gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eab2e5d159
secubox-openwrt/package/secubox/secubox-app-dns-provider/README.md
CyberMind-FR 57db9cfb40 feat: Add device-intel and dns-provider packages 
Add 4 new packages implementing unified device intelligence and
DNS provider API management:

- secubox-app-dns-provider: dnsctl CLI with OVH, Gandi, Cloudflare
  adapters for DNS record CRUD, HAProxy vhost sync, propagation
  verification, and ACME DNS-01 wildcard certificate issuance
- luci-app-dns-provider: RPCD handler + LuCI views for provider
  settings and DNS record management
- secubox-app-device-intel: Aggregation layer merging mac-guardian,
  client-guardian, DHCP, P2P mesh, and exposure data with heuristic
  classification engine and USB/MQTT/Zigbee emulator modules
- luci-app-device-intel: RPCD handler + 5 LuCI views (dashboard,
  devices, emulators, mesh, settings) with shared API and CSS

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 15:47:20 +01:00

78 lines
2.6 KiB
Markdown
Raw Blame History

# secubox-app-dns-provider
Programmatic DNS record management via provider REST APIs. Part of the SecuBox ecosystem.
## Overview
Manages DNS zones through OVH, Gandi, and Cloudflare APIs. Provides a CLI tool (`dnsctl`) for record CRUD, HAProxy vhost sync, DNS propagation verification, and ACME DNS-01 certificate issuance.
## Architecture
```
dnsctl (CLI)
├── load_provider() → sources /usr/lib/secubox/dns/{provider}.sh
├── cmd_list/add/rm → delegates to dns_list/dns_add/dns_rm
├── cmd_sync → iterates HAProxy UCI vhosts → dns_add per domain
├── cmd_verify → nslookup against 1.1.1.1, 8.8.8.8, 9.9.9.9
└── cmd_acme_dns01 → exports provider env vars → acme.sh --dns
```
## Provider Adapters
Each adapter in `/usr/lib/secubox/dns/` implements:
| Function | Description |
|---|---|
| `dns_list(zone)` | List all records in zone |
| `dns_add(zone, type, subdomain, target, ttl)` | Create record |
| `dns_rm(zone, type, subdomain)` | Delete record |
| `dns_verify(fqdn)` | Check resolution |
| `dns_test_credentials()` | Validate API keys |
### Supported Providers
- **OVH** — HMAC-SHA1 signed API v1 (app_key + app_secret + consumer_key)
- **Gandi** — LiveDNS v5 with Bearer token
- **Cloudflare** — API v4 with Bearer token + zone_id
## UCI Configuration
```
/etc/config/dns-provider
config dns_provider 'main' → enabled, provider, zone
config ovh 'ovh' → endpoint, app_key, app_secret, consumer_key
config gandi 'gandi' → api_key
config cloudflare 'cloudflare' → api_token, zone_id
```
## CLI Usage
```bash
dnsctl status # Show config status
dnsctl test # Verify API credentials
dnsctl list # List zone records
dnsctl add A myservice 1.2.3.4 # Create A record
dnsctl add CNAME www mycdn.net # Create CNAME
dnsctl rm A myservice # Remove record
dnsctl sync # Sync HAProxy vhosts to DNS
dnsctl verify myservice.example.com # Check propagation
dnsctl acme-dns01 '*.example.com' # Wildcard cert via DNS-01
```
## Dependencies
- `curl` — HTTP client for API calls
- `openssl-util` — HMAC-SHA1 signing (OVH)
- `jsonfilter` — JSON parsing (OpenWrt native)
- `acme.sh` — Certificate issuance (optional, for DNS-01)
## Files
```
/etc/config/dns-provider UCI configuration
/usr/sbin/dnsctl CLI controller
/usr/lib/secubox/dns/ovh.sh OVH adapter
/usr/lib/secubox/dns/gandi.sh Gandi adapter
/usr/lib/secubox/dns/cloudflare.sh Cloudflare adapter
```
Reference in New Issue View Git Blame Copy Permalink