1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
{% from 'macros/common_macros.lua.j2' import boolean %}
{% from 'macros/network_macros.lua.j2' import network_listen, http_config %}
-- network.do-ipv4/6
net.ipv4 = {{ boolean(cfg.network.do_ipv4) }}
net.ipv6 = {{ boolean(cfg.network.do_ipv6) }}
{% if cfg.network.out_interface_v4 %}
-- network.out-interface-v4
net.outgoing_v4('{{ cfg.network.out_interface_v4 }}')
{% endif %}
{% if cfg.network.out_interface_v6 %}
-- network.out-interface-v6
net.outgoing_v6('{{ cfg.network.out_interface_v6 }}')
{% endif %}
-- network.tcp-pipeline
net.tcp_pipeline({{ cfg.network.tcp_pipeline }})
-- network.edns-keep-alive
{% if cfg.network.edns_tcp_keepalive %}
modules.load('edns_keepalive')
{% else %}
modules.unload('edns_keepalive')
{% endif %}
-- network.edns-buffer-size
net.bufsize(
{{ cfg.network.edns_buffer_size.downstream.bytes() }},
{{ cfg.network.edns_buffer_size.upstream.bytes() }}
)
{% if cfg.network.tls.cert_file and cfg.network.tls.key_file %}
-- network.tls
net.tls('{{ cfg.network.tls.cert_file }}', '{{ cfg.network.tls.key_file }}')
{% endif %}
{% if cfg.network.tls.sticket_secret %}
-- network.tls.sticket-secret
net.tls_sticket_secret('{{ cfg.network.tls.sticket_secret }}')
{% endif %}
{% if cfg.network.tls.sticket_secret_file %}
-- network.tls.sticket-secret-file
net.tls_sticket_secret_file('{{ cfg.network.tls.sticket_secret_file }}')
{% endif %}
-- network.tls.padding
net.tls_padding(
{%- if cfg.network.tls.padding == true -%}
true
{%- elif cfg.network.tls.padding == false -%}
false
{%- else -%}
{{ cfg.network.tls.padding }}
{%- endif -%}
)
{% if cfg.network.address_renumbering %}
-- network.address-renumbering
modules.load('renumber')
renumber.config({
{% for item in cfg.network.address_renumbering %}
{'{{ item.source }}', '{{ item.destination }}'},
{% endfor %}
})
{% endif %}
{%- set vars = {'doh_legacy': False} -%}
{% for listen in cfg.network.listen if listen.kind == "doh-legacy" -%}
{%- if vars.update({'doh_legacy': True}) -%}{%- endif -%}
{%- endfor %}
{% if vars.doh_legacy %}
-- doh_legacy http config
modules.load('http')
{{ http_config(cfg.network.tls,"doh_legacy") }}
{% endif %}
{% if cfg.network.proxy_protocol.enable %}
-- network.proxy-protocol
net.proxy_allowed({
{% for item in cfg.network.proxy_protocol.allow %}
'{{ item }}',
{% endfor %}
})
{% else %}
net.proxy_allowed({})
{% endif %}
-- network.listen
{% for listen in cfg.network.listen %}
{{ network_listen(listen) }}
{% endfor %}
|
