED_CONF}" - add_wildcard_zone \ - "${my_dom}" \ - "${my_add}" \ - "${my_cfg}" \ - "1" \ - "${my_rev}" \ + addr="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" + name="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" + + # Extract IP address octets + o1="$( echo "${addr}" | awk -F '.' '{print $1}' )" + o2="$( echo "${addr}" | awk -F '.' '{print $2}' )" + o3="$( echo "${addr}" | awk -F '.' '{print $3}' )" + o4="$( echo "${addr}" | awk -F '.' '{print $4}' )" + zone="${o3}.${o2}.${o1}.in-addr.arpa" + ptr="${o4}.${o3}.${o2}.${o1}.in-addr.arpa" + + # Append zones and get unique ones by newline separated + REV_ZONES="$( echo "${REV_ZONES}"$'\n'"${zone}" | grep -vE '^$' | sort -u )" + + log "info" "Adding PTR Record: ${addr} -> ${name}" "${DEBUG_ENTRYPOINT}" + add_rev_zone \ + "${addr}" \ + "${name}" \ + "${zone}" \ + "${ptr}" \ "${TTL_TIME}" \ "${REFRESH_TIME}" \ "${RETRY_TIME}" \ "${EXPIRY_TIME}" \ "${MAX_CACHE_TIME}" \ "${DEBUG_ENTRYPOINT}" - done + done <<< "${DNS_PTR//,/$'\n'}" +else + log "info" "Not adding any PTR records" "${DEBUG_ENTRYPOINT}" fi ### -### Add extra hosts -### -if printenv EXTRA_HOSTS >/dev/null 2>&1 && [ -n "$( printenv EXTRA_HOSTS )" ]; then - - # Convert 'com=1.2.3.4[=com],de=2.3.4.5' into newline separated string: - # com=1.2.3.4 - # de=2.3.4.5 - echo "${EXTRA_HOSTS}" | sed 's/,/\n/g' | while read -r line ; do - my_dom="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" # domain - my_add="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" # IP address - my_rev="$( echo "${line}" | awk -F '=' '{print $3}' | xargs -0 )" # Reverse DNS record - my_cfg="${NAMED_DIR}/devilbox-extra_hosts.${my_dom}.conf" - - # If a CNAME was provided, try to resolve it to an IP address, otherwhise skip it - if is_cname "${my_add}"; then - # Try ping command first - if ! tmp="$( ping -c1 "${my_add}" 2>&1 | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1 )"; then - tmp="${my_add}" - fi - if ! is_ip4_addr "${tmp}"; then - # Try dig command second - tmp="$( dig @8.8.8.8 +short "${my_add}" A | head -1 )" - if ! is_ip4_addr "${tmp}"; then - log "warn" "CNAME '${my_add}' could not be resolved. Skipping to add extra host" "${DEBUG_ENTRYPOINT}" - continue; - fi - fi - log "info" "CNAME '${my_add}' resolved to: ${tmp}" "${DEBUG_ENTRYPOINT}" - my_add="${tmp}" +### Build forward zones (A Record) +### +if printenv DNS_A >/dev/null 2>&1; then + while read -r line; do + line="$( echo "${line}" | xargs -0 )" + if [ -z "${line}" ]; then + continue # For leading or trailing comma in DNS_A variable fi + name="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" + addr="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" - # If specified address is not a valid IPv4 address, skip it - if ! is_ip4_addr "${my_add}"; then - log "warn" "Invalid IP address '${my_add}': for ${my_dom} -> ${my_add}. Skipping to add extra host" "${DEBUG_ENTRYPOINT}" - continue; - fi + # Only a single zone used for forward zones (response policy zone) + FWD_ZONES="rpz" - if [ -n "${my_rev}" ]; then - log "info" "Adding extra host: ${my_dom} -> ${my_add} (PTR: ${my_rev})" "${DEBUG_ENTRYPOINT}" - else - log "info" "Adding extra host: ${my_dom} -> ${my_add}" "${DEBUG_ENTRYPOINT}" + log "info" "Adding A Record: ${name} -> ${addr}" "${DEBUG_ENTRYPOINT}" + add_fwd_zone \ + "${name}" \ + "A" \ + "${addr}" \ + "${TTL_TIME}" \ + "${REFRESH_TIME}" \ + "${RETRY_TIME}" \ + "${EXPIRY_TIME}" \ + "${MAX_CACHE_TIME}" \ + "${DEBUG_ENTRYPOINT}" + done <<< "${DNS_A//,/$'\n'}" +else + log "info" "Not adding any A records" "${DEBUG_ENTRYPOINT}" +fi + + +### +### Build forward zones (CNAME Record) +### +if printenv DNS_CNAME >/dev/null 2>&1; then + while read -r line; do + line="$( echo "${line}" | xargs -0 )" + if [ -z "${line}" ]; then + continue # For leading or trailing comma in DNS_CNAME variable fi + name="$( echo "${line}" | awk -F '=' '{print $1}' | xargs -0 )" + addr="$( echo "${line}" | awk -F '=' '{print $2}' | xargs -0 )" + + # Only a single zone used for forward zones (response policy zone) + FWD_ZONES="rpz" - echo "include \"${my_cfg}\";" >> "${NAMED_CONF}" - add_wildcard_zone \ - "${my_dom}" \ - "${my_add}" \ - "${my_cfg}" \ - "0" \ - "${my_rev}" \ + log "info" "Adding CNAME Record: ${name} -> ${addr}" "${DEBUG_ENTRYPOINT}" + add_fwd_zone \ + "${name}" \ + "CNAME" \ + "${addr}." \ "${TTL_TIME}" \ "${REFRESH_TIME}" \ "${RETRY_TIME}" \ "${EXPIRY_TIME}" \ "${MAX_CACHE_TIME}" \ "${DEBUG_ENTRYPOINT}" - done + done <<< "${DNS_CNAME//,/$'\n'}" else - log "info" "Not adding any extra hosts" "${DEBUG_ENTRYPOINT}" + log "info" "Not adding any CNAME records" "${DEBUG_ENTRYPOINT}" fi @@ -728,11 +777,8 @@ else log "err" "ALLOW_QUERY error: variable specified, but no IP addresses found." "${DEBUG_ENTRYPOINT}" exit 1 fi - # shellcheck disable=SC2153 log "info" "Adding custom allow-query options: ${ALLOW_QUERY}" "${DEBUG_ENTRYPOINT}" - # Add quotes here - #_allow_query_block="${_allow_query_block}" fi @@ -767,11 +813,8 @@ else log "err" "ALLOW_RECURSION error: variable specified, but no IP addresses found." "${DEBUG_ENTRYPOINT}" exit 1 fi - # shellcheck disable=SC2153 log "info" "Adding custom allow-recursion options: ${ALLOW_RECURSION}" "${DEBUG_ENTRYPOINT}" - # Add quotes here - #_allow_recursion_block="${_allow_recursion_block}" fi @@ -808,7 +851,8 @@ if ! printenv DNS_FORWARDER >/dev/null 2>&1; then "${DNSSEC_VALIDATE}" \ "" \ "${_allow_query_block}" \ - "${_allow_recursion_block}" + "${_allow_recursion_block}" \ + "${FWD_ZONES}" else # To be pupulated @@ -843,10 +887,28 @@ else "${DNSSEC_VALIDATE}" \ "${_forwarders_block}" \ "${_allow_query_block}" \ - "${_allow_recursion_block}" + "${_allow_recursion_block}" \ + "${FWD_ZONES}" fi +### +### Log configured zones +### +while IFS= read -r line; do + if [ -n "${line}" ]; then + log_file "${NAMED_CUST_CONF}/${line}.conf" + log_file "${NAMED_CUST_ZONE}/${line}" + fi +done <<< "${REV_ZONES}" +while IFS= read -r line; do + if [ -n "${line}" ]; then + log_file "${NAMED_CUST_CONF}/${line}.conf" + log_file "${NAMED_CUST_ZONE}/${line}" + fi +done <<< "${FWD_ZONES}" + + ### ### Start ### From 26173312ed9e7fe29cb96be4ee6f43f6c7a4dc8c Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 11:17:26 +0100 Subject: [PATCH 3/6] Adjust integration tests --- ...-wildcard-addr.sh => 02-DNS_A_WILDCARD.sh} | 8 +- ...card-cname.sh => 03-DNS_CNAME_WILDCARD.sh} | 8 +- tests/{04-extrahosts-addr.sh => 04-DNS_A.sh} | 8 +- ...05-extrahosts-cname.sh => 05-DNS_CNAME.sh} | 8 +- tests/06-ttl-time.sh | 101 ------------------ tests/07-docker-logs.sh | 8 +- 6 files changed, 20 insertions(+), 121 deletions(-) rename tests/{02-wildcard-addr.sh => 02-DNS_A_WILDCARD.sh} (83%) rename tests/{03-wildcard-cname.sh => 03-DNS_CNAME_WILDCARD.sh} (83%) rename tests/{04-extrahosts-addr.sh => 04-DNS_A.sh} (85%) rename tests/{05-extrahosts-cname.sh => 05-DNS_CNAME.sh} (85%) delete mode 100755 tests/06-ttl-time.sh diff --git a/tests/02-wildcard-addr.sh b/tests/02-DNS_A_WILDCARD.sh similarity index 83% rename from tests/02-wildcard-addr.sh rename to tests/02-DNS_A_WILDCARD.sh index c686daa..76ca9cd 100755 --- a/tests/02-wildcard-addr.sh +++ b/tests/02-DNS_A_WILDCARD.sh @@ -22,7 +22,7 @@ REPS=10 # DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'DNS_A=*.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -42,7 +42,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'DNS_A=*.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -62,7 +62,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'DNS_A=*.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -82,7 +82,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'DNS_A=*.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 diff --git a/tests/03-wildcard-cname.sh b/tests/03-DNS_CNAME_WILDCARD.sh similarity index 83% rename from tests/03-wildcard-cname.sh rename to tests/03-DNS_CNAME_WILDCARD.sh index 4ed682e..22bfecd 100755 --- a/tests/03-wildcard-cname.sh +++ b/tests/03-DNS_CNAME_WILDCARD.sh @@ -22,7 +22,7 @@ REPS=10 # DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'DNS_CNAME=*.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -42,7 +42,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'DNS_CNAME=*.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -62,7 +62,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'DNS_CNAME=*.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -82,7 +82,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'WILDCARD_DNS=devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'DNS_CNAME=*.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 diff --git a/tests/04-extrahosts-addr.sh b/tests/04-DNS_A.sh similarity index 85% rename from tests/04-extrahosts-addr.sh rename to tests/04-DNS_A.sh index 959994e..ccfcb61 100755 --- a/tests/04-extrahosts-addr.sh +++ b/tests/04-DNS_A.sh @@ -22,7 +22,7 @@ REPS=10 # DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'DNS_A=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -46,7 +46,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'DNS_A=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -70,7 +70,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'DNS_A=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -94,7 +94,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'DNS_A=www.devilbox=1.1.1.1' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 diff --git a/tests/05-extrahosts-cname.sh b/tests/05-DNS_CNAME.sh similarity index 85% rename from tests/05-extrahosts-cname.sh rename to tests/05-DNS_CNAME.sh index 569d4c1..73e8727 100755 --- a/tests/05-extrahosts-cname.sh +++ b/tests/05-DNS_CNAME.sh @@ -22,7 +22,7 @@ REPS=10 # DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'DNS_CNAME=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -46,7 +46,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'DNS_CNAME=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -70,7 +70,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'DNS_CNAME=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 @@ -94,7 +94,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'DNS_CNAME=www.devilbox=google.com' -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" i=0 diff --git a/tests/06-ttl-time.sh b/tests/06-ttl-time.sh deleted file mode 100755 index 3f8c0c6..0000000 --- a/tests/06-ttl-time.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - -set -e -set -u - -# Current directory -CWD="$(cd -P -- "$(dirname -- "$0")" && pwd -P)" -# shellcheck disable=SC1090 -. "${CWD}/.lib.sh" - -IMAGE="${1}" -#NAME="${2}" -#VERSION="${3}" -TAG="${4}" -ARCH="${5}" -DEBUG="${6}" - -NAME="bind$( shuf -i 1000000000-2000000000 -n 1 )" -PORT="5300" -WAIT=5 -REPS=10 - - -# DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e TTL_TIME=500 -p ${PORT}:53/udp ${IMAGE}:${TAG}" -run "sleep ${WAIT}" -sanity_check "${NAME}" -i=0 -while ! run "dig @127.0.0.1 -p ${PORT} www.devilbox | grep -E '^www\.devilbox\.\s+500\s+IN\s+A'"; do - i=$(( i + 1 )) - if [ "${i}" -gt "${REPS}" ]; then - echo "FAILED: www.devilbox with TTL not found" - run "dig @127.0.0.1 -p ${PORT} www.devilbox" - run "docker logs ${NAME}" - run "docker stop ${NAME}" - echo "ABORT..." - exit 1 - fi - sleep 1 -done -docker_stop "${NAME}" - - -# DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e TTL_TIME=500 -p ${PORT}:53/udp ${IMAGE}:${TAG}" -run "sleep ${WAIT}" -sanity_check "${NAME}" -i=0 -while ! run "dig @127.0.0.1 -p ${PORT} www.devilbox | grep -E '^www\.devilbox\.\s+500\s+IN\s+A'"; do - i=$(( i + 1 )) - if [ "${i}" -gt "${REPS}" ]; then - echo "FAILED: www.devilbox with TTL not found" - run "dig @127.0.0.1 -p ${PORT} www.devilbox" - run "docker logs ${NAME}" - run "docker stop ${NAME}" - echo "ABORT..." - exit 1 - fi - sleep 1 -done -docker_stop "${NAME}" - - -# DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e TTL_TIME=500 -p ${PORT}:53/udp ${IMAGE}:${TAG}" -run "sleep ${WAIT}" -sanity_check "${NAME}" -i=0 -while ! run "dig @127.0.0.1 -p ${PORT} www.devilbox | grep -E '^www\.devilbox\.\s+500\s+IN\s+A'"; do - i=$(( i + 1 )) - if [ "${i}" -gt "${REPS}" ]; then - echo "FAILED: www.devilbox with TTL not found" - run "dig @127.0.0.1 -p ${PORT} www.devilbox" - run "docker logs ${NAME}" - run "docker stop ${NAME}" - echo "ABORT..." - exit 1 - fi - sleep 1 -done -docker_stop "${NAME}" - - -# DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DOCKER_LOGS=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e TTL_TIME=500 -p ${PORT}:53/udp ${IMAGE}:${TAG}" -run "sleep ${WAIT}" -sanity_check "${NAME}" -i=0 -while ! run "dig @127.0.0.1 -p ${PORT} www.devilbox | grep -E '^www\.devilbox\.\s+500\s+IN\s+A'"; do - i=$(( i + 1 )) - if [ "${i}" -gt "${REPS}" ]; then - echo "FAILED: www.devilbox with TTL not found" - run "dig @127.0.0.1 -p ${PORT} www.devilbox" - run "docker logs ${NAME}" - run "docker stop ${NAME}" - echo "ABORT..." - exit 1 - fi - sleep 1 -done -docker_stop "${NAME}" diff --git a/tests/07-docker-logs.sh b/tests/07-docker-logs.sh index 86a9ef8..aebd63c 100755 --- a/tests/07-docker-logs.sh +++ b/tests/07-docker-logs.sh @@ -22,7 +22,7 @@ REPS=10 # DEBUG_ENTRYPOINT=2 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=2 -e 'DNS_CNAME=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" run "dig @127.0.0.1 -p ${PORT} +short www.devilbox || true" @@ -35,7 +35,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=1 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=1 -e 'DNS_CNAME=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" run "dig @127.0.0.1 -p ${PORT} +short www.devilbox || true" @@ -48,7 +48,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=0 -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e 'EXTRA_HOSTS=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e DEBUG_ENTRYPOINT=0 -e 'DNS_CNAMES=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" run "dig @127.0.0.1 -p ${PORT} +short www.devilbox || true" @@ -61,7 +61,7 @@ docker_stop "${NAME}" # DEBUG_ENTRYPOINT=null -run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e 'EXTRA_HOSTS=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" +run "docker run -d --rm --platform ${ARCH} --name ${NAME} -e DEBUG=${DEBUG} -e 'DNS_CNAME=www.devilbox=google.com' -e DOCKER_LOGS=1 -p ${PORT}:53/udp ${IMAGE}:${TAG}" run "sleep ${WAIT}" sanity_check "${NAME}" run "dig @127.0.0.1 -p ${PORT} +short www.devilbox || true" From d348682bad8b740bf824e86eeedf54a227c659e7 Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 11:55:32 +0100 Subject: [PATCH 4/6] Update README --- README.md | 157 ++++++++++++++++++++++-------------------------------- 1 file changed, 65 insertions(+), 92 deletions(-) diff --git a/README.md b/README.md index dd40b85..b63932d 100644 --- a/README.md +++ b/README.md @@ -33,17 +33,18 @@ Bind caching DNS server based on Debian slim with support for DNS forwarders, in 2. [Optional environmental variables](#optional-environmental-variables) 1. [DEBUG_ENTRYPOINT](#debug_entrypoint) 2. [DOCKER_LOGS](#docker_logs) - 3. [WILDCARD_DNS](#wildcard_dns) - 4. [EXTRA_HOSTS](#extra_hosts) - 5. [DNSSEC_VALIDATE](#dnssec_validate) - 5. [DNS_FORWARDER](#dns_forwarder) - 6. [TTL_TIME](#ttl_time) - 7. [REFRESH_TIME](#refresh_time) - 8. [RETRY_TIME](#retry_time) - 9. [EXPIRY_TIME](#expiry_time) - 10. [MAX_CACHE_TIME](#max_cache_time) - 11. [ALLOW_QUERY](#allow_query) - 12. [ALLOW_RECURSION](#allow_recursion) + 3. [DNS_A](#dns_a) + 4. [DNS_CNAME](#dns_cname) + 5. [DNS_PTR](#dns_ptr) + 6. [DNSSEC_VALIDATE](#dnssec_validate) + 7. [DNS_FORWARDER](#dns_forwarder) + 8. [TTL_TIME](#ttl_time) + 9. [REFRESH_TIME](#refresh_time) + 10. [RETRY_TIME](#retry_time) + 11. [EXPIRY_TIME](#expiry_time) + 12. [MAX_CACHE_TIME](#max_cache_time) + 13. [ALLOW_QUERY](#allow_query) + 14. [ALLOW_RECURSION](#allow_recursion) 2. [Default mountpoints](#default-mountpoints) 3. [Default ports](#default-ports) 4. [Examples](#examples) @@ -74,8 +75,9 @@ Bind caching DNS server based on Debian slim with support for DNS forwarders, in | `DEBUG` | bool | `0` | Set to `1` in order to add `set -x` to entrypoint script for bash debugging | | `DEBUG_ENTRYPOINT` | bool | `0` | Show shell commands executed during start.
Values: `0`, `1` or `2` | | `DOCKER_LOGS` | bool | `0` | Set to `1` to log info and queries to Docker logs. | -| `WILDCARD_DNS` | string | | Add one or more tld's, domains or subdomains as catch-all for a specific IP address or CNAME. Reverse DNS is optional and can also be specified. | -| `EXTRA_HOSTS` | string | | Add one or more hosts (CNAME: tld's, domains, subdomains) to map to a specific IP address or CNAME. Reverse DNS is optional and can also be specified. | +| `DNS_A` | string | | Comma separated list of A records (wildcard supported). | +| `DNS_CNAME` | string | | Comma separated list of CNAME records (wildcard supported). | +| `DNS_PTR` | string | | Comma separated list of PTR records (reverse DNS). | | `DNSSEC_VALIDATE` | string | `no` | Control the behaviour of DNSSEC validation. The default is to not validate: `no`. Other possible values are: `yes` and `auto`. | | `DNS_FORWARDER` | string | | Specify a comma separated list of IP addresses as custom DNS resolver. This is useful if your LAN already has a DNS server which adds custom/internal domains and you still want to keep them in this DNS server
Example: `DNS_FORWARDER=8.8.8.8,8.8.4.4` | | `TTL_TIME` | int | `3600` | (Time in seconds) See [BIND TTL](http://www.zytrax.com/books/dns/apa/ttl.html) and [BIND SOA](http://www.zytrax.com/books/dns/ch8/soa.html)| @@ -96,95 +98,65 @@ Bind caching DNS server based on Debian slim with support for DNS forwarders, in * If set to `0`, no additional logging is done during run-time * If set to `1`, BIND is more verbose during run-time and shows asked queries as well as general information -#### WILDCARD_DNS +#### DNS_A -The `WILDCARD_DNS` option allows you to specify one or more multiple catch-all DNS zones which can either -be a full TLD, a domain or any kind of subdomain. It allows you to map your catch-all to a specific -IP address or even a CNAME (if it is resolvable by public DNS servers). Optionally you can also assign -the reverse DNS name (PTR record). +The `DNS_A` option allows you to specify one or more A records (including wildcard if required) which can either +be a full TLD, a domain or any kind of subdomain. It allows you to map your Domain to a specific +IP address. -The general format is as follows, whereas the string in square brackets it optional and responsible -for the reverse DNS (PTR records): +The general format is as follows: ```bash # Structure -WILDCARD_DNS='tld1=1.1.1.1[=tld],tld2=2.2.2.2[=tld2]' -WILDCARD_DNS='tld1=CNAME1[=tld],tld2=CNAME2[=tld2]' +DNS_A='tld1=1.1.1.1, tld2=2.2.2.2, *.tld3=3.3.3.3' ``` Some examples: ```bash # 1. One entry: -# The following catches all queries to *.tld and redirects them to 192.168.0.1 -WILDCARD_DNS='tld=192.168.0.1' +# The following catches all queries to *.tld (wildcard) and redirects them to 192.168.0.1 +DNS_A='*.tld=192.168.0.1' # 2. Two entries: # The following catches all queries to *.tld and redirects them to 192.168.0.1 # As well as all queries from *.example.org and redirects them to 192.168.0.2 -WILDCARD_DNS='tld=192.168.0.1,example.org=192.168.0.2' +DNS_A='*.tld=192.168.0.1, *.example.org=192.168.0.2' +``` -# 3. Using CNAME's for resolving: -# The following catches all queries to *.tld and redirects them to whatever -# IP example.org resolved to -WILDCARD_DNS='tld=example.org' +#### DNS_CNAME -# 4. Adding reverse DNS: -# The following catches all queries to *.tld and redirects them to 192.168.0.1 -# As well as adding reverse DNS from 192.168.0.1 to resolve to tld -WILDCARD_DNS='tld=192.168.0.1=tld' +The `DNS_CNAME` option allows you to specify one or more CNAME records (including wildcard if required) which can either +be a full TLD, a domain or any kind of subdomain. It allows you to map your Domain to a specific +IP address. -# 5. Complex example -# The following catches all queries to *.tld and redirects them to whatever -# IP example.org resolved to. Additionally it adds a reverse DNS record from example.org's -# IP to resolve to tld (PTR record) -# It also adds another catch-all for the subdomain of *.cytopia.tld which will point to 192.168.0.1 -# Including a reverse DNS record back to cytopia.tld -WILDCARD_DNS='tld=example.org=tld,cytopia.tld=192.168.0.1=cytopia.tld' +The general format is as follows: +``` +# Structure +DNS_CNAME='tld1=google.com, tld2=www.google.com, *.tld3=example.org' ``` -#### EXTRA_HOSTS +Some examples: +``` +# 1. Using CNAME's for resolving: +# The following catches all queries to *.tld and redirects them to whatever +# IP example.org resolved to +DNS_CNAME='*.tld=example.org' +``` -The `EXTRA_HOSTS` option almost works like the `WILDCARD_DNS` option, except that no wildcard is added, -but rather exactly the host you have specified. +#### DNS_PTR -This is useful if you want to add extra hosts to your setup just like the Docker Compose option -[extra_hosts](https://docs.docker.com/compose/compose-file/#extra_hosts) +The `DNS_PTR` option allows you to specify PTR records (reverse DNS). -```bash +The general format is as follows: +``` # Structure -EXTRA_HOSTS='host1=1.1.1.1[=host1],host2=2.2.2.2[=host2]' -EXTRA_HOSTS='host1=CNAME1[=host1],host2=CNAME2[=host2]' +DNS_PTR='192.168.0.1=www.google.com, 192.168.0.2=ftp.google.com' ``` Some examples: -```bash -# 1. One entry: -# The following extra host 'tld' is added and will always point to 192.168.0.1. -# When reverse resolving '192.168.0.1' it will answer with 'tld'. -EXTRA_HOSTS='tld=192.168.0.1' - -# 2. One entry: -# The following extra host 'my.host' is added and will always point to 192.168.0.1. -# When reverse resolving '192.168.0.1' it will answer with 'my.host'. -EXTRA_HOSTS='my.host=192.168.0.1' - -# 3. Two entries: -# The following extra host 'tld' is added and will always point to 192.168.0.1. -# When reverse resolving '192.168.0.1' it will answer with 'tld'. -# A second extra host 'example.org' is added and always redirects to 192.168.0.2 -# When reverse resolving '192.168.0.2' it will answer with 'example.org'. -EXTRA_HOSTS='tld=192.168.0.1,example.org=192.168.0.2' - -# 4. Using CNAME's for resolving: -# The following extra host 'my.host' is added and will always point to whatever -# IP example.org resolves to. -# When reverse resolving '192.168.0.1' it will answer with 'my.host'. -EXTRA_HOSTS='my.host=example.org' - -# 5. Adding reverse DNS: -# The following extra host 'my.host' is added and will always point to whatever -# IP example.org resolves to. -# As well as adding reverse DNS from 192.168.0.1 to resolve to tld -EXTRA_HOSTS='tld=192.168.0.1=tld' +``` +# 1. Adding reverse DNS: +# The following adds reverse DNS from 192.168.0.1 to resolve to tld +DNS_PTR='192.168.0.1=tld' ``` #### DNSSEC_VALIDATE @@ -300,55 +272,56 @@ $ docker run -i \ #### Wildcard domain -Let's add a wildcard zone for `*.example.com`. All subdomains as well as the main domain will resolve +Let's add a wildcard zone for `*.example.com`. All subdomains (but not example.com itself) will resolve to `192.168.0.1`. ```bash $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='example.com=192.168.0.1' \ + -e DNS_A='*.example.com=192.168.0.1' \ -t cytopia/bind ``` #### Wildcard subdomain -Let's add a wildcard zone for `*.aws.example.com`. All subdomains as well as the main subdomain will resolve +Let's add a wildcard zone for `*.aws.example.com`. All subdomains (but not aws.example.com itself) will resolve to `192.168.0.1`. ```bash $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='aws.example.com=192.168.0.1' \ + -e DNS_A='*.aws.example.com=192.168.0.1' \ -t cytopia/bind ``` #### Wildcard TLD -Let's add a wildcard zone for `*.loc`. All domains, subdomain as well as the TLD itself will resolve +Let's add a wildcard zone for `*.loc`. All domains, subdomain (but not loc itself) will resolve to `192.168.0.4`. ```bash $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='loc=192.168.0.4' \ + -e DNS_A='*.loc=192.168.0.4' \ -t cytopia/bind ``` #### Wildcard TLD and reverse DNS entry -Let's add a wildcard zone for `*.loc`. All domains, subdomain as well as the TLD itself will resolve +Let's add a wildcard zone for `*.loc`, and an A record for loc. All domains, subdomain and loc itself will resolve to `192.168.0.4`. Additionally we specify that `host.loc` will be the reverse loopup for `192.168.0.4`. ```bash $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='loc=192.168.0.4=host.loc' \ + -e