3 unbound: ensure => installed;
8 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
19 "/var/lib/unbound/root.key":
25 source => [ "puppet:///modules/unbound/root.key" ],
27 "/var/lib/unbound/debian.org.key":
33 source => [ "puppet:///modules/unbound/debian.org.key" ],
35 "/etc/unbound/unbound.conf":
36 content => template("unbound/unbound.conf.erb"),
37 require => Package["unbound"],
38 notify => Exec["unbound restart"],
41 require => [ File[/var/lib/unbound/root.key], File[/var/lib/unbound/debian.org.key] ],
45 case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
47 case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
50 @ferm::rule { "dsa-dns":
52 description => "Allow nameserver access",
53 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
55 @ferm::rule { "dsa-dns6":
57 description => "Allow nameserver access",
58 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
68 # vim:set shiftwidth=4: