etc/config: use net.listen() syntax for configs

- meson templating no longer needed
- commented out DoH/webmgmt configuration removed
- added explicit port 53 and kind=dns

8 files changed, 44 insertions, 66 deletions

diff --git a/etc/config/config.cluster.in b/etc/config/config.cluster
index f5869d6e..33e0fe3c 100644
--- a/etc/config/config.cluster.in
+++ b/etc/config/config.cluster
@@ -4,15 +4,12 @@
 -- as the resolver is busy most of the time.
 -- Alternative is using `etcd` as a configuration backend.
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
-@config_defaults@
 
--- For DNS-over-HTTPS and web management when using http module
--- modules.load('http')
--- http.config({
--- 	cert = '/etc/knot-resolver/mycert.crt',
--- 	key = '/etc/knot-resolver/mykey.key',
--- 	tls = true,
--- })
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- To disable DNSSEC validation, uncomment the following line (not recommended)
 -- trust_anchors.remove('.')
diff --git a/etc/config/config.docker.in b/etc/config/config.docker
index d543a097..9199880f 100644
--- a/etc/config/config.docker.in
+++ b/etc/config/config.docker
@@ -2,7 +2,7 @@
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
 
 -- Listen on all interfaces (localhost would not work in Docker)
-net.listen('0.0.0.0')
+net.listen('0.0.0.0', 53, { kind = 'dns' })
 net.listen('0.0.0.0', 853, { kind = 'tls' })
 net.listen('0.0.0.0', 443, { kind = 'doh' })
 net.listen('0.0.0.0', 8453, { kind = 'webmgmt' })
diff --git a/etc/config/config.internal.in b/etc/config/config.internal
index 64073397..ed8b2f1e 100644
--- a/etc/config/config.internal.in
+++ b/etc/config/config.internal
@@ -1,10 +1,15 @@
 -- vim:syntax=lua:set ts=4 sw=4:
 -- Config file example usable for multi-user ISP resolver
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
-@config_defaults@
+
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- define list of internal-only domains
 internalDomains = policy.todnames({'company.example', 'internal.example'})
 
 -- forward all queries below 'internalDomains' to '192.168.1.2'
-policy.add(policy.suffix(policy.FORWARD({'192.168.1.2'}), internalDomains))
\ No newline at end of file
+policy.add(policy.suffix(policy.FORWARD({'192.168.1.2'}), internalDomains))
diff --git a/etc/config/config.isp.in b/etc/config/config.isp
index 44272f96..bf9d65c8 100644
--- a/etc/config/config.isp.in
+++ b/etc/config/config.isp
@@ -1,7 +1,12 @@
 -- vim:syntax=lua:set ts=4 sw=4:
 -- Config file example usable for ISP resolver
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
-@config_defaults@
+
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- Large cache size, so we don't need to flush often
 -- This can be larger than available RAM, least frequently accessed
diff --git a/etc/config/config.personal.in b/etc/config/config.personal
index 61969133..31d58d24 100644
--- a/etc/config/config.personal.in
+++ b/etc/config/config.personal
@@ -1,14 +1,11 @@
 -- vim:syntax=lua:set ts=4 sw=4:
 -- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/
-@config_defaults@
 
--- For DNS-over-HTTPS and web management when using http module
--- modules.load('http')
--- http.config({
--- 	cert = '/etc/knot-resolver/mycert.crt',
--- 	key = '/etc/knot-resolver/mykey.key',
--- 	tls = true,
--- })
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- To disable DNSSEC validation, uncomment the following line (not recommended)
 -- trust_anchors.remove('.')
diff --git a/etc/config/config.privacy.in b/etc/config/config.privacy
index 824aa23c..29ee4169 100644
--- a/etc/config/config.privacy.in
+++ b/etc/config/config.privacy
@@ -1,7 +1,12 @@
 -- vim:syntax=lua:set ts=4 sw=4:
 -- Config file example usable for privacy-preserving resolver
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
-@config_defaults@
+
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- TLS server configuration
 -- use this to configure your TLS certificates
@@ -26,4 +31,4 @@ policy.add(policy.slice(
       {'193.17.47.1', hostname='odvr.nic.cz'},
       {'185.43.135.1', hostname='odvr.nic.cz'},
    })
-))
\ No newline at end of file
+))
diff --git a/etc/config/config.splitview.in b/etc/config/config.splitview
index 7051efa8..2fd2415b 100644
--- a/etc/config/config.splitview.in
+++ b/etc/config/config.splitview
@@ -1,15 +1,12 @@
 -- vim:syntax=lua:set ts=4 sw=4:
 -- Config file with split-view for internal zone
 -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
-@config_defaults@
 
--- For DNS-over-HTTPS and web management when using http module
--- modules.load('http')
--- http.config({
--- 	cert = '/etc/knot-resolver/mycert.crt',
--- 	key = '/etc/knot-resolver/mykey.key',
--- 	tls = true,
--- })
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('::1', 53, { kind = 'dns'})
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 853, { kind = 'tls' })
 
 -- To disable DNSSEC validation, uncomment the following line (not recommended)
 -- trust_anchors.remove('.')
diff --git a/etc/config/meson.build b/etc/config/meson.build
index 85f7a379..e1623b4b 100644
--- a/etc/config/meson.build
+++ b/etc/config/meson.build
@@ -1,26 +1,6 @@
 # etc: config examples
 
-# Config snippets (build-dependant)
-if systemd_files == 'enabled'
-  config_defaults = '''
--- Network interface configuration: see kresd.systemd(7)'''
-else
-  config_defaults = '''
--- Listen on localhost
-net.listen('127.0.0.1')
-net.listen('::1')
-net.listen('127.0.0.1', 853, { kind = 'tls' })
-net.listen('::1', 853, { kind = 'tls' })
-
--- Extra interfaces for http module
--- net.listen('127.0.0.1', 44353, { kind = 'doh' })
--- net.listen('::1', 44353, { kind = 'doh' })
--- net.listen('127.0.0.1', 8453, { kind = 'webmgmt' })
--- net.listen('::1', 8453, { kind = 'webmgmt' })'''
-endif
-
-
-# Configure and install config examples
+# Install config examples
 example_configs = [
   'config.cluster',
   'config.docker',
@@ -31,17 +11,10 @@ example_configs = [
   'config.splitview',
 ]
 
-conf_config = configuration_data()
-conf_config.set('config_defaults', config_defaults)
-
-foreach config_filename : example_configs
-  configure_file(
-    input: config_filename + '.in',
-    output: config_filename,
-    configuration: conf_config,
-    install_dir: examples_dir,
-  )
-endforeach
+install_data(
+  sources: example_configs,
+  install_dir: examples_dir,
+)
 
 
 # kresd.conf
@@ -53,10 +26,9 @@ if get_option('install_kresd_conf') == 'auto'
 endif
 
 if install_kresd_conf
-  configure_file(
-    input: 'config.personal.in',
-    output: 'kresd.conf',
-    configuration: conf_config,
+  install_data(
+    sources: 'config.personal',
+    rename: 'kresd.conf',
     install_dir: etc_dir,
   )
 endif