diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-05-05 00:31:37 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-05-05 00:31:37 +0200 |
commit | eb38e6252b3c52a44d0d33679b3bc3178674c7f8 (patch) | |
tree | b7958e38f9893c347af4c04a53f65a103cef3292 | |
parent | Initial commit (diff) | |
download | dns-eb38e6252b3c52a44d0d33679b3bc3178674c7f8.tar.gz dns-eb38e6252b3c52a44d0d33679b3bc3178674c7f8.tar.xz |
Everything
-rw-r--r-- | .puppet-lint.rc | 1 | ||||
-rw-r--r-- | .rubocop.yml | 519 | ||||
-rw-r--r-- | Gemfile | 63 | ||||
-rw-r--r-- | Gemfile.lock | 511 | ||||
-rw-r--r-- | LICENSE | 202 | ||||
-rw-r--r-- | data/os/Archlinux.yaml | 3 | ||||
-rw-r--r-- | data/os/debian.yaml | 7 | ||||
-rw-r--r-- | functions/convert_to_rname.pp | 10 | ||||
-rw-r--r-- | functions/ensure_ending_period.pp | 8 | ||||
-rw-r--r-- | lib/facter/dns_zone_serial.rb | 20 | ||||
-rw-r--r-- | manifests/init.pp | 94 | ||||
-rw-r--r-- | manifests/key.pp | 23 | ||||
-rw-r--r-- | manifests/record.pp | 48 | ||||
-rw-r--r-- | manifests/zone.pp | 122 | ||||
-rw-r--r-- | metadata.json | 26 | ||||
-rw-r--r-- | pdk.yaml | 2 | ||||
-rw-r--r-- | templates/key.epp | 8 | ||||
-rw-r--r-- | templates/named-rndc.conf.epp | 5 | ||||
-rw-r--r-- | templates/named.conf.epp | 13 | ||||
-rw-r--r-- | templates/zone.epp | 24 | ||||
-rw-r--r-- | templates/zoneconf.epp | 20 | ||||
-rw-r--r-- | types/class.pp | 6 | ||||
-rw-r--r-- | types/keyentry.pp | 4 | ||||
-rw-r--r-- | types/recordentry.pp | 7 | ||||
-rw-r--r-- | types/rr.pp | 91 | ||||
-rw-r--r-- | types/ttl.pp | 6 | ||||
-rw-r--r-- | types/zoneentry.pp | 6 |
27 files changed, 1849 insertions, 0 deletions
diff --git a/.puppet-lint.rc b/.puppet-lint.rc new file mode 100644 index 0000000..cc96ece --- /dev/null +++ b/.puppet-lint.rc @@ -0,0 +1 @@ +--relative diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..31e8248 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,519 @@ +--- +require: +- rubocop-performance +- rubocop-rspec +AllCops: + DisplayCopNames: true + TargetRubyVersion: '2.5' + Include: + - "**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - "**/Gemfile" + - "**/Rakefile" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Layout/LineLength: + Description: People have wide screens, use them. + Max: 200 +RSpec/BeforeAfterAll: + Description: Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb +Style/BlockDelimiters: + Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInArrayLiteral: + Description: Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +Bundler/InsecureProtocolSource: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: + Enabled: false +Layout/EmptyComment: + Enabled: false +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: + Enabled: false +Layout/EndOfLine: + Enabled: false +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false +Layout/HeredocIndentation: + Enabled: false +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/BlockNesting: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Capybara/CurrentPathExpectation: + Enabled: false +RSpec/Capybara/FeatureMethods: + Enabled: false +RSpec/Capybara/VisibilityMatcher: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/FactoryBot/AttributeDefinedStatically: + Enabled: false +RSpec/FactoryBot/CreateList: + Enabled: false +RSpec/FactoryBot/FactoryClassName: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MissingExampleGroupArgument: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false +RSpec/NestedGroups: + Enabled: false +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false +Style/AsciiComments: + Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false +Style/SymbolProc: + Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + Enabled: false +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NilLambda: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/SwapValues: + Enabled: false @@ -0,0 +1,63 @@ +source ENV['GEM_SOURCE'] || 'https://rubygems.org' + +def location_for(place_or_version, fake_version = nil) + git_url_regex = %r{\A(?