diff options
author | Jimmy Axenhus <github att axenhus doot com> | 2021-02-28 16:29:27 +0100 |
---|---|---|
committer | Jimmy Axenhus <github att axenhus doot com> | 2021-02-28 16:29:27 +0100 |
commit | 362206287265a8963abe9ee3f7fdec7f586502ac (patch) | |
tree | 4e349d8dcf193105ccf4e40bd635a9947ccc572b /generate-dnsmasq.sh | |
download | qubes-vpn-exclude-362206287265a8963abe9ee3f7fdec7f586502ac.tar.bz2 qubes-vpn-exclude-362206287265a8963abe9ee3f7fdec7f586502ac.tar.zst qubes-vpn-exclude-362206287265a8963abe9ee3f7fdec7f586502ac.zip |
Initial commit
Diffstat (limited to '')
-rwxr-xr-x | generate-dnsmasq.sh | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/generate-dnsmasq.sh b/generate-dnsmasq.sh new file mode 100755 index 0000000..90791b0 --- /dev/null +++ b/generate-dnsmasq.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +set -e + +if [ ! -e /var/run/qubes-service/vpn-exclude-domains ]; then + rm -f /etc/dnsmasq.d/50-qubes-vpn-exclude.conf + exit 0 +fi + +if [ ! -e /rw/config/qubes-vpn-exclude.list ]; then + echo "# List of domains that should be excluded from the VPN proxy." \ + > /rw/config/qubes-vpn-exclude.list +fi + +temp="$(mktemp)" +trap 'rm "$temp"' EXIT + +cat > "$temp" <<EOF +# Autogenerated file by qubes-vpn-exclude. + +# For ease of use we enable the query log. +log-queries + +# We don't want to use resolv.conf as the VPN DNS should handle queries. +no-resolv +no-hosts + +domain-needed +bogus-priv + +cache-size=0 +EOF + +source /var/run/qubes/qubes-ns + +domains= +while IFS= read -r domain; do + domain="$(echo "$domain" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + if [ -n "$domain" ] && [[ "$domain" != "#"* ]]; then + domains="$domains/$domain" + echo "ipset=/$domain/qubes-vpn-exclude-4,qubes-vpn-exclude-6" >> "$temp" + for dns in $NS1 $NS2; do + echo "server=/$domain/$dns" >> "$temp" + done + echo >> "$temp" + fi +done < /rw/config/qubes-vpn-exclude.list + +if [ -z "$domains" ]; then + rm -f /etc/dnsmasq.d/50-qubes-vpn-exclude.conf + exit 0 +fi + +# For all other domains that are not excluded we fall back to the DNS provided +# by the VPN. +for dns in $(cat /var/run/qubes/qubes-vpn-ns); do + echo "server=$dns" >> "$temp" +done + +cp "$temp" /etc/dnsmasq.d/50-qubes-vpn-exclude.conf |