DESTDIR=${pkgdir} ninja -C build_arch install
# add kresd.target to multi-user.target.wants to support enabling kresd services
- install -dm 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
+ install -d -m 0755 "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants"
ln -s ../kresd.target "${pkgdir}/usr/lib/systemd/system/multi-user.target.wants/kresd.target"
+ # mask kresd-doh.socket, kresd-webmgmt.socket by default (unmask if using http module)
+ install -d -m 0755 "${pkgdir}/etc/systemd/system"
+ ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-doh.socket"
+ ln -s /dev/null "${pkgdir}/etc/systemd/system/kresd-webmgmt.socket"
+
# remove modules with missing dependencies
rm "${pkgdir}/usr/lib/knot-resolver/kres_modules/etcd.lua"
}
Package: knot-resolver-module-http
Architecture: all
Depends:
+ knot-resolver,
libjs-bootstrap,
libjs-d3,
libjs-jquery,
lua-http,
lua-mmdb,
+ systemd,
${misc:Depends},
${shlibs:Depends},
Breaks:
+usr/lib/systemd/system/kresd@.service.d/module-http.conf lib/systemd/system/kresd@.service.d/
+usr/lib/systemd/system/kresd-doh.socket lib/systemd/system/
+usr/lib/systemd/system/kresd-webmgmt.socket lib/systemd/system/
usr/lib/knot-resolver/kres_modules/http*.lua
usr/lib/knot-resolver/kres_modules/prometheus.lua
usr/lib/knot-resolver/kres_modules/http/*.css
+dev/null etc/systemd/system/kresd-doh.socket
usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap-theme.min.css
usr/share/javascript/bootstrap/css/bootstrap.min.css usr/lib/knot-resolver/kres_modules/http/bootstrap.min.css
usr/share/javascript/bootstrap/js/bootstrap.min.js usr/lib/knot-resolver/kres_modules/http/bootstrap.min.js
+/lib/systemd/system/kresd@.service.d
/var/lib/knot-resolver
etc/knot-resolver/kresd.conf
-usr/lib/systemd/system/* lib/systemd/system/
+usr/lib/systemd/system/kresd@.service lib/systemd/system/
+usr/lib/systemd/system/kresd.target lib/systemd/system/
+usr/lib/systemd/system/kresd.socket lib/systemd/system/
+usr/lib/systemd/system/kresd-tls.socket lib/systemd/system/
+usr/lib/systemd/system/kresd-control@.socket lib/systemd/system/
usr/lib/*.so.*
usr/lib/tmpfiles.d/knot-resolver.conf
usr/lib/knot-resolver/*.so
%if "x%{?suse_version}" == "x"
%package module-http
Summary: HTTP/2 module for Knot Resolver
+Requires: knot-resolver
%if 0%{?fedora}
Requires: compat-lua-http
Requires: compat-lua-mmdb
# remove modules with missing dependencies
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/etcd.lua
+
%if 0%{?suse_version}
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/experimental_dot_auth.lua
rm -r %{buildroot}%{_libdir}/knot-resolver/kres_modules/http
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/http*.lua
rm %{buildroot}%{_libdir}/knot-resolver/kres_modules/prometheus.lua
+rm %{buildroot}%{_unitdir}/kresd@.service.d/module-http.conf
+rm %{buildroot}%{_unitdir}/kresd-doh.socket
+rm %{buildroot}%{_unitdir}/kresd-webmgmt.socket
+%endif
+
+%if 0%{?fedora}
+# mask kresd-doh.socket by default
+install -d -m 0755 %{buildroot}%{_sysconfdir}/systemd/system
+ln -s /dev/null %{buildroot}%{_sysconfdir}/systemd/system/kresd-doh.socket
%endif
# rename doc directory for centos, opensuse
%attr(664,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.keys
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.hints
%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/icann-ca.pem
-%{_unitdir}/kresd*.service
+%{_unitdir}/kresd@.service
%{_unitdir}/kresd.target
%dir %{_unitdir}/multi-user.target.wants
%{_unitdir}/multi-user.target.wants/kresd.target
%if "x%{?rhel}" == "x"
-%{_unitdir}/kresd*.socket
+%dir %{_unitdir}/kresd@.service.d
+%{_unitdir}/kresd.socket
+%{_unitdir}/kresd-tls.socket
+%{_unitdir}/kresd-control@.socket
%ghost /run/%{name}/
%{_mandir}/man7/kresd.systemd.7.gz
%else
%if "x%{?suse_version}" == "x"
%files module-http
+%if 0%{?fedora}
+%{_unitdir}/kresd@.service.d/module-http.conf
+%{_unitdir}/kresd-doh.socket
+%{_sysconfdir}/systemd/system/kresd-doh.socket
+%{_unitdir}/kresd-webmgmt.socket
+%endif
%{_libdir}/knot-resolver/kres_modules/http
%{_libdir}/knot-resolver/kres_modules/http*.lua
%{_libdir}/knot-resolver/kres_modules/prometheus.lua
--- /dev/null
+[Unit]
+Description=Knot Resolver DNS-over-HTTPS socket
+Documentation=man:kresd.systemd(7)
+Documentation=man:kresd(8)
+Before=sockets.target
+
+[Socket]
+FreeBind=true
+BindIPv6Only=both
+FileDescriptorName=doh
+ListenStream=[::1]:443
+ListenStream=127.0.0.1:443
+Service=kresd@1.service
+Slice=system-kresd.slice
+
+[Install]
+WantedBy=sockets.target
--- /dev/null
+# /etc/systemd/system/kresd-doh.socket.d/override.conf
+
+# Configure kresd-doh.socket to listen on all IPv4 and IPv6 interfaces.
+
+# Empty ListenStream= directive is required to avoid port clash with default
+# localhost. If you've disabled IPv6 support in kernel, use 0.0.0.0 instead of
+# [::]
+
+[Socket]
+ListenStream=
+ListenStream=[::]:44353
--- /dev/null
+# /etc/systemd/system/kresd-doh.socket.d/override.conf
+
+# Configure which interfaces should kresd-doh.socket listen on.
+
+# ListenStream can be added multiple times.
+
+[Socket]
+ListenStream=192.0.2.115:44353
+ListenStream=[2001:db8::115]:44353
[Unit]
-Description=Knot Resolver TLS network listener
+Description=Knot Resolver DNS-over-TLS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
--- /dev/null
+[Unit]
+Description=Knot Resolver web management and API socket
+Documentation=man:kresd.systemd(7)
+Documentation=man:kresd(8)
+Before=sockets.target
+
+[Socket]
+FreeBind=true
+BindIPv6Only=both
+FileDescriptorName=webmgmt
+ListenStream=[::1]:8453
+ListenStream=127.0.0.1:8453
+Service=kresd@1.service
+Slice=system-kresd.slice
+
+[Install]
+WantedBy=sockets.target
[Unit]
-Description=Knot Resolver network listeners
+Description=Knot Resolver DNS socket
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Before=sockets.target
[Socket]
FreeBind=true
BindIPv6Only=both
+FileDescriptorName=dns
ListenDatagram=[::1]:53
ListenStream=[::1]:53
ListenDatagram=127.0.0.1:53
kresd.socket
kresd-tls.socket
kresd-control@.socket
+kresd-doh.socket
+kresd-webmgmt.socket
kresd.target
system-kresd.slice
.fi
and then passed to the daemon.
Network configuration has to take place in \fIsystemd.socket(5)\fR, which can
-be done using drop-in files. Each instance of \fIkresd@.service\fR has three
-systemd sockets associated with it:
+be done using drop-in files. Each instance of \fIkresd@.service\fR may have
+these systemd sockets associated with it:
.nf
.RS
\fIkresd.socket\fR - UDP/TCP network socket (default: localhost:53)
\fIkresd-tls.socket\fR - network socket for DNS-over-TLS (default: localhost:853)
\fIkresd-control@.socket\fR - UNIX socket with control terminal
+\fIkresd-doh.socket\fR - DNS-over-HTTPS (with http module: localhost:44353)
+\fIkresd-webmgmt.socket\fR - web management and APIs (with http module: localhost:8453)
.RE
.fi
.RS 4n
.B systemctl edit kresd.socket
.B systemctl edit kresd-tls.socket
+.B systemctl edit kresd-doh.socket
.RE
.fi
.RE
.fi
-To disable the TLS socket, you can mask it:
+To disable optional sockets, you can mask them. For example, to disable
+DNS-over-TLS socket:
.RS 4n
.B systemctl mask kresd-tls.socket
--- /dev/null
+[Service]
+Sockets=kresd-doh.socket
+Sockets=kresd-webmgmt.socket
sources: [
'kresd.socket',
'kresd-tls.socket',
+ 'kresd-doh.socket',
+ 'kresd-webmgmt.socket',
'kresd.target',
],
install_dir: systemd_unit_dir,
)
+ install_data(
+ sources: [
+ 'kresd@.service.d/module-http.conf',
+ ],
+ install_dir: join_paths(systemd_unit_dir, 'kresd@.service.d'),
+ )
## man page
kresd_systemd_man = configure_file(
],
install_dir: join_paths(examples_dir, 'kresd-tls.socket.d'),
)
+ install_data(
+ sources: [
+ 'kresd-doh.socket.d/all-interfaces.conf',
+ 'kresd-doh.socket.d/specific-interfaces.conf',
+ ],
+ install_dir: join_paths(examples_dir, 'kresd-doh.socket.d'),
+ )
elif systemd_files == 'nosocket'
subdir('nosocket')
endif
projects / thirdparty / knot-resolver.git / commitdiff
