From 6f978ef7a0c828c032f8d03d2ec8cb2d5045b13e Mon Sep 17 00:00:00 2001
From: chapeau <me@chapoline.me>
Date: Fri, 5 Jul 2024 15:59:47 +0200
Subject: [PATCH] Add dns support

---
 config/config.toml        |  7 ++++++
 docker-compose.yml        | 15 +++++++++++--
 docker/dnsmasq.Dockerfile |  6 +++++
 load.py                   | 47 ++++++++++++++++++++++++++++++++++++---
 templates/dnsmasq.conf.j2 |  8 +++++++
 5 files changed, 78 insertions(+), 5 deletions(-)
 create mode 100644 docker/dnsmasq.Dockerfile
 create mode 100644 templates/dnsmasq.conf.j2

diff --git a/config/config.toml b/config/config.toml
index 74142fb..b10bc4a 100644
--- a/config/config.toml
+++ b/config/config.toml
@@ -5,6 +5,10 @@ local_translated_range = "172.21.1.0/24"
 public_key = "N2LlL0Ievsjv/ea/VDpJcivYL6hfYxdcD3W54kmjaEU="
 wireguard_address = "10.0.0.1/24"
 endpoint = "172.20.0.11:51820"
+# untranslated_networks = "10.255.0.0/24"
+
+[network.net1.dns]
+"home" = "10.255.0.254"
 
 [network.net2]
 local_range = "172.20.2.0/24"
@@ -13,3 +17,6 @@ local_translated_range = "172.22.1.0/24"
 public_key = "cisk8cRCQZaOxn6VaFVnpCYsamBp9iVLvhs4DtmnjS4="
 wireguard_address = "10.0.0.2/24"
 endpoint = "172.20.0.12:51820"
+
+[network.net2.dns]
+"local" = "172.20.2.5"
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index f205429..7c8cf71 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,11 +1,22 @@
 services:
+  dns:
+    build:
+      context: .
+      dockerfile: ./docker/dnsmasq.Dockerfile
+    restart: always
+    depends_on:
+      - polyculenetwork1
+    volumes:
+      - "./config/dnsmasq.conf:/etc/dnsmasq.conf"
+
+
   polyculenetwork1:
     build:
       context: .
       dockerfile: ./docker/Dockerfile
     container_name: polyculenetwork1
     volumes:
-      - "./config/config.toml:/config.toml"
+      - "./config:/config"
     environment:
       - LOCAL_NETWORK=net1
       - PRIVATE_KEY=YLxXnAcelMMkanrdSHuci9ZSJyKQpRn7PdJK96IllV4=
@@ -24,7 +35,7 @@ services:
       dockerfile: ./docker/Dockerfile
     container_name: polyculenetwork2
     volumes:
-      - "./config/config.toml:/config.toml"
+      - "./config:/config"
     environment:
       - LOCAL_NETWORK=net2
       - PRIVATE_KEY=OCllQNCxX5DxcJSEsjkvsWCry1FOnWe+aCupwEByFmk=
diff --git a/docker/dnsmasq.Dockerfile b/docker/dnsmasq.Dockerfile
new file mode 100644
index 0000000..e01f313
--- /dev/null
+++ b/docker/dnsmasq.Dockerfile
@@ -0,0 +1,6 @@
+FROM alpine
+RUN apk --no-cache add dnsmasq
+
+EXPOSE 53 53/udp 67/udp
+
+ENTRYPOINT ["dnsmasq"]
\ No newline at end of file
diff --git a/load.py b/load.py
index da8c99b..1119cd0 100644
--- a/load.py
+++ b/load.py
@@ -32,7 +32,7 @@ def load_config(path):
         return data
 
 def load_firewall():
-    data = load_config("/config.toml")
+    data = load_config("/config/config.toml")
 
     run("nft -f templates/rules.nft")
 
@@ -63,7 +63,7 @@ def load_wireguard():
     peers = []
 
 
-    data = load_config("/config.toml")
+    data = load_config("/config/config.toml")
     networks = data["network"].keys()
     local_network = os.environ.get('LOCAL_NETWORK')
     remote_networks = list(filter(lambda k: k != local_network, networks))
@@ -94,5 +94,46 @@ def load_wireguard():
             peers=peers
         ))
 
+def gen_dns():
+    data = load_config("/config/config.toml")
+    networks = data["network"].keys()
+
+    local_network = os.environ.get('LOCAL_NETWORK')
+    remote_networks = list(filter(lambda k: k != local_network, networks))
+
+    dns_servers = []
+    for domain in data["network"][local_network]["dns"].keys():
+        dns_servers.append({
+            "ip": data["network"][local_network]["dns"][domain],
+            "domain": domain
+        })
+    
+    for net in remote_networks:
+        for domain in data["network"][net]["dns"].keys():
+            ip = data["network"][net]["dns"][domain]
+            local_range = ipaddress.IPv4Network(data["network"][net]["local_range"])
+            if ipaddress.IPv4Address(ip) in local_range:
+                local_translated_range = ipaddress.IPv4Network(data["network"][net]["local_translated_range"])
+                for (loc, trans) in zip(local_range, local_translated_range):
+                    if ipaddress.IPv4Address(ip) == loc:
+                        ip = str(trans)
+                        break
+
+            dns_servers.append({
+                "ip": ip,
+                "domain": domain
+            })
+
+    with open("templates/dnsmasq.conf.j2", "r") as f:
+        env = jinja2.Environment()
+        template = env.from_string(f.read())
+
+    with open("/config/dnsmasq.conf", "w") as f:
+        f.write(template.render(
+            default_server=os.environ.get('DNS_SERVER', "1.1.1.1"),
+            dns_servers=dns_servers
+        ))
+
 load_firewall()
-load_wireguard()
\ No newline at end of file
+load_wireguard()
+gen_dns()
\ No newline at end of file
diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2
new file mode 100644
index 0000000..2e6acef
--- /dev/null
+++ b/templates/dnsmasq.conf.j2
@@ -0,0 +1,8 @@
+port=53
+domain-needed
+no-resolv
+
+{% for server in dns_servers %}
+server=/{{ server.domain }}/{{ server.ip }}
+{%- endfor %}
+server={{ default_server }}
\ No newline at end of file