summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/files/bind98
-rw-r--r--puppet/modules/site_config/files/named.conf.options6
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp35
-rw-r--r--puppet/modules/site_config/manifests/init.pp3
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp14
5 files changed, 42 insertions, 24 deletions
diff --git a/puppet/modules/site_config/files/bind9 b/puppet/modules/site_config/files/bind9
deleted file mode 100644
index 50d8ed14..00000000
--- a/puppet/modules/site_config/files/bind9
+++ /dev/null
@@ -1,8 +0,0 @@
-# managed by puppet
-
-# run resolvconf?
-RESOLVCONF=no
-
-# startup options for the server
-OPTIONS="-u bind -4"
-
diff --git a/puppet/modules/site_config/files/named.conf.options b/puppet/modules/site_config/files/named.conf.options
deleted file mode 100644
index 47df6c5d..00000000
--- a/puppet/modules/site_config/files/named.conf.options
+++ /dev/null
@@ -1,6 +0,0 @@
-options {
- allow-query { 127.0.0.1; };
- allow-transfer { none; };
- listen-on { 127.0.0.1; };
-};
-
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
new file mode 100644
index 00000000..e4374d8f
--- /dev/null
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -0,0 +1,35 @@
+class site_config::caching_resolver {
+
+ # Setup a conf.d directory to place additional unbound configuration files
+ # there must be at least one file in the directory, or unbound will not
+ # start, so create an empty placeholder to ensure this
+ file {
+ '/etc/unbound/conf.d':
+ ensure => directory,
+ owner => root, group => root, mode => '0755';
+
+ '/etc/unbound/conf.d/placeholder':
+ ensure => present,
+ content => '',
+ owner => root, group => root, mode => '0644';
+ }
+
+ class { 'unbound':
+ root_hints => false,
+ anchor => false,
+ ssl => false,
+ require => File['/etc/unbound/conf.d/placeholder'],
+ settings => {
+ server => {
+ verbosity => '1',
+ interface => [ '127.0.0.1', '::1' ],
+ port => '53',
+ hide-identity => 'yes',
+ hide-version => 'yes',
+ harden-glue => 'yes',
+ access-control => [ '127.0.0.0/8 allow', '::1 allow' ],
+ include => '/etc/unbound/conf.d/*'
+ }
+ }
+ }
+}
diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp
index 69ff2523..f05bca1c 100644
--- a/puppet/modules/site_config/manifests/init.pp
+++ b/puppet/modules/site_config/manifests/init.pp
@@ -13,6 +13,9 @@ class site_config {
# configure /etc/resolv.conf
include site_config::resolvconf
+ # configure caching, local resolver
+ include site_config::caching_resolver
+
# configure /etc/hosts
stage { 'initial':
before => Stage['main'],
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
index 78f83a62..3579aaf2 100644
--- a/puppet/modules/site_config/manifests/resolvconf.pp
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -2,28 +2,22 @@ class site_config::resolvconf {
# bind9
package { 'bind9':
- ensure => installed,
+ ensure => absent,
}
service { 'bind9':
- ensure => running,
+ ensure => stopped,
require => Package['bind9'],
}
file { '/etc/default/bind9':
- source => 'puppet:///modules/site_config/bind9',
- require => Package['bind9'],
- notify => Service['bind9'],
+ ensure => absent;
}
file { '/etc/bind/named.conf.options':
- source => 'puppet:///modules/site_config/named.conf.options',
- require => Package['bind9'],
- notify => Service['bind9'],
+ ensure => absent;
}
-
-
$domain_hash = hiera('domain')
$domain_public = $domain_hash['public']