feat: initial commit

templates/unbound/unbound.conf.j2

@@ -0,0 +1,40 @@
+server:
+  verbosity: 1
+  interface: 0.0.0.0
+  port: 53
+  do-ip4: yes
+  do-ip6: yes
+  do-udp: yes
+  do-tcp: no
+    
+  # access control
+{% for network in unbound_allow_access % }
+  ## {{ network.name }}
+  access-control: {{ network.network }} allow
+
+{% endfor %}
+  
+  # security and performance
+  cache-max-ttl: 86400
+  cache-min-ttl: 3600
+  harden-dnssec-stripped: yes
+  harden-glue: yes
+  hide-identity: yes
+  hide-version: yes
+  infra-cache-slabs: 8
+  key-cache-slabs: 8
+  msg-cache-slabs: 8
+  num-threads: 2
+  prefetch: yes
+  rrset-cache-slabs: 8
+  use-caps-for-id: no
+  
+  # include zone configurations
+  include: "/etc/unbound/conf.d/*.conf"
+
+# forward zones configuration
+forward-zone:
+    name: "."
+{% for dns_server in unbound_upstream_dns %}
+    forward-addr: {{ dns_server }}
+{% endfor %}

templates/unbound/zones.conf.j2

@@ -0,0 +1,63 @@
+{% for zone in unbound_zones %}
+# zone: {{ zone.zone }}
+server:
+  local-zone: "{{ zone.zone }}." {{ zone.type | default('static') }}
+    
+{% for record in zone.records %}
+{% if record.type == 'MX' %}
+  local-data: "{{ record.name }}. IN MX {{ record.priority }} {{ record.value }}"
+{% elif record.type == 'CNAME' %}
+  local-data: "{{ record.name }}. IN CNAME {{ record.value }}"
+{% elif record.type == 'TXT' %}
+  local-data: "{{ record.name }}. IN TXT \"{{ record.value }}\""
+{% elif record.type == 'PTR' %}
+  local-data: "{{ record.name }}. IN PTR {{ record.value }}"
+{% else %}
+  local-data: "{{ record.name }}. IN {{ record.type }} {{ record.value }}"
+{% endif %}
+{% endfor %}
+
+{% endfor %}
+
+{# generate reverse dns zones from a records #}
+{% set reverse_zones = {} %}
+{% for zone in unbound_zones %}
+{% for record in zone.records %}
+{% if record.type == 'A' %}
+{% set ip_parts = record.value.split('.') %}
+{% if ip_parts[0] == '192' and ip_parts[1] == '168' %}
+{% set reverse_zone = ip_parts[2] + '.168.192.in-addr.arpa' %}
+{% set reverse_record = ip_parts[3] + '.' + reverse_zone %}
+{% if reverse_zone not in reverse_zones %}
+{% set _ = reverse_zones.update({reverse_zone: []}) %}
+{% endif %}
+{% set _ = reverse_zones[reverse_zone].append({'ptr': reverse_record, 'hostname': record.name}) %}
+{% elif ip_parts[0] == '10' and ip_parts[1] == '8' %}
+{% set reverse_zone = '8.10.in-addr.arpa' %}
+{% set reverse_record = ip_parts[3] + '.' + ip_parts[2] + '.' + reverse_zone %}
+{% if reverse_zone not in reverse_zones %}
+{% set _ = reverse_zones.update({reverse_zone: []}) %}
+{% endif %}
+{% set _ = reverse_zones[reverse_zone].append({'ptr': reverse_record, 'hostname': record.name}) %}
+{% elif ip_parts[0] == '10' and ip_parts[1] == '0' %}
+{% set reverse_zone = '0.10.in-addr.arpa' %}
+{% set reverse_record = ip_parts[3] + '.' + ip_parts[2] + '.' + reverse_zone %}
+{% if reverse_zone not in reverse_zones %}
+{% set _ = reverse_zones.update({reverse_zone: []}) %}
+{% endif %}
+{% set _ = reverse_zones[reverse_zone].append({'ptr': reverse_record, 'hostname': record.name}) %}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endfor %}
+
+{% for reverse_zone, ptr_records in reverse_zones.items() %}
+# reverse dns zone: {{ reverse_zone }}
+server:
+  local-zone: "{{ reverse_zone }}." static
+    
+{% for ptr_record in ptr_records %}
+  local-data: "{{ ptr_record.ptr }}. IN PTR {{ ptr_record.hostname }}."
+{% endfor %}
+
+{% endfor %}