coolaj86
/
digd.js
2
1
Fork 1
Code Issues 7 Pull Requests 2 Releases Activity

create installer with systemd service and example db

This commit is contained in:
AJ ONeal 2017-11-01 22:56:44 -06:00
parent 861ffa1b80
commit 8f34294c88
4 changed files with 143 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dist/etc/systemd/system/digd.js.service vendored
View File

@ -17,17 +17,17 @@ StartLimitBurst=3
User=digd User=digd
Group=digd Group=digd
WorkingDirectory=/opt/digd WorkingDirectory=/opt/digd.js
# custom directory cannot be set and will be the place where gitea exists, not the working directory # TODO use --config instead of commandline params
ExecStart=/opt/digd/bin/digd.js --config /srv/digd.js/db.json ExecStart=/opt/digd.js/bin/node /opt/digd/bin/digd.js --port 53 --input /srv/digd.js/db.json +norecurse
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
# Unmodified gitea is not expected to use more than this. # Unmodified digd.js is not expected to use more than this.
LimitNOFILE=1048576 LimitNOFILE=1048576
LimitNPROC=64 LimitNPROC=64
# Use private /tmp and /var/tmp, which are discarded after gitea stops. # Use private /tmp and /var/tmp, which are discarded after digd.js stops.
PrivateTmp=true PrivateTmp=true
# Use a minimal /dev # Use a minimal /dev
PrivateDevices=true PrivateDevices=true
@ -35,8 +35,8 @@ PrivateDevices=true
ProtectHome=true ProtectHome=true
# Make /usr, /boot, /etc and possibly some more folders read-only. # Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full ProtectSystem=full
# ... except /opt/gitea because we want a place for the database # ... except /srv/digd.js because we want a place for the database
# and /var/log/gitea because we want a place where logs can go. # and /var/log/digd.js because we want a place where logs can go.
# This merely retains r/w access rights, it does not add any new. # This merely retains r/w access rights, it does not add any new.
# Must still be writable on the host! # Must still be writable on the host!
ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
@ -45,7 +45,7 @@ ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
; ReadWritePaths=/opt/digd.js /srv/digd.js /var/log/digd.js ; ReadWritePaths=/opt/digd.js /srv/digd.js /var/log/digd.js
# The following additional security directives only work with systemd v229 or later. # The following additional security directives only work with systemd v229 or later.
# They further retrict privileges that can be gained by gitea. # They further retrict privileges that can be gained by digd.js.
# Note that you may have to add capabilities required by any plugins in use. # Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE

33
install.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
sudo adduser --home /opt/digd.js --gecos '' --nopasswd --disabled-password digd
sudo mkdir -p /opt/digd.js/ /srv/digd.js /var/log/digd.js
sudo mkdir -p /opt/digd.js /srv/digd.js
chown $(whoami):$(whoami) /opt/digd.js /srv/digd.js
echo "v8.9.0" > /tmp/NODEJS_VER
export NODE_PATH=/opt/digd.js/lib/node_modules
export NPM_CONFIG_PREFIX=/opt/digd.js
curl -fsSL https://bit.ly/install-min-node -o ./install-node.sh.tmp
bash ./install-node.sh.tmp
/opt/digd.js/bin/npm install -g npm@4
git clone https://git.coolaj86.com/coolaj86/digd.js /opt/digd.js/lib/node_modules/digd.js
pushd /opt/digd.js/lib/node_modules/digd.js
git checkout v1.1
/opt/digd.js/bin/npm install
popd
sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/dist/etc/systemd/system/digd.js.service /etc/systemd/system/
sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/samples/db.json /srv/digd.js/db.json
sudo ln -s /opt/digd.js/lib/node_modules/digd.js/bin/digd.js /opt/digd.js/bin/
sudo chown -R digd:digd /opt/digd.js/ /srv/digd.js /var/log/digd.js
sudo systemctl daemon-reload
sudo systemctl restart digd.js
dig @localhost -p 53 example.com
#sudo journalctl -xefu digd.js
sudo journalctl -xeu digd.js

7
samples/db.js
View File

@ -1,12 +1,13 @@
'use strict'; 'use strict';
module.exports = { module.exports =
"primaryNameservers": [ 'localhost' ] // 'ns1.vanity-dns.org' {
"primaryNameservers": [ "localhost" ] // 'ns1.vanity-dns.org'
, "domains": [ , "domains": [
{ "id": "example.com", "revokedAt": 0 } { "id": "example.com", "revokedAt": 0 }
, { "id": "smith.example.com", "revokedAt": 0 } , { "id": "smith.example.com", "revokedAt": 0 }
, { "id": "in-delegated.example.com", "revokedAt": 0 } , { "id": "in-delegated.example.com", "revokedAt": 0 }
, { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ 'ns1.dns-server.net', 'ns2.dns-server.net' ] } , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
// test and probably remove // test and probably remove
//, { "id": "out-delegated.example.com", "revokedAt": 0 } //, { "id": "out-delegated.example.com", "revokedAt": 0 }
] ]

