bind: Consolidate configuration files

Add DNS master/slave support to container so that slaves don't require
any additional configuration outside of their environment.

Pull common master/slave configuration into the base container.

1 files changed, 42 insertions, 0 deletions

diff --git a/bind/entrypoint.sh b/bind/entrypoint.sh
new file mode 100755
index 0000000..6ebb0f4
--- /dev/null
+++ b/bind/entrypoint.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+PROFILE="$1"
+
+# The master is expected to provide its own complete config set
+if [ "$PROFILE" = "slave" ]; then
+    if [ -z "$KEY_SECRET" ]; then
+        echo "KEY_SECRET must be exported into the environment"
+        exit 1
+    fi
+
+    if [ -z "$KEY_NAME" ]; then
+        echo "KEY_NAME must be exported into the environment"
+        exit 1
+    fi
+
+    if [ -z "$AWS_VPC_DNS" ]; then
+        echo "AWS_VPC_DNS must be exported into the environment"
+        exit 1
+    fi
+
+    mkdir -p /etc/bind/local/cache/internal /etc/bind/local/cache/external
+    envsubst < /etc/bind/slave_zones.conf > /etc/bind/local/zones.conf
+    chown -R named:named /etc/bind/local
+
+    # Clean these up so that BIND never sees them
+    unset KEY_SECRET
+    unset KEY_NAME
+    unset AWS_VPC_DNS
+fi
+
+# This is used for RNDC and only from the current host, so just generate it
+# fresh each container start.
+ddns-confgen -q -k rndc-key > /etc/bind/rndc.key
+chown named:named /etc/bind/rndc.key
+chmod 440 /etc/bind/rndc.key
+
+if [ "$PROFILE" = "slave" ]; then
+    exec /usr/sbin/named -u named -g
+else
+    exec "$@"
+fi