vpn: rename from dsnet; add dnsmasq config

2023-01-01 03:10:28 +01:00 · 2023-01-01 03:10:28 +01:00 · 05ff1b18f7
commit 05ff1b18f7
parent 9f2d9fe9bb
2 changed files with 23 additions and 1 deletions
--- a/scripts/dsnet/dsnet.service
+++ b/scripts/dsnet/dsnet.service
--- a/scripts/dsnet/script.sh
+++ b/scripts/dsnet/script.sh
@ -3,10 +3,11 @@ set -euo pipefail

 source "$HL_LIB"

-_assert_vars HL_TIMEZONE HL_DOMAIN;
+_assert_vars HL_TIMEZONE HL_DOMAIN HL_DNS_SERVERS_SPACE_SEP;

 _ch_001-install_wireguard() {
    sudo apt-get install -y wireguard;
+    sudo modprobe wireguard;
 }

 _ch_002-install_dsnet() {
@ -40,4 +41,25 @@ _ch_006-run_service() {
    sudo systemctl enable --now dsnet.service
 }

+_ch_007-install_dnsmasq() {
+    sudo apt-get install -y dnsmasq
+}
+
+_ch_008-configure_dnsmasq() {
+    # dynamically acquire ip address of the wireguard interface
+    DSNET_IP=$(ip -f inet addr show dsnet | awk '/inet/ {print $2}' | cut -d / -f 1)
+
+    # listen only for queries from inside the VPN and respond with the VPN ip address
+    {
+        echo "# dsnet intra-VPN DNS resolver"
+        echo "listen-address=$DSNET_IP"
+        for serv in $HL_DNS_SERVERS_SPACE_SEP; do
+            echo "server=$serv"
+        done
+        echo "address=/$HL_DOMAIN/$DSNET_IP"
+    } | sudo tee /etc/dnsmasq.d/dnsmasq-vpn
+
+    sudo systemctl reload dnsmasq.service
+}
+
 _run_checkpoints