diff options
Diffstat (limited to 'applications/luci-app-unbound/luasrc')
-rw-r--r-- | applications/luci-app-unbound/luasrc/model/cbi/unbound/configure.lua | 198 |
1 files changed, 104 insertions, 94 deletions
diff --git a/applications/luci-app-unbound/luasrc/model/cbi/unbound/configure.lua b/applications/luci-app-unbound/luasrc/model/cbi/unbound/configure.lua index c92e379957..bf2b65a0a1 100644 --- a/applications/luci-app-unbound/luasrc/model/cbi/unbound/configure.lua +++ b/applications/luci-app-unbound/luasrc/model/cbi/unbound/configure.lua @@ -29,53 +29,52 @@ s1:tab("basic", translate("Basic"), "https://www.unbound.net/", "https://github.com/openwrt/packages/blob/master/net/unbound/files/README.md")) -ena = s1:taboption("basic", Flag, "enabled", translate("Enable Unbound:"), - translate("Enable the initialization scripts for Unbound")) -ena.rmempty = false - -mcf = s1:taboption("basic", Flag, "manual_conf", translate("Manual Conf:"), - translate("Skip UCI and use /etc/unbound/unbound.conf")) -mcf.rmempty = false - -lci = s1:taboption("basic", Flag, "extended_luci", translate("Extended Tabs:"), - translate("See detailed tabs for statistics, debug, and manual configuration")) -lci.rmempty = false - - -function ena.cfgvalue(self, section) - return luci.sys.init.enabled("unbound") and self.enabled or self.disabled -end - - -function ena.write(self, section, value) - if value == "1" then - luci.sys.init.enable("unbound") - luci.sys.call("/etc/init.d/unbound start >/dev/null") - else - luci.sys.call("/etc/init.d/unbound stop >/dev/null") - luci.sys.init.disable("unbound") - end - - return Flag.write(self, section, value) -end - if valman ~= "1" then -- Not in manual configuration mode; show UCI s1:tab("advanced", translate("Advanced"), translatef("<h3>Unbound Advanced Settings</h3>\n" - .. "Link DHCP-DNS, Manipulate DNS, or protect your local domain in " + .. "Domain manipulation, lookup protection, and workarounds for " .. "<a href=\"%s\" target=\"_blank\">Unbound </a>" .. " DNS resolver.", "https://www.unbound.net/")) + s1:tab("DHCP", translate("DHCP"), + translatef("<h3>Unbound DHCP Settings</h3>\n" + .. "Link your DHCP server to " + .. "<a href=\"%s\" target=\"_blank\">Unbound </a>" + .. " DNS resolver.", "https://www.unbound.net/ ")) s1:tab("resource", translate("Resource"), translatef("<h3>Unbound Resource Settings</h3>\n" .. "Memory and protocol setttings for " .. "<a href=\"%s\" target=\"_blank\">Unbound </a>" .. " DNS resolver.", "https://www.unbound.net/")) +end +s1:tab("trigger", translate("Trigger"), + translatef("<h3>Unbound Event Trigger Settings</h3>\n" + .. "Start, reload, and save RFC5011 DNSKEY records for " + .. "<a href=\"%s\" target=\"_blank\">Unbound </a>" + .. " DNS resolver.", "https://www.unbound.net/")) + + +--Basic Tab, unconditional pieces +ena = s1:taboption("basic", Flag, "enabled", translate("Enable Unbound:"), + translate("Enable the initialization scripts for Unbound")) +ena.rmempty = false + +mcf = s1:taboption("basic", Flag, "manual_conf", translate("Manual Conf:"), + translate("Skip UCI and use /etc/unbound/unbound.conf")) +mcf.rmempty = false + +lci = s1:taboption("basic", Flag, "extended_luci", translate("Extended Tabs:"), + translate("See detailed tabs for statistics, debug, and manual configuration")) +lci.rmempty = false + + +if valman ~= "1" then + -- Not in manual configuration mode; show UCI --Basic Tab lsv = s1:taboption("basic", Flag, "localservice", translate("Local Service:"), translate("Accept queries only from local subnets")) @@ -90,11 +89,6 @@ if valman ~= "1" then nvd.rmempty = false nvd:depends({ validator = true }) - din = s1:taboption("basic", DynamicList, "domain_insecure", - translate("Domain Insecure:"), - translate("List domains to bypass checks of DNSSEC")) - din:depends({ validator = true }) - d64 = s1:taboption("basic", Flag, "dns64", translate("Enable DNS64:"), translate("Enable the DNS64 module")) d64.rmempty = false @@ -121,25 +115,56 @@ if valman ~= "1" then prt.rmempty = false --Avanced Tab - dlk = s1:taboption("advanced", ListValue, "dhcp_link", translate("DHCP Link:"), + din = s1:taboption("advanced", DynamicList, "domain_insecure", + translate("Domain Insecure:"), + translate("List domains to bypass checks of DNSSEC")) + din:depends({ validator = true }) + + dfw = s1:taboption("advanced", DynamicList, "domain_forward", + translate("Domain Forward:"), + translate("List domains to simply forward to stub resolvers in /tmp/resolve.auto")) + + rlh = s1:taboption("advanced", Flag, "rebind_localhost", translate("Filter Localhost Rebind:"), + translate("Protect against upstream response of 127.0.0.0/8")) + rlh.rmempty = false + + rpv = s1:taboption("advanced", ListValue, "rebind_protection", translate("Filter Private Rebind:"), + translate("Protect against upstream responses within local subnets")) + rpv:value("0", translate("No Filter")) + rpv:value("1", translate("Filter RFC1918/4193")) + rpv:value("2", translate("Filter Entire Subnet")) + rpv.rmempty = false + + rpn = s1:taboption("advanced", Value, "rebind_interface", translate("Rebind Network Filter:"), + translate("Network subnets to filter from upstream responses")) + rpn.template = "cbi/network_netlist" + rpn.widget = "checkbox" + rpn.rmempty = true + rpn.cast = "string" + rpn.nocreate = true + rpn:depends({ rebind_protection = 2 }) + rpn:depends({ rebind_protection = 3 }) + + --DHCP Tab + dlk = s1:taboption("DHCP", ListValue, "dhcp_link", translate("DHCP Link:"), translate("Link to supported programs to load DHCP into DNS")) dlk:value("none", translate("No Link")) dlk:value("dnsmasq", "dnsmasq") dlk:value("odhcpd", "odhcpd") dlk.rmempty = false - dp6 = s1:taboption("advanced", Flag, "dhcp4_slaac6", translate("DHCPv4 to SLAAC:"), + dp6 = s1:taboption("DHCP", Flag, "dhcp4_slaac6", translate("DHCPv4 to SLAAC:"), translate("Use DHCPv4 MAC to discover IP6 hosts SLAAC (EUI64)")) dp6.rmempty = false dp6:depends({ dhcp_link = "odhcpd" }) - dom = s1:taboption("advanced", Value, "domain", translate("Local Domain:"), + dom = s1:taboption("DHCP", Value, "domain", translate("Local Domain:"), translate("Domain suffix for this router and DHCP clients")) dom.placeholder = "lan" dom:depends({ dhcp_link = "none" }) dom:depends({ dhcp_link = "odhcpd" }) - dty = s1:taboption("advanced", ListValue, "domain_type", translate("Local Domain Type:"), + dty = s1:taboption("DHCP", ListValue, "domain_type", translate("Local Domain Type:"), translate("How to treat queries of this local domain")) dty:value("deny", translate("Ignored")) dty:value("refuse", translate("Refused")) @@ -148,7 +173,7 @@ if valman ~= "1" then dty:depends({ dhcp_link = "none" }) dty:depends({ dhcp_link = "odhcpd" }) - lfq = s1:taboption("advanced", ListValue, "add_local_fqdn", translate("LAN DNS:"), + lfq = s1:taboption("DHCP", ListValue, "add_local_fqdn", translate("LAN DNS:"), translate("How to enter the LAN or local network router in DNS")) lfq:value("0", translate("No Entry")) lfq:value("1", translate("Hostname, Primary Address")) @@ -158,7 +183,7 @@ if valman ~= "1" then lfq:depends({ dhcp_link = "none" }) lfq:depends({ dhcp_link = "odhcpd" }) - wfq = s1:taboption("advanced", ListValue, "add_wan_fqdn", translate("WAN DNS:"), + wfq = s1:taboption("DHCP", ListValue, "add_wan_fqdn", translate("WAN DNS:"), translate("Override the WAN side router entry in DNS")) wfq:value("0", translate("Use Upstream")) wfq:value("1", translate("Hostname, Primary Address")) @@ -168,7 +193,7 @@ if valman ~= "1" then wfq:depends({ dhcp_link = "none" }) wfq:depends({ dhcp_link = "odhcpd" }) - exa = s1:taboption("advanced", ListValue, "add_extra_dns", translate("Extra DNS:"), + exa = s1:taboption("DHCP", ListValue, "add_extra_dns", translate("Extra DNS:"), translate("Use extra DNS entries found in /etc/config/dhcp")) exa:value("0", translate("Ignore")) exa:value("1", translate("Include Network/Hostnames")) @@ -177,29 +202,6 @@ if valman ~= "1" then exa:depends({ dhcp_link = "none" }) exa:depends({ dhcp_link = "odhcpd" }) - dfw = s1:taboption("advanced", DynamicList, "domain_forward", - translate("Domain Forward:"), - translate("List domains to simply forward to stub resolvers in /tmp/resolve.auto")) - - rlh = s1:taboption("advanced", Flag, "rebind_localhost", translate("Filter Localhost Rebind:"), - translate("Protect against upstream response of 127.0.0.0/8")) - rlh.rmempty = false - - rpv = s1:taboption("advanced", ListValue, "rebind_protection", translate("Filter Private Rebind:"), - translate("Protect against upstream responses within local subnets")) - rpv:value("0", translate("No Filter")) - rpv:value("1", translate("Filter RFC1918/4193")) - rpv:value("2", translate("Filter Entire Subnet")) - rpv.rmempty = false - - rpn = s1:taboption("advanced", Value, "rebind_interface", translate("Rebind Network Filter:"), - translate("Network subnets to filter from upstream responses")) - rpn.template = "cbi/network_netlist" - rpn.widget = "checkbox" - rpn.cast = "string" - rpn:depends({ rebind_protection = 2 }) - rpn:depends({ rebind_protection = 3 }) - --TODO: dnsmasq needs to not reference resolve-file and get off port 53. --Resource Tuning Tab @@ -235,15 +237,6 @@ if valman ~= "1" then rsc:value("tiny", translate("Tiny")) rsc.rmempty = false - ag2 = s1:taboption("resource", Value, "root_age", translate("Root DSKEY Age:"), - translate("Limit days between RFC 5011 copies to reduce flash writes")) - ag2.datatype = "and(uinteger,min(1),max(99))" - ag2:value("3", "3") - ag2:value("9", "9 ("..translate("default")..")") - ag2:value("12", "12") - ag2:value("24", "24") - ag2:value("99", "99 ("..translate("never")..")") - eds = s1:taboption("resource", Value, "edns_size", translate("EDNS Size:"), translate("Limit extended DNS packet size")) eds.datatype = "and(uinteger,min(512),max(4096))" @@ -257,30 +250,47 @@ if valman ~= "1" then stt = s1:taboption("resource", Flag, "extended_stats", translate("Extended Statistics:"), translate("Extended statistics are printed from unbound-control")) stt.rmempty = false +end - tgr = s1:taboption("resource", Value, "trigger_interface", translate("Trigger Networks:"), + +--Trigger Tab, always unconditional +ag2 = s1:taboption("trigger", Value, "root_age", translate("Root DSKEY Age:"), + translate("Limit days between RFC5011 copies to reduce flash writes")) +ag2.datatype = "and(uinteger,min(1),max(99))" +ag2:value("3", "3") +ag2:value("9", "9 ("..translate("default")..")") +ag2:value("12", "12") +ag2:value("24", "24") +ag2:value("99", "99 ("..translate("never")..")") + +tgr = s1:taboption("trigger", Value, "trigger_interface", translate("Trigger Networks:"), translate("Networks that may trigger Unbound to reload (avoid wan6)")) - tgr.template = "cbi/network_netlist" - tgr.widget = "checkbox" - tgr.cast = "string" - -else - s1:tab("rfc5011", translate("RFC5011"), - translatef("<h3>Unbound RFC5011 Settings</h3>\n" - .. "RFC5011 copy scripts protect flash ROM even with UCI disabled.")) - - ag2 = s1:taboption("rfc5011", Value, "root_age", translate("Root DSKEY Age:"), - translate("Limit days to copy /var/->/etc/ to reduce flash writes")) - ag2.datatype = "and(uinteger,min(1),max(99))" - ag2:value("3", "3") - ag2:value("9", "9 ("..translate("default")..")") - ag2:value("12", "12") - ag2:value("24", "24") - ag2:value("99", "99 ("..translate("never")..")") +tgr.template = "cbi/network_netlist" +tgr.widget = "checkbox" +tgr.rmempty = true +tgr.cast = "string" +tgr.nocreate = true + + +function ena.cfgvalue(self, section) + return luci.sys.init.enabled("unbound") and self.enabled or self.disabled +end + + +function ena.write(self, section, value) + if value == "1" then + luci.sys.init.enable("unbound") + luci.sys.call("/etc/init.d/unbound start >/dev/null") + else + luci.sys.call("/etc/init.d/unbound stop >/dev/null") + luci.sys.init.disable("unbound") + end + + return Flag.write(self, section, value) end -function m1.on_after_commit(self) +function m1.on_apply(self) function ena.validate(self, value) if value ~= "0" then luci.sys.call("/etc/init.d/unbound restart >/dev/null 2>&1") |