mirror of
https://github.com/DeBrosOfficial/network.git
synced 2026-01-30 17:23:03 +00:00
241 lines
6.2 KiB
Bash
Executable File
241 lines
6.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# install-coredns.sh - Install and configure CoreDNS for DeBros Network nodes
|
|
# This script sets up a simple wildcard DNS server for deployment subdomains
|
|
set -euo pipefail
|
|
|
|
COREDNS_VERSION="${COREDNS_VERSION:-1.11.1}"
|
|
ARCH="linux_amd64"
|
|
INSTALL_DIR="/usr/local/bin"
|
|
CONFIG_DIR="/etc/coredns"
|
|
DATA_DIR="/var/lib/coredns"
|
|
USER="debros"
|
|
|
|
# Configuration - Override these with environment variables
|
|
DOMAIN="${DOMAIN:-dbrs.space}"
|
|
NODE_IP="${NODE_IP:-}" # Auto-detected if not provided
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
log_info() {
|
|
echo -e "${GREEN}[INFO]${NC} $1"
|
|
}
|
|
|
|
log_warn() {
|
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
log_error "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if debros user exists
|
|
if ! id -u "$USER" >/dev/null 2>&1; then
|
|
log_warn "User '$USER' does not exist. Creating..."
|
|
useradd -r -m -s /bin/bash "$USER" || true
|
|
fi
|
|
|
|
# Auto-detect node IP if not provided
|
|
if [ -z "$NODE_IP" ]; then
|
|
NODE_IP=$(hostname -I | awk '{print $1}')
|
|
log_info "Auto-detected node IP: $NODE_IP"
|
|
fi
|
|
|
|
if [ -z "$NODE_IP" ]; then
|
|
log_error "Could not detect node IP. Please set NODE_IP environment variable."
|
|
exit 1
|
|
fi
|
|
|
|
log_info "Installing CoreDNS $COREDNS_VERSION for domain $DOMAIN..."
|
|
|
|
# Disable systemd-resolved stub listener to free port 53
|
|
log_info "Configuring systemd-resolved..."
|
|
mkdir -p /etc/systemd/resolved.conf.d/
|
|
cat > /etc/systemd/resolved.conf.d/disable-stub.conf << 'EOF'
|
|
[Resolve]
|
|
DNSStubListener=no
|
|
EOF
|
|
systemctl restart systemd-resolved || true
|
|
|
|
# Download CoreDNS
|
|
cd /tmp
|
|
DOWNLOAD_URL="https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_${ARCH}.tgz"
|
|
log_info "Downloading from $DOWNLOAD_URL"
|
|
|
|
curl -sSL "$DOWNLOAD_URL" -o coredns.tgz
|
|
if [ $? -ne 0 ]; then
|
|
log_error "Failed to download CoreDNS"
|
|
exit 1
|
|
fi
|
|
|
|
# Extract and install
|
|
log_info "Extracting CoreDNS..."
|
|
tar -xzf coredns.tgz
|
|
chmod +x coredns
|
|
mv coredns "$INSTALL_DIR/"
|
|
|
|
log_info "CoreDNS installed to $INSTALL_DIR/coredns"
|
|
|
|
# Create directories
|
|
log_info "Creating directories..."
|
|
mkdir -p "$CONFIG_DIR"
|
|
mkdir -p "$DATA_DIR"
|
|
chown -R "$USER:$USER" "$DATA_DIR"
|
|
|
|
# Create Corefile for simple wildcard DNS
|
|
log_info "Creating Corefile..."
|
|
cat > "$CONFIG_DIR/Corefile" << EOF
|
|
# CoreDNS configuration for $DOMAIN
|
|
# Serves wildcard DNS for deployment subdomains
|
|
|
|
$DOMAIN {
|
|
file $CONFIG_DIR/db.$DOMAIN
|
|
log
|
|
errors
|
|
}
|
|
|
|
# Forward all other queries to upstream DNS
|
|
. {
|
|
forward . 8.8.8.8 8.8.4.4 1.1.1.1
|
|
cache 300
|
|
errors
|
|
}
|
|
EOF
|
|
|
|
# Create zone file
|
|
log_info "Creating zone file for $DOMAIN..."
|
|
SERIAL=$(date +%Y%m%d%H)
|
|
cat > "$CONFIG_DIR/db.$DOMAIN" << EOF
|
|
\$ORIGIN $DOMAIN.
|
|
\$TTL 300
|
|
|
|
@ IN SOA ns1.$DOMAIN. admin.$DOMAIN. (
|
|
$SERIAL ; Serial
|
|
3600 ; Refresh
|
|
1800 ; Retry
|
|
604800 ; Expire
|
|
300 ) ; Negative TTL
|
|
|
|
; Nameservers
|
|
@ IN NS ns1.$DOMAIN.
|
|
@ IN NS ns2.$DOMAIN.
|
|
@ IN NS ns3.$DOMAIN.
|
|
|
|
; Glue records - update these with actual nameserver IPs
|
|
ns1 IN A $NODE_IP
|
|
ns2 IN A $NODE_IP
|
|
ns3 IN A $NODE_IP
|
|
|
|
; Root domain
|
|
@ IN A $NODE_IP
|
|
|
|
; Wildcard for all subdomains (deployments)
|
|
* IN A $NODE_IP
|
|
EOF
|
|
|
|
# Create systemd service
|
|
log_info "Creating systemd service..."
|
|
cat > /etc/systemd/system/coredns.service << EOF
|
|
[Unit]
|
|
Description=CoreDNS DNS Server
|
|
Documentation=https://coredns.io
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=root
|
|
ExecStart=$INSTALL_DIR/coredns -conf $CONFIG_DIR/Corefile
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
ProtectSystem=full
|
|
ProtectHome=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
|
|
# Set up iptables redirect for port 80 -> gateway port 6001
|
|
log_info "Setting up port 80 redirect to gateway port 6001..."
|
|
iptables -t nat -C PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 2>/dev/null || \
|
|
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001
|
|
|
|
# Make iptables rules persistent
|
|
mkdir -p /etc/network/if-pre-up.d/
|
|
cat > /etc/network/if-pre-up.d/iptables-redirect << 'EOF'
|
|
#!/bin/sh
|
|
iptables -t nat -C PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001 2>/dev/null || \
|
|
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 6001
|
|
EOF
|
|
chmod +x /etc/network/if-pre-up.d/iptables-redirect
|
|
|
|
# Configure firewall
|
|
log_info "Configuring firewall..."
|
|
if command -v ufw >/dev/null 2>&1; then
|
|
ufw allow 53/tcp >/dev/null 2>&1 || true
|
|
ufw allow 53/udp >/dev/null 2>&1 || true
|
|
ufw allow 80/tcp >/dev/null 2>&1 || true
|
|
log_info "Firewall rules added for ports 53 (DNS) and 80 (HTTP)"
|
|
else
|
|
log_warn "UFW not found. Please manually configure firewall for ports 53 and 80"
|
|
fi
|
|
|
|
# Enable and start CoreDNS
|
|
log_info "Starting CoreDNS..."
|
|
systemctl enable coredns
|
|
systemctl start coredns
|
|
|
|
# Verify installation
|
|
sleep 2
|
|
if systemctl is-active --quiet coredns; then
|
|
log_info "CoreDNS is running"
|
|
else
|
|
log_error "CoreDNS failed to start. Check: journalctl -u coredns"
|
|
exit 1
|
|
fi
|
|
|
|
# Test DNS resolution
|
|
log_info "Testing DNS resolution..."
|
|
if dig @localhost test.$DOMAIN +short | grep -q "$NODE_IP"; then
|
|
log_info "DNS test passed: test.$DOMAIN resolves to $NODE_IP"
|
|
else
|
|
log_warn "DNS test failed or returned unexpected result"
|
|
fi
|
|
|
|
# Cleanup
|
|
rm -f /tmp/coredns.tgz
|
|
|
|
echo
|
|
log_info "============================================"
|
|
log_info "CoreDNS installation complete!"
|
|
log_info "============================================"
|
|
echo
|
|
log_info "Configuration:"
|
|
log_info " Domain: $DOMAIN"
|
|
log_info " Node IP: $NODE_IP"
|
|
log_info " Corefile: $CONFIG_DIR/Corefile"
|
|
log_info " Zone file: $CONFIG_DIR/db.$DOMAIN"
|
|
echo
|
|
log_info "Commands:"
|
|
log_info " Status: sudo systemctl status coredns"
|
|
log_info " Logs: sudo journalctl -u coredns -f"
|
|
log_info " Test: dig @localhost anything.$DOMAIN"
|
|
echo
|
|
log_info "Note: Update the zone file with other nameserver IPs for redundancy:"
|
|
log_info " sudo vi $CONFIG_DIR/db.$DOMAIN"
|
|
echo
|
|
log_info "Done!"
|