X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Funbound%2Fmanifests%2Finit.pp;h=f01b7fd74a370a889c2cfacdbc7c5eecb3b4b001;hb=a24bed77913f23c0550f6f5d8287cb6c8ba9f4ed;hp=8e5d31d0310490a2fa368371be4028ea8cdd5cc8;hpb=e8b3bd0ebf1fc5f3e3c091b0a993eba74adfaea9;p=mirror%2Fdsa-puppet.git

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 8e5d31d03..f01b7fd74 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -14,6 +14,7 @@ class unbound {
             ensure  => directory,
             owner   => unbound,
             group   => unbound,
+            require => Package["unbound"],
             mode    => 775,
             ;
         "/var/lib/unbound/root.key":
@@ -23,7 +24,6 @@ class unbound {
             group   => unbound,
             mode    => 644,
             source  => [ "puppet:///modules/unbound/root.key" ],
-            notify  => Exec["unbound restart"],
             ;
         "/var/lib/unbound/debian.org.key":
             ensure  => present,
@@ -32,11 +32,10 @@ class unbound {
             group   => unbound,
             mode    => 644,
             source  => [ "puppet:///modules/unbound/debian.org.key" ],
-            notify  => Exec["unbound restart"],
             ;
         "/etc/unbound/unbound.conf":
             content => template("unbound/unbound.conf.erb"),
-            require => Package["unbound"],
+            require => [ Package["unbound"], File['/var/lib/unbound/root.key'],  File['/var/lib/unbound/debian.org.key'] ],
             notify  => Exec["unbound restart"],
             owner   => root,
             group   => root,
@@ -48,15 +47,15 @@ class unbound {
             case getfromhash($nodeinfo, 'hoster', 'allow_dns_query') {
                 false: {}
                 default: {
-                    @ferm::rule { "dsa-bind":
+                    @ferm::rule { "dsa-dns":
                         domain          => "ip",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
-                    @ferm::rule { "dsa-bind":
+                    @ferm::rule { "dsa-dns6":
                         domain          => "ip6",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
                 }
             }