summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests/caching_resolver.pp
blob: 1b8bd1a2a44b3511ae175ee3d5dc887eacd1acc1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
class site_config::caching_resolver {
  tag 'leap_base'

  # Setup a conf.d directory to place additional unbound configuration files.
  # There must be at least one file in the directory, or unbound will not start,
  # so create an empty placeholder to ensure this.

  # Note: the version of unbound we are working with does not accept a wildcard
  # for an include directive, so we are not able to use this. When we can use
  # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the
  # configuration file

  include site_apt::preferences::unbound

  file {
    # cleanup from how we used to do it
    '/etc/unbound/conf.d':
      force   => true,
      ensure  => absent;

    '/etc/unbound/conf.d/placeholder':
      ensure  => absent;
  }

  class { 'unbound':
    root_hints => false,
    anchor     => false,
    ssl        => false,
    require    => File['/etc/unbound/conf.d/placeholder'],
    settings   => {
      server       => {
        verbosity      => '1',
        interface      => [ '127.0.0.1', '::1' ],
        port           => '53',
        hide-identity  => 'yes',
        hide-version   => 'yes',
        harden-glue    => 'yes',
        access-control => [ '127.0.0.0/8 allow', '::1 allow' ]
      }
    }
  }

  concat::fragment { 'unbound glob include':
    target  => $unbound::params::config,
    content => "include: /etc/unbound/unbound.conf.d/*.conf\n\n",
    order   => 10
  }
}