} elsif $::hostname in [geo1,geo2,geo3] {
include named::geodns
}
+ if $::hostname in [orff] {
+ include dnsextras::entries
+ }
if $::hostname in [diabelli,nono,spohr] {
include dacs
--- /dev/null
+class dnsextras::entries {
+ file { '/srv/dns.debian.org/puppet-extra':
+ ensure => 'directory',
+ }
+
+ concat { '/srv/dns.debian.org/puppet-extra/include-debian.org':
+ #require => Package['exim4-daemon-heavy']
+ # notify => Service["nagios"],
+ }
+
+
+ Concat::Fragment <<| tag == "dnsextra" |>>
+}
--- /dev/null
+define dnsextras::entry (
+ $zone,
+ $label,
+ $rrtype,
+ $rrdata,
+) {
+ @@concat::fragment { "dns-extra-${zone}-${::fqdn}-${name}":
+ target => "/srv/dns.debian.org/puppet-extra/include-${zone}",
+ content => "; ${::fqdn} ${name}\n${label}. IN ${rrtype} ${rrdata}\n",
+ tag => 'dnsextra',
+ }
+}
case getfromhash($site::nodeinfo, 'mail_port') {
/^(\d+)$/: { $mail_port = $1 }
- default: { $mail_port = 'smtp' }
+ default: { $mail_port = '25' }
}
@ferm::rule { 'dsa-exim':
domain => 'ip6',
rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
}
+ dnsextras::entry{ "tlsa-mailport":
+ zone => 'debian.org',
+ label => "_${mail_port}._tcp.${::fqdn}",
+ rrtype => 'TXT',
+ rrdata => 'testing' }
# Do we actually want this? I'm only doing it because it's harmless
# and makes the logs quiet. There are better ways of making logs quiet,
notify => Service['exim4'],
}
+ # MXs used as smarthosts
@ferm::rule { 'dsa-exim-submission':
description => 'Allow SMTP',
rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
domain => 'ip6',
rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
}
+ dnsextras::entry{ "tlsa-submission":
+ zone => 'debian.org',
+ label => "_587._tcp.${::fqdn}",
+ rrtype => 'TXT',
+ rrdata => 'testing' }
package { 'nagios-plugins-standard':
ensure => installed,
projects / dsa-puppet.git / commitdiff