projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39 Commits 1 Branch 0 Tags
e537d70e043bbe8a47de1aac5df179bfcb32ad6b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Debian e537d70e04 feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI) 
Stub raus, vollständig implementiert:

* Migration 0014: dns_settings (single-row) + dns_zones.forward_to.
  Default-Settings sind sinnvoll für die typische LAN-Resolver-Rolle
  (1.1.1.1 + 9.9.9.9 upstream, localnet allow, DNSSEC + qname-min on).
* internal/services/dns: CRUD-Repo für zones, records, settings.
* internal/handlers/dns.go: REST /api/v1/dns/zones, /records, /settings
  mit Auto-Reload nach jeder Mutation.
* internal/unbound/unbound.cfg.tpl + unbound.go: Renderer schreibt
  /etc/unbound/unbound.conf.d/edgeguard.conf direkt (kein Symlink-
  Dance, weil AppArmor unbound nur /etc/unbound erlaubt). Local-zones
  authoritativ aus dns_records; forward-zones per stub-zone; default-
  forwarders catchen alles sonst.
* main.go: dnsRepo + unbound-Reloader injiziert.
* render.go: unbound.New() bekommt Pool.
* postinst:
  - Conf-Datei /etc/unbound/unbound.conf.d/edgeguard.conf wird als
    edgeguard:edgeguard 0644 angelegt damit Renderer schreiben kann.
  - /etc/edgeguard + Service-Subdirs auf 0755 (Squid + Unbound laufen
    NICHT als edgeguard, brauchen Read-Traversal).
  - Sudoers: systemctl reload unbound.service whitelisted.
* Template: chroot:"" (Conf liegt außerhalb /var/lib/unbound default-
  chroot), DNSSEC-Trust-Anchor NICHT setzen (Distro hat schon
  root-auto-trust-anchor-file.conf — sonst doppelter Anchor → start
  failure).
* Frontend /dns: PageHeader + zwei Tabs (Zones + Resolver-Settings).
  Zones-Tab mit Drawer für Records (CRUD pro Zone, A/AAAA/CNAME/TXT/
  MX/SRV/NS/PTR/CAA). Sidebar-Eintrag unter Network.
* i18n DE/EN für dns.* Block.

Verified end-to-end: render → unbound restart → dig @127.0.0.1
example.com → 104.20.23.154 / 172.66.147.243.

Version 1.0.34 (mehrere Iterationen wegen AppArmor + chroot + perms).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-11 06:24:51 +02:00
cmd
feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI)
2026-05-11 06:24:51 +02:00
deploy
feat(scheduler): Auto-Renewal für Let's Encrypt Certs
2026-05-10 22:50:00 +02:00
docs
feat(configgen): Phase 2 Config-Generator + nginx → HAProxy-only Pivot
2026-05-09 10:59:52 +02:00
internal
feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI)
2026-05-11 06:24:51 +02:00
management-ui
feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI)
2026-05-11 06:24:51 +02:00
packaging/debian
feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI)
2026-05-11 06:24:51 +02:00
scripts
feat: install.sh One-Liner-Bootstrap + System-Adressen-Card auf IP-Page
2026-05-09 16:23:58 +02:00
.gitignore
chore: initial skeleton
2026-05-08 18:45:41 +02:00
agent.md
feat(configgen): Phase 2 Config-Generator + nginx → HAProxy-only Pivot
2026-05-09 10:59:52 +02:00
CLAUDE.md
feat(configgen): Phase 2 Config-Generator + nginx → HAProxy-only Pivot
2026-05-09 10:59:52 +02:00
go.mod
feat: WireGuard (server + client + peers + QR) + shared UI components
2026-05-10 20:51:25 +02:00
go.sum
feat: WireGuard (server + client + peers + QR) + shared UI components
2026-05-10 20:51:25 +02:00
Makefile
feat: Networks-Members für bridge/bond + System-Rules-Card + Theme-Revert
2026-05-10 16:19:07 +02:00
README.md
feat(configgen): Phase 2 Config-Generator + nginx → HAProxy-only Pivot
2026-05-09 10:59:52 +02:00
VERSION
feat: Unbound DNS-Resolver — vollständig (Renderer + Handler + UI)
2026-05-11 06:24:51 +02:00

README.md

EdgeGuard

Native Reverse-Proxy / Loadbalancer / Forward-Proxy / VPN / Firewall — als signiertes .deb für Debian 13 + Ubuntu 24.04, amd64 + arm64.

Status: v0.x — Neufassung des bisherigen Docker-Stacks, parallel zum Bestand proxy-lb-waf.

Installation

curl -fsSL https://get.edgeguard.netcell-it.de | sudo bash

Unterstützte Plattformen: Debian 13 (Trixie), Ubuntu 24.04 LTS (Noble) — amd64 + arm64.

Architektur in Kürze

  • Daten-Services (v1): HAProxy (TLS-Termination + LB + L7-Routing), Squid, WireGuard, Unbound, nftables — alle nativ via APT, Configs aus PostgreSQL generiert.
  • Control-Plane: edgeguard-api (Go/Gin), management-ui (React/AntD), PostgreSQL 16, KeyDB Active-Active.
  • Cluster: N symmetrische Peers, KeyDB AA für Shared State, PG Streaming Replication, Floating-IP des Hosters statt VRRP.
  • Auslieferung: signierte .deb, Update via apt. Update-Trigger via UI/API.

Volle Architektur: docs/architecture.md.

Build

make build       # Host-Architektur
make deb         # amd64 + arm64 .deb
make publish     # deb + Upload Gitea Package Registry

Repo

  • Lokal: /var/www/edgeguard-native
  • Gitea: https://git.netcell-it.de/projekte/edgeguard-native
Reference in New Issue View Git Blame Copy Permalink
Description
EdgeGuard Native — Reverse-Proxy / Loadbalancer / Forward-Proxy / VPN / Firewall ohne Docker, .deb-Auslieferung fuer Debian 13
Readme 3 MiB
Languages
Go 51.1%
TypeScript 34.4%
CSS 8.4%
Shell 3.8%
Smarty 1.8%
Other 0.4%