From: Aleš <ales.mrazek@nic.cz>
Date: Fri, 26 Nov 2021 14:04:23 +0000 (+0100)
Subject: datamodel: templates: split lua configuration into parts
X-Git-Tag: v6.0.0a1~69^2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d2131288caef0a259260c62637f9122f36b296a;p=thirdparty%2Fknot-resolver.git

datamodel: templates: split lua configuration into parts
---

diff --git a/manager/knot_resolver_manager/datamodel/templates/cache.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/cache.lua.j2
new file mode 100644
index 000000000..2391b1e71
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/cache.lua.j2
@@ -0,0 +1,18 @@
+cache.open({{ cfg.cache.size_max.bytes() }}, 'lmdb://{{ cfg.cache.storage }}')
+cache.min_ttl({{ cfg.cache.ttl_min.seconds() }})
+cache.max_ttl({{ cfg.cache.ttl_max.seconds() }})
+cache.ns_tout({{ cfg.cache.ns_timeout.millis() }})
+
+{% if cfg.cache.prefill %}
+-- cache.prefill
+modules.load('prefill')
+prefill.config({
+{% for item in cfg.cache.prefill %}
+    ['{{ item.domain }}'] = {
+        url = '{{ item.url }}',
+        interval = {{ item.refresh_interval.seconds() }}
+        {{ "ca_file = '"+item.ca_file+"'," if item.ca_file }}
+    }
+{% endfor %}
+})
+{% endif %}
\ No newline at end of file
diff --git a/manager/knot_resolver_manager/datamodel/templates/config.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/config.lua.j2
index 9245ed362..bfb311182 100644
--- a/manager/knot_resolver_manager/datamodel/templates/config.lua.j2
+++ b/manager/knot_resolver_manager/datamodel/templates/config.lua.j2
@@ -18,211 +18,28 @@ modules = {
 }
 
 -- SERVER section
--- server.hostname
-hostname('{{ cfg.server.hostname }}')
-
-{% if cfg.server.nsid %}
--- server.nsid
-modules.load('nsid')
-nsid.name('{{ cfg.server.nsid }} ' .. worker.id)
-{% endif %}
-
-{% if cfg.server.webmgmt %}
--- server.webmgmt
-modules.load('http')
-http.config({
-    tls = {{ 'true' if cfg.server.webmgmt.tls else 'false'}},
-    {{ "cert = '"+cfg.server.webmgmt.cert_file+"'," if cfg.server.webmgmt.cert_file }}
-    {{ "key = '"+cfg.server.webmgmt.key_file+"'," if cfg.server.webmgmt.key_file }}
-}, 'webmgmt')
-net.listen(
-{% if cfg.server.webmgmt.listen.ip %}
-    '{{ cfg.server.webmgmt.listen.ip }}',
-{% elif cfg.server.webmgmt.listen.unix_socket %}
-    '{{ cfg.server.webmgmt.listen.unix_socket }}',
-{% elif cfg.server.webmgmt.listen.interface %}
-    net.{{ cfg.server.webmgmt.listen.interface }},
-{% endif %}
-    {{ cfg.server.webmgmt.listen.port|string if cfg.server.webmgmt.listen.port else 'nil' }},
-    { kind = 'webmgmt' })
-{% endif %}
+{% include "server.lua.j2" %}
 
 -- NETWORK section
--- network.do-ipv4/6
-net.ipv4 = {{ 'true' if cfg.network.do_ipv4 else 'false' }}
-net.ipv6 = {{ 'true' if cfg.network.do_ipv6 else 'false' }}
-
--- network.out-interface-v4/v6
-{% if cfg.network.out_interface_v4 %}
-net.outgoing_v4('{{ cfg.network.out_interface_v4 }}')
-{% endif %}
-{% if cfg.network.out_interface_v6 %}
-net.outgoing_v6('{{ cfg.network.out_interface_v6 }}')
-{% endif %}
-
--- network.tcp-pipeline
-net.tcp_pipeline({{ cfg.network.tcp_pipeline }})
-
--- network.edns-keep-alive
-{% if cfg.network.edns_keep_alive %}
-modules.load('edns_keepalive')
-{% else %}
-modules.unload('edns_keepalive')
-{% endif %}
-
--- network.edns-buffer-size
-net.bufsize({{ cfg.network.edns_buffer_size.upstream.bytes() }}, {{ cfg.network.edns_buffer_size.downstream.bytes() }})
-
-{% if cfg.network.tls.cert_file and cfg.network.tls.key_file %}
--- network.tls
-net.tls('{{ cfg.network.tls.cert_file  }}', '{{ cfg.network.tls.key_file }}')
-{% endif %}
-
-{% if cfg.network.tls.sticket_secret %}
--- network.tls.sticket-secret
-net.tls_sticket_secret('{{ cfg.network.tls.sticket_secret }}')
-{% endif %}
-
-{% if cfg.network.tls.sticket_secret_file %}
--- network.tls.sticket-secret-file
-net.tls_sticket_secret_file('{{ cfg.network.tls.sticket_secret_file }}')
-{% endif %}
-
-{% if cfg.network.tls.auto_discovery %}
--- network.tls.auto-discovery
-modules.load('experimental_dot_auth')
-{% else %}
--- modules.unload('experimental_dot_auth')
-{% endif %}
-
--- network.tls.padding
-net.tls_padding({{ cfg.network.tls.padding }})
-
--- network.interfaces
-{% for item in cfg.network.interfaces %}
-net.listen('{{ item.listen.ip }}', {{ item.listen.port }}, {
-    kind = '{{ item.kind if item.kind != 'dot' else 'tls' }}',
-    freebind = {{ 'true' if item.freebind else 'false'}}
-})
-{% endfor %}
+{% include "network.lua.j2" %}
 
 -- OPTIONS section
-mode('{{ cfg.options.glue_checking }}')
-option('NO_MINIMIZE', {{ 'false' if cfg.options.qname_minimisation else 'true' }})
-option('ALLOW_LOCAL', {{ 'true' if cfg.options.query_loopback else 'false' }})
-option('REORDER_RR', {{ 'true' if cfg.options.reorder_rrset else 'false' }})
-option('NO_0X20', {{ 'false' if cfg.options.query_case_randomization else 'true' }})
-{{ "modules.unload('priming')" if not cfg.options.query_priming }}
-{{ "modules.unload('detect_time_jump')" if not cfg.options.time_jump_detection }}
-{{ "modules.unload('refuse_nord')" if not cfg.options.refuse_no_rd }}
+{% include "options.lua.j2" %}
 
 -- STATIC-HINTS section
-{{ "hints.ttl("+cfg.static_hints.ttl.seconds()|string+")" if cfg.static_hints.ttl }}
-hints.use_nodata({{ 'true' if cfg.static_hints.no_data else 'false' }})
-{{ "hints.add_hosts()" if cfg.static_hints.etc_hosts }}
-{{ "hints.root_file('"+cfg.static_hints.root_hints_file+"')" if cfg.static_hints.root_hints_file }}
-
--- static-hints.hints-files
-{% if cfg.static_hints.hints_files %}
-{% for item in cfg.static_hints.hints_files %}
-hints.add_hosts('{{ item }}')
-{% endfor %}
-{% endif %}
-
--- static-hints.root-hints
-{% if cfg.static_hints.root_hints %}
-hints.root({
-{% for name, addrs in cfg.static_hints.root_hints.items() %}
-['{{ name }}'] = {
-{% for addr in addrs %}
-        '{{ addr }}',
-{% endfor %}
-    },
-{% endfor %}
-})
-{% endif %}
-
--- static-hints.hints
-{% if cfg.static_hints.hints %}
-{% for name, addrs in cfg.static_hints.hints.items() %}
-{% for addr in addrs %}
-hints.set('{{ name }} {{ addr }}')
-{% endfor %}
-{% endfor %}
-{% endif %}
-
--- POLICY section
-{{ path }}
+{% include "static_hints.lua.j2" %}
 
 -- CACHE section
-cache.open({{ cfg.cache.size_max.bytes() }}, 'lmdb://{{ cfg.cache.storage }}')
-cache.min_ttl({{ cfg.cache.ttl_min.seconds() }})
-cache.max_ttl({{ cfg.cache.ttl_max.seconds() }})
-cache.ns_tout({{ cfg.cache.ns_timeout.millis() }})
-
--- cache.prefill
-{% if cfg.cache.prefill %}
-modules.load('prefill')
-prefill.config({
-{% for item in cfg.cache.prefill %}
-    ['{{ item.domain }}'] = {
-        url = '{{ item.url }}',
-        interval = {{ item.refresh_interval.seconds() }}
-        {{ "ca_file = '"+item.ca_file+"'," if item.ca_file }}
-    }
-{% endfor %}
-})
-{% endif %}
+{% include "cache.lua.j2" %}
 
 -- DNSSEC section
-{% if not cfg.dnssec %}
-trust_anchors.remove('.')
-{% endif %}
-
-{{ "modules.unload('ta_sentinel')" if not cfg.dnssec.trust_anchor_sentinel }}
-{{ "modules.unload('ta_signal_query')" if not cfg.dnssec.trust_anchor_signal_query }}
-{{ "modules.unload('detect_time_skew')" if not cfg.dnssec.time_skew_detection }}
-
-trust_anchors.keep_removed = {{ cfg.dnssec.keep_removed }}
-{{ "trust_anchors.refresh_time = "+cfg.dnssec.refresh_time.seconds()|string if cfg.dnssec.refresh_time }}
-
--- dnssec.trust-anchors
-{% if cfg.dnssec.trust_anchors %}
-{% for ta in cfg.dnssec.trust_anchors %}
-trust_anchors.add('{{ ta }}')
-{% endfor %}
-{% endif %}
-
--- dnssec.negative-trust-anchors
-{% if cfg.dnssec.negative_trust_anchors %}
-trust_anchors.set_insecure({
-{% for nta in cfg.dnssec.negative_trust_anchors %}
-    '{{ nta }}',
-{% endfor %}
-})
-{% endif %}
-
--- dnssec.trust-anchors-files
-{% if cfg.dnssec.trust_anchors_files %}
-{% for taf in cfg.dnssec.trust_anchors_files %}
-trust_anchors.add_file('{{ taf.file }}',  readonly = {{ 'true' if taf.read_only else 'false' }})
-{% endfor %}
-{% endif %}
+{% include "dnssec.lua.j2" %}
 
 -- LOGGING section
-log_level('{{ cfg.logging.level }}')
-{{ "log_target('"+cfg.logging.target+"')" if cfg.logging.target }}
-{% if cfg.logging.groups %}
-log_groups({
-{% for g in cfg.logging.groups %}
-{% if g != "manager" %}
-    '{{ g }}',
-{% endif %}
-{% endfor %}
-})
-{% endif %}
+{% include "logging.lua.j2" %}
 
 {% endif %}
+
 -- LUA section
 {% if cfg.lua.script_file %}
 {% import cfg.lua.script_file as script_file %}
diff --git a/manager/knot_resolver_manager/datamodel/templates/dnssec.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/dnssec.lua.j2
new file mode 100644
index 000000000..8d7008d64
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/dnssec.lua.j2
@@ -0,0 +1,34 @@
+{% if not cfg.dnssec %}
+-- disable dnssec
+trust_anchors.remove('.')
+{% endif %}
+
+{{ "modules.unload('ta_sentinel')" if not cfg.dnssec.trust_anchor_sentinel }}
+{{ "modules.unload('ta_signal_query')" if not cfg.dnssec.trust_anchor_signal_query }}
+{{ "modules.unload('detect_time_skew')" if not cfg.dnssec.time_skew_detection }}
+
+trust_anchors.keep_removed = {{ cfg.dnssec.keep_removed }}
+{{ "trust_anchors.refresh_time = "+cfg.dnssec.refresh_time.seconds()|string if cfg.dnssec.refresh_time }}
+
+{% if cfg.dnssec.trust_anchors %}
+-- dnssec.trust-anchors
+{% for ta in cfg.dnssec.trust_anchors %}
+trust_anchors.add('{{ ta }}')
+{% endfor %}
+{% endif %}
+
+{% if cfg.dnssec.negative_trust_anchors %}
+-- dnssec.negative-trust-anchors
+trust_anchors.set_insecure({
+{% for nta in cfg.dnssec.negative_trust_anchors %}
+    '{{ nta }}',
+{% endfor %}
+})
+{% endif %}
+
+{% if cfg.dnssec.trust_anchors_files %}
+-- dnssec.trust-anchors-files
+{% for taf in cfg.dnssec.trust_anchors_files %}
+trust_anchors.add_file('{{ taf.file }}',  readonly = {{ 'true' if taf.read_only else 'false' }})
+{% endfor %}
+{% endif %}
\ No newline at end of file
diff --git a/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2
new file mode 100644
index 000000000..388522a32
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/logging.lua.j2
@@ -0,0 +1,18 @@
+-- logging.level
+log_level('{{ cfg.logging.level }}')
+
+{% if cfg.logging.target %}
+-- logging.target
+log_target('{{ cfg.logging.target }}')
+{% endif %}
+
+{% if cfg.logging.groups %}
+-- logging.groups
+log_groups({
+{% for g in cfg.logging.groups %}
+{% if g != "manager" %}
+    '{{ g }}',
+{% endif %}
+{% endfor %}
+})
+{% endif %}
\ No newline at end of file
diff --git a/manager/knot_resolver_manager/datamodel/templates/network.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
new file mode 100644
index 000000000..6cd91d57c
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/network.lua.j2
@@ -0,0 +1,58 @@
+-- network.do-ipv4/6
+net.ipv4 = {{ 'true' if cfg.network.do_ipv4 else 'false' }}
+net.ipv6 = {{ 'true' if cfg.network.do_ipv6 else 'false' }}
+
+{% if cfg.network.out_interface_v4 %}
+-- network.out-interface-v4
+net.outgoing_v4('{{ cfg.network.out_interface_v4 }}')
+{% endif %}
+{% if cfg.network.out_interface_v6 %}
+-- network.out-interface-v6
+net.outgoing_v6('{{ cfg.network.out_interface_v6 }}')
+{% endif %}
+
+-- network.tcp-pipeline
+net.tcp_pipeline({{ cfg.network.tcp_pipeline }})
+
+-- network.edns-keep-alive
+{% if cfg.network.edns_keep_alive %}
+modules.load('edns_keepalive')
+{% else %}
+modules.unload('edns_keepalive')
+{% endif %}
+
+-- network.edns-buffer-size
+net.bufsize({{ cfg.network.edns_buffer_size.upstream.bytes() }}, {{ cfg.network.edns_buffer_size.downstream.bytes() }})
+
+{% if cfg.network.tls.cert_file and cfg.network.tls.key_file %}
+-- network.tls
+net.tls('{{ cfg.network.tls.cert_file  }}', '{{ cfg.network.tls.key_file }}')
+{% endif %}
+
+{% if cfg.network.tls.sticket_secret %}
+-- network.tls.sticket-secret
+net.tls_sticket_secret('{{ cfg.network.tls.sticket_secret }}')
+{% endif %}
+
+{% if cfg.network.tls.sticket_secret_file %}
+-- network.tls.sticket-secret-file
+net.tls_sticket_secret_file('{{ cfg.network.tls.sticket_secret_file }}')
+{% endif %}
+
+{% if cfg.network.tls.auto_discovery %}
+-- network.tls.auto-discovery
+modules.load('experimental_dot_auth')
+{% else %}
+-- modules.unload('experimental_dot_auth')
+{% endif %}
+
+-- network.tls.padding
+net.tls_padding({{ cfg.network.tls.padding }})
+
+-- network.interfaces
+{% for item in cfg.network.interfaces %}
+net.listen('{{ item.listen.ip }}', {{ item.listen.port }}, {
+    kind = '{{ item.kind if item.kind != 'dot' else 'tls' }}',
+    freebind = {{ 'true' if item.freebind else 'false'}}
+})
+{% endfor %}
\ No newline at end of file
diff --git a/manager/knot_resolver_manager/datamodel/templates/options.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/options.lua.j2
new file mode 100644
index 000000000..3bac9d2bb
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/options.lua.j2
@@ -0,0 +1,11 @@
+-- options.glue-checking
+mode('{{ cfg.options.glue_checking }}')
+
+-- options
+option('NO_MINIMIZE', {{ 'false' if cfg.options.qname_minimisation else 'true' }})
+option('ALLOW_LOCAL', {{ 'true' if cfg.options.query_loopback else 'false' }})
+option('REORDER_RR', {{ 'true' if cfg.options.reorder_rrset else 'false' }})
+option('NO_0X20', {{ 'false' if cfg.options.query_case_randomization else 'true' }})
+{{ "modules.unload('priming')" if not cfg.options.query_priming }}
+{{ "modules.unload('detect_time_jump')" if not cfg.options.time_jump_detection }}
+{{ "modules.unload('refuse_nord')" if not cfg.options.refuse_no_rd }}
diff --git a/manager/knot_resolver_manager/datamodel/templates/server.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/server.lua.j2
new file mode 100644
index 000000000..c01f05b07
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/server.lua.j2
@@ -0,0 +1,28 @@
+-- server.hostname
+hostname('{{ cfg.server.hostname }}')
+
+{% if cfg.server.nsid %}
+-- server.nsid
+modules.load('nsid')
+nsid.name('{{ cfg.server.nsid }} ' .. worker.id)
+{% endif %}
+
+{% if cfg.server.webmgmt %}
+-- server.webmgmt
+modules.load('http')
+http.config({
+    tls = {{ 'true' if cfg.server.webmgmt.tls else 'false'}},
+    {{ "cert = '"+cfg.server.webmgmt.cert_file+"'," if cfg.server.webmgmt.cert_file }}
+    {{ "key = '"+cfg.server.webmgmt.key_file+"'," if cfg.server.webmgmt.key_file }}
+}, 'webmgmt')
+net.listen(
+{% if cfg.server.webmgmt.listen.ip %}
+    '{{ cfg.server.webmgmt.listen.ip }}',
+{% elif cfg.server.webmgmt.listen.unix_socket %}
+    '{{ cfg.server.webmgmt.listen.unix_socket }}',
+{% elif cfg.server.webmgmt.listen.interface %}
+    net.{{ cfg.server.webmgmt.listen.interface }},
+{% endif %}
+    {{ cfg.server.webmgmt.listen.port|string if cfg.server.webmgmt.listen.port else 'nil' }},
+    { kind = 'webmgmt' })
+{% endif %}
\ No newline at end of file
diff --git a/manager/knot_resolver_manager/datamodel/templates/static_hints.lua.j2 b/manager/knot_resolver_manager/datamodel/templates/static_hints.lua.j2
new file mode 100644
index 000000000..e1d3bbae7
--- /dev/null
+++ b/manager/knot_resolver_manager/datamodel/templates/static_hints.lua.j2
@@ -0,0 +1,33 @@
+{{ "hints.ttl("+cfg.static_hints.ttl.seconds()|string+")" if cfg.static_hints.ttl }}
+hints.use_nodata({{ 'true' if cfg.static_hints.no_data else 'false' }})
+{{ "hints.add_hosts()" if cfg.static_hints.etc_hosts }}
+{{ "hints.root_file('"+cfg.static_hints.root_hints_file+"')" if cfg.static_hints.root_hints_file }}
+
+{% if cfg.static_hints.hints_files %}
+-- static-hints.hints-files
+{% for item in cfg.static_hints.hints_files %}
+hints.add_hosts('{{ item }}')
+{% endfor %}
+{% endif %}
+
+{% if cfg.static_hints.root_hints %}
+-- static-hints.root-hints
+hints.root({
+{% for name, addrs in cfg.static_hints.root_hints.items() %}
+['{{ name }}'] = {
+{% for addr in addrs %}
+        '{{ addr }}',
+{% endfor %}
+    },
+{% endfor %}
+})
+{% endif %}
+
+{% if cfg.static_hints.hints %}
+-- static-hints.hints
+{% for name, addrs in cfg.static_hints.hints.items() %}
+{% for addr in addrs %}
+hints.set('{{ name }} {{ addr }}')
+{% endfor %}
+{% endfor %}
+{% endif %}
\ No newline at end of file