refactor: migrate djbdns to service resources

Author: damacus

.mise.toml

@@ -0,0 +1,2 @@
+[env]
+_.path = "/opt/chef-workstation/bin"

Berksfile

@@ -3,5 +3,5 @@ source 'https://supermarket.chef.io'
 metadata
 
 group :integration do
-  cookbook 'test', path: './test/fixtures/cookbooks/test'
+  cookbook 'test', path: './test/cookbooks/test'
 end

LIMITATIONS.md

@@ -0,0 +1,45 @@
+# Limitations
+
+## Package Availability
+
+### Upstream / Vendor
+
+- Upstream publishes source tarballs and installation instructions, not an official package repository. The latest published upstream tarball is `djbdns-1.05.tar.gz`.
+- Upstream installation guidance requires a UNIX-like system plus `daemontools` 0.70 or later and `ucspi-tcp`, then a local compile and `make setup check`.
+
+### APT (Debian / Ubuntu)
+
+- Debian still ships `djbdns` as a maintained source package and builds split binaries including `axfrdns`, `djbdns-conf`, `djbdns-utils`, `dnscache`, `rbldns`, `tinydns`, and `walldns`.
+- Debian package pages for current and recent releases show distro-managed package availability for supported Debian architectures.
+- Ubuntu still carries `djbdns` in the `universe` source package set. The cookbook's current package-install path is therefore most defensible on Debian-family platforms.
+
+### DNF / YUM (RHEL family)
+
+- I did not find a primary-source upstream package repository for RHEL-family systems.
+- Inference: the cookbook's source-install path remains the only installation path directly backed by upstream documentation for RHEL-family platforms.
+
+### Zypper (SUSE)
+
+- I did not find a primary-source upstream package repository for SUSE/openSUSE.
+- Inference: source installation is also the only path clearly supported by upstream guidance on SUSE-family platforms.
+
+## Architecture Limitations
+
+- Upstream does not publish a tested architecture matrix; its guidance is source-build oriented rather than architecture-specific.
+- Debian and Ubuntu package availability is distribution-managed and architecture-dependent. The cookbook should treat package installs as Debian-family specific, not universally portable.
+
+## Source / Compiled Installation
+
+### Build Dependencies
+
+| Platform Family | Packages / Requirements |
+|-----------------|-------------------------|
+| Debian          | Compiler and build tools; upstream also requires `daemontools` and `ucspi-tcp` |
+| RHEL            | Compiler and build tools; upstream also requires `daemontools` and `ucspi-tcp` |
+| SUSE            | Compiler and build tools; upstream also requires `daemontools` and `ucspi-tcp` |
+
+## Known Issues
+
+- The cookbook's `install_method` heuristic is cookbook-local logic, not upstream vendor guidance.
+- The cookbook metadata currently advertises platforms that are broader and older than the upstream/package evidence gathered here. Platform modernization should be handled explicitly and separately from this resource migration.
+- `axfrdns` depends on `tcpserver` from `ucspi-tcp`, but the cookbook does not yet model that dependency as a first-class resource concern.

README.md

@@ -26,7 +26,7 @@ It may work with or without modification on other platforms, particularly using
 
 ## Chef
 
-- Chef 14+
+- Chef 15.3+
 
 ## Cookbooks
 
@@ -57,6 +57,25 @@ It may work with or without modification on other platforms, particularly using
 
 ## Resources
 
+This cookbook is mid-migration from recipe/attribute-driven behavior toward higher-level resources. The current resource-first surface is:
+
+- `djbdns_install` - installs djbdns and bootstraps shared users/directories.
+- `djbdns_server` - configures the public tinydns service.
+- `djbdns_internal_server` - configures the internal tinydns service with explicit records or legacy data-bag/template inputs.
+- `djbdns_cache` - configures the public dnscache service.
+- `djbdns_axfr` - configures the axfrdns service that fronts an existing public tinydns directory.
+- `djbdns_rr` - appends tinydns records inside an existing tinydns root.
+
+The legacy recipes `default`, `server`, `cache`, `internal_server`, and `axfr` are now compatibility wrappers around those resources.
+
+### Resource Model Roadmap
+
+- `djbdns_install`: shared install/bootstrap layer
+- `djbdns_server`: public tinydns service
+- `djbdns_internal_server`: internal tinydns service with explicit data-bag/template inputs
+- `djbdns_cache`: public dnscache service
+- `djbdns_axfr`: axfr service bound to an existing public tinydns instance
+
 ## djbdns_rr
 
 Adds a resource record for the specified FQDN.
@@ -89,7 +108,7 @@ end
 
 ## default
 
-The default recipe installs djbdns software from package where available, otherwise installs from source. It also sets up the users that will run the djbdns services using the UID's specified by the attributes above. The service type to use is selected based on platform.
+Compatibility wrapper for `djbdns_install`.
 
 The default recipe attempts to install djbdns on as many platforms as possible. It tries to determine the platform's installation method:
 
@@ -104,15 +123,15 @@ Service specific users will be created as system users:
 
 ## axfr
 
-Creates the axfrdns user and sets up the axfrdns service.
+Compatibility wrapper for `djbdns_axfr`.
 
 ## cache
 
-Sets up a local DNS caching server.
+Compatibility wrapper for `djbdns_cache`.
 
 ## internal_server
 
-Sets up a server to be an internal nameserver. To modify resource records in the environment, modify the tinydns-internal-data.erb template, or create entries in a data bag named `djbdns`, and an item named after the domain, with underscores instead of spaces. Example structure of the data bag:
+Compatibility wrapper for `djbdns_internal_server`. The resource supports explicit `records`, or the legacy fallback path of the `tinydns-internal-data.erb` template plus a `djbdns` data bag item named after the domain with underscores instead of spaces. Example structure of the legacy data bag:
 
 ```json
 {
@@ -134,7 +153,7 @@ Aliases and hosts should be an array of hashes, each entry containing the fqdn a
 
 ## server
 
-Sets up a server to be a public nameserver. To modify resource records in the environment, modify the tinydns-data.erb template. The recipe does not yet use the data bag per `internal_server` above, but will in a future release.
+Compatibility wrapper for `djbdns_server`. To modify resource records in the environment, modify the tinydns-data.erb template. The recipe does not yet use the data bag per `internal_server` above, but will in a future release.
 
 ## Contributors
 

documentation/djbdns_axfr.md

@@ -0,0 +1,44 @@
+# djbdns_axfr
+
+Creates the axfrdns service directory, bootstraps the `axfrdns` user, and enables the runit-backed zone transfer service.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:create` | Configures and enables the axfrdns service (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `service_name` | String | name property | Service name, typically `axfrdns` |
+| `manage_install` | Boolean | `true` | Also run `djbdns_install` before configuring the service |
+| `install_method` | String | platform-dependent | Install via `package` or `source` |
+| `package_name` | String | `'djbdns'` | Package name for package installs |
+| `source_url` | String | `'https://cr.yp.to/djbdns/djbdns-1.05.tar.gz'` | Upstream source tarball |
+| `bin_dir` | String | derived from `install_method` | Location of djbdns binaries used by runit |
+| `service_dir` | String | `'/etc/djbdns/axfrdns'` | Service root directory |
+| `sv_dir` | String | `'/etc/sv'` | runit service directory |
+| `service_link_dir` | String | `'/etc/service'` | runit enabled-service directory |
+| `listen_ip` | String | `'127.0.0.1'` | Address passed to `axfrdns-conf` |
+| `tinydns_dir` | String | `'/etc/djbdns/tinydns'` | Public tinydns directory used by axfrdns |
+| `axfrdns_uid` | Integer | `9996` | UID for the `axfrdns` account |
+| `dnscache_uid` | Integer | `9997` | UID for the `dnscache` account |
+| `dnslog_uid` | Integer | `9998` | UID for the `dnslog` account |
+| `tinydns_uid` | Integer | `9999` | UID for the `tinydns` account |
+
+## Examples
+
+```ruby
+djbdns_axfr 'axfrdns'
+```
+
+```ruby
+djbdns_axfr 'axfrdns' do
+  manage_install false
+  service_dir '/srv/axfrdns'
+  tinydns_dir '/srv/tinydns'
+  listen_ip '192.0.2.53'
+end
+```

documentation/djbdns_cache.md

@@ -0,0 +1,44 @@
+# djbdns_cache
+
+Creates the public dnscache service directory, manages allowed client networks, and enables the runit-backed cache service.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:create` | Configures and enables the public dnscache service (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `service_name` | String | name property | Service name, typically `public-dnscache` |
+| `manage_install` | Boolean | `true` | Also run `djbdns_install` before configuring the service |
+| `install_method` | String | platform-dependent | Install via `package` or `source` |
+| `package_name` | String | `'djbdns'` | Package name for package installs |
+| `source_url` | String | `'https://cr.yp.to/djbdns/djbdns-1.05.tar.gz'` | Upstream source tarball |
+| `bin_dir` | String | derived from `install_method` | Location of djbdns binaries used by runit |
+| `service_dir` | String | `'/etc/djbdns/public-dnscache'` | Service root directory |
+| `listen_ip` | String | `node['ipaddress']` | Address passed to `dnscache-conf` |
+| `allowed_networks` | Array | first two IP octets | Networks allowed to query the cache |
+| `resolved_domain` | String | `node['domain'] || 'domain.local'` | Internal domain pinned to localhost |
+| `resolved_reverse_domains` | Array | RFC 6303-style defaults | Reverse zones pinned to localhost |
+| `cache_size` | String | `'1000000'` | dnscache `CACHESIZE` environment value |
+| `data_limit` | String | `'3000000'` | dnscache `DATALIMIT` environment value |
+| `dnscache_uid` | Integer | `9997` | UID for the `dnscache` account |
+| `dnslog_uid` | Integer | `9998` | UID for the `dnslog` account |
+| `tinydns_uid` | Integer | `9999` | UID for the `tinydns` account |
+
+## Examples
+
+```ruby
+djbdns_cache 'public-dnscache'
+```
+
+```ruby
+djbdns_cache 'public-dnscache' do
+  manage_install false
+  listen_ip '192.0.2.53'
+  allowed_networks %w(192.0 198.51)
+end
+```

documentation/djbdns_install.md

@@ -0,0 +1,35 @@
+# djbdns_install
+
+Installs djbdns and creates the base service accounts and directories used by the higher-level service resources.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:create` | Installs djbdns and bootstraps shared users and directories (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `instance_name` | String | name property | Resource identity |
+| `install_method` | String | platform-dependent | Install via `package` or `source` |
+| `package_name` | String | `'djbdns'` | Package name for package installs |
+| `source_url` | String | `'https://cr.yp.to/djbdns/djbdns-1.05.tar.gz'` | Upstream source tarball |
+| `bin_dir` | String | derived from `install_method` | Install location for djbdns binaries |
+| `dnscache_uid` | Integer | `9997` | UID for the `dnscache` account |
+| `dnslog_uid` | Integer | `9998` | UID for the `dnslog` account |
+| `tinydns_uid` | Integer | `9999` | UID for the `tinydns` account |
+
+## Examples
+
+```ruby
+djbdns_install 'default'
+```
+
+```ruby
+djbdns_install 'source-bootstrap' do
+  install_method 'source'
+  bin_dir '/usr/local/bin'
+end
+```

documentation/djbdns_internal_server.md

@@ -0,0 +1,55 @@
+# djbdns_internal_server
+
+Creates the internal tinydns service and supports either explicit record data or the legacy data-bag/template fallback path.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:create` | Configures and enables the internal tinydns service (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `service_name` | String | name property | Service name, typically `tinydns-internal` |
+| `manage_install` | Boolean | `true` | Also run `djbdns_install` before configuring the service |
+| `install_method` | String | platform-dependent | Install via `package` or `source` |
+| `package_name` | String | `'djbdns'` | Package name for package installs |
+| `source_url` | String | `'https://cr.yp.to/djbdns/djbdns-1.05.tar.gz'` | Upstream source tarball |
+| `bin_dir` | String | derived from `install_method` | Location of djbdns binaries used by runit |
+| `service_dir` | String | `'/etc/djbdns/tinydns-internal'` | Service root directory |
+| `sv_dir` | String | `'/etc/sv'` | runit service directory |
+| `service_link_dir` | String | `'/etc/service'` | runit enabled-service directory |
+| `listen_ip` | String | `'127.0.0.1'` | Address passed to `tinydns-conf` |
+| `zone_domain` | String | `node['domain'] || 'domain.local'` | Domain rendered into the fallback template |
+| `zone_ip` | String | `'127.0.0.1'` | IP rendered into the fallback template |
+| `data_template_source` | String | `'tinydns-internal-data.erb'` | Template used when no explicit records resolve |
+| `use_data_bag` | Boolean | `true` | Attempt legacy data-bag loading when `records` is empty |
+| `data_bag_name` | String | `'djbdns'` | Data bag name for legacy record loading |
+| `data_bag_item_id` | String, nil | `zone_domain.tr('.', '_')` | Data bag item id for legacy record loading |
+| `records` | Hash | `{}` | Explicit record map keyed by djbdns record type |
+| `dnscache_uid` | Integer | `9997` | UID for the `dnscache` account |
+| `dnslog_uid` | Integer | `9998` | UID for the `dnslog` account |
+| `tinydns_uid` | Integer | `9999` | UID for the `tinydns` account |
+
+## Examples
+
+```ruby
+djbdns_internal_server 'tinydns-internal' do
+  use_data_bag false
+  zone_domain 'int.example.test'
+  zone_ip '192.0.2.20'
+end
+```
+
+```ruby
+djbdns_internal_server 'tinydns-internal' do
+  manage_install false
+  records(
+    'host' => [
+      { 'web1.int.example.test' => '192.0.2.10' },
+    ]
+  )
+end
+```

documentation/djbdns_rr.md

@@ -0,0 +1,34 @@
+# djbdns_rr
+
+Adds tinydns records by running the generated `add-*` helper scripts in an existing tinydns root directory.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:add` | Adds a tinydns resource record when it does not already exist (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `fqdn` | String | name property | Fully qualified domain name to manage |
+| `ip` | String | required | IP address for the record |
+| `type` | String | `'host'` | Record helper to run: `alias`, `alias6`, `childns`, `host`, `host6`, `mx`, or `ns` |
+| `cwd` | String | `node['djbdns']['tinydns_internal_dir']/root` | Tinydns root directory containing `data` and `add-*` helpers |
+
+## Examples
+
+```ruby
+djbdns_rr 'www.example.com' do
+  ip '192.0.2.10'
+end
+```
+
+```ruby
+djbdns_rr 'ns.example.com' do
+  ip '192.0.2.53'
+  type 'ns'
+  cwd '/etc/djbdns/tinydns-internal/root'
+end
+```

documentation/djbdns_server.md

@@ -0,0 +1,42 @@
+# djbdns_server
+
+Creates the public tinydns service directory, renders the authoritative data file, and enables the runit service.
+
+## Actions
+
+| Action | Description |
+|--------|-------------|
+| `:create` | Configures and enables the public tinydns service (default) |
+
+## Properties
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `service_name` | String | name property | Service name, typically `tinydns` |
+| `manage_install` | Boolean | `true` | Also run `djbdns_install` before configuring the service |
+| `install_method` | String | platform-dependent | Install via `package` or `source` |
+| `package_name` | String | `'djbdns'` | Package name for package installs |
+| `source_url` | String | `'https://cr.yp.to/djbdns/djbdns-1.05.tar.gz'` | Upstream source tarball |
+| `bin_dir` | String | derived from `install_method` | Location of djbdns binaries used by runit |
+| `service_dir` | String | `'/etc/djbdns/tinydns'` | Service root directory |
+| `listen_ip` | String | `'127.0.0.1'` | Address passed to `tinydns-conf` |
+| `domain` | String, nil | `node['domain']` | Domain rendered into `root/data` |
+| `data_template_source` | String | `'tinydns-data.erb'` | Template for the `root/data` file |
+| `dnscache_uid` | Integer | `9997` | UID for the `dnscache` account |
+| `dnslog_uid` | Integer | `9998` | UID for the `dnslog` account |
+| `tinydns_uid` | Integer | `9999` | UID for the `tinydns` account |
+
+## Examples
+
+```ruby
+djbdns_server 'tinydns'
+```
+
+```ruby
+djbdns_server 'tinydns' do
+  manage_install false
+  service_dir '/srv/tinydns'
+  listen_ip '192.0.2.10'
+  domain 'example.com'
+end
+```