Support for git{ea,hub,lab} webhooks

[reynir]

A number of git forges (gitea, github, gitlab) support webhooks on updates to the git repository containing the DNS zones but not DNS notify. The server could listen for http requests and poll the git repository when a webhook is triggered.

[hannesm]

Indeed, thanks for the request. Since webhooks require:

• a TCP (TLS) listener port [+ certificate if TLS is used, which it should to avoid replay & secret leakage]
• a (partial) HTTP implementation

Maybe it makes the most sense to:

• develop (or figure out where to get the code) a webhook library (I suspect ocaml-ci/... has something along the lines already)
• develop a unikernel that uses this webhook library to receive requests and forward via dns notify to the DNS server (using the same / a different secret)

Having a separate unikernel would make the setup more complex, but would also leave DNS authoritative server as is. Maybe both options are feasible.

[hannesm]

The simple first solution is to listen on port 80 and do a git pull on every connection. Since DNS and git are on the same host, this should not be harmful (in respect to resource usage).

[hannesm]

Not a webhook, but I figured out that dig soa <zone> +opcode=notify -y hmac-sha256:<key-name>:b64-key @server-ip works fine for notification --> there is no need to use onotify from the dns-cli opam package \o/