badvpn/ncd/examples/router/unbound.ncdi
2013-10-13 21:02:10 +00:00

43 lines
1.1 KiB
Plaintext

include_guard "unbound"
template unbound {
alias("_arg0") unique_id;
alias("_arg1") access_control_rules;
# Create a temporary directory.
concat("/run/ncd-unbound-", unique_id) run_dir;
run({"/bin/rm", "-rf", run_dir}, {});
run({"/bin/mkdir", run_dir}, {"/bin/rm", "-rf", run_dir});
# Compute path for unbound.conf.
concat(run_dir, "/unbound.conf") unbound_conf_path;
# This is a template for unbound.conf.
value("
server:
verbosity: 1
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: no
interface: 0.0.0.0
access-control: 127.0.0.0/8 allow
" ) config;
# Append access control rules.
Foreach (access_control_rules As rule) {
value(rule) rule;
rule->get("0") network;
rule->get("1") prefix;
rule->get("2") action;
concat(" access-control: ", network, "/", prefix, " ", action, "\n") line;
config->append(line);
};
# Write unbound.conf.
file_write(unbound_conf_path, config);
# Start unbound.
daemon({"/usr/sbin/unbound", "-d", "-c", unbound_conf_path});
}