From f367a8ac9aedb04b08015529a445b1869a46ccb5 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 9 Oct 2018 20:07:04 +0200
Subject: [PATCH] Do not put our 29.172.in-addr.arpa zone into unbound configs
 behind fascist firewalls, 3

---
 modules/unbound/manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 79f172a52..0d24653fd 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -57,7 +57,7 @@ class unbound {
 	}
 	file { '/var/lib/unbound/29.172.in-addr.arpa.key':
 		ensure  => $firewall_blocks_dns ? { true  => 'absent', default => 'present' },
-		replace => false,
+		replace => $firewall_blocks_dns ? { true  => true, default => false },
 		owner   => unbound,
 		group   => unbound,
 		mode    => '0644',
-- 
2.20.1