1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# deploy local caching resolver
class site_config::caching_resolver {
tag 'leap_base'
$domain = hiera('domain')
$internal_domain = $domain['internal_suffix']
# We need to make sure Package['bind9'] isn't installed because when it is, it
# keeps unbound from running. Some base debian installs will install bind9,
# and then start it, so unbound will never get properly started. So this will
# make sure bind9 is removed before.
package { 'bind9':
ensure => purged
}
class { 'unbound':
root_hints => false,
anchor => false,
ssl => false,
require => Package['bind9'],
settings => {
server => {
verbosity => '1',
interface => [ '127.0.0.1', '::1' ],
port => '53',
hide-identity => 'yes',
hide-version => 'yes',
harden-glue => 'yes',
access-control => [ '127.0.0.0/8 allow', '::1 allow' ],
module-config => '"validator iterator"',
domain-insecure => $internal_domain
}
}
}
concat::fragment { 'unbound glob include':
target => $unbound::params::config,
content => "include: /etc/unbound/unbound.conf.d/*.conf\n\n",
order => 10
}
}
|
