X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fsystemd%2Fmanifests%2Fresolved.pp;fp=3rdparty%2Fmodules%2Fsystemd%2Fmanifests%2Fresolved.pp;h=f34772dea006e0a1edc44f71921ef186d9b12d11;hb=1329adc9f34c3c87e353983ec9023a6cf6e93e67;hp=0000000000000000000000000000000000000000;hpb=a81ff959d6c9c7605db1176b89dc2b5ffde0d903;p=mirror%2Fdsa-puppet.git diff --git a/3rdparty/modules/systemd/manifests/resolved.pp b/3rdparty/modules/systemd/manifests/resolved.pp new file mode 100644 index 000000000..f34772dea --- /dev/null +++ b/3rdparty/modules/systemd/manifests/resolved.pp @@ -0,0 +1,212 @@ +# **NOTE: THIS IS A [PRIVATE](https://github.com/puppetlabs/puppetlabs-stdlib#assert_private) CLASS** +# +# This class provides an abstract way to trigger resolved. +# Each parameters correspond to resolved.conf(5): +# https://www.freedesktop.org/software/systemd/man/resolved.conf.html +# +# @param ensure +# The state that the ``resolved`` service should be in +# +# @param dns +# A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers. +# DNS requests are sent to one of the listed DNS servers in parallel to suitable +# per-link DNS servers acquired from systemd-networkd.service(8) or set at runtime +# by external applications. requires puppetlabs-inifile +# +# @param fallback_dns +# A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS +# servers. Any per-link DNS servers obtained from systemd-networkd take +# precedence over this setting. requires puppetlabs-inifile +# +# @param domains +# A space-separated list of domains host names or IP addresses to be used +# systemd-resolved take precedence over this setting. +# +# @param llmnr +# Takes a boolean argument or "resolve". +# +# @param multicast_dns +# Takes a boolean argument or "resolve". +# +# @param dnssec +# Takes a boolean argument or "allow-downgrade". +# +# @param cache +# Takes a boolean argument. +# +# @param dns_stub_listener +# Takes a boolean argument or one of "udp" and "tcp". +# +# @param use_stub_resolver +# Takes a boolean argument. When "false" (default) it uses /var/run/systemd/resolve/resolv.conf +# as /etc/resolv.conf. When "true", it uses /var/run/systemd/resolve/stub-resolv.conf +# +class systemd::resolved ( + Enum['stopped','running'] $ensure = $systemd::resolved_ensure, + Optional[Variant[Array[String],String]] $dns = $systemd::dns, + Optional[Variant[Array[String],String]] $fallback_dns = $systemd::fallback_dns, + Optional[Variant[Array[String],String]] $domains = $systemd::domains, + Optional[Variant[Boolean,Enum['resolve']]] $llmnr = $systemd::llmnr, + Optional[Variant[Boolean,Enum['resolve']]] $multicast_dns = $systemd::multicast_dns, + Optional[Variant[Boolean,Enum['allow-downgrade']]] $dnssec = $systemd::dnssec, + Boolean $cache = $systemd::cache, + Optional[Variant[Boolean,Enum['udp', 'tcp']]] $dns_stub_listener = $systemd::dns_stub_listener, + Boolean $use_stub_resolver = $systemd::use_stub_resolver, +){ + + assert_private() + + $_enable_resolved = $ensure ? { + 'stopped' => false, + 'running' => true, + default => $ensure, + } + + service { 'systemd-resolved': + ensure => $ensure, + enable => $_enable_resolved, + } + + $_resolv_conf_target = $use_stub_resolver ? { + true => '/run/systemd/resolve/stub-resolv.conf', + default => '/run/systemd/resolve/resolv.conf', + } + file { '/etc/resolv.conf': + ensure => 'symlink', + target => $_resolv_conf_target, + require => Service['systemd-resolved'], + } + + if $dns { + if $dns =~ String { + $_dns = $dns + } else { + $_dns = join($dns, ' ') + } + ini_setting{ 'dns': + ensure => 'present', + value => $_dns, + setting => 'DNS', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + if $fallback_dns { + if $fallback_dns =~ String { + $_fallback_dns = $fallback_dns + } else { + $_fallback_dns = join($fallback_dns, ' ') + } + ini_setting{ 'fallback_dns': + ensure => 'present', + value => $_fallback_dns, + setting => 'FallbackDNS', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + if $domains { + if $domains =~ String { + $_domains = $domains + } else { + $_domains = join($domains, ' ') + } + ini_setting{ 'domains': + ensure => 'present', + value => $_domains, + setting => 'Domains', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + $_llmnr = $llmnr ? { + true => 'yes', + false => 'no', + default => $llmnr, + } + + if $_llmnr { + ini_setting{ 'llmnr': + ensure => 'present', + value => $_llmnr, + setting => 'LLMNR', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + $_multicast_dns = $multicast_dns ? { + true => 'yes', + false => 'no', + default => $multicast_dns, + } + + if $_multicast_dns { + ini_setting{ 'multicast_dns': + ensure => 'present', + value => $_multicast_dns, + setting => 'MulticastDNS', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + $_dnssec = $dnssec ? { + true => 'yes', + false => 'no', + default => $dnssec, + } + + if $_dnssec { + ini_setting{ 'dnssec': + ensure => 'present', + value => $_dnssec, + setting => 'DNSSEC', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + $_cache = $cache ? { + true => 'yes', + false => 'no', + } + + if $cache { + ini_setting{ 'cache': + ensure => 'present', + value => $_cache, + setting => 'Cache', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + + $_dns_stub_listener = $dns_stub_listener ? { + true => 'yes', + false => 'no', + default => $dns_stub_listener, + } + + if $_dns_stub_listener { + ini_setting{ 'dns_stub_listener': + ensure => 'present', + value => $_dns_stub_listener, + setting => 'DNSStubListener', + section => 'Resolve', + path => '/etc/systemd/resolved.conf', + notify => Service['systemd-resolved'], + } + } + +}