diff --git a/.gitingore b/.gitingore new file mode 100644 index 0000000..0a764a4 --- /dev/null +++ b/.gitingore @@ -0,0 +1 @@ +env diff --git a/data/.keepme b/data/.keepme new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4a5f155 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,37 @@ +--- +version: '2' +services: + + mysql: + image: mysql:latest + env_file: + - env + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + volumes: + - ./data/mysql:/var/lib/mysql + + powerdns: + build: powerdns/. + depends_on: + - mysql + ports: + - '53:53' + env_file: + - env + environment: + - MYSQL_HOST=mysql + + webdns: + build: webdns/. + depends_on: + - mysql + ports: + - '3000:3000' + env_file: + - env + environment: + - MYSQL_HOST=mysql + - RAILS_ENV=development + volumes: + - ./data/webdns:/srv/webdns diff --git a/env.dist b/env.dist new file mode 100644 index 0000000..19e6c64 --- /dev/null +++ b/env.dist @@ -0,0 +1,5 @@ +MYSQL_HOST=mysql +MYSQL_DATABASE=dns +MYSQL_USERNAME=dns +MYSQL_PASSWORD= +SECRET_KEY_BASE= diff --git a/powerdns/Dockerfile b/powerdns/Dockerfile new file mode 100644 index 0000000..399ad21 --- /dev/null +++ b/powerdns/Dockerfile @@ -0,0 +1,9 @@ +FROM debian:jessie +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q 2 && apt-get install -y --no-install-recommends pdns-server \ + pdns-backend-mysql \ + mysql-client +EXPOSE 53 +COPY entrypoint.sh / +RUN chmod u+x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/powerdns/entrypoint.sh b/powerdns/entrypoint.sh new file mode 100644 index 0000000..cca8888 --- /dev/null +++ b/powerdns/entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/bash +if [ -z "${MYSQL_HOST}" ]; then + echo "You need to specify a MySQL host." + exit +fi +MYSQL_DATABASE=${MYSQL_DATABASE-dns} +MYSQL_USERNAME=${MYSQL_USERNAME-dns} +MYSQL_PORT=${MYSQL_PORT-3306} +MYSQL_PASSWORD=${MYSQL_PASSWORD-12345} + +echo "Settings up pdns config." +cat < /etc/powerdns/pdns.d/pdns.local.gmysql.conf +# MySQL Configuration +launch+=gmysql + +# gmysql parameters +gmysql-host=${MYSQL_HOST} +gmysql-port=3306 +gmysql-dbname=${MYSQL_DATABASE} +gmysql-user=${MYSQL_USERNAME} +gmysql-password=${MYSQL_PASSWORD} +gmysql-dnssec=no +EOF + +echo "Waiting for the db to come up and webdns to run initial migration." +sleep 10 +echo "Starting powerdns" +/usr/sbin/pdns_server --daemon=no diff --git a/powerdns/init.sql b/powerdns/init.sql new file mode 100644 index 0000000..002fe92 --- /dev/null +++ b/powerdns/init.sql @@ -0,0 +1,90 @@ +CREATE TABLE domains ( + id INT AUTO_INCREMENT, + name VARCHAR(255) NOT NULL, + master VARCHAR(128) DEFAULT NULL, + last_check INT DEFAULT NULL, + type VARCHAR(6) NOT NULL, + notified_serial INT DEFAULT NULL, + account VARCHAR(40) DEFAULT NULL, + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE UNIQUE INDEX name_index ON domains(name); + + +CREATE TABLE records ( + id INT AUTO_INCREMENT, + domain_id INT DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(64000) DEFAULT NULL, + ttl INT DEFAULT NULL, + prio INT DEFAULT NULL, + change_date INT DEFAULT NULL, + disabled TINYINT(1) DEFAULT 0, + ordername VARCHAR(255) BINARY DEFAULT NULL, + auth TINYINT(1) DEFAULT 1, + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE INDEX nametype_index ON records(name,type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX recordorder ON records (domain_id, ordername); + + +CREATE TABLE supermasters ( + ip VARCHAR(64) NOT NULL, + nameserver VARCHAR(255) NOT NULL, + account VARCHAR(40) NOT NULL, + PRIMARY KEY (ip, nameserver) +) Engine=InnoDB; + + +CREATE TABLE comments ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) NOT NULL, + comment VARCHAR(64000) NOT NULL, + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE INDEX comments_domain_id_idx ON comments (domain_id); +CREATE INDEX comments_name_type_idx ON comments (name, type); +CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); + + +CREATE TABLE domainmetadata ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + kind VARCHAR(32), + content TEXT, + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); + + +CREATE TABLE cryptokeys ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + flags INT NOT NULL, + active BOOL, + content TEXT, + PRIMARY KEY(id) +) Engine=InnoDB; + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + + +CREATE TABLE tsigkeys ( + id INT AUTO_INCREMENT, + name VARCHAR(255), + algorithm VARCHAR(50), + secret VARCHAR(255), + PRIMARY KEY (id) +) Engine=InnoDB; + +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); diff --git a/webdns/Dockerfile b/webdns/Dockerfile new file mode 100644 index 0000000..afaf409 --- /dev/null +++ b/webdns/Dockerfile @@ -0,0 +1,21 @@ +FROM debian:jessie + +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -q 2 && apt-get install -y --no-install-recommends git \ + bundler \ + ruby-dev \ + libgmp-dev \ + build-essential \ + nodejs \ + mysql-client +RUN git clone https://repo.grnet.gr/source/webdns.git /srv/webdns +RUN apt-get install -y --no-install-recommends capistrano unicorn rails ruby-mysql2 ruby-jquery-rails +WORKDIR /srv/webdns +RUN bundle install + +EXPOSE 8080 +COPY seeds_policies.rb / +COPY seeds_users.rb / +COPY entrypoint.sh / +RUN chmod u+x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] diff --git a/webdns/entrypoint.sh b/webdns/entrypoint.sh new file mode 100644 index 0000000..c4190cf --- /dev/null +++ b/webdns/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ -z "${MYSQL_HOST}" ]; then + echo "You need to specify a mysql host." + exit +fi + +MYSQL_DATABASE=${MYSQL_DATABASE-dns} +MYSQL_USERNAME=${MYSQL_USERNAME-dns} +MYSQL_PORT=${MYSQL_PORT-3306} +MYSQL_PASSWORD=${MYSQL_PASSWORD-12345} + +sleep 20 + +cat << EOF > /srv/webdns/config/database.yml +development: + database: ${MYSQL_DATABASE} + adapter: mysql2 + encoding: utf8 + username: ${MYSQL_USERNAME} + password: ${MYSQL_PASSWORD} + host: ${MYSQL_HOST} +EOF + +/usr/bin/rake db:migrate +/usr/bin/rails runner /seeds_users.rb +#/usr/bin/rails runner seeds_policies.rb +cd /srv/webdns +rails server diff --git a/webdns/seeds_policies.rb b/webdns/seeds_policies.rb new file mode 100644 index 0000000..31aed85 --- /dev/null +++ b/webdns/seeds_policies.rb @@ -0,0 +1,133 @@ +policies = {} +policies[:default] = <<-POLICY + + + + A default policy that will amaze you and your friends + + PT7200S + PT259200S + + PT1209600S + PT1209600S + + PT43200S + PT3600S + + + + PT8640000S + + 1 + 5 + + + + + + PT3600S + PT3600S + PT3600S + PT1209600S + + 8 + PT31536000S + SoftHSM + 0 + + + 8 + PT7776000S + SoftHSM + 0 + + + + PT43200S + + PT3600S + PT3600S + unixtime + + + + PT9999S + + PT3600S + + + PT172800S + PT10800S + + + + +POLICY +policies[:lab] = <<-POLICY + + + + Quick turnaround policy for lab work + + PT600S + PT1800S + + PT3600S + PT3600S + + PT60S + PT3600S + + + + PT8640000S + + 1 + 5 + + + + + + PT300S + PT360S + PT360S + PT432000S + + 8 + PT31536000S + SoftHSM + 0 + + + 8 + PT14400S + SoftHSM + 0 + + + + PT30S + + PT300S + PT300S + counter + + + + PT9999S + + PT3600S + + + PT172800S + PT10800S + + + + +POLICY + +policies.each_pair { |name, policy| + DnssecPolicy.create(name: name, policy: policy) +} diff --git a/webdns/seeds_users.rb b/webdns/seeds_users.rb new file mode 100644 index 0000000..fe4e228 --- /dev/null +++ b/webdns/seeds_users.rb @@ -0,0 +1,4 @@ +users = [] +users << User.create!(email: 'admin@example.com', password: 'adminadmin') +g_admin = Group.create!(name: 'admin') +g_admin.users << users.first