commit 99781eebd97abf5801ba3a71712e20d0bf3a7400
parent 0ee7507d69e87c816eefdb0fcaf3db75f7ecf91a
Author: tg(x) <*@tg-x.net>
Date: Fri, 4 Feb 2011 03:55:40 +0100
docs & paths
Diffstat:
6 files changed, 121 insertions(+), 8 deletions(-)
diff --git a/Makefile b/Makefile
@@ -0,0 +1,7 @@
+PREFIX=/usr
+
+install:
+ mkdir -p ${PREFIX}/bin
+ mkdir -p ${PREFIX}/libexec/gitzone
+ install bin/gitzone bin/gitzone-shell ${PREFIX}/bin/
+ install hooks/pre-receive hooks/post-receive ${PREFIX}/libexec/gitzone/
diff --git a/README.org b/README.org
@@ -1,3 +1,108 @@
-% git init zones
-% cd zones
-% git config receive.denyCurrentBranch ignore
+#+TITLE: gitzone
+#+AUTHOR: tg(x)
+#+OPTIONS: ^:{}
+#+INFOJS_OPT: view:showall
+
+* About
+
+gitzone is a git-based zone file management tool for BIND. Users can update
+their zones in a git repository then during a push the zone files are checked,
+updated & reloaded from git receive hooks. If there's an error in a file being
+pushed then the push is rejected, thus only correct files are stored on the
+server.
+
+gitzone-shell is a wrapper for git-shell that restricts the user to the zones
+repository and provides some additional commands for dynamic DNS updates & SSH
+key management.
+
+* Installation
+
+- set PREFIX in Makefile and make sure the paths in the hooks are correct, then
+ : # make install
+- edit the settings in gitzone-shell
+- create users with ssh access and set their shell to gitzone-shell
+- create a zones repo for each user and set receive.denyCurrentBranch to ignore,
+ this allows pushing to a checked out repository. The checked out files are
+ used for incrementing serials and validating the zones with named-checkzone.
+ : # cd ~$user
+ : # git init zones
+ : # ln -s zones $username # needed for named-checkzone
+ : # cd zones
+ : # git config receive.denyCurrentBranch ignore
+ : # cd hooks
+ : # ln -s /usr/lib/gitzone/hooks/pre-receive
+ : # ln -s /usr/lib/gitzone/hooks/post-receive
+- create a .gitconfig for the user that contains user name & user email (used
+ for auto increment commits)
+- edit the settings in gitzone.conf
+- create a directory for each user in $zone_dir and chown it to the user, this
+ will contain a clone of the user's repository, the zone files here should be
+ included in named.conf.
+ : # cd $zone_dir
+ : # mkdir $user
+ : # chown $user:$group $user
+- edit named.conf and set directory in options to $zone_dir, this is needed to
+ make relative file names working in $INCLUDE:
+ : options {
+ : directory "/var/named";
+ : // ...
+ : }
+
+* Usage
+
+** Zone files
+
+There are a few keywords you can use in the zone files:
+
+- ;AUTO_INCREMENT after a serial number to automatically increment it during
+ a push. If the number is 8 digits and starts with 20 it's treated as a date.
+ e.g.:
+ : example.net. IN SOA ns1.example.net. hostmaster.example.net. (
+ : 2011013101 ;AUTO_INCREMENT
+ : 1d 2h 4w 2d )
+
+- $INCLUDE can be used to include other files from the repository, the file
+ names should be prefixed with the user name
+- ;INCLUDED_BY on the first line of a file indicates what other files include
+ this file. When this file is committed & pushed all the other files listed
+ after ;INCLUDED_BY are reloaded as well.
+
+ E.g. if you have the following files in the repository then a change in
+ example-common would result in the reload of both example.net & example.org:
+ - example.net:
+ : ...
+ : $INCLUDE username/example-common example.net.
+ - example.org:
+ : ...
+ : $INCLUDE username/example-common example.org.
+ - example-common:
+ : ;INCLUDED_BY example.net example.org
+ : ...
+
+** Git repository
+
+You can use the git repository as normal, only difference is that if you use the
+auto increment feature you also need to pull after a push as the receive hooks
+on the server make commits to the repository during a push.
+
+#+BEGIN_EXAMPLE
+ % git clone ns.example.net:zones
+ % cd zones
+ % # edit files
+ % git commmit
+ % git push origin && git pull
+#+END_EXAMPLE
+
+** SSH commands
+
+The following SSH commands can be used:
+
+- =update-record <filename> <record>=: updates the IP address of the first matched
+ record in the given file to the SSH client's IP address
+ : % ssh ns.example.net update-record foo IN A
+- =list-keys=: list added ssh keys
+ : % ssh ns.example.net list-keys
+- =add-key=: add a new ssh key
+ : % ssh ns.example.net add-key `cat id_rsa.pub`
+- =del-key=: delete an ssh key from the config
+ : % ssh ns.example.net del-key user@somewhere
diff --git a/bin/gitzone-shell b/bin/gitzone-shell
@@ -9,7 +9,7 @@ allow_key_management=1
git_shell=/usr/bin/git-shell
gitzone=/usr/bin/gitzone
config=/etc/gitzone.conf
-grep=grep
+grep=/bin/grep
function error {
echo "fatal: What do you think I am? A shell?"
diff --git a/etc/gitzone.conf b/etc/gitzone.conf
@@ -3,7 +3,7 @@
$zone_dir = "/var/bind";
# commands
-$git = 'git';
+$git = '/usr/bin/git';
$named_checkzone = '/usr/sbin/named-checkzone';
$rndc = '/usr/sbin/rndc';
@@ -18,7 +18,8 @@ $max_depth = 256;
$verbosity = 0;
# defines which files in a user's repo can be loaded as zone files,
-# optionally you can define which view a zone belongs to
+# you can also define which view a zone belongs to (1 means $default_view)
+# basename of the files listed must be identical to the zone name
$zones = {
# user1 => { 'example.com' => 1, 'local/example.net' => 'local', },
}
diff --git a/hooks/post-receive b/hooks/post-receive
@@ -1,5 +1,5 @@
#!/bin/sh
if [ -f .gitzone-list ]; then
- gitzone /etc/gitzone.conf post-receive
+ /usr/bin/gitzone /etc/gitzone.conf post-receive
fi
diff --git a/hooks/pre-receive b/hooks/pre-receive
@@ -1,3 +1,3 @@
#!/bin/sh
-gitzone /etc/gitzone.conf pre-receive
+/usr/bin/gitzone /etc/gitzone.conf pre-receive
