class named::geodns inherits named { munin::check { 'bind_views': script => bind } package { 'geoip-database': ensure => installed, } file { '/etc/bind/': ensure => directory, group => bind, mode => '2755', require => Package['bind9'], notify => Service['bind9'], } file { '/etc/bind/geodns': ensure => directory, mode => '0755', } file { '/etc/bind/named.conf.local': source => 'puppet:///modules/named/common/named.conf.local', notify => Service['bind9'], } if (versioncmp($::lsbmajdistrelease, '9') >= 0) { file { '/etc/bind/named.conf.acl': source => 'puppet:///modules/named/common/named.conf.acl', notify => Service['bind9'], } } else { file { '/etc/bind/named.conf.acl': source => 'puppet:///modules/named/common/named.conf.acl.bind99', notify => Service['bind9'], } } file { '/etc/bind/geodns/zonefiles': ensure => directory, owner => geodnssync, group => geodnssync, mode => '2755', } file { '/etc/bind/geodns/named.conf.geo': source => 'puppet:///modules/named/common/named.conf.geo', notify => Service['bind9'], } file { '/etc/bind/geodns/trigger': mode => '0555', source => 'puppet:///modules/named/common/trigger', } file { '/etc/ssh/userkeys/geodnssync': source => 'puppet:///modules/named/common/authorized_keys', group => geodnssync, mode => '0440', } file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } concat::fragment { 'dsa-puppet-stuff--geodns-boot': target => '/etc/cron.d/dsa-puppet-stuff', content => @(EOF) @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null | EOF } @ferm::rule { '01-dsa-bind': domain => '(ip ip6)', description => 'Allow nameserver access', rule => '&TCP_UDP_SERVICE(53)' } }