DNS_A='*.loc=192.168.0.4, loc=192.168.0.4' \ + -e DNS_PTR='192.168.0.4=host.loc' \ -t cytopia/bind ``` #### Wildcard TLD and DNS resolver -Let's add a wildcard zone for `*.loc`. All domains, subdomain as well as the TLD itself will resolve +Let's add a wildcard zone for `*.loc`. All its domains (but not the domain itself) will resolve to `192.168.0.4`. Let's also hook in our imaginary corporate DNS server into this container, so we can make use of @@ -361,16 +334,16 @@ any already defined custom DNS entries by that nameserver. $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='loc=192.168.0.1' \ + -e DNS_A='*.loc=192.168.0.1' \ -e DNS_FORWARDER=10.0.15.1,10.0.15.2 \ -t cytopia/bind ``` #### Wildcard TLD, DNS resolver and extra hosts -* `loc` and all its subdomains (such as: `hostname.loc`) will point to `192.168.0.1`: +* All subdomains of `loc` (but not `loc` itself) will point to `192.168.0.1` * Your corporate DNS servers are `10.0.15.1` and `10.0.15.2` -* Also add two extra hosts with custom DNS: +* Also add two additional hosts with A and PTR records: - host5.loc -> 192.168.0.2 - host5.org -> 192.168.0.3 @@ -378,8 +351,8 @@ $ docker run -i \ $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e WILDCARD_DNS='loc=192.168.0.1' \ - -e EXTRA_HOSTS='host5.loc=192.168.0.2,host5.org=192.168.0.3' \ + -e DNS_A='*.loc=192.168.0.1, host5.loc=192.168.0.2, host5.org=192.168.0.3' \ + -e DNS_PTR='192.168.0.2=host5.loc, 192.168.0.3=host5.org' \ -e DNS_FORWARDER=10.0.15.1,10.0.15.2 \ -t cytopia/bind ``` @@ -400,7 +373,7 @@ $ docker run -i \ $ docker run -i \ -p 53:53/tcp \ -p 53:53/udp \ - -e EXTRA_HOSTS='host1=192.168.0.11' \ + -e DNS_A='host1=192.168.0.11' \ -e DNS_FORWARDER=8.8.8.8,8.8.4.4 \ -e ALLOW_QUERY=192.168.0.0/24,127.0.0.1 \ -e ALLOW_RECURSION=192.168.0.0/24,127.0.0.1 \ From fc31b4a46cc84d73dd976088e7ff30207a1ce373 Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 11:56:17 +0100 Subject: [PATCH 5/6] Use workflow files from same repository (fix) --- .github/workflows/action_branch.yml | 3 +- .github/workflows/action_pull_request.yml | 3 +- .github/workflows/action_schedule.yml | 3 +- .../workflows/docker-name-version-arch.yml | 251 ++++++++++++++++++ .github/workflows/lint-generic.yml | 43 +++ .github/workflows/lint.yml | 3 +- 6 files changed, 302 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/docker-name-version-arch.yml create mode 100644 .github/workflows/lint-generic.yml diff --git a/.github/workflows/action_branch.yml b/.github/workflows/action_branch.yml index 55d6950..9139bd9 100644 --- a/.github/workflows/action_branch.yml +++ b/.github/workflows/action_branch.yml @@ -22,7 +22,8 @@ jobs: # (2/2) Build docker: needs: [params] - uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + #uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + uses: ./.github/workflows/docker-name-version-arch.yml with: enabled: true can_deploy: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/release-') }} diff --git a/.github/workflows/action_pull_request.yml b/.github/workflows/action_pull_request.yml index c80bf78..8d86e44 100644 --- a/.github/workflows/action_pull_request.yml +++ b/.github/workflows/action_pull_request.yml @@ -24,7 +24,8 @@ jobs: # (2/2) Build docker: needs: [params] - uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + #uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + uses: ./.github/workflows/docker-name-version-arch.yml with: enabled: true can_deploy: false diff --git a/.github/workflows/action_schedule.yml b/.github/workflows/action_schedule.yml index 36d979a..d2b8c1e 100644 --- a/.github/workflows/action_schedule.yml +++ b/.github/workflows/action_schedule.yml @@ -24,7 +24,8 @@ jobs: # (2/2) Build docker: needs: [params] - uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + #uses: devilbox/github-actions/.github/workflows/docker-name-version-arch.yml@master + uses: ./.github/workflows/docker-name-version-arch.yml with: enabled: true can_deploy: true diff --git a/.github/workflows/docker-name-version-arch.yml b/.github/workflows/docker-name-version-arch.yml new file mode 100644 index 0000000..3eafa82 --- /dev/null +++ b/.github/workflows/docker-name-version-arch.yml @@ -0,0 +1,251 @@ +name: Build multi-arch image + +on: + workflow_call: + ### + ### Variables + ### + inputs: + enabled: + description: 'Determines wheather this workflow is enabled at all (will run or skip).' + required: true + type: boolean + can_deploy: + description: 'Determines wheather this workflow will also deploy (login and push).' + required: true + type: boolean + matrix: + description: 'The version build matrix as JSON string ( list of objects: [{NAME, VERSION[], ARCH[]}] ).' + required: true + type: string + refs: + description: 'The ref build matrix as JSON string (list of git refs to build/deploy).' + required: false + type: string + ### + ### Secrets + ### + secrets: + dockerhub_username: + description: 'The username for Dockerhub.' + required: false + dockerhub_password: + description: 'The password for Dockerhub.' + required: false + +jobs: + + # ----------------------------------------------------------------------------------------------- + # JOB (1/3): CONFIGURE + # ----------------------------------------------------------------------------------------------- + configure: + name: Configure + runs-on: ubuntu-latest + outputs: + can_login: ${{ steps.set-login.outputs.can_login }} + has_refs: ${{ steps.set-matrix.outputs.has_refs }} + matrix_build: ${{ steps.set-matrix.outputs.matrix_build }} + matrix_deploy: ${{ steps.set-matrix.outputs.matrix_deploy }} + if: inputs.enabled + steps: + - name: "[Set-Output] Set Docker login capabilities" + id: set-login + shell: bash + run: | + if [ "${{ env.ENV_USER }}" = '' ] || [ "${{ env.ENV_PASS }}" = '' ]; then + echo "::set-output name=can_login::0" + else + echo "::set-output name=can_login::1" + fi + env: + ENV_USER: ${{ secrets.dockerhub_username }} + ENV_PASS: ${{ secrets.dockerhub_password }} + + - name: "[Set-Output] Set Build & Deploy Matrix" + id: set-matrix + shell: bash + run: | + if [ "${{ inputs.refs }}" != "" ]; then + MATRIX_BUILD="$( \ + jq -M -c \ + --argjson refs '${{ inputs.refs }}' \ + 'map({name:.NAME, version:.VERSION[], arch:.ARCH[], refs:$refs[]})' <<<'${{ inputs.matrix }}' \ + )" + MATRIX_DEPLOY="$( \ + jq -M -c \ + --argjson refs '${{ inputs.refs }}' \ + 'map({name:.NAME, version:.VERSION[], refs:$refs[]})' <<<'${{ inputs.matrix }}' \ + )" + echo "::set-output name=matrix_build::${MATRIX_BUILD}" + echo "::set-output name=matrix_deploy::${MATRIX_DEPLOY}" + echo "::set-output name=has_refs::1" + else + MATRIX_BUILD="$( \ + jq -M -c \ + 'map({name:.NAME, version:.VERSION[], arch:.ARCH[]})' <<<'${{ inputs.matrix }}' \ + )" + MATRIX_DEPLOY="$( \ + jq -M -c \ + 'map({name:.NAME, version:.VERSION[]})' <<<'${{ inputs.matrix }}' \ + )" + echo "::set-output name=matrix_build::${MATRIX_BUILD}" + echo "::set-output name=matrix_deploy::${MATRIX_DEPLOY}" + echo "::set-output name=has_refs::0" + fi + + - name: "[DEBUG] Workflow Inputs" + shell: bash + run: | + echo 'enabled: ${{ inputs.enabled }} ' + echo 'can_deploy: ${{ inputs.can_deploy }} ' + echo 'matrix: ${{ inputs.matrix }} ' + echo 'refs: ${{ inputs.refs }} ' + + - name: "[DEBUG] Determined Settings" + shell: bash + run: | + echo 'can_login=${{ steps.set-login.outputs.can_login }}' + echo 'has_refs=${{ steps.set-matrix.outputs.has_refs }}' + echo 'matrix_build=${{ steps.set-matrix.outputs.matrix_build }}' + echo 'matrix_deploy=${{ steps.set-matrix.outputs.matrix_deploy }}' + + # ----------------------------------------------------------------------------------------------- + # JOB (2/3): BUILD + # ----------------------------------------------------------------------------------------------- + build: + needs: [configure] + name: Build ${{ matrix.name }}-${{ matrix.version }} (${{ matrix.arch }}) ${{ matrix.refs }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: ${{ fromJson(needs.configure.outputs.matrix_build) }} + if: inputs.enabled + steps: + # ------------------------------------------------------------ + # Setup repository + # ------------------------------------------------------------ + - name: "[SETUP] Checkout repository (current)" + uses: actions/checkout@v3 + with: + fetch-depth: 0 + if: needs.configure.outputs.has_refs == 0 + + - name: "[SETUP] Checkout repository (ref: ${{ matrix.refs }})" + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ matrix.refs }} + if: needs.configure.outputs.has_refs != 0 + + - name: "[SETUP] Setup QEMU environment" + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: "[SETUP] Determine Docker tag" + id: tag + uses: cytopia/docker-tag-action@v0.4.15 + + # ------------------------------------------------------------ + # Build + # ------------------------------------------------------------ + - name: Build + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make build NAME=${{ matrix.name }} VERSION=${{ matrix.version }} ARCH=${{ matrix.arch }} TAG=${{ steps.tag.outputs.docker-tag }} + + # ------------------------------------------------------------ + # Test + # ------------------------------------------------------------ + - name: Test + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make test NAME=${{ matrix.name }} VERSION=${{ matrix.version }} ARCH=${{ matrix.arch }} TAG=${{ steps.tag.outputs.docker-tag }} + + # ------------------------------------------------------------ + # Deploy + # ------------------------------------------------------------ + - name: Docker login + uses: docker/login-action@v1 + with: + username: ${{ secrets.dockerhub_username }} + password: ${{ secrets.dockerhub_password }} + if: needs.configure.outputs.can_login == 1 && inputs.can_deploy + + - name: Docker push architecture image + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make push NAME=${{ matrix.name }} VERSION=${{ matrix.version }} ARCH=${{ matrix.arch }} TAG=${{ steps.tag.outputs.docker-tag }} + if: needs.configure.outputs.can_login == 1 && inputs.can_deploy + + # ----------------------------------------------------------------------------------------------- + # JOB (3/3): DEPLOY + # ----------------------------------------------------------------------------------------------- + deploy: + needs: [configure, build] + name: Deploy ${{ matrix.name }}-${{ matrix.version }} ${{ matrix.refs }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: ${{ fromJson(needs.configure.outputs.matrix_deploy) }} + if: inputs.enabled && needs.configure.outputs.can_login == 1 && inputs.can_deploy + steps: + # ------------------------------------------------------------ + # Setup repository + # ------------------------------------------------------------ + - name: "[SETUP] Checkout repository (current)" + uses: actions/checkout@v3 + with: + fetch-depth: 0 + if: needs.configure.outputs.has_refs == 0 + + - name: "[SETUP] Checkout repository (ref: ${{ matrix.refs }})" + uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ matrix.refs }} + if: needs.configure.outputs.has_refs != 0 + + - name: "[SETUP] Determine Docker tag" + id: tag + uses: cytopia/docker-tag-action@v0.4.15 + + - name: "[SETUP] Determine manifest arches" + id: manifest + run: | + ARCHES="$( echo '${{ inputs.matrix }}' \ + | jq 'group_by(.NAME, .VERSION, .ARCH)' \ + | jq 'map({NAME: .[].NAME, VERSION: .[].VERSION[], ARCHES: .[].ARCH|join(",")})' \ + | jq '.[] | select(.NAME=="${{ matrix.name }}" and .VERSION=="${{ matrix.version }}") | .ARCHES' \ + | jq -c -M \ + )" + echo "::set-output name=arches::${ARCHES}" + echo "ARCHES: ${ARCHES}" + + + # ------------------------------------------------------------ + # Deploy + # ------------------------------------------------------------ + - name: "[DEPLOY] Login" + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: "[DEPLOY] Create Docker manifest for architectures: ${{ steps.manifest.outputs.arches }}" + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make manifest-create NAME=${{ matrix.name }} VERSION=${{ matrix.version }} ARCHES=${{ steps.manifest.outputs.arches }} TAG=${{ steps.tag.outputs.docker-tag }} + + - name: "[DEPLOY] Publish Docker manifest: ${{ steps.tag.outputs.docker-tag }}" + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make manifest-push NAME=${{ matrix.name }} VERSION=${{ matrix.version }} TAG=${{ steps.tag.outputs.docker-tag }} diff --git a/.github/workflows/lint-generic.yml b/.github/workflows/lint-generic.yml new file mode 100644 index 0000000..3e97475 --- /dev/null +++ b/.github/workflows/lint-generic.yml @@ -0,0 +1,43 @@ +name: Lint + +on: + workflow_call: + +jobs: + + # ----------------------------------------------------------------------------------------------- + # JOB (1/1): Lint + # ----------------------------------------------------------------------------------------------- + lint: + name: lint + runs-on: ubuntu-latest + steps: + + - name: "[SETUP] Checkout repository" + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Lint Files + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make lint-files + + - name: Lint Yaml + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make lint-yaml + + - name: Lint JSON + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make lint-json + + - name: Lint Bash + uses: cytopia/shell-command-retry-action@v0.1.2 + with: + command: | + make lint-bash diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f83d099..91bae7b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -19,4 +19,5 @@ on: # ------------------------------------------------------------------------------------------------- jobs: lint: - uses: devilbox/github-actions/.github/workflows/lint-generic.yml@master + #uses: devilbox/github-actions/.github/workflows/lint-generic.yml@master + uses: ./.github/workflows/lint-generic.yml From a1874fa68f102336a2d6c11abfb9fa0cdbbc13ae Mon Sep 17 00:00:00 2001 From: cytopia Date: Wed, 16 Mar 2022 12:08:13 +0100 Subject: [PATCH 6/6] Fix bind options --- data/docker-entrypoint.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh index 1fb83d5..0020fc3 100755 --- a/data/docker-entrypoint.sh +++ b/data/docker-entrypoint.sh @@ -284,18 +284,21 @@ add_options() { fi if [ -n "${forwarders}" ]; then echo " forwarders {" - printf "%s" "${forwarders}" + # shellcheck disable=SC2059 + printf "${forwarders}\n" echo " };" fi if [ -n "${allow_recursion}" ]; then echo " recursion yes;" echo " allow-recursion {" - printf "%s" "${allow_recursion}" + # shellcheck disable=SC2059 + printf "${allow_recursion}\n" echo " };" fi if [ -n "${allow_query}" ]; then echo " allow-query {" - printf "%s" "${allow_query}" + # shellcheck disable=SC2059 + printf "${allow_query}\n" echo " };" fi echo "};"