From f4ea61dd5bf0ef2baa7d545b12e168b652412509 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Sat, 13 May 2023 00:55:33 -0500
Subject: dns: T5144: Relocate ddclient template path for consistency with
 config path

---
 src/conf_mode/dns_dynamic.py | 131 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)
 create mode 100755 src/conf_mode/dns_dynamic.py

(limited to 'src/conf_mode/dns_dynamic.py')

diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
new file mode 100755
index 000000000..e4e2cf30e
--- /dev/null
+++ b/src/conf_mode/dns_dynamic.py
@@ -0,0 +1,131 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from sys import exit
+
+from vyos.config import Config
+from vyos.configdict import dict_merge
+from vyos.template import render
+from vyos.util import call
+from vyos.xml import defaults
+from vyos import ConfigError
+from vyos import airbag
+airbag.enable()
+
+config_file = r'/run/ddclient/ddclient.conf'
+
+# Protocols that require zone
+zone_allowed = ['cloudflare', 'godaddy', 'hetzner', 'gandi', 'nfsn']
+
+# Protocols that do not require username
+username_unnecessary = ['1984', 'cloudflare', 'cloudns', 'duckdns', 'freemyip', 'hetzner', 'keysystems', 'njalla']
+
+# Protocols that support both IPv4 and IPv6
+dualstack_supported = ['cloudflare', 'dyndns2', 'freedns', 'njalla']
+
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
+
+    base_level = ['service', 'dns', 'dynamic']
+    if not conf.exists(base_level):
+        return None
+
+    dyndns = conf.get_config_dict(base_level, key_mangling=('-', '_'), get_first_key=True)
+
+    for address in dyndns['address']:
+        # Apply service specific defaults (stype = ['rfc2136', 'service'])
+        for svc_type in dyndns['address'][address]:
+            default_values = defaults(base_level + ['address', svc_type])
+            for svc_cfg in dyndns['address'][address][svc_type]:
+                dyndns['address'][address][svc_type][svc_cfg] = dict_merge(
+                    default_values, dyndns['address'][address][svc_type][svc_cfg])
+
+    return dyndns
+
+def verify(dyndns):
+    # bail out early - looks like removal from running config
+    if not dyndns:
+        return None
+
+    for address in dyndns['address']:
+        # RFC2136 - configuration validation
+        if 'rfc2136' in dyndns['address'][address]:
+            for config in dyndns['address'][address]['rfc2136'].values():
+                for field in ['host_name', 'zone', 'server', 'key']:
+                    if field not in config:
+                        raise ConfigError(f'"{field.replace("_", "-")}" is required for RFC2136 '
+                                          f'based Dynamic DNS service on "{address}"')
+
+        # Dynamic DNS service provider - configuration validation
+        if 'service' in dyndns['address'][address]:
+            for service, config in dyndns['address'][address]['service'].items():
+                error_msg = f'is required for Dynamic DNS service "{service}" on "{address}"'
+
+                for field in ['host_name', 'password', 'protocol']:
+                    if field not in config:
+                        raise ConfigError(f'"{field.replace("_", "-")}" {error_msg}')
+
+                if config['protocol'] in zone_allowed and 'zone' not in config:
+                        raise ConfigError(f'"zone" {error_msg}')
+
+                if config['protocol'] not in zone_allowed and 'zone' in config:
+                        raise ConfigError(f'"{config["protocol"]}" does not support "zone"')
+
+                if config['protocol'] not in username_unnecessary:
+                    if 'username' not in config:
+                        raise ConfigError(f'"username" {error_msg}')
+
+                if config['ip_version'] == 'both':
+                    if config['protocol'] not in dualstack_supported:
+                        raise ConfigError(f'"{config["protocol"]}" does not support IPv4 and IPv6 at the same time')
+                    # dyndns2 protocol in ddclient honors dual stack only for dyn.com (dyndns.org)
+                    if config['protocol'] == 'dyndns2' and 'server' in config and config['server'] != 'members.dyndns.org':
+                        raise ConfigError(f'"{config["protocol"]}" for "{config["server"]}" does not support IPv4 and IPv6 at the same time')
+
+    return None
+
+def generate(dyndns):
+    # bail out early - looks like removal from running config
+    if not dyndns:
+        return None
+
+    render(config_file, 'dns-dynamic/ddclient.conf.j2', dyndns)
+    return None
+
+def apply(dyndns):
+    if not dyndns:
+        call('systemctl stop ddclient.service')
+        if os.path.exists(config_file):
+            os.unlink(config_file)
+    else:
+        call('systemctl restart ddclient.service')
+
+    return None
+
+if __name__ == '__main__':
+    try:
+        c = get_config()
+        verify(c)
+        generate(c)
+        apply(c)
+    except ConfigError as e:
+        print(e)
+        exit(1)
-- 
cgit v1.2.3


From b98f38a604954b87c1505bdb6c500a7d6fab983f Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Sun, 4 Jun 2023 02:56:20 -0500
Subject: dns: T5144: Add pid and cache config as ddclient global

---
 data/templates/dns-dynamic/ddclient.conf.j2 | 2 ++
 src/conf_mode/dns_dynamic.py                | 1 +
 2 files changed, 3 insertions(+)

(limited to 'src/conf_mode/dns_dynamic.py')

diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
index 945191bb7..a19b79c00 100644
--- a/data/templates/dns-dynamic/ddclient.conf.j2
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -26,6 +26,8 @@ if{{ ipv }}={{ address }}, \
 daemon=1m
 syslog=yes
 ssl=yes
+pid={{ config_file | replace('.conf', '.pid') }}
+cache={{ config_file | replace('.conf', '.cache') }}
 
 {% if address is vyos_defined %}
 {%     for address, service_cfg in address.items() %}
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index e4e2cf30e..d1ac2a08f 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -58,6 +58,7 @@ def get_config(config=None):
                 dyndns['address'][address][svc_type][svc_cfg] = dict_merge(
                     default_values, dyndns['address'][address][svc_type][svc_cfg])
 
+    dyndns['config_file'] = config_file
     return dyndns
 
 def verify(dyndns):
-- 
cgit v1.2.3


From c14825f55d286d54ca3c04703ecbded1cb4c2cca Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Sun, 4 Jun 2023 02:27:00 -0500
Subject: dns: T5144: Streamline ddclient systemd service override

Templatize systemd override for ddclient service and move the generated
override files in /run. This ensures that the override files are always
generated afresh after boot.

Additionally, simplify the systemd override file by removing the
redundant/superfluous overrides.
---
 data/templates/dns-dynamic/override.conf.j2             | 11 +++++++++++
 src/conf_mode/dns_dynamic.py                            |  2 ++
 src/etc/systemd/system/ddclient.service.d/override.conf | 11 -----------
 3 files changed, 13 insertions(+), 11 deletions(-)
 create mode 100644 data/templates/dns-dynamic/override.conf.j2
 delete mode 100644 src/etc/systemd/system/ddclient.service.d/override.conf

(limited to 'src/conf_mode/dns_dynamic.py')

diff --git a/data/templates/dns-dynamic/override.conf.j2 b/data/templates/dns-dynamic/override.conf.j2
new file mode 100644
index 000000000..8a9dfcd70
--- /dev/null
+++ b/data/templates/dns-dynamic/override.conf.j2
@@ -0,0 +1,11 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+[Unit]
+ConditionPathExists={{ config_file }}
+After=vyos-router.service
+
+[Service]
+PIDFile=
+PIDFile={{ config_file | replace('.conf', '.pid') }}
+EnvironmentFile=
+ExecStart=
+ExecStart=/usr/bin/ddclient -file {{ config_file }}
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index d1ac2a08f..f97225370 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -28,6 +28,7 @@ from vyos import airbag
 airbag.enable()
 
 config_file = r'/run/ddclient/ddclient.conf'
+systemd_override = r'/run/systemd/system/ddclient.service.d/override.conf'
 
 # Protocols that require zone
 zone_allowed = ['cloudflare', 'godaddy', 'hetzner', 'gandi', 'nfsn']
@@ -109,6 +110,7 @@ def generate(dyndns):
         return None
 
     render(config_file, 'dns-dynamic/ddclient.conf.j2', dyndns)
+    render(systemd_override, 'dns-dynamic/override.conf.j2', dyndns)
     return None
 
 def apply(dyndns):
diff --git a/src/etc/systemd/system/ddclient.service.d/override.conf b/src/etc/systemd/system/ddclient.service.d/override.conf
deleted file mode 100644
index 09d929d39..000000000
--- a/src/etc/systemd/system/ddclient.service.d/override.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-After=
-After=vyos-router.service
-
-[Service]
-WorkingDirectory=
-WorkingDirectory=/run/ddclient
-PIDFile=
-PIDFile=/run/ddclient/ddclient.pid
-ExecStart=
-ExecStart=/usr/bin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf
-- 
cgit v1.2.3