3 unbound: ensure => installed;
8 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
19 "/var/lib/unbound/root.key":
25 source => [ "puppet:///modules/unbound/root.key" ],
27 "/var/lib/unbound/debian.org.key":
33 source => [ "puppet:///modules/unbound/debian.org.key" ],
35 "/etc/unbound/unbound.conf":
36 content => template("unbound/unbound.conf.erb"),
37 require => Package["unbound"],
38 notify => Exec["unbound restart"],
44 case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
46 case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
49 @ferm::rule { "dsa-dns":
51 description => "Allow nameserver access",
52 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
54 @ferm::rule { "dsa-dns6":
56 description => "Allow nameserver access",
57 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
67 # vim:set shiftwidth=4: