diff options
Diffstat (limited to 'puppet/modules/unbound/manifests/init.pp')
-rw-r--r-- | puppet/modules/unbound/manifests/init.pp | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/puppet/modules/unbound/manifests/init.pp b/puppet/modules/unbound/manifests/init.pp new file mode 100644 index 00000000..ecb7970a --- /dev/null +++ b/puppet/modules/unbound/manifests/init.pp @@ -0,0 +1,117 @@ +# == Class: unbound +# +# The unbound class manages unbound, the reqursive caching dns resolver. +# It manages the package, service, configuration file, control keys and +# support files. +# +# The configuration file is concatenated from samples of server et. al., +# stub-zone and forward-zone. The latter two are created independently +# from the server settings, by defines which can be used by other classes +# and modules. +# +# Control keys can be created with the unbound-control-setup program, +# and is enabled by default. These are neccessary to be able to control +# unbound (restart, reload etc) with the unbound-control program. +# +# The auto-trust-anchor-file 'root.key' can be created with the unbound-anchor +# program, and is enabled by default. +# +# The root-hints files named.cache can be managed, but have to be provided by +# the user. See the documentation in manifests/root_hints.pp for how to proceede. +# This functionality is not enabled by default. +# +# === Parameters +# +# [*settings*] +# Hash containing the settings as key value pairs. +# +# [*ssl*] +# Mange unbound-control certificates? True or false, true by default. +# +# [*anchor*] +# Manage root.key? True or false, true by default. +# +# [*root_hints*] +# Manage named.cache? True or false, false by default. +# +# === Examples +# +# class { 'unbound': +# root_hints => true, +# settings => { +# server => { +# verbosity => '1', +# interface => [ +# '127.0.0.1', +# '::1', +# $::ipaddress, +# ], +# outgoing-interface => $::ipaddress, +# access-control => [ +# '127.0.0.0/8 allow', +# '::1 allow', +# '10.0.0.0/8 allow', +# ], +# root-hints => '"/var/unbound/etc/named.cache"', +# private-address => [ +# '10.0.0.0/8', +# '172.16.0.0/12', +# '192.168.0.0/16', +# ], +# private-domain => "\"$::domain\"", +# auto-trust-anchor-file => '"/var/unbound/etc/root.key"', +# }, +# python => { }, +# remote-control => { +# control-enable => 'yes', +# control-interface => [ +# '127.0.0.1', +# '::1', +# ], +# }, +# } +# } +# +# See manifests/stub.pp and manifests/forward.pp for examples on how to create +# sub zones and forward zones repectively. +# +class unbound ( + $settings, + $anchor = true, + $root_hints = false, + $ssl = true, +) inherits unbound::params { + + include concat::setup + include unbound::package + include unbound::service + + validate_hash($settings) + validate_bool($anchor) + validate_bool($root_hints) + validate_bool($ssl) + + if $anchor { + include unbound::anchor + } + + if $root_hints { + include unbound::root_hints + } + + if $ssl { + include unbound::ssl + } + + $real_settings = $settings + + concat { $unbound::params::config: + require => Class['unbound::package'], + } + + concat::fragment { 'unbound server': + target => $unbound::params::config, + content => template('unbound/unbound.conf.erb'), + order => 1, + } +} |