mirror of
				https://github.com/bashclub/zamba-lxc-toolbox.git
				synced 2025-10-26 13:52:26 +01:00 
			
		
		
		
	zmb-ad: fixed bind9 config
This commit is contained in:
		| @@ -22,51 +22,7 @@ for f in ${OPTIONAL_FEATURES[@]}; do | |||||||
|   elif [[ "$f" == "bind9dlz" ]]; then |   elif [[ "$f" == "bind9dlz" ]]; then | ||||||
|     ZMB_DNS_BACKEND="BIND9_DLZ" |     ZMB_DNS_BACKEND="BIND9_DLZ" | ||||||
|     ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES" |     ADDITIONAL_PACKAGES="bind9 $ADDITIONAL_PACKAGES" | ||||||
|     ADDITIONAL_SERVICES="wsdd $ADDITIONAL_SERVICES" |     ADDITIONAL_SERVICES="bind9 $ADDITIONAL_SERVICES" | ||||||
|       # configure bind dns service |  | ||||||
|     cat << EOF > /etc/default/bind9 |  | ||||||
| # |  | ||||||
| # run resolvconf? |  | ||||||
| RESOLVCONF=no |  | ||||||
|  |  | ||||||
| # startup options for the server |  | ||||||
| OPTIONS="-4 -u bind" |  | ||||||
| EOF |  | ||||||
|  |  | ||||||
|     cat << EOF > /etc/bind/named.conf.local |  | ||||||
| // |  | ||||||
| // Do any local configuration here |  | ||||||
| // |  | ||||||
|  |  | ||||||
| // Consider adding the 1918 zones here, if they are not used in your |  | ||||||
| // organization |  | ||||||
| //include "/etc/bind/zones.rfc1918"; |  | ||||||
| dlz "$LXC_DOMAIN" { |  | ||||||
|   database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; |  | ||||||
| }; |  | ||||||
| EOF |  | ||||||
|  |  | ||||||
|     cat << EOF > /etc/bind/named.conf.options |  | ||||||
| options { |  | ||||||
|   directory "/var/cache/bind"; |  | ||||||
|  |  | ||||||
|   forwarders { |  | ||||||
|     $LXC_DNS; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   allow-query {  any;}; |  | ||||||
|   dnssec-validation no; |  | ||||||
|  |  | ||||||
|   auth-nxdomain no;    # conform to RFC1035 |  | ||||||
|   listen-on-v6 { any; }; |  | ||||||
|   listen-on { any; }; |  | ||||||
|  |  | ||||||
|   tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; |  | ||||||
|   minimal-responses yes; |  | ||||||
| }; |  | ||||||
| EOF |  | ||||||
|  |  | ||||||
|     mkdir -p /var/lib/samba/bind-dns/dns |  | ||||||
|   else |   else | ||||||
|     echo "Unsupported optional feature $f" |     echo "Unsupported optional feature $f" | ||||||
|   fi |   fi | ||||||
| @@ -111,13 +67,62 @@ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -o DPkg:: | |||||||
| if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then | if [[ "$ADDITIONAL_PACKAGES" == *"nginx-full"* ]]; then | ||||||
|   cat << EOF > /etc/nginx/sites-available/default |   cat << EOF > /etc/nginx/sites-available/default | ||||||
| server { | server { | ||||||
|     listen 80; |     listen 80 default_server; | ||||||
|     server_name $LXC_DOMAIN default_server; |     server_name _; | ||||||
|     return 301 http://www.$LXC_DOMAIN\$request_uri; |     return 301 http://www.$LXC_DOMAIN\$request_uri; | ||||||
| } | } | ||||||
| EOF | EOF | ||||||
| fi | fi | ||||||
|  |  | ||||||
|  | if  [[ "$ADDITIONAL_PACKAGES" == *"bind9"* ]]; then | ||||||
|  |   # configure bind dns service | ||||||
|  |   cat << EOF > /etc/default/bind9 | ||||||
|  | # | ||||||
|  | # run resolvconf? | ||||||
|  | RESOLVCONF=no | ||||||
|  |  | ||||||
|  | # startup options for the server | ||||||
|  | OPTIONS="-4 -u bind" | ||||||
|  | EOF | ||||||
|  |  | ||||||
|  |   cat << EOF > /etc/bind/named.conf.local | ||||||
|  | // | ||||||
|  | // Do any local configuration here | ||||||
|  | // | ||||||
|  |  | ||||||
|  | // Consider adding the 1918 zones here, if they are not used in your | ||||||
|  | // organization | ||||||
|  | //include "/etc/bind/zones.rfc1918"; | ||||||
|  | dlz "$LXC_DOMAIN" { | ||||||
|  |   database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so"; | ||||||
|  | }; | ||||||
|  | EOF | ||||||
|  |  | ||||||
|  |   cat << EOF > /etc/bind/named.conf.options | ||||||
|  | options { | ||||||
|  |   directory "/var/cache/bind"; | ||||||
|  |  | ||||||
|  |   forwarders { | ||||||
|  |     $LXC_DNS; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   allow-query {  any;}; | ||||||
|  |   dnssec-validation no; | ||||||
|  |  | ||||||
|  |   auth-nxdomain no;    # conform to RFC1035 | ||||||
|  |   listen-on-v6 { any; }; | ||||||
|  |   listen-on { any; }; | ||||||
|  |  | ||||||
|  |   tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; | ||||||
|  |   minimal-responses yes; | ||||||
|  | }; | ||||||
|  | EOF | ||||||
|  |  | ||||||
|  |   mkdir -p /var/lib/samba/bind-dns/dns | ||||||
|  | fi | ||||||
|  |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # stop + disable samba services and remove default config | # stop + disable samba services and remove default config | ||||||
| systemctl disable --now smbd nmbd winbind systemd-resolved | systemctl disable --now smbd nmbd winbind systemd-resolved | ||||||
| rm -f /etc/samba/smb.conf | rm -f /etc/samba/smb.conf | ||||||
| @@ -129,7 +134,7 @@ samba-tool domain provision --use-rfc2307 --realm=$ZMB_REALM --domain=$ZMB_DOMAI | |||||||
| cp /var/lib/samba/private/krb5.conf /etc/krb5.conf | cp /var/lib/samba/private/krb5.conf /etc/krb5.conf | ||||||
|  |  | ||||||
| systemctl unmask samba-ad-dc | systemctl unmask samba-ad-dc | ||||||
| systemctl enable samba-ad-dc $ADDITIONAL_SERVICES | systemctl enable samba-ad-dc | ||||||
| systemctl restart samba-ad-dc $ADDITIONAL_SERVICES | systemctl restart samba-ad-dc $ADDITIONAL_SERVICES | ||||||
|  |  | ||||||
| exit 0 | exit 0 | ||||||
		Reference in New Issue
	
	Block a user