hai 4 meses · 9039bea783
--- a/.gitignore
+++ b/.gitignore
@@ -30,5 +30,10 @@ nginx/tcms.conf
 
				 fail2ban/tcms-jail.conf
			
 
				 logs/
			
 
				 run/
			
 
				+dns/tcms.conf
			
 
				+dns/zones.db
			
 
				+dns/zone.sql
			
 
				+dns/default.zone
			
 
				+dns/default.zone.sql
			
 
				 *-shm
			
 
				 *-wal
			
--- a/Installer.mk
+++ b/Installer.mk
@@ -1,4 +1,5 @@
 
				 SHELL := /bin/bash
			
 
				+SERVER_NAME := $(shell bin/tcms-hostname)
			
 
				 
			
 
				 .PHONY: depend
			
 
				 depend:
			
@@ -39,7 +40,8 @@ prereq-debs:
 
				 	    libuuid-tiny-perl libcapture-tiny-perl libconfig-simple-perl libdbi-perl libfile-slurper-perl libfile-touch-perl \
			
 
				 	    libfile-copy-recursive-perl libxml-rss-perl libmodule-install-perl libio-string-perl uuid-dev                    \
			
 
				 	    libmoose-perl libmoosex-types-datetime-perl libxml-libxml-perl liblist-moreutils-perl libclone-perl libpath-tiny-perl \
			
 
				-		selinux-utils setools policycoreutils-python-utils policycoreutils selinux-basics auditd
			
 
				+		selinux-utils setools policycoreutils-python-utils policycoreutils selinux-basics auditd \
			
 
				+		pdns-tools pdns-server pdns-backend-sqlite3
			
 
				 
			
 
				 .PHONY: prereq-perl
			
 
				 prereq-perl:
			
@@ -142,5 +144,39 @@ dmarc:
 
				 	sudo service opendmarc enable
			
 
				 	sudo service opendmarc start
			
 
				 
			
 
				+.PHONY: dns
			
 
				+dns:
			
 
				+	cp dns/tcms.tmpl dns/tcms.conf
			
 
				+	sed -i 's#__DIR__#$(shell pwd)#g' dns/tcms.conf
			
 
				+	sed -i 's#__DOMAIN__#$(SERVER_NAME)#g' dns/tcms.conf
			
 
				+	[[ -e /etc/powerdns/pdns.d/$(SERVER_NAME).conf ]] && sudo rm /etc/powerdns/pdns.d/$(SERVER_NAME).conf
			
 
				+	sudo cp dns/tcms.conf /etc/powerdns/pdns.d/$(SERVER_NAME).conf
			
 
				+	sudo mkdir /etc/systemd/resolved.conf.d/; /bin/true
			
 
				+	sudo cp dns/10-disable-stub-resolver.conf /etc/systemd/resolved.conf.d/
			
 
				+	sudo chown -R systemd-resolve:systemd-resolve /etc/systemd/resolved.conf.d/
			
 
				+	sudo chmod 0660 /etc/systemd/resolved.conf.d/10-disable-stub-resolver.conf
			
 
				+	sudo systemctl restart systemd-resolved
			
 
				+	# Build the zone database and initialize the zone for our domain
			
 
				+	rm dns/zones.db; /bin/true
			
 
				+	sqlite3 dns/zones.db < /usr/share/pdns-backend-sqlite3/schema/schema.sqlite3.sql
			
 
				+	bin/build_zone > dns/default.zone
			
 
				+	zone2sql --gsqlite --zone=dns/default.zone > dns/default.zone.sql
			
 
				+	sqlite3 dns/zones.db < dns/default.zone.sql
			
 
				+	# Bind mount our dns/ folder so that pdns can see it in chroot
			
 
				+	sudo mkdir /var/spool/powerdns/$(SERVER_NAME); /bin/true
			
 
				+	sudo chown pdns:pdns /var/spool/powerdns/$(SERVER_NAME); /bin/true
			
 
				+	sudo cp /etc/fstab /tmp/fstab.new
			
 
				+	sudo chown $(USER) /tmp/fstab.new
			
 
				+	echo "$(shell pwd)/dns /var/spool/powerdns/$(SERVER_NAME) none defaults,bind 0 0" >> /tmp/fstab.new
			
 
				+	sort < /tmp/fstab.new | uniq | grep -o '^[^#]*' > /tmp/fstab.new
			
 
				+	sudo chown root:root /tmp/fstab.new
			
 
				+	sudo mv /etc/fstab /etc/fstab.bak
			
 
				+	sudo mv /tmp/fstab.new /etc/fstab
			
 
				+	sudo mount /var/spool/powerdns/$(SERVER_NAME)
			
 
				+	# Don't need no bind
			
 
				+	[[ -e /etc/powerdns/pdns.d/bind.conf ]] && sudo rm /etc/powerdns/pdns.d/bind.conf
			
 
				+	sudo service pdns enable
			
 
				+	sudo service pdns start
			
 
				+
			
 
				 .PHONY: all
			
 
				 all: prereq-debian install fail2ban nginx mail
			
--- a/bin/build_zone
+++ b/bin/build_zone
@@ -107,6 +107,7 @@ sub main(@args) {
 
				     $data->{data} = $processor->render('zone.tx', $data);
			
 
				 
			
 
				     my $zone = Trog::Zone::addzone($data);
			
 
				+    print $data->{data};
			
 
				 
			
 
				     return 0;
			
 
				 }
			
--- a/bin/tcms-hostname
+++ b/bin/tcms-hostname
@@ -7,7 +7,15 @@ use FindBin::libs;
 
				 
			
 
				 use Trog::Config();
			
 
				 
			
 
				-my $domain = Trog::Config->get()->param('general.hostname');
			
 
				-die "Hostname not set in tCMS configuration.  Please set this first." unless $domain;
			
 
				+my $hostname = $ARGV[0];
			
 
				+
			
 
				+my $conf = Trog::Config->get();
			
 
				+if ($hostname) {
			
 
				+    $conf->param('general.hostname', $hostname);
			
 
				+    $conf->save();
			
 
				+}
			
 
				+
			
 
				+my $domain = $conf->param('general.hostname');
			
 
				+die "Hostname not set in tCMS configuration.  Please set this first by passing the hostname to bin/tcms-hostname." unless $domain;
			
 
				 
			
 
				 print "$domain\n";
			
--- a/dns/10-disable-stub-resolver.conf
+++ b/dns/10-disable-stub-resolver.conf
@@ -0,0 +1,4 @@
 
				+[Resolve]
			
 
				+DNS=8.8.8.8
			
 
				+FallbackDNS=8.8.4.4
			
 
				+DNSStubListener=no
			
--- a/dns/tcms.tmpl
+++ b/dns/tcms.tmpl
@@ -0,0 +1,3 @@
 
				+# tCMS powerdns configuration for __DOMAIN__
			
 
				+launch=gsqlite3:__DOMAIN__
			
 
				+gsqlite3-__DOMAIN__-database=__DOMAIN__/zones.db
			
--- a/tcms
+++ b/tcms
@@ -1,5 +1,5 @@
 
				 #!/bin/bash
			
 
				 [[ -e run/tcms.pid ]] && pkill -F run/tcms.pid
			
 
				-sudo www/server.psgi --listen run/tcms.sock --group www-data --user $USER --daemonize --pid run/tcms.pid
			
 
				+sudo www/server.psgi --listen run/tcms.sock --workers 20 --group www-data --user $USER --daemonize --pid run/tcms.pid
			
 
				 sudo chmod 0770 run/tcms.sock
			
 
				 echo "tCMS running as PID "`cat run/tcms.pid`