rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
coredns/Makefile
Ryan Malloy 6d72d65642 Retire prepare-zones.sh pipeline; zones/ is now the served form 
Big migration: the source/prepared split is gone. Each zones/*.zone is
now an RFC-compliant zone file that CoreDNS reads directly. Editing a
record is just edit + bump SOA + commit. CoreDNS auto-reloads within
30s; HE pulls on its own 300s SOA-refresh cycle.

Why: groundwork for the coredns-rfc2136 plugin to edit zones in place
without juggling a source/prepared transformation step. Also reduces
the mental model from "edit source, run prep, push" to just "edit".

Changes:
- zones/*.zone: 84 files migrated from Vultr-export form to RFC-compliant
  form (SOA injected, Vultr NS replaced with HE NS, CNAME/MX/NS rdata
  dot-terminated, apex lines get explicit @ prefix). Diff is mechanical
  and byte-count is unchanged (~340K) -- pure formatting promotion.
- docker-compose.yml: bind ./zones:/zones:ro (was ./zones-prepared)
- Makefile: dropped 'prep' target. 'reload' is now a no-op explainer.
  'tls-up' no longer depends on prep. 'clean' no longer wipes prepared.
- scripts/prepare-zones.sh moved to scripts/archive/ (kept for reference).
- .gitignore: updated comment for zones-prepared/ (now legacy).

NOT in this commit (follow-ups):
- CLAUDE.md updates documenting the new workflow.
- scripts/bump-serials.sh helper for manual-edit SOA bumping.
- coredns-rfc2136 plugin refactor (Phase 2b in the plan).
2026-05-21 11:14:42 -06:00

118 lines
4.5 KiB
Makefile
Raw Permalink Blame History

.DEFAULT_GOAL := help
SHELL := /usr/bin/env bash
COMPOSE := docker compose
# Source .env so $(CADDY_HOSTNAME) etc. are available in recipes.
include .env
export
.PHONY: help certs up down restart logs logs-caddy ps test test-tls \
test-public reload clean tls-up cert-watch caddy-rebuild
help: ## Show this help
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf " \033[36m%-14s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
# ---------------------------------------------------------------------------
# Zone-file edits are now direct: edit zones/*.zone, bump SOA serial,
# commit. CoreDNS's auto plugin reloads within 30s. HE pulls on its
# SOA-refresh cycle (300s by zone SOA setting).
#
# For manual edits, scripts/bump-serials.sh helps bump CalVer-style
# serials for zones changed since HEAD. RFC 2136 UPDATEs (via the
# coredns-rfc2136 plugin) bump serials themselves and auto-commit.
#
# The legacy prepare-zones.sh / make prep / notify-he.py pipeline is
# retired — kept in scripts/archive/ for reference. See CLAUDE.md.
# ---------------------------------------------------------------------------
certs: ## Generate self-signed dev cert (only useful if not using Caddy ACME)
@./scripts/generate-certs.sh
caddy-rebuild: ## Rebuild the Caddy image (after editing caddy/Dockerfile)
$(COMPOSE) build --no-cache caddy
# ---------------------------------------------------------------------------
# Production / Let's Encrypt flow
# ---------------------------------------------------------------------------
tls-up: ## Bring up Caddy → wait for cert → start CoreDNS (one command)
@if [ -z "$$VULTR_API_KEY" ]; then \
echo "ERROR: VULTR_API_KEY is not exported. Set it in your shell:"; \
echo " export VULTR_API_KEY=..."; \
exit 1; \
fi
@mkdir -p caddy-data caddy-config
$(COMPOSE) up -d caddy
@echo ""
@echo "Waiting for Caddy to provision cert for $(CADDY_HOSTNAME)..."
@echo "(DNS-01 via Vultr typically takes 30-90s; press Ctrl-C to abort)"
@for i in $$(seq 1 90); do \
if [ -e caddy-data/caddy/cert.pem ]; then \
echo ""; echo " ✓ cert ready after $${i}0s"; break; \
fi; \
printf '.'; sleep 10; \
done
@test -e caddy-data/caddy/cert.pem || \
(echo ""; echo "FAILED — see logs: make logs-caddy"; exit 1)
$(COMPOSE) up -d coredns
@sleep 3 && $(COMPOSE) logs --tail=15 coredns
cert-watch: ## Tail Caddy logs while it provisions the cert
$(COMPOSE) logs -f caddy
logs-caddy: ## Tail Caddy logs
$(COMPOSE) logs -f caddy
# ---------------------------------------------------------------------------
# Day-to-day operations
# ---------------------------------------------------------------------------
down: ## Stop & remove all containers
$(COMPOSE) down
restart: ## Restart CoreDNS (does not re-issue cert)
$(COMPOSE) restart coredns
reload: ## Touch zone files so CoreDNS auto plugin picks them up promptly
@echo "CoreDNS auto plugin polls zones/ every 30s — no action needed."
@echo "If you just edited a zone, ensure the SOA serial was bumped."
logs: ## Tail CoreDNS logs
$(COMPOSE) logs -f coredns
ps: ## Show container status
$(COMPOSE) ps
# ---------------------------------------------------------------------------
# Smoke tests
# ---------------------------------------------------------------------------
test: ## Smoke-test plain DNS
@echo "Querying acrazy.org @ 127.0.0.1:$(DNS_PORT) (plain DNS)"
@dig @127.0.0.1 -p $(DNS_PORT) acrazy.org SOA +short
@dig @127.0.0.1 -p $(DNS_PORT) acrazy.org NS +short
@dig @127.0.0.1 -p $(DNS_PORT) or.acrazy.org A +short
test-tls: ## Smoke-test DoT + DoH against LOCAL endpoints (trusts cert via system CAs)
@echo "=== DoT @ 127.0.0.1:$(DOT_PORT), expecting cert for $(CADDY_HOSTNAME) ==="
@dig @127.0.0.1 -p $(DOT_PORT) +tls +tls-hostname=$(CADDY_HOSTNAME) \
acrazy.org SOA +short
@echo ""
@echo "=== DoH @ https://$(CADDY_HOSTNAME):$(DOH_PORT)/dns-query ==="
@dig @$(CADDY_HOSTNAME) -p $(DOH_PORT) +https acrazy.org A +short
test-public: ## Smoke-test using the public hostname (DoT/DoH ports must be open + DNS A record set)
@echo "=== DoT on public hostname @ port 853 ==="
@dig @$(CADDY_HOSTNAME) +tls cloudflare.com A +short
@echo "=== DoH on public hostname @ port 443 ==="
@dig @$(CADDY_HOSTNAME) +https cloudflare.com A +short
clean: down ## Remove containers + dev self-signed certs
rm -f certs/*.pem
clean-caddy: down ## Also wipe Caddy's data dir (forces re-issuance from scratch!)
@echo "About to delete caddy-data/ — this will force re-issuance from LE."
@echo "Hit Ctrl-C in 5s to abort..."
@sleep 5
rm -rf caddy-data caddy-config
Reference in New Issue View Git Blame Copy Permalink