98
samples/db.json Normal file
View File

@ -0,0 +1,98 @@
{
"primaryNameservers": [ "localhost" ]
, "domains": [
{ "id": "example.com", "revokedAt": 0 }
, { "id": "smith.example.com", "revokedAt": 0 }
, { "id": "in-delegated.example.com", "revokedAt": 0 }
, { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
]
, "records": [
{ "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
, { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
, { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
, { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
, { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "TXT", "data": [ "foo bar baz" ] }
, { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
, "type": "TXT", "data": [ "foo", "bar", "baz" ] }
, { "zone": "example.com", "name": "a.example.com", "tld": "com", "sld": "example", "sub": "a"
, "type": "A", "address": "4.3.2.1" }
, { "zone": "example.com", "name": "aaaa.example.com", "tld": "com", "sld": "example", "sub": "aaaa"
, "type": "AAAA", "address": "::1" }
, { "zone": "example.com", "name": "aname.example.com", "tld": "com", "sld": "example", "sub": "aname"
, "type": "A", "aname": "amazon.com" }
, { "zone": "example.com", "name": "devname.example.com", "tld": "com", "sld": "example", "sub": "devname"
, "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
, { "zone": "example.com", "name": "cname.example.com", "tld": "com", "sld": "example", "sub": "cname"
, "type": "CNAME", "data": "example.com" }
, { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
, "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
, { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
, "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
, { "zone": "example.com", "name": "srv.example.com", "tld": "com", "sld": "example", "sub": "srv"
, "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
, { "zone": "example.com", "name": "txt.example.com", "tld": "com", "sld": "example", "sub": "txt"
, "type": "TXT", "data": [ "foo bar baz" ] }
, { "zone": "example.com", "name": "mtxt.example.com", "tld": "com", "sld": "example", "sub": "mtxt"
, "type": "TXT", "data": [ "foo", "bar", "baz" ] }
, { "zone": "example.com", "type": "NS", "name": "ns.example.com"
, "tld": "com", "sld": "example", "sub": "ns", "data": "ns1.vanity-dns.org" }
, { "zone": "example.com", "type": "NS", "name": "ns.example.com"
, "tld": "com", "sld": "example", "sub": "ns", "data": "ns2.vanity-dns.org" }
, { "zone": "example.com", "name": "www.example.com", "tld": "com", "sld": "example", "sub": "www"
, "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
, { "zone": "example.com", "name": "email.example.com", "tld": "com", "sld": "example", "sub": "email"
, "type": "CNAME", "data": "mailgun.org" }
, { "zone": "example.com", "name": "*.wild.example.com", "tld": "com", "sld": "example", "sub": "*.wild"
, "type": "A", "address": "12.34.56.78" }
, { "zone": "example.com", "name": "exists.wild.example.com", "tld": "com", "sld": "example", "sub": "exists.wild"
, "type": "A", "address": "123.0.0.45" }
, { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
, "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns1.vanity-dns.org" }
, { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
, "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns2.vanity-dns.org" }
, { "zone": "example.com", "type": "NS", "name": "in-delegated.example.com"
, "tld": "com", "sld": "example", "sub": "in-delegated", "data": "localhost" }
, { "zone": "example.com", "name": "fido.devices.example.com", "tld": "com", "sld": "example", "sub": "fido.devices"
, "device": "abcdef123"
, "type": "ANAME", "address": "1.2.3.4" }
, { "zone": "example.com", "type": "NS", "name": "smith.example.com"
, "tld": "com", "sld": "example", "sub": "smith", "data": "ns1.vanity-dns.org" }
, { "zone": "example.com", "name": "smith.example.com", "tld": "com", "sld": "example", "sub": "smith"
, "type": "NS", "data": "ns2.vanity-dns.org" }
, { "zone": "smith.example.com", "name": "smith.example.com", "tld": "example.com", "sld": "smith", "sub": ""
, "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
, { "zone": "smith.example.com", "name": "www.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "www"
, "type": "CNAME", "data": "smith.example.com" }
, { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
, "type": "NS", "data": "ns1.vanity-dns.org" }
, { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
, "type": "NS", "data": "ns2.vanity-dns.org" }
, { "zone": "smith.example.com", "name": "*.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "*"
, "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
, { "zone": "smith.example.com", "name": "exception.john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "exception.john"
, "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
, { "zone": "john.smith.example.com", "name": "john.smith.example.com", "tld": "smith.example.com", "sld": "john", "sub": ""
, "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
]
}