From: Peter Palfrader Date: Mon, 16 Sep 2019 05:59:35 +0000 (+0200) Subject: whitespace/quoting: modules/named/manifests/ (make lint happy) X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=1a8153431c3370785f9a1c9b335dd4420a2daa9b;p=mirror%2Fdsa-puppet.git whitespace/quoting: modules/named/manifests/ (make lint happy) --- diff --git a/modules/named/manifests/authoritative.pp b/modules/named/manifests/authoritative.pp index 08b9236fc..6312b5a7b 100644 --- a/modules/named/manifests/authoritative.pp +++ b/modules/named/manifests/authoritative.pp @@ -1,7 +1,7 @@ class named::authoritative inherits named { - file { '/etc/bind/named.conf.shared-keys': - mode => '0640', - owner => root, - group => bind, - } + file { '/etc/bind/named.conf.shared-keys': + mode => '0640', + owner => root, + group => bind, + } } diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index ef2fa14cc..1611be13f 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -1,63 +1,63 @@ class named::geodns inherits named { - munin::check { 'bind_views': - script => bind - } + munin::check { 'bind_views': + script => bind + } - package { 'geoip-database': - ensure => installed, - } + package { 'geoip-database': + ensure => installed, + } - file { '/etc/bind/': - ensure => directory, - group => bind, - mode => '2755', - require => Package['bind9'], - notify => Service['bind9'], - } - file { '/etc/bind/geodns': - ensure => directory, - mode => '0755', - } - file { '/etc/bind/named.conf.local': - source => 'puppet:///modules/named/common/named.conf.local', - notify => Service['bind9'], - } - if (versioncmp($::lsbmajdistrelease, '9') >= 0) { - file { '/etc/bind/named.conf.acl': - source => 'puppet:///modules/named/common/named.conf.acl', - notify => Service['bind9'], - } - } else { - file { '/etc/bind/named.conf.acl': - source => 'puppet:///modules/named/common/named.conf.acl.bind99', - notify => Service['bind9'], - } - } - file { '/etc/bind/geodns/zonefiles': - ensure => directory, - owner => geodnssync, - group => geodnssync, - mode => '2755', - } - file { '/etc/bind/geodns/named.conf.geo': - source => 'puppet:///modules/named/common/named.conf.geo', - notify => Service['bind9'], - } - file { '/etc/bind/geodns/trigger': - mode => '0555', - source => 'puppet:///modules/named/common/trigger', - } - file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } - concat::fragment { 'puppet-crontab--geodns-boot': - target => '/etc/cron.d/puppet-crontab', - content => @(EOF) - @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null - | EOF - } + file { '/etc/bind/': + ensure => directory, + group => bind, + mode => '2755', + require => Package['bind9'], + notify => Service['bind9'], + } + file { '/etc/bind/geodns': + ensure => directory, + mode => '0755', + } + file { '/etc/bind/named.conf.local': + source => 'puppet:///modules/named/common/named.conf.local', + notify => Service['bind9'], + } + if (versioncmp($::lsbmajdistrelease, '9') >= 0) { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl', + notify => Service['bind9'], + } + } else { + file { '/etc/bind/named.conf.acl': + source => 'puppet:///modules/named/common/named.conf.acl.bind99', + notify => Service['bind9'], + } + } + file { '/etc/bind/geodns/zonefiles': + ensure => directory, + owner => geodnssync, + group => geodnssync, + mode => '2755', + } + file { '/etc/bind/geodns/named.conf.geo': + source => 'puppet:///modules/named/common/named.conf.geo', + notify => Service['bind9'], + } + file { '/etc/bind/geodns/trigger': + mode => '0555', + source => 'puppet:///modules/named/common/trigger', + } + file { '/etc/cron.d/dsa-boot-geodnssync': ensure => absent; } + concat::fragment { 'puppet-crontab--geodns-boot': + target => '/etc/cron.d/puppet-crontab', + content => @(EOF) + @reboot geodnssync sleep 1m && /etc/bind/geodns/trigger > /dev/null + | EOF + } - ferm::rule { '01-dsa-bind': - domain => '(ip ip6)', - description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE(53)' - } + ferm::rule { '01-dsa-bind': + domain => '(ip ip6)', + description => 'Allow nameserver access', + rule => '&TCP_UDP_SERVICE(53)' + } } diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp index 361ffaa40..3bf63d0d4 100644 --- a/modules/named/manifests/init.pp +++ b/modules/named/manifests/init.pp @@ -1,64 +1,64 @@ class named { - munin::check { 'bind': } + munin::check { 'bind': } - package { 'bind9': - ensure => installed - } + package { 'bind9': + ensure => installed + } - service { 'bind9': - ensure => running, - } + service { 'bind9': + ensure => running, + } - ferm::rule { '00-dsa-bind-no-ddos-any': - domain => '(ip ip6)', - description => 'Allow nameserver access', - rule => 'proto udp dport 53 mod string from 32 to 64 algo bm hex-string \'|0000ff0001|\' jump DROP' - } + ferm::rule { '00-dsa-bind-no-ddos-any': + domain => '(ip ip6)', + description => 'Allow nameserver access', + rule => 'proto udp dport 53 mod string from 32 to 64 algo bm hex-string \'|0000ff0001|\' jump DROP' + } - ferm::rule { 'dsa-bind-notrack': - domain => '(ip ip6)', - description => 'NOTRACK for nameserver traffic', - table => 'raw', - chain => 'PREROUTING', - rule => 'proto (tcp udp) dport 53 jump NOTRACK' - } + ferm::rule { 'dsa-bind-notrack': + domain => '(ip ip6)', + description => 'NOTRACK for nameserver traffic', + table => 'raw', + chain => 'PREROUTING', + rule => 'proto (tcp udp) dport 53 jump NOTRACK' + } - ferm::rule { 'dsa-bind-notrack-out': - domain => '(ip ip6)', - description => 'NOTRACK for nameserver traffic', - table => 'raw', - chain => 'OUTPUT', - rule => 'proto (tcp udp) sport 53 jump NOTRACK' - } + ferm::rule { 'dsa-bind-notrack-out': + domain => '(ip ip6)', + description => 'NOTRACK for nameserver traffic', + table => 'raw', + chain => 'OUTPUT', + rule => 'proto (tcp udp) sport 53 jump NOTRACK' + } - file { '/var/log/bind9': - ensure => directory, - owner => bind, - group => bind, - mode => '0775', - } + file { '/var/log/bind9': + ensure => directory, + owner => bind, + group => bind, + mode => '0775', + } - file { '/etc/bind/named.conf.options': - content => template('named/named.conf.options.erb'), - notify => Service['bind9'], - } + file { '/etc/bind/named.conf.options': + content => template('named/named.conf.options.erb'), + notify => Service['bind9'], + } - file { '/etc/bind/named.conf.puppet-shared-keys': - mode => '0640', - content => template('named/named.conf.puppet-shared-keys.erb'), - owner => root, - group => bind, - notify => Service['bind9'], - } + file { '/etc/bind/named.conf.puppet-shared-keys': + mode => '0640', + content => template('named/named.conf.puppet-shared-keys.erb'), + owner => root, + group => bind, + notify => Service['bind9'], + } - concat { '/etc/bind/named.conf.puppet-misc': - notify => Service['bind9'], - } - concat::fragment { 'dsa-named-conf-puppet-misc---header': - target => '/etc/bind/named.conf.puppet-misc', - order => '000', - content => @(EOF) - // THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. - | EOF - } + concat { '/etc/bind/named.conf.puppet-misc': + notify => Service['bind9'], + } + concat::fragment { 'dsa-named-conf-puppet-misc---header': + target => '/etc/bind/named.conf.puppet-misc', + order => '000', + content => @(EOF) + // THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. + | EOF + } } diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp index 88d4f0f05..046fd9d49 100644 --- a/modules/named/manifests/primary.pp +++ b/modules/named/manifests/primary.pp @@ -1,67 +1,66 @@ class named::primary inherits named::authoritative { - include dnsextras::entries + include dnsextras::entries - ferm::rule { '01-dsa-bind-4': - domain => '(ip ip6)', - description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )', - } + ferm::rule { '01-dsa-bind-4': + domain => '(ip ip6)', + description => 'Allow nameserver access', + rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )', + } - concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys': - target => '/etc/bind/named.conf.puppet-misc', - order => '020', - content => @(EOF), - include "/etc/bind/named.conf.shared-keys"; - | EOF - } - concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs': - target => '/etc/bind/named.conf.puppet-misc', - order => '025', - content => template('named/named.conf.external-secondaries-ACLs.erb'), - } + concat::fragment { 'dsa-named-conf-puppet-misc---local-shared-keys': + target => '/etc/bind/named.conf.puppet-misc', + order => '020', + content => @(EOF), + include "/etc/bind/named.conf.shared-keys"; + | EOF + } + concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs': + target => '/etc/bind/named.conf.puppet-misc', + order => '025', + content => template('named/named.conf.external-secondaries-ACLs.erb'), + } - concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone': - target => '/etc/bind/named.conf.puppet-misc', - order => '020', - content => @("EOF"/$) - // MAINTAIN-KEY: _openpgpkey.debian.org + concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone': + target => '/etc/bind/named.conf.puppet-misc', + order => '020', + content => @("EOF"/$) + // MAINTAIN-KEY: _openpgpkey.debian.org - zone "_openpgpkey.debian.org" { - type slave; - file "db._openpgpkey.debian.org"; - allow-query { any; }; - masters { - ${ join(getfromhash($deprecated::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ; - }; - allow-transfer { - 127.0.0.1; - rcode0-ACL; - dnsnode-ACL; - dnsnodeapi-ACL; - }; - also-notify { - rcode0-masters; - dnsnode-masters; - dnsnodeapi-masters; - }; + zone "_openpgpkey.debian.org" { + type slave; + file "db._openpgpkey.debian.org"; + allow-query { any; }; + masters { + ${ join(getfromhash($deprecated::allnodeinfo, 'kaufmann.debian.org', 'ipHostNumber'), ";") } ; + }; + allow-transfer { + 127.0.0.1; + rcode0-ACL; + dnsnode-ACL; + dnsnodeapi-ACL; + }; + also-notify { + rcode0-masters; + dnsnode-masters; + dnsnodeapi-masters; + }; - key-directory "/srv/dns.debian.org/var/keys/_openpgpkey.debian.org"; - sig-validity-interval 40 25; - auto-dnssec maintain; - inline-signing yes; - }; - | EOF - } + key-directory "/srv/dns.debian.org/var/keys/_openpgpkey.debian.org"; + sig-validity-interval 40 25; + auto-dnssec maintain; + inline-signing yes; + }; + | EOF + } - concat::fragment { 'puppet-crontab--nsec3': - target => '/etc/cron.d/puppet-crontab', - content => @(EOF) - 13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net - 29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org - 32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org - 36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org - - | EOF - } + concat::fragment { 'puppet-crontab--nsec3': + target => '/etc/cron.d/puppet-crontab', + content => @(EOF) + 13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net + 29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org + 32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org + 36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org + | EOF + } }