diff options
author | Micah Anderson <micah@riseup.net> | 2013-01-17 14:17:18 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-01-17 14:17:18 -0500 |
commit | ad3da4a59aebb6b7facc2e6616d8b81039b29892 (patch) | |
tree | e98ceaa4493febcfdad08b4743870d8f3a6e4bbc /puppet/modules/site_openvpn/manifests | |
parent | 03d2b1aec2a9ccd61f4804277c80541698f1dab8 (diff) |
unfortunately the version of unbound that is in wheezy does not support wildcard
include directives, so this commit works around this by doing something less
elegant than before. When we have the newer unbound available, we should switch
to that method instead.
Diffstat (limited to 'puppet/modules/site_openvpn/manifests')
-rw-r--r-- | puppet/modules/site_openvpn/manifests/resolver.pp | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/puppet/modules/site_openvpn/manifests/resolver.pp b/puppet/modules/site_openvpn/manifests/resolver.pp index 57a2d147..c8ef729c 100644 --- a/puppet/modules/site_openvpn/manifests/resolver.pp +++ b/puppet/modules/site_openvpn/manifests/resolver.pp @@ -1,5 +1,25 @@ class site_openvpn::resolver { + # this is an unfortunate way to get around the fact that the version of + # unbound we are working with does not accept a wildcard include directive + # (/etc/unbound/conf.d/*), when it does, these line definitions should + # go away and instead the caching_resolver should be configured to + # include: /etc/unbound/conf.d/* + + line { + 'add_tcp_resolver': + ensure => present, + file => '/etc/unbound/unbound.conf', + line => 'server: include: /etc/unbound/conf.d/vpn_tcp_resolver', + notify => Service['unbound']; + + 'add_udp_resolver': + ensure => present, + file => '/etc/unbound/unbound.conf', + line => 'server: include: /etc/unbound/conf.d/vpn_udp_resolver', + notify => Service['unbound']; + } + file { '/etc/unbound/conf.d/vpn_udp_resolver': content => "interface: ${openvpn_udp_network_prefix}.1\naccess-control: ${openvpn_udp_network_prefix}.0/${openvpn_udp_netmask} allow\n", |