script => bind
}
- #site::aptrepo { 'geoip':
- # url => 'http://db.debian.org/debian-admin',
- # suite => 'lenny-bind-geoip',
- # components => 'main',
- #}
- site::aptrepo { 'geoip': ensure => absent }
+ package { 'geoip-database':
+ ensure => installed,
+ }
file { '/etc/bind/':
ensure => directory,
ensure => directory,
mode => '0755',
}
- file { '/etc/bind/named.conf.options':
- content => template('named/named.conf.options.erb'),
- }
file { '/etc/bind/named.conf.local':
source => 'puppet:///modules/named/common/named.conf.local',
+ notify => Service['bind9'],
}
- file { '/etc/bind/named.conf.acl':
- source => 'puppet:///modules/named/common/named.conf.acl',
+ if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
+ file { '/etc/bind/named.conf.acl':
+ source => 'puppet:///modules/named/common/named.conf.acl',
+ notify => Service['bind9'],
+ }
+ } else {
+ file { '/etc/bind/named.conf.acl':
+ source => 'puppet:///modules/named/common/named.conf.acl.bind99',
+ notify => Service['bind9'],
+ }
}
file { '/etc/bind/geodns/zonefiles':
ensure => directory,
}
file { '/etc/bind/geodns/named.conf.geo':
source => 'puppet:///modules/named/common/named.conf.geo',
+ notify => Service['bind9'],
}
file { '/etc/bind/geodns/trigger':
mode => '0555',
group => geodnssync,
mode => '0440',
}
- file { '/etc/cron.d/dsa-boot-geodnssync':
- source => 'puppet:///modules/named/common/cron-geo'
+ file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
+ concat::fragment { 'dsa-puppet-stuff--geodns-boot':
+ target => '/etc/cron.d/dsa-puppet-stuff',
+ content => @(EOF)
+ @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null
+ | EOF
+ }
+
+ @ferm::rule { '01-dsa-bind':
+ domain => '(ip ip6)',
+ description => 'Allow nameserver access',
+ rule => '&TCP_UDP_SERVICE(53)'
}
}
projects / mirror / dsa-puppet.git / blobdiff