setup site_unbound with a basic caching-only configuration and include that on

the openvpn gateway (see #1172)
author: Micah Anderson <micah@riseup.net> 2013-01-16 10:54:32 -0500
committer: Micah Anderson <micah@riseup.net> 2013-01-16 10:54:32 -0500
commit: 5385602a435acb92e1588f74296b6a5339385199 (patch)
tree: 6194192668a90047dfd515b43a3c19131fb1a405 /puppet
parent: e9ddc9e157ca6491594ac3434d1838a51daa0218 (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 5505b8fc..d3c3e387 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -13,6 +13,8 @@ class site_openvpn {
   $openvpn_udp_cidr           = '21'
   $x509_config                = hiera('x509')
 
+  include site_unbound
+
   # deploy ca + server keys
   include site_openvpn::keys
 
diff --git a/puppet/modules/site_unbound/manifests/init.pp b/puppet/modules/site_unbound/manifests/init.pp
new file mode 100644
index 00000000..6a210ab2
--- /dev/null
+++ b/puppet/modules/site_unbound/manifests/init.pp
@@ -0,0 +1,20 @@
+class site_unbound {
+
+  class { 'unbound':
+    root_hints => false,
+    anchor     => false,
+    ssl        => false
+    settings   => {
+      server       => {
+        verbosity      => '1',
+        interface      => [ '127.0.0.1', '::1' ],
+        port           => '53',
+        hide-identity  => 'yes',
+        hide-version   => 'yes',
+        harden-glue    => 'yes',
+        access-control => [ '127.0.0.0/8 allow', '::1 allow' ]
+      }
+    }
+  }
+
+}
author	Micah Anderson <micah@riseup.net>	2013-01-16 10:54:32 -0500
committer	Micah Anderson <micah@riseup.net>	2013-01-16 10:54:32 -0500
commit	5385602a435acb92e1588f74296b6a5339385199 (patch)
tree	6194192668a90047dfd515b43a3c19131fb1a405 /puppet
parent	e9ddc9e157ca6491594ac3434d1838a51daa0218 (diff)