gitzone

git-based zone management tool for static and dynamic domains
git clone https://git.parazyd.org/gitzone
Log | Files | Refs

commit 99781eebd97abf5801ba3a71712e20d0bf3a7400
parent 0ee7507d69e87c816eefdb0fcaf3db75f7ecf91a
Author: tg(x) <*@tg-x.net>
Date:   Fri,  4 Feb 2011 03:55:40 +0100

docs & paths

Diffstat:
AMakefile | 7+++++++
MREADME.org | 111++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
Mbin/gitzone-shell | 2+-
Metc/gitzone.conf | 5+++--
Mhooks/post-receive | 2+-
Mhooks/pre-receive | 2+-
6 files changed, 121 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile @@ -0,0 +1,7 @@ +PREFIX=/usr + +install: + mkdir -p ${PREFIX}/bin + mkdir -p ${PREFIX}/libexec/gitzone + install bin/gitzone bin/gitzone-shell ${PREFIX}/bin/ + install hooks/pre-receive hooks/post-receive ${PREFIX}/libexec/gitzone/ diff --git a/README.org b/README.org @@ -1,3 +1,108 @@ -% git init zones -% cd zones -% git config receive.denyCurrentBranch ignore +#+TITLE: gitzone +#+AUTHOR: tg(x) +#+OPTIONS: ^:{} +#+INFOJS_OPT: view:showall + +* About + +gitzone is a git-based zone file management tool for BIND. Users can update +their zones in a git repository then during a push the zone files are checked, +updated & reloaded from git receive hooks. If there's an error in a file being +pushed then the push is rejected, thus only correct files are stored on the +server. + +gitzone-shell is a wrapper for git-shell that restricts the user to the zones +repository and provides some additional commands for dynamic DNS updates & SSH +key management. + +* Installation + +- set PREFIX in Makefile and make sure the paths in the hooks are correct, then + : # make install +- edit the settings in gitzone-shell +- create users with ssh access and set their shell to gitzone-shell +- create a zones repo for each user and set receive.denyCurrentBranch to ignore, + this allows pushing to a checked out repository. The checked out files are + used for incrementing serials and validating the zones with named-checkzone. + : # cd ~$user + : # git init zones + : # ln -s zones $username # needed for named-checkzone + : # cd zones + : # git config receive.denyCurrentBranch ignore + : # cd hooks + : # ln -s /usr/lib/gitzone/hooks/pre-receive + : # ln -s /usr/lib/gitzone/hooks/post-receive +- create a .gitconfig for the user that contains user name & user email (used + for auto increment commits) +- edit the settings in gitzone.conf +- create a directory for each user in $zone_dir and chown it to the user, this + will contain a clone of the user's repository, the zone files here should be + included in named.conf. + : # cd $zone_dir + : # mkdir $user + : # chown $user:$group $user +- edit named.conf and set directory in options to $zone_dir, this is needed to + make relative file names working in $INCLUDE: + : options { + : directory "/var/named"; + : // ... + : } + +* Usage + +** Zone files + +There are a few keywords you can use in the zone files: + +- ;AUTO_INCREMENT after a serial number to automatically increment it during + a push. If the number is 8 digits and starts with 20 it's treated as a date. + e.g.: + : example.net. IN SOA ns1.example.net. hostmaster.example.net. ( + : 2011013101 ;AUTO_INCREMENT + : 1d 2h 4w 2d ) + +- $INCLUDE can be used to include other files from the repository, the file + names should be prefixed with the user name +- ;INCLUDED_BY on the first line of a file indicates what other files include + this file. When this file is committed & pushed all the other files listed + after ;INCLUDED_BY are reloaded as well. + + E.g. if you have the following files in the repository then a change in + example-common would result in the reload of both example.net & example.org: + - example.net: + : ... + : $INCLUDE username/example-common example.net. + - example.org: + : ... + : $INCLUDE username/example-common example.org. + - example-common: + : ;INCLUDED_BY example.net example.org + : ... + +** Git repository + +You can use the git repository as normal, only difference is that if you use the +auto increment feature you also need to pull after a push as the receive hooks +on the server make commits to the repository during a push. + +#+BEGIN_EXAMPLE + % git clone ns.example.net:zones + % cd zones + % # edit files + % git commmit + % git push origin && git pull +#+END_EXAMPLE + +** SSH commands + +The following SSH commands can be used: + +- =update-record <filename> <record>=: updates the IP address of the first matched + record in the given file to the SSH client's IP address + : % ssh ns.example.net update-record foo IN A +- =list-keys=: list added ssh keys + : % ssh ns.example.net list-keys +- =add-key=: add a new ssh key + : % ssh ns.example.net add-key `cat id_rsa.pub` +- =del-key=: delete an ssh key from the config + : % ssh ns.example.net del-key user@somewhere diff --git a/bin/gitzone-shell b/bin/gitzone-shell @@ -9,7 +9,7 @@ allow_key_management=1 git_shell=/usr/bin/git-shell gitzone=/usr/bin/gitzone config=/etc/gitzone.conf -grep=grep +grep=/bin/grep function error { echo "fatal: What do you think I am? A shell?" diff --git a/etc/gitzone.conf b/etc/gitzone.conf @@ -3,7 +3,7 @@ $zone_dir = "/var/bind"; # commands -$git = 'git'; +$git = '/usr/bin/git'; $named_checkzone = '/usr/sbin/named-checkzone'; $rndc = '/usr/sbin/rndc'; @@ -18,7 +18,8 @@ $max_depth = 256; $verbosity = 0; # defines which files in a user's repo can be loaded as zone files, -# optionally you can define which view a zone belongs to +# you can also define which view a zone belongs to (1 means $default_view) +# basename of the files listed must be identical to the zone name $zones = { # user1 => { 'example.com' => 1, 'local/example.net' => 'local', }, } diff --git a/hooks/post-receive b/hooks/post-receive @@ -1,5 +1,5 @@ #!/bin/sh if [ -f .gitzone-list ]; then - gitzone /etc/gitzone.conf post-receive + /usr/bin/gitzone /etc/gitzone.conf post-receive fi diff --git a/hooks/pre-receive b/hooks/pre-receive @@ -1,3 +1,3 @@ #!/bin/sh -gitzone /etc/gitzone.conf pre-receive +/usr/bin/gitzone /etc/gitzone.conf pre-receive