X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnamed%2Fmanifests%2Fgeodns.pp;h=b12ed7f9b61d526de866d373ae4e27eaca68469f;hb=29cbe59430d1e7d7d5575579b48513c56227e2f7;hp=f8be4859a3922df235200bec70f287b8b92fb470;hpb=44688b3127634f8a9369c6419f45a706a39ee628;p=mirror%2Fdsa-puppet.git

diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index f8be4859a..b12ed7f9b 100644
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -7,13 +7,6 @@ class named::geodns inherits named {
 		ensure => installed,
 	}
 
-	#site::aptrepo { 'geoip':
-	#	url        => 'http://db.debian.org/debian-admin',
-	#	suite      => 'lenny-bind-geoip',
-	#	components => 'main',
-	#}
-	site::aptrepo { 'geoip': ensure => absent }
-
 	file { '/etc/bind/':
 		ensure  => directory,
 		group  => bind,
@@ -25,10 +18,6 @@ class named::geodns inherits named {
 		ensure => directory,
 		mode   => '0755',
 	}
-	file { '/etc/bind/named.conf.options':
-		content => template('named/named.conf.options.erb'),
-		notify  => Service['bind9'],
-	}
 	file { '/etc/bind/named.conf.local':
 		source => 'puppet:///modules/named/common/named.conf.local',
 		notify  => Service['bind9'],
@@ -58,11 +47,6 @@ class named::geodns inherits named {
 		mode   => '0555',
 		source => 'puppet:///modules/named/common/trigger',
 	}
-	file { '/etc/ssh/userkeys/geodnssync':
-		source => 'puppet:///modules/named/common/authorized_keys',
-		group  => geodnssync,
-		mode   => '0440',
-	}
 	file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
 	concat::fragment { 'dsa-puppet-stuff--geodns-boot':
 		target => '/etc/cron.d/dsa-puppet-stuff',
@@ -70,4 +54,10 @@ class named::geodns inherits named {
 			@reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null
 			| EOF
 	}
+
+	ferm::rule { '01-dsa-bind':
+		domain      => '(ip ip6)',
+		description => 'Allow nameserver access',
+		rule        => '&TCP_UDP_SERVICE(53)'
+	}
 }