+# = Class: unbound
+#
+# This class installs and configures unbound
+#
+# == Sample Usage:
+#
+# include unbound
+#
class unbound {
- package {
- unbound: ensure => installed;
- }
- exec {
- "unbound restart":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true,
- ;
- }
- file {
- "/var/lib/unbound":
- ensure => directory,
- owner => unbound,
- group => unbound,
- mode => 775,
- ;
- "/var/lib/unbound/root.key":
- ensure => present,
- replace => false,
- owner => unbound,
- group => unbound,
- mode => 644,
- source => [ "puppet:///modules/unbound/root.key" ],
- ;
- "/var/lib/unbound/debian.org.key":
- ensure => present,
- replace => false,
- owner => unbound,
- group => unbound,
- mode => 644,
- source => [ "puppet:///modules/unbound/debian.org.key" ],
- ;
- "/etc/unbound/unbound.conf":
- content => template("unbound/unbound.conf.erb"),
- require => Package["unbound"],
- notify => Exec["unbound restart"],
- owner => root,
- group => root,
- ;
- }
+ package { 'unbound':
+ ensure => installed
+ }
- case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
- true: {
- case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
- false: {}
- default: {
- @ferm::rule { "dsa-dns":
- domain => "ip",
- description => "Allow nameserver access",
- rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
- }
- @ferm::rule { "dsa-dns6":
- domain => "ip6",
- description => "Allow nameserver access",
- rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
- }
- }
- }
- }
- }
-}
+ service { 'unbound':
+ ensure => running,
+ hasstatus => false,
+ pattern => 'unbound',
+ }
+
+ file { '/var/lib/unbound':
+ ensure => directory,
+ owner => unbound,
+ group => unbound,
+ require => Package['unbound'],
+ mode => '0775',
+ }
+ file { '/var/lib/unbound/root.key':
+ ensure => present,
+ replace => false,
+ owner => unbound,
+ group => unbound,
+ mode => '0644',
+ source => 'puppet:///modules/unbound/root.key'
+ }
+ file { '/var/lib/unbound/debian.org.key':
+ ensure => present,
+ replace => false,
+ owner => unbound,
+ group => unbound,
+ mode => '0644',
+ source => 'puppet:///modules/unbound/debian.org.key'
+ }
+ file { '/etc/unbound/unbound.conf':
+ content => template('unbound/unbound.conf.erb'),
+ require => [
+ Package['unbound'],
+ File['/var/lib/unbound/root.key'],
+ File['/var/lib/unbound/debian.org.key']
+ ],
+ notify => Service['unbound']
+ }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
+ if getfromhash($site::nodeinfo, 'misc', 'resolver-recursive') {
+ if getfromhash($site::nodeinfo, 'hoster', 'allow_dns_query') {
+ @ferm::rule { 'dsa-dns':
+ domain => 'ip',
+ description => 'Allow nameserver access',
+ rule => sprintf('&TCP_UDP_SERVICE_RANGE(53, (%s))', join_spc(filter_ipv4(getfromhash($site::nodeinfo, 'hoster', 'allow_dns_query')))),
+ }
+ @ferm::rule { 'dsa-dns6':
+ domain => 'ip6',
+ description => 'Allow nameserver access',
+ rule => sprintf('&TCP_UDP_SERVICE_RANGE(53, (%s))', join_spc(filter_ipv6(getfromhash($site::nodeinfo, 'hoster', 'allow_dns_query')))),
+ }
+ }
+ }
+}
projects / dsa-puppet.git / blobdiff