BadVPN – Rev 1

Subversion Repositories:
Rev:
include_guard "unbound"

template unbound {
    alias("_arg0") unique_id;
    alias("_arg1") access_control_rules;

    # Create a temporary directory.
    concat("/run/ncd-unbound-", unique_id) run_dir;
    run({"/bin/rm", "-rf", run_dir}, {});
    run({"/bin/mkdir", run_dir}, {"/bin/rm", "-rf", run_dir});

    # Compute path for unbound.conf.
    concat(run_dir, "/unbound.conf") unbound_conf_path;

    # This is a template for unbound.conf.
    value("
server:
    verbosity: 1
    do-ip4: yes
    do-ip6: no
    do-udp: yes
    do-tcp: no
    interface: 0.0.0.0
    access-control: 127.0.0.0/8 allow
"   ) config;

    # Append access control rules.
    Foreach (access_control_rules As rule) {
        value(rule) rule;
        rule->get("0") network;
        rule->get("1") prefix;
        rule->get("2") action;
        concat("    access-control: ", network, "/", prefix, " ", action, "\n") line;
        config->append(line);
    };

    # Write unbound.conf.
    file_write(unbound_conf_path, config);

    # Start unbound.
    daemon({"/usr/sbin/unbound", "-d", "-c", unbound_conf_path});
}