From 05ff1b18f7e67b16adfbc252afbcb3f762a2df91 Mon Sep 17 00:00:00 2001
From: bain <bain@bain.cz>
Date: Sun, 1 Jan 2023 03:10:28 +0100
Subject: [PATCH] vpn: rename from dsnet; add dnsmasq config

---
 scripts/{dsnet => vpn}/dsnet.service |  0
 scripts/{dsnet => vpn}/script.sh     | 24 +++++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 rename scripts/{dsnet => vpn}/dsnet.service (100%)
 rename scripts/{dsnet => vpn}/script.sh (58%)

diff --git a/scripts/dsnet/dsnet.service b/scripts/vpn/dsnet.service
similarity index 100%
rename from scripts/dsnet/dsnet.service
rename to scripts/vpn/dsnet.service
diff --git a/scripts/dsnet/script.sh b/scripts/vpn/script.sh
similarity index 58%
rename from scripts/dsnet/script.sh
rename to scripts/vpn/script.sh
index 5306eee..5a6ad54 100644
--- a/scripts/dsnet/script.sh
+++ b/scripts/vpn/script.sh
@@ -3,10 +3,11 @@ set -euo pipefail
 
 source "$HL_LIB"
 
-_assert_vars HL_TIMEZONE HL_DOMAIN;
+_assert_vars HL_TIMEZONE HL_DOMAIN HL_DNS_SERVERS_SPACE_SEP;
 
 _ch_001-install_wireguard() {
     sudo apt-get install -y wireguard;
+    sudo modprobe wireguard;
 }
 
 _ch_002-install_dsnet() {
@@ -40,4 +41,25 @@ _ch_006-run_service() {
     sudo systemctl enable --now dsnet.service
 }
 
+_ch_007-install_dnsmasq() {
+    sudo apt-get install -y dnsmasq
+}
+
+_ch_008-configure_dnsmasq() {
+    # dynamically acquire ip address of the wireguard interface
+    DSNET_IP=$(ip -f inet addr show dsnet | awk '/inet/ {print $2}' | cut -d / -f 1)
+
+    # listen only for queries from inside the VPN and respond with the VPN ip address
+    {
+        echo "# dsnet intra-VPN DNS resolver"
+        echo "listen-address=$DSNET_IP"
+        for serv in $HL_DNS_SERVERS_SPACE_SEP; do
+            echo "server=$serv"
+        done
+        echo "address=/$HL_DOMAIN/$DSNET_IP"
+    } | sudo tee /etc/dnsmasq.d/dnsmasq-vpn
+
+    sudo systemctl reload dnsmasq.service
+}
+
 _run_checkpoints