From 12c6b5fc54423c09a6895f45b2dea675b8fdafc7 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Mon, 26 Feb 2024 07:22:54 +0100
Subject: [PATCH] add bundle:jool

---
 bundles/jool/items.py                | 15 +++++++++++++++
 bundles/jool/metadata.py             | 14 ++++++++++++++
 bundles/kernel-modules/files/modules |  8 ++++++++
 bundles/kernel-modules/items.py      |  3 +++
 bundles/unbound/files/unbound.conf   |  9 +++++----
 groups/os.py                         |  1 +
 6 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 bundles/jool/items.py
 create mode 100644 bundles/jool/metadata.py
 create mode 100644 bundles/kernel-modules/files/modules
 create mode 100644 bundles/kernel-modules/items.py

diff --git a/bundles/jool/items.py b/bundles/jool/items.py
new file mode 100644
index 0000000..5ce5bac
--- /dev/null
+++ b/bundles/jool/items.py
@@ -0,0 +1,15 @@
+actions['modprobe_jool'] = {
+    'command': 'modprobe jool',
+    'unless': 'lsmod | grep -F jool',
+}
+
+actions['jool_add_nat64_instance'] = {
+    'command': 'jool instance add "nat64" --netfilter --pool6 64:ff9b::/96',
+    'unless': 'jool instance display --no-headers --csv | grep -E ",nat64,netfilter$"',
+    'needs': {
+        'action:modprobe_jool',
+        'pkg_apt:jool-dkms',
+        'pkg_apt:jool-tools',
+        'pkg_apt:linux-headers-amd64',
+    },
+}
diff --git a/bundles/jool/metadata.py b/bundles/jool/metadata.py
new file mode 100644
index 0000000..9ef83dd
--- /dev/null
+++ b/bundles/jool/metadata.py
@@ -0,0 +1,14 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'jool-dkms': {},
+            'jool-tools': {},
+            'linux-headers-amd64': {},
+        },
+    },
+    'modules': {
+        'jool': [
+            'jool',
+        ],
+    },
+}
diff --git a/bundles/kernel-modules/files/modules b/bundles/kernel-modules/files/modules
new file mode 100644
index 0000000..5abf592
--- /dev/null
+++ b/bundles/kernel-modules/files/modules
@@ -0,0 +1,8 @@
+# This file is managed using bundlewrap
+% for identifier, modules in sorted(node.metadata.get('modules', {}).items()):
+
+# ${identifier}
+%  for module in modules:
+${module}
+%  endfor
+% endfor
diff --git a/bundles/kernel-modules/items.py b/bundles/kernel-modules/items.py
new file mode 100644
index 0000000..dd848fd
--- /dev/null
+++ b/bundles/kernel-modules/items.py
@@ -0,0 +1,3 @@
+files['/etc/modules'] = {
+    'content_type': 'mako',
+}
diff --git a/bundles/unbound/files/unbound.conf b/bundles/unbound/files/unbound.conf
index 247768a..eba526d 100644
--- a/bundles/unbound/files/unbound.conf
+++ b/bundles/unbound/files/unbound.conf
@@ -1,6 +1,11 @@
 server:
     # provided by pkg_apt:unbound-anchor
     auto-trust-anchor-file: "/var/lib/unbound/root.key"
+% if node.has_bundle('jool'):
+    module-config: "dns64 validator iterator"
+% else:
+    module-config: "validator iterator"
+% endif
 
     verbosity: 0
 
@@ -23,10 +28,6 @@ server:
     access-control: ::1 allow
 % endif
 
-% if node.has_bundle('pppd'):
-    prefer-ip4: yes
-% endif
-
     msg-cache-size: ${cache_size}
     msg-cache-slabs: ${cache_slabs}
     rrset-cache-size: ${cache_size}
diff --git a/groups/os.py b/groups/os.py
index 65f2691..a6fca0f 100644
--- a/groups/os.py
+++ b/groups/os.py
@@ -20,6 +20,7 @@ groups['linux'] = {
     'bundles': {
         'basic',
         'cron',
+        'kernel-modules',
         'nftables',
         'openssh',
         'postfix',