|
| 1 | +#!/bin/bash |
| 2 | +basedir=".." |
| 3 | +outputdir="output/rpz" |
| 4 | +path="${basedir}/cache_domains.json" |
| 5 | +basedomain=${1:-lancache.net} |
| 6 | + |
| 7 | +export IFS=' ' |
| 8 | + |
| 9 | +test=$(which jq); |
| 10 | +out=$? |
| 11 | +if [ $out -gt 0 ] ; then |
| 12 | + echo "This script requires jq to be installed." |
| 13 | + echo "Your package manager should be able to find it" |
| 14 | + exit 1 |
| 15 | +fi |
| 16 | + |
| 17 | +cachenamedefault="disabled" |
| 18 | + |
| 19 | +while read line; do |
| 20 | + ip=$(jq ".ips[\"${line}\"]" config.json) |
| 21 | + declare "cacheip$line"="$ip" |
| 22 | +done <<< $(jq -r '.ips | to_entries[] | .key' config.json) |
| 23 | + |
| 24 | +while read line; do |
| 25 | + name=$(jq -r ".cache_domains[\"${line}\"]" config.json) |
| 26 | + declare "cachename$line"="$name" |
| 27 | +done <<< $(jq -r '.cache_domains | to_entries[] | .key' config.json) |
| 28 | + |
| 29 | +rm -rf ${outputdir} |
| 30 | +mkdir -p ${outputdir} |
| 31 | +outputfile=${outputdir}/db.rpz.$basedomain |
| 32 | +cat > $outputfile << EOF |
| 33 | +\$TTL 60 ; default TTL |
| 34 | +\$ORIGIN rpz.$basedomain. |
| 35 | +@ SOA ns1.$basedomain. admin.$basedomain. ( |
| 36 | + $(date +%Y%m%d01) ; serial |
| 37 | + 604800 ; refresh (1 week) |
| 38 | + 600 ; retry (10 mins) |
| 39 | + 600 ; expire (10 mins) |
| 40 | + 600 ; minimum (10 mins) |
| 41 | + ) |
| 42 | + NS ns1.$basedomain. |
| 43 | + NS ns2.$basedomain. |
| 44 | +
|
| 45 | +EOF |
| 46 | + |
| 47 | +while read entry; do |
| 48 | + unset cacheip |
| 49 | + unset cachename |
| 50 | + key=$(jq -r ".cache_domains[$entry].name" $path) |
| 51 | + cachename="cachename${key}" |
| 52 | + if [ -z "${!cachename}" ]; then |
| 53 | + cachename="cachenamedefault" |
| 54 | + fi |
| 55 | + if [[ ${!cachename} == "disabled" ]]; then |
| 56 | + continue; |
| 57 | + fi |
| 58 | + cacheipname="cacheip${!cachename}" |
| 59 | + cacheip=$(jq -r 'if type == "array" then .[] else . end' <<< ${!cacheipname} | xargs) |
| 60 | + while read fileid; do |
| 61 | + while read filename; do |
| 62 | + echo "" >> $outputfile |
| 63 | + echo "; $(echo $filename | sed -e 's/.txt$//')" >> $outputfile |
| 64 | + destfilename=$(echo $filename | sed -e 's/txt/conf/') |
| 65 | + while read fileentry; do |
| 66 | + # Ignore comments and newlines |
| 67 | + if [[ $fileentry == \#* ]] || [[ -z $fileentry ]]; then |
| 68 | + continue |
| 69 | + fi |
| 70 | + parsed=$(echo $fileentry) |
| 71 | + if grep -qx "^\"${parsed}\". " $outputfile; then |
| 72 | + continue |
| 73 | + fi |
| 74 | + t="" |
| 75 | + for i in ${cacheip}; do |
| 76 | + # only one cname per domain is allowed |
| 77 | + if [[ ${t} = "CNAME" ]]; then |
| 78 | + continue |
| 79 | + fi |
| 80 | + # for cnames you must use a fqdn with trailing dot |
| 81 | + t="CNAME" |
| 82 | + if [[ ${i} =~ ^[0-9\.]+$ ]] ; then |
| 83 | + t="A" |
| 84 | + elif [[ ! ${i} =~ \.$ ]] ; then |
| 85 | + i="${i}." |
| 86 | + fi |
| 87 | + printf "%-50s IN %s %s\n" \ |
| 88 | + "${parsed}" \ |
| 89 | + "${t}" \ |
| 90 | + "${i}" \ |
| 91 | + >> $outputfile |
| 92 | + done |
| 93 | + done <<< $(cat ${basedir}/$filename | sort); |
| 94 | + done <<< $(jq -r ".cache_domains[$entry].domain_files[$fileid]" $path) |
| 95 | + done <<< $(jq -r ".cache_domains[$entry].domain_files | to_entries[] | .key" $path) |
| 96 | +done <<< $(jq -r '.cache_domains | to_entries[] | .key' $path) |
| 97 | + |
| 98 | +cat << EOF |
| 99 | +Configuration generation completed. |
| 100 | +
|
| 101 | +Please include the rpz zone in your bind configuration" |
| 102 | +- cp $outputfile /etc/bind |
| 103 | +- configure the zone and use it |
| 104 | +
|
| 105 | +options { |
| 106 | + [...] |
| 107 | + response-policy {zone "rpz.$basedomain";}; |
| 108 | + [...] |
| 109 | +} |
| 110 | +zone "rpz.$basedomain" { |
| 111 | + type master; |
| 112 | + file "/etc/bind/db.rpz.$basedomain"; |
| 113 | +}; |
| 114 | +EOF |
0 commit comments