2022-04-03 14:53:00 +00:00
|
|
|
#!/bin/bash
|
|
|
|
basedir=".."
|
|
|
|
outputdir="output/rpz"
|
|
|
|
path="${basedir}/cache_domains.json"
|
|
|
|
basedomain=${1:-lancache.net}
|
|
|
|
|
|
|
|
export IFS=' '
|
|
|
|
|
|
|
|
test=$(which jq);
|
2024-10-25 08:13:50 +00:00
|
|
|
if [ $? -gt 0 ] ; then
|
|
|
|
echo "This script requires jq to be installed."
|
|
|
|
echo "Your package manager should be able to find it"
|
|
|
|
exit 1
|
2022-04-03 14:53:00 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
cachenamedefault="disabled"
|
|
|
|
|
|
|
|
while read line; do
|
2024-10-25 08:13:50 +00:00
|
|
|
ip=$(jq ".ips[\"${line}\"]" config.json)
|
|
|
|
declare "cacheip${line}"="${ip}"
|
2022-04-03 14:53:00 +00:00
|
|
|
done <<< $(jq -r '.ips | to_entries[] | .key' config.json)
|
|
|
|
|
|
|
|
while read line; do
|
2024-10-25 08:13:50 +00:00
|
|
|
name=$(jq -r ".cache_domains[\"${line}\"]" config.json)
|
|
|
|
declare "cachename${line}"="${name}"
|
2022-04-03 14:53:00 +00:00
|
|
|
done <<< $(jq -r '.cache_domains | to_entries[] | .key' config.json)
|
|
|
|
|
|
|
|
rm -rf ${outputdir}
|
|
|
|
mkdir -p ${outputdir}
|
2024-10-25 08:13:50 +00:00
|
|
|
outputfile=${outputdir}/db.rpz.${basedomain}
|
|
|
|
cat > ${outputfile} << EOF
|
2022-04-03 14:53:00 +00:00
|
|
|
\$TTL 60 ; default TTL
|
2024-10-25 08:13:50 +00:00
|
|
|
\$ORIGIN rpz.${basedomain}.
|
|
|
|
@ SOA ns1.${basedomain}. admin.${basedomain}. (
|
2022-04-03 14:53:00 +00:00
|
|
|
$(date +%Y%m%d01) ; serial
|
|
|
|
604800 ; refresh (1 week)
|
|
|
|
600 ; retry (10 mins)
|
|
|
|
600 ; expire (10 mins)
|
|
|
|
600 ; minimum (10 mins)
|
|
|
|
)
|
2024-10-25 08:13:50 +00:00
|
|
|
NS ns1.${basedomain}.
|
|
|
|
NS ns2.${basedomain}.
|
2022-04-03 14:53:00 +00:00
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
while read entry; do
|
2024-10-25 08:13:50 +00:00
|
|
|
unset cacheip
|
|
|
|
unset cachename
|
|
|
|
key=$(jq -r ".cache_domains[${entry}].name" ${path})
|
|
|
|
cachename="cachename${key}"
|
|
|
|
if [ -z "${!cachename}" ]; then
|
|
|
|
cachename="cachenamedefault"
|
|
|
|
fi
|
|
|
|
if [[ ${!cachename} == "disabled" ]]; then
|
|
|
|
continue;
|
|
|
|
fi
|
|
|
|
cacheipname="cacheip${!cachename}"
|
|
|
|
cacheip=$(jq -r 'if type == "array" then .[] else . end' <<< ${!cacheipname} | xargs)
|
|
|
|
while read fileid; do
|
|
|
|
while read filename; do
|
|
|
|
echo "" >> ${outputfile}
|
|
|
|
echo "; $(echo ${filename} | sed -e 's/.txt$//')" >> ${outputfile}
|
|
|
|
destfilename=$(echo ${filename} | sed -e 's/txt/conf/')
|
|
|
|
while read fileentry; do
|
|
|
|
# Ignore comments and newlines
|
|
|
|
if [[ ${fileentry} == \#* ]] || [[ -z ${fileentry} ]]; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
parsed=$(echo ${fileentry})
|
|
|
|
if grep -qx "^\"${parsed}\". " ${outputfile}; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
t=""
|
|
|
|
for i in ${cacheip}; do
|
|
|
|
# only one cname per domain is allowed
|
|
|
|
if [[ ${t} = "CNAME" ]]; then
|
|
|
|
continue
|
|
|
|
fi
|
|
|
|
# for cnames you must use a fqdn with trailing dot
|
|
|
|
t="CNAME"
|
|
|
|
if [[ ${i} =~ ^[0-9\.]+$ ]] ; then
|
|
|
|
t="A"
|
|
|
|
elif [[ ! ${i} =~ \.$ ]] ; then
|
|
|
|
i="${i}."
|
|
|
|
fi
|
|
|
|
printf "%-50s IN %s %s\n" \
|
|
|
|
"${parsed}" \
|
|
|
|
"${t}" \
|
|
|
|
"${i}" \
|
|
|
|
>> ${outputfile}
|
|
|
|
done
|
|
|
|
done <<< $(cat ${basedir}/${filename} | sort);
|
|
|
|
done <<< $(jq -r ".cache_domains[${entry}].domain_files[${fileid}]" ${path})
|
|
|
|
done <<< $(jq -r ".cache_domains[${entry}].domain_files | to_entries[] | .key" ${path})
|
|
|
|
done <<< $(jq -r '.cache_domains | to_entries[] | .key' ${path})
|
2022-04-03 14:53:00 +00:00
|
|
|
|
|
|
|
cat << EOF
|
|
|
|
Configuration generation completed.
|
|
|
|
|
|
|
|
Please include the rpz zone in your bind configuration"
|
2024-10-25 08:13:50 +00:00
|
|
|
- cp ${outputfile} /etc/bind
|
2022-04-03 14:53:00 +00:00
|
|
|
- configure the zone and use it
|
|
|
|
|
|
|
|
options {
|
|
|
|
[...]
|
2024-10-25 08:13:50 +00:00
|
|
|
response-policy {zone "rpz.${basedomain}";};
|
2022-04-03 14:53:00 +00:00
|
|
|
[...]
|
|
|
|
}
|
|
|
|
zone "rpz.$basedomain" {
|
|
|
|
type master;
|
2024-10-25 08:13:50 +00:00
|
|
|
file "/etc/bind/db.rpz.${basedomain}";
|
2022-04-03 14:53:00 +00:00
|
|
|
};
|
|
|
|
EOF
|