From 065af2fbf6d59747e3e310add7aec8c6f4dc3425 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 7 Jul 2019 11:23:19 +0200 Subject: [PATCH] move ACLs for 3rd party things from the named.conf.options template to named.conf.puppet-misc --- modules/named/manifests/primary.pp | 6 +++ .../named.conf.external-secondaries-ACLs.erb | 50 +++++++++++++++++++ .../named/templates/named.conf.options.erb | 46 ----------------- 3 files changed, 56 insertions(+), 46 deletions(-) create mode 100644 modules/named/templates/named.conf.external-secondaries-ACLs.erb diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp index 29f2d6278..fd428ac48 100644 --- a/modules/named/manifests/primary.pp +++ b/modules/named/manifests/primary.pp @@ -11,4 +11,10 @@ class named::primary inherits named::authoritative { content => template('named/named.conf.debian-zones.erb'), notify => Service['bind9'], } + + concat::fragment { 'dsa-named-conf-puppet-misc---named.conf.external-secondaries-ACLs': + target => '/etc/bind/named.conf.puppet-misc', + order => '010', + content => template('named/named.conf.external-secondaries-ACLs.erb'), + } } diff --git a/modules/named/templates/named.conf.external-secondaries-ACLs.erb b/modules/named/templates/named.conf.external-secondaries-ACLs.erb new file mode 100644 index 000000000..1b75a83fc --- /dev/null +++ b/modules/named/templates/named.conf.external-secondaries-ACLs.erb @@ -0,0 +1,50 @@ +// +// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +// +// it comes from named.conf.external-secondaries-ACLs.erb +// + +masters "easydns-masters" { + // https://cp.easydns.com/manage/domains/secondary/edit.php + 64.68.200.91; + 205.210.42.80; +}; +acl "easydns-ACL" { + // https://cp.easydns.com/manage/domains/secondary/edit.php + 64.68.200.91/32; + 205.210.42.80/32; + key 82.195.75.91-key ; +}; + +masters "rcode0-masters" { + 83.136.34.7; // rcode0.net ipv4 ntfy + 2A02:850:8::6; // rcode0.net ipv6 ntfy +}; +acl "rcode0-ACL" { + 83.136.34.0/27; // rcode0.net ipv4 axfr + 2A02:850:8::/47; // rcode0.net ipv6 axfr +}; + +masters "dnsnode-masters" { + 192.36.144.222; // zork-b.sth.dnsnode.net + 192.36.144.218; // zork-c.sth.dnsnode.net +}; +acl "dnsnode-ACL" { + 192.36.144.222; // zork-b.sth.dnsnode.net + 192.36.144.218; // zork-c.sth.dnsnode.net +}; + +masters "dnsnodeapi-masters" { + 194.146.105.24; // zorknds-b.sth.dnsnode.net + 2a01:3f0:0:27::24; + 194.146.105.25; // zorknds-c.sth.dnsnode.net + 2a01:3f0:0:28::25; +}; +acl "dnsnodeapi-ACL" { + // 194.146.105.24; // zorknds-b.sth.dnsnode.net + // 2a01:3f0:0:27::24; + // 194.146.105.25; // zorknds-c.sth.dnsnode.net + // 2a01:3f0:0:28::25; + key netnod-debian-20171122 ; +}; diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb index 4a4627e39..cfb1a704c 100644 --- a/modules/named/templates/named.conf.options.erb +++ b/modules/named/templates/named.conf.options.erb @@ -68,51 +68,5 @@ logging { }; -<% if scope.function_has_role(['dns_primary']) -%> -masters "easydns-masters" { - // https://cp.easydns.com/manage/domains/secondary/edit.php - 64.68.200.91; - 205.210.42.80; -}; -acl "easydns-ACL" { - // https://cp.easydns.com/manage/domains/secondary/edit.php - 64.68.200.91/32; - 205.210.42.80/32; - key 82.195.75.91-key ; -}; - -masters "rcode0-masters" { - 83.136.34.7; // rcode0.net ipv4 ntfy - 2A02:850:8::6; // rcode0.net ipv6 ntfy -}; -acl "rcode0-ACL" { - 83.136.34.0/27; // rcode0.net ipv4 axfr - 2A02:850:8::/47; // rcode0.net ipv6 axfr -}; - -masters "dnsnode-masters" { - 192.36.144.222; // zork-b.sth.dnsnode.net - 192.36.144.218; // zork-c.sth.dnsnode.net -}; -acl "dnsnode-ACL" { - 192.36.144.222; // zork-b.sth.dnsnode.net - 192.36.144.218; // zork-c.sth.dnsnode.net -}; - -masters "dnsnodeapi-masters" { - 194.146.105.24; // zorknds-b.sth.dnsnode.net - 2a01:3f0:0:27::24; - 194.146.105.25; // zorknds-c.sth.dnsnode.net - 2a01:3f0:0:28::25; -}; -acl "dnsnodeapi-ACL" { - // 194.146.105.24; // zorknds-b.sth.dnsnode.net - // 2a01:3f0:0:27::24; - // 194.146.105.25; // zorknds-c.sth.dnsnode.net - // 2a01:3f0:0:28::25; - key netnod-debian-20171122 ; -}; -<% end -%> - include "/etc/bind/named.conf.puppet-shared-keys"; include "/etc/bind/named.conf.puppet-misc"; -- 2.20.1