X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fnamed%2Fmanifests%2Fgeodns.pp;h=d9684f3dbc07509640148d4592dcc5bbf5631c3f;hb=5a9ed83676844b312533a2011e5d21a3242f430c;hp=7e3ac019ac561224d49cb74ef766147cb040236c;hpb=5f7e9b2a528a64883641f38558c028ae4b1967f0;p=mirror%2Fdsa-puppet.git

diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index 7e3ac019a..d9684f3db 100644
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -3,8 +3,8 @@ class named::geodns inherits named {
 		script => bind
 	}
 
-	site::aptrepo { 'geoip':
-		content => template('debian-org/etc/apt/sources.list.d/geoip.list.erb'),
+	package { 'geoip-database':
+		ensure => installed,
 	}
 
 	file { '/etc/bind/':
@@ -18,14 +18,20 @@ class named::geodns inherits named {
 		ensure => directory,
 		mode   => '0755',
 	}
-	file { '/etc/bind/named.conf.options':
-		content => template('named/named.conf.options.erb'),
-	}
 	file { '/etc/bind/named.conf.local':
 		source => 'puppet:///modules/named/common/named.conf.local',
+		notify  => Service['bind9'],
 	}
-	file { '/etc/bind/named.conf.acl':
-		source => 'puppet:///modules/named/common/named.conf.acl',
+        if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
+		file { '/etc/bind/named.conf.acl':
+			source => 'puppet:///modules/named/common/named.conf.acl',
+			notify  => Service['bind9'],
+		}
+	} else {
+		file { '/etc/bind/named.conf.acl':
+			source => 'puppet:///modules/named/common/named.conf.acl.bind99',
+			notify  => Service['bind9'],
+		}
 	}
 	file { '/etc/bind/geodns/zonefiles':
 		ensure => directory,
@@ -35,6 +41,7 @@ class named::geodns inherits named {
 	}
 	file { '/etc/bind/geodns/named.conf.geo':
 		source => 'puppet:///modules/named/common/named.conf.geo',
+		notify  => Service['bind9'],
 	}
 	file { '/etc/bind/geodns/trigger':
 		mode   => '0555',
@@ -45,7 +52,17 @@ class named::geodns inherits named {
 		group  => geodnssync,
 		mode   => '0440',
 	}
-	file { '/etc/cron.d/dsa-boot-geodnssync':
-		source => 'puppet:///modules/named/common/cron-geo'
+	file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; }
+	concat::fragment { 'dsa-puppet-stuff--geodns-boot':
+		target => '/etc/cron.d/dsa-puppet-stuff',
+		content  => @(EOF)
+			@reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null
+			| EOF
+	}
+
+	@ferm::rule { '01-dsa-bind':
+		domain      => '(ip ip6)',
+		description => 'Allow nameserver access',
+		rule        => '&TCP_UDP_SERVICE(53)'
 	}
 }