diff options
Diffstat (limited to 'puppet/modules/site_config/manifests')
| -rw-r--r-- | puppet/modules/site_config/manifests/caching_resolver.pp | 35 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/init.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_config/manifests/resolvconf.pp | 14 |
3 files changed, 42 insertions, 10 deletions
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp new file mode 100644 index 00000000..e4374d8f --- /dev/null +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -0,0 +1,35 @@ +class site_config::caching_resolver { + + # Setup a conf.d directory to place additional unbound configuration files + # there must be at least one file in the directory, or unbound will not + # start, so create an empty placeholder to ensure this + file { + '/etc/unbound/conf.d': + ensure => directory, + owner => root, group => root, mode => '0755'; + + '/etc/unbound/conf.d/placeholder': + ensure => present, + content => '', + owner => root, group => root, mode => '0644'; + } + + class { 'unbound': + root_hints => false, + anchor => false, + ssl => false, + require => File['/etc/unbound/conf.d/placeholder'], + settings => { + server => { + verbosity => '1', + interface => [ '127.0.0.1', '::1' ], + port => '53', + hide-identity => 'yes', + hide-version => 'yes', + harden-glue => 'yes', + access-control => [ '127.0.0.0/8 allow', '::1 allow' ], + include => '/etc/unbound/conf.d/*' + } + } + } +} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 69ff2523..f05bca1c 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -13,6 +13,9 @@ class site_config { # configure /etc/resolv.conf include site_config::resolvconf + # configure caching, local resolver + include site_config::caching_resolver + # configure /etc/hosts stage { 'initial': before => Stage['main'], diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 78f83a62..3579aaf2 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -2,28 +2,22 @@ class site_config::resolvconf { # bind9 package { 'bind9': - ensure => installed, + ensure => absent, } service { 'bind9': - ensure => running, + ensure => stopped, require => Package['bind9'], } file { '/etc/default/bind9': - source => 'puppet:///modules/site_config/bind9', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } file { '/etc/bind/named.conf.options': - source => 'puppet:///modules/site_config/named.conf.options', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } - - $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] |