3 unbound: ensure => installed;
8 path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
17 require => Package["unbound"],
20 "/var/lib/unbound/root.key":
26 source => [ "puppet:///modules/unbound/root.key" ],
28 "/var/lib/unbound/debian.org.key":
34 source => [ "puppet:///modules/unbound/debian.org.key" ],
36 "/etc/unbound/unbound.conf":
37 content => template("unbound/unbound.conf.erb"),
38 require => [ Package["unbound"], File['/var/lib/unbound/root.key'], File['/var/lib/unbound/debian.org.key'] ],
39 notify => Exec["unbound restart"],
45 case getfromhash($nodeinfo, 'misc', 'resolver-recursive') {
47 case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
50 @ferm::rule { "dsa-dns":
52 description => "Allow nameserver access",
53 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
55 @ferm::rule { "dsa-dns6":
57 description => "Allow nameserver access",
58 rule => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
68 # vim:set shiftwidth=4: