summaryrefslogtreecommitdiff
path: root/puppet/modules/site_openvpn/manifests
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-01-16 14:53:09 -0500
committerMicah Anderson <micah@riseup.net>2013-01-16 14:53:09 -0500
commit6375cda36fc21687c59095e4750189b65a2c3b52 (patch)
treec54cbd9e49af87e1106f26995fcedab17671d0a5 /puppet/modules/site_openvpn/manifests
parent4e0021dede8aae43760b3e9a4b2317c3ed4c1e0d (diff)
update unbound submodule to fix infinite service restart problem
Diffstat (limited to 'puppet/modules/site_openvpn/manifests')
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp5
-rw-r--r--puppet/modules/site_openvpn/manifests/resolver.pp8
2 files changed, 11 insertions, 2 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index d3c3e387..4606179c 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -13,8 +13,6 @@ class site_openvpn {
$openvpn_udp_cidr = '21'
$x509_config = hiera('x509')
- include site_unbound
-
# deploy ca + server keys
include site_openvpn::keys
@@ -55,6 +53,9 @@ ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr a
special => 'reboot',
}
+ # setup the resolver to listen on the vpn IP
+ include site_openvpn::resolver
+
include site_shorewall::eip
package {
diff --git a/puppet/modules/site_openvpn/manifests/resolver.pp b/puppet/modules/site_openvpn/manifests/resolver.pp
new file mode 100644
index 00000000..0f0510c1
--- /dev/null
+++ b/puppet/modules/site_openvpn/manifests/resolver.pp
@@ -0,0 +1,8 @@
+class site_openvpn::resolver {
+
+ file { '/etc/unbound/conf.d/vpn_resolver':
+ content => "interface: $openvpn_gateway_address\n",
+ owner => root, group => root, mode => '0644',
+ require => Exec['/usr/local/bin/leap_add_second_ip.sh'];
+ }
+}