diff options
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r-- | puppet/modules/site_config/files/bind9 | 8 | ||||
-rw-r--r-- | puppet/modules/site_config/files/named.conf.options | 6 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/caching_resolver.pp | 35 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/init.pp | 3 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/resolvconf.pp | 14 |
5 files changed, 42 insertions, 24 deletions
diff --git a/puppet/modules/site_config/files/bind9 b/puppet/modules/site_config/files/bind9 deleted file mode 100644 index 50d8ed14..00000000 --- a/puppet/modules/site_config/files/bind9 +++ /dev/null @@ -1,8 +0,0 @@ -# managed by puppet - -# run resolvconf? -RESOLVCONF=no - -# startup options for the server -OPTIONS="-u bind -4" - diff --git a/puppet/modules/site_config/files/named.conf.options b/puppet/modules/site_config/files/named.conf.options deleted file mode 100644 index 47df6c5d..00000000 --- a/puppet/modules/site_config/files/named.conf.options +++ /dev/null @@ -1,6 +0,0 @@ -options { - allow-query { 127.0.0.1; }; - allow-transfer { none; }; - listen-on { 127.0.0.1; }; -}; - diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp new file mode 100644 index 00000000..e4374d8f --- /dev/null +++ b/puppet/modules/site_config/manifests/caching_resolver.pp @@ -0,0 +1,35 @@ +class site_config::caching_resolver { + + # Setup a conf.d directory to place additional unbound configuration files + # there must be at least one file in the directory, or unbound will not + # start, so create an empty placeholder to ensure this + file { + '/etc/unbound/conf.d': + ensure => directory, + owner => root, group => root, mode => '0755'; + + '/etc/unbound/conf.d/placeholder': + ensure => present, + content => '', + owner => root, group => root, mode => '0644'; + } + + class { 'unbound': + root_hints => false, + anchor => false, + ssl => false, + require => File['/etc/unbound/conf.d/placeholder'], + settings => { + server => { + verbosity => '1', + interface => [ '127.0.0.1', '::1' ], + port => '53', + hide-identity => 'yes', + hide-version => 'yes', + harden-glue => 'yes', + access-control => [ '127.0.0.0/8 allow', '::1 allow' ], + include => '/etc/unbound/conf.d/*' + } + } + } +} diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp index 69ff2523..f05bca1c 100644 --- a/puppet/modules/site_config/manifests/init.pp +++ b/puppet/modules/site_config/manifests/init.pp @@ -13,6 +13,9 @@ class site_config { # configure /etc/resolv.conf include site_config::resolvconf + # configure caching, local resolver + include site_config::caching_resolver + # configure /etc/hosts stage { 'initial': before => Stage['main'], diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp index 78f83a62..3579aaf2 100644 --- a/puppet/modules/site_config/manifests/resolvconf.pp +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -2,28 +2,22 @@ class site_config::resolvconf { # bind9 package { 'bind9': - ensure => installed, + ensure => absent, } service { 'bind9': - ensure => running, + ensure => stopped, require => Package['bind9'], } file { '/etc/default/bind9': - source => 'puppet:///modules/site_config/bind9', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } file { '/etc/bind/named.conf.options': - source => 'puppet:///modules/site_config/named.conf.options', - require => Package['bind9'], - notify => Service['bind9'], + ensure => absent; } - - $domain_hash = hiera('domain') $domain_public = $domain_hash['public'] |