X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnamed%2Fmanifests%2Fgeodns.pp;h=49a9663da1a2a5e1a8a4baac57454d4e13036b66;hb=368e147f10b8e748f7e171a15568a94d79599039;hp=d9684f3dbc07509640148d4592dcc5bbf5631c3f;hpb=e34d8e0cd1246d068196493701922e4e1645b9e6;p=mirror%2Fdsa-puppet.git diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index d9684f3db..49a9663da 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -1,68 +1,63 @@ class named::geodns inherits named { - munin::check { 'bind_views': - script => bind - } + munin::check { 'bind_views': + script => bind + } - package { 'geoip-database': - ensure => installed, - } + package { 'geoip-database': + ensure => installed, + } - file { '/etc/bind/': - ensure => directory, - group => bind, - mode => '2755', - require => Package['bind9'], - notify => Service['bind9'], - } - file { '/etc/bind/geodns': - ensure => directory, - mode => '0755', - } - file { '/etc/bind/named.conf.local': - source => 'puppet:///modules/named/common/named.conf.local', - notify => Service['bind9'], - } - if (versioncmp($::lsbmajdistrelease, '9') >= 0) { - file { '/etc/bind/named.conf.acl': - source => 'puppet:///modules/named/common/named.conf.acl', - notify => Service['bind9'], - } - } else { - file { '/etc/bind/named.conf.acl': - source => 'puppet:///modules/named/common/named.conf.acl.bind99', - notify => Service['bind9'], - } - } - file { '/etc/bind/geodns/zonefiles': - ensure => directory, - owner => geodnssync, - group => geodnssync, - mode => '2755', - } - file { '/etc/bind/geodns/named.conf.geo': - source => 'puppet:///modules/named/common/named.conf.geo', - notify => Service['bind9'], - } - file { '/etc/bind/geodns/trigger': - mode => '0555', - source => 'puppet:///modules/named/common/trigger', - } - file { '/etc/ssh/userkeys/geodnssync': - source => 'puppet:///modules/named/common/authorized_keys', - group => geodnssync, - mode => '0440', - } - file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } - concat::fragment { 'dsa-puppet-stuff--geodns-boot': - target => '/etc/cron.d/dsa-puppet-stuff', - content => @(EOF) - @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null - | EOF - } + file { '/etc/bind/': + ensure => directory, + group => bind, + mode => '2755', + require => Package['bind9'], + notify => Service['bind9'], + } + file { '/etc/bind/geodns': + ensure => directory, + mode => '0755', + } + file { '/etc/bind/named.conf.local': + source => 'puppet:///modules/named/common/named.conf.local', + notify => Service['bind9'], + } + if (versioncmp($::lsbmajdistrelease, '9') >= 0) { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl', + notify => Service['bind9'], + } + } else { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl.bind99', + notify => Service['bind9'], + } + } + file { '/etc/bind/geodns/zonefiles': + ensure => directory, + owner => geodnssync, + group => geodnssync, + mode => '2755', + } + file { '/etc/bind/geodns/named.conf.geo': + source => 'puppet:///modules/named/common/named.conf.geo', + notify => Service['bind9'], + } + file { '/etc/bind/geodns/trigger': + mode => '0555', + source => 'puppet:///modules/named/common/trigger', + } + file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } + concat::fragment { 'puppet-crontab--geodns-boot': + target => '/etc/cron.d/puppet-crontab', + content => @(EOF) + @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null + | EOF + } - @ferm::rule { '01-dsa-bind': - domain => '(ip ip6)', - description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE(53)' - } + ferm::rule::simple { '01-dsa-bind': + description => 'Allow nameserver access', + proto => ['udp', 'tcp'], + port => 'domain', + } }