3 unbound: ensure => installed;
8 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
19 "/var/lib/unbound/root.key":
25 source => [ "puppet:///modules/unbound/root.key" ],
26 notify => Exec["unbound restart"],
28 "/var/lib/unbound/debian.org.key":
34 source => [ "puppet:///modules/unbound/debian.org.key" ],
35 notify => Exec["unbound restart"],
37 "/etc/unbound/unbound.conf":
38 content => template("unbound/unbound.conf.erb"),
39 require => Package["unbound"],
40 notify => Exec["unbound restart"],
46 case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
48 case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
51 @ferm::rule { "dsa-bind":
53 description => "Allow nameserver access",
54 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
56 @ferm::rule { "dsa-bind":
58 description => "Allow nameserver access",
59 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
69 # vim:set shiftwidth=4: