--- /dev/null
+-- Copyright 2018 Eric Luehrsen <ericluehrsen@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local m5, s5
+local ztype, zones, servers, fallback, enabled
+
+local fs = require "nixio.fs"
+local ut = require "luci.util"
+local sy = require "luci.sys"
+local ds = require "luci.dispatcher"
+local resolvfile = "/tmp/resolv.conf.auto"
+local logerr = ut.exec("logread -e 'unbound.*error.*ssl library'")
+
+m5 = Map("unbound")
+s5 = m5:section(TypedSection, "zone", "Zones",
+ translatef("Organize directed forward, stub, and authoritative zones"
+ .. " <a href=\"%s\" target=\"_blank\">(help)</a>.",
+ "https://www.unbound.net/",
+ "https://github.com/openwrt/packages/blob/master/net/unbound/files/README.md"))
+
+s5.addremove = true
+s5.anonymous = true
+s5.sortable = true
+s5.template = "cbi/tblsection"
+s5.extedit = ds.build_url("admin/services/unbound/zones/%s")
+
+ztype = s5:option(DummyValue, "DummyType", translate("Type"))
+ztype.rawhtml = true
+
+zones = s5:option(DummyValue, "DummyZones", translate("Zones"))
+zones.rawhtml = true
+
+servers = s5:option(DummyValue, "DummyServers", translate("Servers"))
+servers.rawhtml = true
+
+fallback = s5:option(Flag, "fallback", translate("Fallback"))
+fallback.rmempty = false
+
+enabled = s5:option(Flag, "enabled", translate("Enable"))
+enabled.rmempty = false
+
+
+if logerr and (#logerr > 0) then
+ logerr = logerr:sub((1 + #logerr - math.min(#logerr, 250)), #logerr)
+ m5.message = translatef( "Note: SSL/TLS library is missing an API. "
+ .. "Please review syslog. >> logread ... " .. logerr )
+end
+
+
+function s5.create(self, section)
+ created = TypedSection.create(self, section)
+end
+
+
+function s5.parse(self, ...)
+ TypedSection.parse(self, ...)
+end
+
+
+function ztype.cfgvalue(self, s)
+ -- Format a meaningful tile for the Zone Type column
+ local itxt = self.map:get(s, "zone_type")
+ local itls = self.map:get(s, "tls_upstream")
+
+
+ if itxt and itxt:match("forward") then
+ if itls and (itls == "1") then
+ return translate("Forward TLS")
+
+ else
+ return translate("Forward")
+ end
+
+ elseif itxt and itxt:match("stub") then
+ return translate("Recurse")
+
+ elseif itxt and itxt:match("auth") then
+ return translate("AXFR")
+
+ else
+ return translate("Undefined")
+ end
+end
+
+
+function zones.cfgvalue(self, s)
+ -- Format a meaningful sentence for the Zones viewed column
+ local xtxt, otxt
+ local itxt = self.map:get(s, "zone_name")
+ local itype = self.map:get(s, "zone_type")
+
+
+ for xtxt in ut.imatch(itxt) do
+ if (xtxt == ".") then
+ -- zone_name lists
+ xtxt = translate("(root)")
+ end
+
+
+ if otxt and (#otxt > 0) then
+ otxt = otxt .. ", <var>%s</var>" % xtxt
+
+ else
+ otxt = "<var>%s</var>" % xtxt
+ end
+ end
+
+
+ if otxt and (#otxt > 0) then
+ if itype and itype:match("forward") then
+ -- from zone_type create a readable hint for the action
+ otxt = translate("accept upstream results for ") .. otxt
+
+ elseif itype and itype:match("stub") then
+ otxt = translate("select recursion for ") .. otxt
+
+ elseif itype and itype:match("auth") then
+ otxt = translate("prefetch zone files for ") .. otxt
+
+ else
+ otxt = translate("unknown action for ") .. otxt
+ end
+
+
+ return otxt
+
+ else
+ return "(empty)"
+ end
+end
+
+
+function servers.cfgvalue(self, s)
+ -- Format a meaningful sentence for the Servers (and URL) column
+ local xtxt, otxt, rtxt, found
+ local itxt = self.map:get(s, "server")
+ local iurl = self.map:get(s, "url_dir")
+ local itype = self.map:get(s, "zone_type")
+ local itls = self.map:get(s, "tls_upstream")
+ local iidx = self.map:get(s, "tls_index")
+ local irslv = self.map:get(s, "resolv_conf")
+
+
+ for xtxt in ut.imatch(itxt) do
+ if otxt and (#otxt > 0) then
+ -- bundle and make pretty the server list
+ otxt = otxt .. ", <var>%s</var>" % xtxt
+
+ else
+ otxt = "<var>%s</var>" % xtxt
+ end
+ end
+
+
+ if otxt and (#otxt > 0) then
+ otxt = translate("use nameservers ") .. otxt
+ end
+
+
+ if otxt and (#otxt > 0)
+ and itls and (itls == "1")
+ and iidx and (#iidx > 0) then
+ -- show TLS certificate name index if provided
+ otxt = otxt .. translatef(
+ " with default certificate for <var>%s</var>", iidx)
+ end
+
+
+ if iurl and (#iurl > 0) and itype and itype:match("auth") then
+ if otxt and (#otxt > 0) then
+ -- include optional URL filed for auth-zone: type
+ otxt = otxt .. translatef(", and try <var>%s</var>", iurl)
+
+ else
+ otxt = translatef("download from <var>%s</var>", iurl)
+ end
+ end
+
+
+ if irslv and (irslv == "1") and itype and itype:match("forward") then
+ for xtxt in ut.imatch(fs.readfile(resolvfile)) do
+ if xtxt:match("nameserver") then
+ found = true
+
+ elseif (found == true) then
+ if rtxt and (#rtxt > 0) then
+ -- fetch name servers from resolv.conf
+ rtxt = rtxt .. ", <var>%s</var>" % xtxt
+
+ else
+ rtxt = "<var>%s</var>" % xtxt
+ end
+
+
+ found = false
+ end
+ end
+
+
+ if otxt and (#otxt > 0) and rtxt and (#rtxt > 0) then
+ otxt = otxt .. translatef(
+ ", and <var>%s</var> entries ", resolvfile) .. rtxt
+
+ elseif rtxt and (#rtxt > 0) then
+ otxt = translatef(
+ "use <var>%s</var> nameservers ", resolvfile) .. rtxt
+ end
+ end
+
+
+ if otxt and (#otxt > 0) then
+ return otxt
+
+ else
+ return "(empty)"
+ end
+end
+
+
+function m5.on_commit(self)
+ if sy.init.enabled("unbound") then
+ -- Restart Unbound with configuration
+ sy.call("/etc/init.d/unbound restart >/dev/null 2>&1")
+
+ else
+ sy.call("/etc/init.d/unbound stop >/dev/null 2>&1")
+ end
+end
+
+
+return m5
+