3 unbound: ensure => installed;
8 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
21 "/var/lib/unbound/root.key":
27 source => [ "puppet:///modules/unbound/root.key" ],
28 #notify => Exec["unbound restart"],
32 "/var/lib/unbound/debian.org.key":
38 source => [ "puppet:///modules/unbound/debian.org.key" ],
39 #notify => Exec["unbound restart"],
43 "/etc/unbound/unbound.conf":
44 content => template("unbound/unbound.conf.erb"),
45 require => Package["unbound"],
46 notify => Exec["unbound restart"],
52 case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
54 case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
57 @ferm::rule { "dsa-dns":
59 description => "Allow nameserver access",
60 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
62 @ferm::rule { "dsa-dns6":
64 description => "Allow nameserver access",
65 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
75 # vim:set shiftwidth=4: