From 1312cb1df6e5d64a19f684a1f6d9f47732aaefc5 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 8 Jul 2023 18:49:51 +0200 Subject: [PATCH 1/8] Do not override resolvconf, use dnsmasq --- conf/dnsmasq | 4 ++++ scripts/backup | 6 ++++++ scripts/install | 4 ++++ scripts/remove | 4 ++++ scripts/restore | 8 ++++++++ scripts/upgrade | 11 +++++++++++ 6 files changed, 37 insertions(+) create mode 100644 conf/dnsmasq diff --git a/conf/dnsmasq b/conf/dnsmasq new file mode 100644 index 0000000..25847f6 --- /dev/null +++ b/conf/dnsmasq @@ -0,0 +1,4 @@ +# Created by __APP__ +# We assume that only one tailscale installation exists on the server, replace `tailscale0` below if needed +interface=tailscale0 +server=/__BASE_DOMAIN__/100.100.100.100 diff --git a/scripts/backup b/scripts/backup index 68a1633..e898622 100755 --- a/scripts/backup +++ b/scripts/backup @@ -41,6 +41,12 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP DNSMASQ CONFIG +#================================================= + +ynh_backup --src_path="/etc/dnsmasq.d/$app" + #================================================= # BACKUP THE DATABASE #================================================= diff --git a/scripts/install b/scripts/install index 12a1000..eb106fc 100755 --- a/scripts/install +++ b/scripts/install @@ -75,6 +75,10 @@ ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" chmod 600 "$install_dir/config.yaml" chown $app:$app "$install_dir/config.yaml" +# Add dnsmasq configuration to avoid overriding resolvconf +ynh_add_config --template="dnsmasq" --destination="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name="dnsmasq" --action="reload" + #================================================= # SETUP SYSTEMD #================================================= diff --git a/scripts/remove b/scripts/remove index 78d5d13..03198dc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -73,6 +73,10 @@ ynh_script_progression --message="Removing various files..." --weight=1 # Remove the log files ynh_secure_remove --file="/var/log/$app" +# Remove dnsmasq configuration +ynh_secure_remove --file="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name=dnsmasq --action="reload" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 0dfc655..031fc5c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE THE DNSMASQ CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the dnsmasq configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name="dnsmasq" --action="reload" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 24948a7..caafce2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,6 +13,17 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # STANDARD UPGRADE STEPS +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +if [ ! -f "/etc/dnsmasq.d/$app" ]; then + # Add dnsmasq configuration to avoid overriding resolvconf + ynh_add_config --template="dnsmasq" --destination="/etc/dnsmasq.d/$app" + ynh_systemd_action --service_name="dnsmasq" --action="reload" +fi + #================================================= # STOP SYSTEMD SERVICE #================================================= From 446c561fae706f4aa677638561aaf74f43ed2027 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 11 Aug 2023 12:56:15 +0200 Subject: [PATCH 2/8] Allow fake base domains for MagicDNS --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 44f0186..3f68d72 100644 --- a/manifest.toml +++ b/manifest.toml @@ -42,9 +42,9 @@ ram.runtime = "50M" default = "/dex" [install.base_domain] - type = "domain" + type = "string" ask.en = "Choose the base domain for Headscale's MagicDNS feature" - help.en = "MagicDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`" + help.en = "MagicDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`. It can be from a fake TLD, but beware of conflicts." [resources] [resources.sources.main] From ebc156f1a705a73d168b53506589496c7bec2426 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 8 Jul 2023 18:49:51 +0200 Subject: [PATCH 3/8] Do not override resolvconf, use dnsmasq --- conf/dnsmasq | 4 ++++ scripts/backup | 6 ++++++ scripts/install | 4 ++++ scripts/remove | 4 ++++ scripts/restore | 8 ++++++++ scripts/upgrade | 11 +++++++++++ 6 files changed, 37 insertions(+) create mode 100644 conf/dnsmasq diff --git a/conf/dnsmasq b/conf/dnsmasq new file mode 100644 index 0000000..25847f6 --- /dev/null +++ b/conf/dnsmasq @@ -0,0 +1,4 @@ +# Created by __APP__ +# We assume that only one tailscale installation exists on the server, replace `tailscale0` below if needed +interface=tailscale0 +server=/__BASE_DOMAIN__/100.100.100.100 diff --git a/scripts/backup b/scripts/backup index 68a1633..e898622 100755 --- a/scripts/backup +++ b/scripts/backup @@ -41,6 +41,12 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP DNSMASQ CONFIG +#================================================= + +ynh_backup --src_path="/etc/dnsmasq.d/$app" + #================================================= # BACKUP THE DATABASE #================================================= diff --git a/scripts/install b/scripts/install index 12a1000..eb106fc 100755 --- a/scripts/install +++ b/scripts/install @@ -75,6 +75,10 @@ ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" chmod 600 "$install_dir/config.yaml" chown $app:$app "$install_dir/config.yaml" +# Add dnsmasq configuration to avoid overriding resolvconf +ynh_add_config --template="dnsmasq" --destination="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name="dnsmasq" --action="reload" + #================================================= # SETUP SYSTEMD #================================================= diff --git a/scripts/remove b/scripts/remove index 78d5d13..03198dc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -73,6 +73,10 @@ ynh_script_progression --message="Removing various files..." --weight=1 # Remove the log files ynh_secure_remove --file="/var/log/$app" +# Remove dnsmasq configuration +ynh_secure_remove --file="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name=dnsmasq --action="reload" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 0dfc655..031fc5c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE THE DNSMASQ CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the dnsmasq configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/dnsmasq.d/$app" +ynh_systemd_action --service_name="dnsmasq" --action="reload" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 24948a7..caafce2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,6 +13,17 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # STANDARD UPGRADE STEPS +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +if [ ! -f "/etc/dnsmasq.d/$app" ]; then + # Add dnsmasq configuration to avoid overriding resolvconf + ynh_add_config --template="dnsmasq" --destination="/etc/dnsmasq.d/$app" + ynh_systemd_action --service_name="dnsmasq" --action="reload" +fi + #================================================= # STOP SYSTEMD SERVICE #================================================= From e916fe2fe6f67d8fc40cb9e2753d631f90d87e2a Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 11 Aug 2023 12:56:15 +0200 Subject: [PATCH 4/8] Allow fake base domains for MagicDNS --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 44f0186..3f68d72 100644 --- a/manifest.toml +++ b/manifest.toml @@ -42,9 +42,9 @@ ram.runtime = "50M" default = "/dex" [install.base_domain] - type = "domain" + type = "string" ask.en = "Choose the base domain for Headscale's MagicDNS feature" - help.en = "MagicDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`" + help.en = "MagicDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`. It can be from a fake TLD, but beware of conflicts." [resources] [resources.sources.main] From a806fb460ebef595e2f0b3e73730eddab97c6d5e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 11 Aug 2023 14:52:48 +0200 Subject: [PATCH 5/8] Default to localhost and ARN open resolver --- conf/config.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/conf/config.yaml b/conf/config.yaml index aa19799..3af7108 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -199,7 +199,9 @@ dns_config: # List of DNS servers to expose to clients. nameservers: - - 1.1.1.1 + - 127.0.0.1 + - 89.234.141.66 + - 2a00:5881:8100:1000::3 # NextDNS (see https://tailscale.com/kb/1218/nextdns/). # "abc123" is example NextDNS ID, replace with yours. From 813f55455b37337ee3f26c488a1e98d16fffecdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 8 Sep 2023 23:05:47 +0200 Subject: [PATCH 6/8] fix linter --- manifest.toml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 3f68d72..59fd729 100644 --- a/manifest.toml +++ b/manifest.toml @@ -18,7 +18,7 @@ cpe = "cpe:2.3:a:tailscale:tailscale" fund = "https://ko-fi.com/headscale" [integration] -yunohost = ">= 11.0.0" +yunohost = ">= 11.2" architectures = "all" multi_instance = false ldap = true @@ -38,9 +38,12 @@ ram.runtime = "50M" [install.dex_path] type = "path" - ask.en = "Choose the path to install Dex on." default = "/dex" + [install.init_main_permission] + type = "group" + default = "visitors" + [install.base_domain] type = "string" ask.en = "Choose the base domain for Headscale's MagicDNS feature" From 309e7e2a9ccd8f0c31a062c2403af3565797abaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 8 Sep 2023 23:24:37 +0200 Subject: [PATCH 7/8] Update manifest.toml --- manifest.toml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 59fd729..263a1ab 100644 --- a/manifest.toml +++ b/manifest.toml @@ -38,6 +38,7 @@ ram.runtime = "50M" [install.dex_path] type = "path" + ask.en = "Choose the path to install Dex on." default = "/dex" [install.init_main_permission] @@ -61,8 +62,8 @@ ram.runtime = "50M" arm64.sha256 = "c36b469a30e87efc6616abd7f8df429de2a11896d311037580ac0b9c2f6b53a6" armhf.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_armv7" armhf.sha256 = "4711fd03c9f5d814eb4c85be9939f167ce7aa40510cda2133c9f63810ead395d" - armel.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_armv5" - armel.sha256 = "3a983ea320b05372b5493ece01bab1252907e0864a26f1857dbcd7307dfc463f" + #armel.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_armv5" + #armel.sha256 = "3a983ea320b05372b5493ece01bab1252907e0864a26f1857dbcd7307dfc463f" autoupdate.strategy = "latest_github_release" autoupdate.asset.i386 = ".*_linux_386$" From e4997de0dc09f1a1feab7358ff2cf7eb12257fdc Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 9 Sep 2023 17:38:45 +0200 Subject: [PATCH 8/8] Update tests.toml, the app is supposed to be publicly accessible --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 4bcc359..5ef6b82 100644 --- a/tests.toml +++ b/tests.toml @@ -6,7 +6,7 @@ test_format = 1.0 sudo yunohost domain add dex-headscale.domain.tld """ - exclude = ["change_url"] + exclude = [ "install.private", "change_url" ] args.domain = "sub.domain.tld" args.dex_domain = "dex-headscale.domain.tld"