summaryrefslogtreecommitdiffstats
path: root/tests/pytests/templates/kresd.conf.j2
blob: 08c73c88a75d73fad2f19feb0583053caa76cedb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
-- SPDX-License-Identifier: GPL-3.0-or-later
modules = {
    'hints > policy',
    'policy > iterate',
}

verbose({{ 'true' if kresd.verbose else 'false' }})

{% if kresd.ip %}
net.listen('{{ kresd.ip }}', {{ kresd.port }})
net.listen('{{ kresd.ip }}', {{ kresd.tls_port }}, {tls = true})
{% endif %}

{% if kresd.ip6 %}
net.listen('{{ kresd.ip6 }}', {{ kresd.port }})
net.listen('{{ kresd.ip6 }}', {{ kresd.tls_port }}, {tls = true})
{% endif %}

net.ipv4=true
net.ipv6=true

{% if kresd.tls_key_path and kresd.tls_cert_path %}
net.tls("{{ kresd.tls_cert_path }}", "{{ kresd.tls_key_path }}")
net.tls_sticket_secret('0123456789ABCDEF0123456789ABCDEF')
{% endif %}

hints['localhost.'] = '127.0.0.1'
{% for name, ip in kresd.hints.items() %}
hints['{{ name }}'] = '{{ ip }}'
{% endfor %}

policy.add(policy.all(policy.QTRACE))

{% if kresd.forward %}
policy.add(policy.all(
    {% if kresd.forward.proto == 'tls' %}
    policy.TLS_FORWARD({
        {"{{ kresd.forward.ip }}@{{ kresd.forward.port }}", hostname='{{ kresd.forward.hostname}}', ca_file='{{ kresd.forward.ca_file }}'}})
    {% endif %}
))
{% endif %}

{% if kresd.policy_test_pass %}
policy.add(policy.suffix(policy.PASS, {todname('test.')}))
{% endif %}

-- make sure DNSSEC is turned off for tests
trust_anchors.remove('.')
modules.unload("ta_update")
modules.unload("ta_signal_query")
modules.unload("priming")
modules.unload("detect_time_skew")

-- choose a small cache, since it is preallocated
cache.size = 1 * MB