feat: route PIC services as subdomains of the cell's effective domain
Unit Tests / test (push) Successful in 11m33s
Unit Tests / test (push) Successful in 11m33s
In DDNS modes (pic_ngo, cloudflare, duckdns, http01), all built-in services are now reachable as subdomains of the cell domain, e.g. calendar.pic1.pic.ngo instead of pic1.pic.ngo/calendar. Key changes: - CaddyManager._build_core_service_routes(): new helper generates Caddy named-matcher host blocks for calendar, mail/webmail, files, webdav, and api subdomains within the wildcard TLS server block. - All ACME modes (pic_ngo, cloudflare, duckdns) use the new subdomain matchers; http01 emits a dedicated server block per service. - http01: installed store-plugin services whose name clashes with a core service are skipped to prevent duplicate server blocks. - routes/config.py: ip_utils.write_caddyfile() is skipped in non-LAN modes so LAN Caddy config never overwrites the ACME config. - firewall_manager.generate_corefile(): new split_horizon_zones param adds local authoritative file zones so LAN clients resolve *.pic1.pic.ngo to the internal Caddy IP without hairpin NAT. - NetworkManager.update_split_horizon_zone(): writes the wildcard zone file and regenerates the Corefile with the split-horizon block; called automatically after every identity change in non-LAN mode. - Added @ to allowed record-name chars in update_dns_zone validation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -412,5 +412,52 @@ class TestCellDnsForwarding(unittest.TestCase):
|
||||
# The Corefile is regenerated (new canonical format) — that's correct.
|
||||
|
||||
|
||||
class TestUpdateSplitHorizonZone(unittest.TestCase):
|
||||
"""Test update_split_horizon_zone writes zone file and Corefile."""
|
||||
|
||||
def setUp(self):
|
||||
self.test_dir = tempfile.mkdtemp()
|
||||
self.data_dir = os.path.join(self.test_dir, 'data')
|
||||
self.config_dir = os.path.join(self.test_dir, 'config')
|
||||
os.makedirs(os.path.join(self.data_dir, 'dns'), exist_ok=True)
|
||||
os.makedirs(os.path.join(self.config_dir, 'dns'), exist_ok=True)
|
||||
self.nm = NetworkManager(self.data_dir, self.config_dir)
|
||||
|
||||
def tearDown(self):
|
||||
shutil.rmtree(self.test_dir)
|
||||
|
||||
@patch('subprocess.run')
|
||||
def test_creates_zone_file_with_wildcard(self, _mock):
|
||||
"""Zone file must contain wildcard A record pointing to caddy_ip."""
|
||||
self.nm.update_split_horizon_zone('pic1.pic.ngo', '172.20.0.2')
|
||||
zone_path = os.path.join(self.data_dir, 'dns', 'pic1.pic.ngo.zone')
|
||||
self.assertTrue(os.path.exists(zone_path))
|
||||
content = open(zone_path).read()
|
||||
self.assertIn('172.20.0.2', content)
|
||||
|
||||
@patch('subprocess.run')
|
||||
def test_corefile_contains_split_horizon_block(self, _mock):
|
||||
"""Corefile must reference the new zone file."""
|
||||
self.nm.update_split_horizon_zone('pic1.pic.ngo', '172.20.0.2')
|
||||
corefile = os.path.join(self.config_dir, 'dns', 'Corefile')
|
||||
self.assertTrue(os.path.exists(corefile))
|
||||
content = open(corefile).read()
|
||||
self.assertIn('pic1.pic.ngo {', content)
|
||||
self.assertIn('file /data/pic1.pic.ngo.zone', content)
|
||||
|
||||
@patch('subprocess.run')
|
||||
def test_returns_true_on_success(self, _mock):
|
||||
ok = self.nm.update_split_horizon_zone('pic1.pic.ngo', '172.20.0.2')
|
||||
self.assertTrue(ok)
|
||||
|
||||
@patch('subprocess.run')
|
||||
def test_sends_sigusr1_to_coredns(self, mock_run):
|
||||
"""CoreDNS reload (SIGUSR1) must be triggered after writing."""
|
||||
mock_run.return_value = MagicMock(returncode=0, stderr='')
|
||||
self.nm.update_split_horizon_zone('pic1.pic.ngo', '172.20.0.2')
|
||||
calls = [str(c) for c in mock_run.call_args_list]
|
||||
self.assertTrue(any('SIGUSR1' in c for c in calls))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user