From 12ce80e3814d5b5485ccc15656b1ba3f27fda302 Mon Sep 17 00:00:00 2001
From: Manevolent <manevolent@team.lixo>
Date: Tue, 21 Sep 2021 17:28:39 -0600
Subject: [PATCH] Update docs

---
 README.md            | 3 ++-
 bind/named.conf.tmpl | 4 +++-
 install.sh           | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 059e0b5..9b725f4 100644
--- a/README.md
+++ b/README.md
@@ -180,12 +180,13 @@ For options we expose here, for information see: https://bird.network.cz/?get_do
 
 These settings are optional, and are already defaulted to general network common practices.
 
+ * `bind_forward_enable`: Enable BIND DNS forwarding when DNS queries are received from other nodes Lixonet for a domain that you control (i.e. lkwco.mane.lixo on that Lixonet box).  `1`/enabled, `0`/disabled. Defaults to `1`.
  * `bind_forward_address`: The overridden DNS server IP address to forward all requests for your own domain to.  Defaults to the value of `internal_gateway`, which is proper in most if not all cases.  Your BIND zone is automatically converted from your `tinc_peer_name` (i.e. `lkwco_mane_lixo` becomes `lkwco.mane.lixo`).
  * `tld`: The network-wide TLD to use.  Defaults to `lixo`.
  
  #### Wireguard options
 
-Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG.  Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.y.z) where `y` is your first network number, i.e. `8` or `16` and `z` is an unused address and setting that to `wg_address`.
+Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG.  Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.y.z) where `y` is your first network number, i.e. `8` or `16` and `z` is an unused address and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN.
 
  * `wg_enabled`: Set to 1 to enable WireGuard. Defaults to 0/disabled.
  * `wg_key`: Required. The private key to use for the Wireguard peering point.
diff --git a/bind/named.conf.tmpl b/bind/named.conf.tmpl
index d5d5c87..b00e344 100644
--- a/bind/named.conf.tmpl
+++ b/bind/named.conf.tmpl
@@ -61,13 +61,15 @@ view "lixonet" {
     };
 
     # Local reverse zone forwarders
+{{ if eq "1" "${bind_forward_enable:-1}" }}
     {{ if len "${local_reverse_zones:-}" }}{{ range "$local_reverse_zones" | split "," }}zone "{{ . }}" {
         type forward;
         forward only;
         forwarders { ${bind_forward_address-"${internal_gateway}"}; };
     };
     {{ end }}{{ end }}
-    
+{{ end }}
+	
     # Peer forwarding zones
     {{ range files "bind/peers" }} {{ if ne . "${tinc_peer_name}" }}
     zone "{{ . | replace "_" "." }}" {
diff --git a/install.sh b/install.sh
index 2f6bd7e..d4fb993 100644
--- a/install.sh
+++ b/install.sh
@@ -49,4 +49,5 @@ touch /etc/lixonet/version
 chmod 660 /etc/lixonet/version
 stat /etc/lixonet/version
 
+docker rm -f lixonet-ee
 docker build -t lixonet-ee . && docker run --restart always -d -e DOCKER_HOST=unix:///var/run/docker.sock -e GIT_URL=$ORIGIN -v /var/run/docker.sock:/var/run/docker.sock -v /etc/bird:/etc/bird/ -v /etc/tinc:/etc/tinc -v /etc/bind:/etc/bind -v /etc/lixonet:/etc/lixonet -v /etc/lixonet/known_hosts:/home/lixonet/.ssh/known_hosts -v /etc/lixonet/id_rsa:/home/lixonet/.ssh/id_rsa --name lixonet-ee lixonet-ee