create installer with systemd service and example db

2017-11-01 22:56:44 -06:00 · 2017-11-01 22:56:44 -06:00 · 8f34294c88
commit 8f34294c88
parent 861ffa1b80
4 changed files with 143 additions and 11 deletions
--- a/dist/etc/systemd/system/digd.js.service
+++ b/dist/etc/systemd/system/digd.js.service
@ -17,17 +17,17 @@ StartLimitBurst=3
 User=digd
 Group=digd

-WorkingDirectory=/opt/digd
-# custom directory cannot be set and will be the place where gitea exists, not the working directory
-ExecStart=/opt/digd/bin/digd.js --config /srv/digd.js/db.json
+WorkingDirectory=/opt/digd.js
+# TODO use --config instead of commandline params
+ExecStart=/opt/digd.js/bin/node /opt/digd/bin/digd.js --port 53 --input /srv/digd.js/db.json +norecurse
 ExecReload=/bin/kill -USR1 $MAINPID

 # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
-# Unmodified gitea is not expected to use more than this.
+# Unmodified digd.js is not expected to use more than this.
 LimitNOFILE=1048576
 LimitNPROC=64

-# Use private /tmp and /var/tmp, which are discarded after gitea stops.
+# Use private /tmp and /var/tmp, which are discarded after digd.js stops.
 PrivateTmp=true
 # Use a minimal /dev
 PrivateDevices=true
@ -35,8 +35,8 @@ PrivateDevices=true
 ProtectHome=true
 # Make /usr, /boot, /etc and possibly some more folders read-only.
 ProtectSystem=full
-# ... except /opt/gitea because we want a place for the database
-# and /var/log/gitea because we want a place where logs can go.
+# ... except /srv/digd.js because we want a place for the database
+# and /var/log/digd.js because we want a place where logs can go.
 # This merely retains r/w access rights, it does not add any new.
 # Must still be writable on the host!
 ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
@ -45,7 +45,7 @@ ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
 ; ReadWritePaths=/opt/digd.js /srv/digd.js /var/log/digd.js

 # The following additional security directives only work with systemd v229 or later.
-# They further retrict privileges that can be gained by gitea.
+# They further retrict privileges that can be gained by digd.js.
 # Note that you may have to add capabilities required by any plugins in use.
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+
+sudo adduser --home /opt/digd.js --gecos '' --nopasswd --disabled-password digd
+sudo mkdir -p /opt/digd.js/ /srv/digd.js /var/log/digd.js
+sudo mkdir -p /opt/digd.js /srv/digd.js
+chown $(whoami):$(whoami) /opt/digd.js /srv/digd.js
+
+echo "v8.9.0" > /tmp/NODEJS_VER
+export NODE_PATH=/opt/digd.js/lib/node_modules
+export NPM_CONFIG_PREFIX=/opt/digd.js
+curl -fsSL https://bit.ly/install-min-node -o ./install-node.sh.tmp
+bash ./install-node.sh.tmp
+/opt/digd.js/bin/npm install -g npm@4
+
+git clone https://git.coolaj86.com/coolaj86/digd.js /opt/digd.js/lib/node_modules/digd.js
+pushd /opt/digd.js/lib/node_modules/digd.js
+  git checkout v1.1
+  /opt/digd.js/bin/npm install
+popd
+
+sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/dist/etc/systemd/system/digd.js.service /etc/systemd/system/
+sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/samples/db.json /srv/digd.js/db.json
+sudo ln -s /opt/digd.js/lib/node_modules/digd.js/bin/digd.js /opt/digd.js/bin/
+
+sudo chown -R digd:digd /opt/digd.js/ /srv/digd.js /var/log/digd.js
+
+sudo systemctl daemon-reload
+sudo systemctl restart digd.js
+
+dig @localhost -p 53 example.com
+
+#sudo journalctl -xefu digd.js
+sudo journalctl -xeu digd.js
--- a/samples/db.js
+++ b/samples/db.js
@ -1,12 +1,13 @@
 'use strict';

-module.exports = {
-  "primaryNameservers": [ 'localhost' ] // 'ns1.vanity-dns.org'
+module.exports =
+{
+  "primaryNameservers": [ "localhost" ] // 'ns1.vanity-dns.org'
 , "domains": [
    { "id": "example.com", "revokedAt": 0 }
  , { "id": "smith.example.com", "revokedAt": 0 }
  , { "id": "in-delegated.example.com", "revokedAt": 0 }
-  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ 'ns1.dns-server.net', 'ns2.dns-server.net' ] }
+  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
    // test and probably remove
  //, { "id": "out-delegated.example.com", "revokedAt": 0 }
  ]
--- a/samples/db.json
+++ b/samples/db.json
@ -0,0 +1,98 @@
+{
+  "primaryNameservers": [ "localhost" ]
+, "domains": [
+    { "id": "example.com", "revokedAt": 0 }
+  , { "id": "smith.example.com", "revokedAt": 0 }
+  , { "id": "in-delegated.example.com", "revokedAt": 0 }
+  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
+  ]
+, "records": [
+    { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "TXT", "data": [ "foo bar baz" ] }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "TXT", "data": [ "foo", "bar", "baz" ] }
+
+  , { "zone": "example.com", "name": "a.example.com", "tld": "com", "sld": "example", "sub": "a"
+    , "type": "A", "address": "4.3.2.1" }
+  , { "zone": "example.com", "name": "aaaa.example.com", "tld": "com", "sld": "example", "sub": "aaaa"
+    , "type": "AAAA", "address": "::1" }
+  , { "zone": "example.com", "name": "aname.example.com", "tld": "com", "sld": "example", "sub": "aname"
+    , "type": "A", "aname": "amazon.com" }
+  , { "zone": "example.com", "name": "devname.example.com", "tld": "com", "sld": "example", "sub": "devname"
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "cname.example.com", "tld": "com", "sld": "example", "sub": "cname"
+    , "type": "CNAME", "data": "example.com" }
+  , { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
+    , "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
+  , { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
+    , "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
+  , { "zone": "example.com", "name": "srv.example.com", "tld": "com", "sld": "example", "sub": "srv"
+    , "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
+  , { "zone": "example.com", "name": "txt.example.com", "tld": "com", "sld": "example", "sub": "txt"
+    , "type": "TXT", "data": [ "foo bar baz" ] }
+  , { "zone": "example.com", "name": "mtxt.example.com", "tld": "com", "sld": "example", "sub": "mtxt"
+    , "type": "TXT", "data": [ "foo", "bar", "baz" ] }
+  , { "zone": "example.com", "type": "NS", "name": "ns.example.com"
+    , "tld": "com", "sld": "example", "sub": "ns", "data": "ns1.vanity-dns.org" }
+  , { "zone": "example.com", "type": "NS", "name": "ns.example.com"
+    , "tld": "com", "sld": "example", "sub": "ns", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "example.com", "name": "www.example.com", "tld": "com", "sld": "example", "sub": "www"
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "email.example.com", "tld": "com", "sld": "example", "sub": "email"
+    , "type": "CNAME", "data": "mailgun.org" }
+
+  , { "zone": "example.com", "name": "*.wild.example.com", "tld": "com", "sld": "example", "sub": "*.wild"
+    , "type": "A", "address": "12.34.56.78" }
+  , { "zone": "example.com", "name": "exists.wild.example.com", "tld": "com", "sld": "example", "sub": "exists.wild"
+    , "type": "A", "address": "123.0.0.45" }
+
+  , { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns1.vanity-dns.org" }
+  , { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "example.com", "type": "NS", "name": "in-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "in-delegated", "data": "localhost" }
+
+  , { "zone": "example.com", "name": "fido.devices.example.com", "tld": "com", "sld": "example", "sub": "fido.devices"
+    , "device": "abcdef123"
+    , "type": "ANAME", "address": "1.2.3.4" }
+
+  , { "zone": "example.com", "type": "NS", "name": "smith.example.com"
+    , "tld": "com", "sld": "example", "sub": "smith", "data": "ns1.vanity-dns.org" }
+
+  , { "zone": "example.com", "name": "smith.example.com", "tld": "com", "sld": "example", "sub": "smith"
+    , "type": "NS", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "smith.example.com", "tld": "example.com", "sld": "smith", "sub": ""
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "www.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "www"
+    , "type": "CNAME", "data": "smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
+    , "type": "NS", "data": "ns1.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
+    , "type": "NS", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "*.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "*"
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "exception.john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "exception.john"
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+
+  , { "zone": "john.smith.example.com", "name": "john.smith.example.com", "tld": "smith.example.com", "sld": "john", "sub": ""
+   , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+  ]
+}