modules/named/manifests/geodns.pp

   1 class named::geodns inherits named {
   2         munin::check { 'bind_views':
   3                 script => bind
   4         }
   5
   6         package { 'geoip-database':
   7                 ensure => installed,
   8         }
   9
  10         file { '/etc/bind/':
  11                 ensure  => directory,
  12                 group  => bind,
  13                 mode   => '2755',
  14                 require => Package['bind9'],
  15                 notify  => Service['bind9'],
  16         }
  17         file { '/etc/bind/geodns':
  18                 ensure => directory,
  19                 mode   => '0755',
  20         }
  21         file { '/etc/bind/named.conf.local':
  22                 source => 'puppet:///modules/named/common/named.conf.local',
  23                 notify  => Service['bind9'],
  24         }
  25         if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
  26                 file { '/etc/bind/named.conf.acl':
  27                         source => 'puppet:///modules/named/common/named.conf.acl',
  28                         notify  => Service['bind9'],
  29                 }
  30         } else {
  31                 file { '/etc/bind/named.conf.acl':
  32                         source => 'puppet:///modules/named/common/named.conf.acl.bind99',
  33                         notify  => Service['bind9'],
  34                 }
  35         }
  36         file { '/etc/bind/geodns/zonefiles':
  37                 ensure => directory,
  38                 owner  => geodnssync,
  39                 group  => geodnssync,
  40                 mode   => '2755',
  41         }
  42         file { '/etc/bind/geodns/named.conf.geo':
  43                 source => 'puppet:///modules/named/common/named.conf.geo',
  44                 notify  => Service['bind9'],
  45         }
  46         file { '/etc/bind/geodns/trigger':
  47                 mode   => '0555',
  48                 source => 'puppet:///modules/named/common/trigger',
  49         }
  50         file { '/etc/ssh/userkeys/geodnssync':
  51                 source => 'puppet:///modules/named/common/authorized_keys',
  52                 group  => geodnssync,
  53                 mode   => '0440',
  54         }
  55         file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
  56         concat::fragment { 'dsa-puppet-stuff--geodns-boot':
  57                 target => '/etc/cron.d/dsa-puppet-stuff',
  58                 content  => @(EOF)
  59                         @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null
  60                         | EOF
  61         }
  62
  63         @ferm::rule { '01-dsa-bind':
  64                 domain      => '(ip ip6)',
  65                 description => 'Allow nameserver access',
  66                 rule        => '&TCP_UDP_SERVICE(53)'
  67         }
  68
  69         ssh::keygen { 'geodnssync': }
  70 }