<url>(https?|git)[:@][^#]*)(#(?<branch>.*))?} + file_url_regex = %r{\Afile:\/\/(?<path>.*)} + + if place_or_version && (git_url = place_or_version.match(git_url_regex)) + [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) + ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] + else + [place_or_version, { require: false }] + end +end + +ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +minor_version = ruby_version_segments[0..1].join('.') + +group :development do + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "voxpupuli-puppet-lint-plugins", '>= 3.0', require: false +end +group :system_tests do + gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] + gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] +end + +puppet_version = ENV['PUPPET_GEM_VERSION'] +facter_version = ENV['FACTER_GEM_VERSION'] +hiera_version = ENV['HIERA_GEM_VERSION'] + +gems = {} + +gems['puppet'] = location_for(puppet_version) + +# If facter or hiera versions have been specified via the environment +# variables + +gems['facter'] = location_for(facter_version) if facter_version +gems['hiera'] = location_for(hiera_version) if hiera_version + +gems.each do |gem_name, gem_params| + gem gem_name, *gem_params +end + +# Evaluate Gemfile.local and ~/.gemfile if they exist +extra_gemfiles = [ + "#{__FILE__}.local", + File.join(Dir.home, '.gemfile'), +] + +extra_gemfiles.each do |gemfile| + if File.file?(gemfile) && File.readable?(gemfile) + eval(File.read(gemfile), binding) + end +end +# vim: syntax=ruby diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..e9e1ffd --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,511 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (2.3.6) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + ansi (1.5.0) + ast (2.4.2) + awesome_print (1.9.2) + aws-eventstream (1.2.0) + aws-partitions (1.591.0) + aws-sdk-core (3.131.1) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.525.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1, >= 1.6.1) + aws-sdk-ec2 (1.316.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.5.0) + aws-eventstream (~> 1, >= 1.0.2) + bcrypt_pbkdf (1.1.0) + bindata (2.4.10) + bolt (3.22.1) + CFPropertyList (~> 2.2) + addressable (~> 2.5) + aws-sdk-ec2 (~> 1) + concurrent-ruby (~> 1.0) + ffi (>= 1.9.25, < 2.0.0) + hiera-eyaml (~> 3) + jwt (~> 2.2) + logging (~> 2.2) + minitar (~> 0.6) + net-scp (~> 1.2) + net-ssh (>= 4.0) + net-ssh-krb (~> 0.5) + orchestrator_client (~> 0.5) + puppet (>= 6.18.0) + puppet-resource_api (>= 1.8.1) + puppet-strings (~> 2.3) + puppetfile-resolver (~> 0.5) + r10k (~> 3.10) + ruby_smb (~> 1.0) + terminal-table (~> 3.0) + winrm (~> 2.0) + winrm-fs (~> 1.3) + builder (3.2.4) + codecov (0.6.0) + simplecov (>= 0.15, < 0.22) + coderay (1.1.3) + colored2 (3.1.2) + concurrent-ruby (1.1.10) + connection_pool (2.2.5) + cri (2.15.11) + deep_merge (1.2.2) + dependency_checker (0.3.0) + parallel + puppet_forge (>= 2.2, < 4.0) + rake (~> 13.0) + semantic_puppet (~> 1.0) + diff-lcs (1.5.0) + docile (1.4.0) + docker-api (2.2.0) + excon (>= 0.47.0) + multi_json + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + ed25519 (1.3.0) + erubi (1.10.0) + excon (0.92.3) + facter (4.2.9) + hocon (~> 1.3) + thor (>= 1.0.1, < 2.0) + facterdb (1.16.1) + facter (< 5.0.0) + jgrep + faraday (1.10.0) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.0.3) + multipart-post (>= 1.2, < 3) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + faraday_middleware (1.2.0) + faraday (~> 1.0) + fast_gettext (1.1.2) + ffi (1.15.5) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake + forwardable (1.3.2) + gettext (3.4.3) + erubi + locale (>= 2.0.5) + prime + text (>= 1.3.0) + gettext-setup (0.31) + fast_gettext (~> 1.1.0) + gettext (>= 3.0.2) + locale + gssapi (1.3.1) + ffi (>= 1.0.1) + gyoku (1.4.0) + builder (>= 2.1.2) + rexml (~> 3.0) + hiera (3.9.0) + hiera-eyaml (3.3.0) + highline + optimist + highline (2.0.3) + hirb (0.7.3) + hocon (1.3.1) + honeycomb-beeline (2.10.0) + libhoney (>= 1.14.2) + http (5.0.4) + addressable (~> 2.8) + http-cookie (~> 1.0) + http-form_data (~> 2.2) + llhttp-ffi (~> 0.4.0) + http-accept (1.7.0) + http-cookie (1.0.4) + domain_name (~> 0.5) + http-form_data (2.3.0) + httpclient (2.8.3) + jgrep (1.5.4) + jmespath (1.6.1) + json (2.3.0) + json-schema (3.0.0) + addressable (>= 2.8) + jwt (2.2.3) + libhoney (2.2.0) + addressable (~> 2.0) + excon + http (>= 2.0, < 6.0) + little-plugger (1.1.4) + llhttp-ffi (0.4.0) + ffi-compiler (~> 1.0) + rake (~> 13.0) + locale (2.1.3) + log4r (1.1.10) + logging (2.3.1) + little-plugger (~> 1.1) + multi_json (~> 1.14) + metaclass (0.0.4) + metadata-json-lint (3.0.2) + json-schema (>= 2.8, < 4.0) + spdx-licenses (~> 1.0) + method_source (1.0.0) + mime-types (3.4.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2022.0105) + minitar (0.9) + mocha (1.1.0) + metaclass (~> 0.0.1) + molinillo (0.8.0) + multi_json (1.15.0) + multipart-post (2.1.1) + net-http-persistent (4.0.1) + connection_pool (~> 2.2) + net-scp (1.2.1) + net-ssh (>= 2.6.5) + net-ssh (6.1.0) + net-ssh-krb (0.5.1) + gssapi (~> 1.3.0) + net-ssh (>= 2.0) + net-telnet (0.1.1) + netrc (0.11.0) + nori (2.6.0) + optimist (3.0.1) + orchestrator_client (0.5.3) + faraday + net-http-persistent + parallel (1.22.1) + parallel_tests (3.10.1) + parallel + parser (3.1.2.0) + ast (~> 2.4.1) + pathspec (1.0.0) + pluginator (1.5.0) + prime (0.1.2) + forwardable + singleton + pry (0.14.1) + coderay (~> 1.1) + method_source (~> 1.0) + public_suffix (4.0.7) + puppet (7.16.0) + concurrent-ruby (~> 1.0) + deep_merge (~> 1.0) + facter (> 2.0.1, < 5) + fast_gettext (>= 1.1, < 3) + hiera (>= 3.2.1, < 4) + locale (~> 2.1) + multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + scanf (~> 1.0) + semantic_puppet (~> 1.0) + puppet-blacksmith (6.1.1) + puppet-modulebuilder (~> 0.2) + rest-client (~> 2.0) + puppet-debugger (1.2.0) + awesome_print (~> 1.7) + bundler + facterdb (>= 0.4.0) + pluginator (~> 1.5.0) + puppet (>= 5.5) + rb-readline (>= 0.5.5) + table_print (>= 1.0.0) + tty-pager (~> 0.13.0) + puppet-lint (2.5.2) + puppet-lint-absolute_classname-check (3.0.1) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-anchor-check (1.0.1) + puppet-lint (>= 1.1, < 3.0) + puppet-lint-classes_and_types_beginning_with_digits-check (1.0.0) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-file_ensure-check (1.0.0) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-leading_zero-check (1.0.0) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-legacy_facts-check (1.0.4) + puppet-lint (~> 2.4) + puppet-lint-lookup_in_parameter-check (1.0.0) + puppet-lint (~> 2.0) + puppet-lint-manifest_whitespace-check (0.1.17) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-optional_default-check (1.0.0) + puppet-lint (>= 2.1, < 3.0) + puppet-lint-param-docs (1.7.5) + puppet-lint (>= 1.1, < 3.0) + puppet-lint-param-types (0.0.1) + puppet-lint (>= 1.1, < 3.0) + puppet-lint-params_empty_string-check (1.0.0) + puppet-lint (~> 2.5) + puppet-lint-resource_reference_syntax (1.1.0) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-strict_indent-check (2.0.8) + puppet-lint (> 1.0) + puppet-lint-top_scope_facts-check (1.0.1) + puppet-lint (~> 2.0) + puppet-lint-topscope-variable-check (1.0.1) + puppet-lint (~> 2.0) + puppet-lint-trailing_comma-check (0.4.2) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-unquoted_string-check (2.1.0) + puppet-lint (>= 2.1, < 3.0) + puppet-lint-variable_contains_upcase (1.2.0) + puppet-lint (>= 1.0, < 3.0) + puppet-lint-version_comparison-check (1.0.0) + puppet-lint (>= 1.0, < 3.0) + puppet-module-posix-default-r2.7 (1.1.1) + puppet-module-posix-dev-r2.7 (1.1.1) + bcrypt_pbkdf (~> 1.0) + codecov (~> 0.2) + concurrent-ruby (!= 1.1.6) + dependency_checker (~> 0.2) + ed25519 (~> 1.2) + facterdb (>= 0.8.1, < 2.0.0) + metadata-json-lint (>= 2.0.2, < 4.0.0) + mocha (>= 1.0.0, < 1.2.0) + parallel_tests (~> 3.4) + pry (~> 0.10) + puppet-blacksmith (~> 6.0) + puppet-debugger (~> 1.0) + puppet-lint (>= 2.3.0, < 3.0.0) + puppet-resource_api (~> 1.8) + puppet-strings (~> 2.0) + puppet-syntax (~> 3.0) + puppetlabs_spec_helper (>= 2.9.0, < 4.0.0) + rainbow (~> 2.0) + rspec-puppet (>= 2.3.2, < 3.0.0) + rspec-puppet-facts (>= 1.10.0, < 3) + rspec_junit_formatter (~> 0.2) + rubocop (= 1.6.1) + rubocop-performance (= 1.9.1) + rubocop-rspec (= 2.0.1) + serverspec (~> 2.41) + simplecov (< 0.19.0) + simplecov-console (~> 0.4.2) + specinfra (= 2.82.2) + puppet-module-posix-system-r2.7 (1.1.1) + puppet_litmus (~> 0.20) + puppet-modulebuilder (0.3.0) + minitar (~> 0.9) + pathspec (>= 0.2.1, < 2.0.0) + puppet-resource_api (1.8.14) + hocon (>= 1.0) + puppet-strings (2.9.0) + rgen + yard (~> 0.9.5) + puppet-syntax (3.2.1) + puppet (>= 5) + rake + puppet_forge (3.2.0) + faraday (~> 1.3) + faraday_middleware (~> 1.0) + minitar + semantic_puppet (~> 1.0) + puppet_litmus (0.33.2) + bolt (>= 2.0.1, < 4.0.0) + docker-api (>= 1.34, < 3.0.0) + honeycomb-beeline + parallel + puppet-modulebuilder (>= 0.2.1, < 1.0.0) + retryable (~> 3.0) + rspec + rspec_honeycomb_formatter + tty-spinner (>= 0.5.0, < 1.0.0) + puppetfile-resolver (0.5.0) + molinillo (~> 0.6) + semantic_puppet (~> 1.0) + puppetlabs_spec_helper (3.0.0) + mocha (~> 1.0) + pathspec (>= 0.2.1, < 1.1.0) + puppet-lint (~> 2.0) + puppet-syntax (>= 2.0, < 4) + rspec-puppet (~> 2.0) + r10k (3.15.0) + colored2 (= 3.1.2) + cri (>= 2.15.10) + fast_gettext (>= 1.1.0, < 3.0.0) + gettext (>= 3.0.2, < 4.0.0) + gettext-setup (~> 0.24) + jwt (~> 2.2.3) + log4r (= 1.1.10) + minitar (~> 0.9) + multi_json (~> 1.10) + puppet_forge (>= 2.3.0) + rainbow (2.2.2) + rake + rake (13.0.6) + rb-readline (0.5.5) + regexp_parser (2.4.0) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + retryable (3.0.5) + rexml (3.2.5) + rgen (0.9.0) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.11.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-puppet (2.11.1) + rspec + rspec-puppet-facts (2.0.5) + facter + facterdb (>= 0.5.0) + puppet + rspec-support (3.11.0) + rspec_honeycomb_formatter (0.2.1) + honeycomb-beeline + rspec-core (~> 3.0) + rspec_junit_formatter (0.5.1) + rspec-core (>= 2, < 4, != 2.12.0) + rubocop (1.6.1) + parallel (~> 1.10) + parser (>= 2.7.1.5) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml + rubocop-ast (>= 1.2.0, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 2.0) + rubocop-ast (1.18.0) + parser (>= 3.1.1.0) + rubocop-performance (1.9.1) + rubocop (>= 0.90.0, < 2.0) + rubocop-ast (>= 0.4.0) + rubocop-rspec (2.0.1) + rubocop (~> 1.0) + rubocop-ast (>= 1.1.0) + ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) + ruby_smb (1.1.0) + bindata + rubyntlm + windows_error + rubyntlm (0.6.3) + rubyzip (2.3.2) + scanf (1.0.0) + semantic_puppet (1.0.4) + serverspec (2.42.0) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.72) + sfl (2.3) + simplecov (0.18.5) + docile (~> 1.1) + simplecov-html (~> 0.11) + simplecov-console (0.4.2) + ansi + hirb + simplecov + simplecov-html (0.12.3) + singleton (0.1.1) + spdx-licenses (1.3.0) + specinfra (2.82.2) + net-scp + net-ssh (>= 2.7) + net-telnet (= 0.1.1) + sfl + strings (0.1.8) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.2.0) + table_print (1.5.7) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + text (1.3.1) + thor (1.2.1) + tty-cursor (0.7.1) + tty-pager (0.13.0) + strings (~> 0.1.8) + tty-screen (~> 0.8) + tty-screen (0.8.1) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + unf (0.1.4) + unf_ext + unf_ext (0.0.8.1) + unicode-display_width (1.8.0) + unicode_utils (1.4.0) + voxpupuli-puppet-lint-plugins (3.0.0) + puppet-lint (>= 2.5.0) + puppet-lint-absolute_classname-check (>= 2.0.0) + puppet-lint-anchor-check + puppet-lint-classes_and_types_beginning_with_digits-check + puppet-lint-file_ensure-check + puppet-lint-leading_zero-check + puppet-lint-legacy_facts-check + puppet-lint-lookup_in_parameter-check + puppet-lint-manifest_whitespace-check + puppet-lint-optional_default-check + puppet-lint-param-docs + puppet-lint-param-types + puppet-lint-params_empty_string-check + puppet-lint-resource_reference_syntax + puppet-lint-strict_indent-check + puppet-lint-top_scope_facts-check + puppet-lint-topscope-variable-check + puppet-lint-trailing_comma-check + puppet-lint-unquoted_string-check + puppet-lint-variable_contains_upcase + puppet-lint-version_comparison-check + webrick (1.7.0) + windows_error (0.1.4) + winrm (2.3.6) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-fs (1.3.5) + erubi (~> 1.8) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 2.0) + winrm (~> 2.0) + yard (0.9.27) + webrick (~> 1.7.0) + +PLATFORMS + ruby + +DEPENDENCIES + json (= 2.3.0) + puppet (= 7.16.0) + puppet-module-posix-default-r2.7 (~> 1.0) + puppet-module-posix-dev-r2.7 (~> 1.0) + puppet-module-posix-system-r2.7 (~> 1.0) + puppet-module-win-default-r2.7 (~> 1.0) + puppet-module-win-dev-r2.7 (~> 1.0) + puppet-module-win-system-r2.7 (~> 1.0) + voxpupuli-puppet-lint-plugins (>= 3.0) + +BUNDLED WITH + 2.1.4 @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 Hugo Hörnquist + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/data/os/Archlinux.yaml b/data/os/Archlinux.yaml new file mode 100644 index 0000000..9b3ac1e --- /dev/null +++ b/data/os/Archlinux.yaml @@ -0,0 +1,3 @@ +--- +dns::packagename: bind +dns::servicename: named diff --git a/data/os/debian.yaml b/data/os/debian.yaml new file mode 100644 index 0000000..d10e5c2 --- /dev/null +++ b/data/os/debian.yaml @@ -0,0 +1,7 @@ +--- +dns::checkzone: /usr/sbin/named-checkzone +dns::chcekconf: /usr/sbin/named-checkconf +dns::rndc: /usr/sbin/rndc +dns::packagename: bind9 +dns::servicename: named +dns::rndc_confgen: /usr/sbin/rndc diff --git a/functions/convert_to_rname.pp b/functions/convert_to_rname.pp new file mode 100644 index 0000000..fc3113d --- /dev/null +++ b/functions/convert_to_rname.pp @@ -0,0 +1,10 @@ +# Converts regular email addresses to dns format +function dns::convert_to_rname(String $x) >> String { + $s = if $x =~ /([^@]*)@(.*)/ { + "${1}.${2}" + } else { + $x + } + + dns::ensure_ending_period($s) +} diff --git a/functions/ensure_ending_period.pp b/functions/ensure_ending_period.pp new file mode 100644 index 0000000..76c0003 --- /dev/null +++ b/functions/ensure_ending_period.pp @@ -0,0 +1,8 @@ +# Adds a period to end of string if not already present +function dns::ensure_ending_period(String $s) >> String { + if $s[-1] == '.' { + $s + } else { + "${s}." + } +} diff --git a/lib/facter/dns_zone_serial.rb b/lib/facter/dns_zone_serial.rb new file mode 100644 index 0000000..6aca94e --- /dev/null +++ b/lib/facter/dns_zone_serial.rb @@ -0,0 +1,20 @@ +require 'resolv' + +Facter.add(:dns_zone_serial) do + confine do + Facter.Util.Resolution.which('named-checkconf') + end + + setcode do + dns = Resolv::DNS.new(nameserver: ['localhost']) + zones = `named-checkconf -l` + .split("\n") + .map { |line| line.split(' ') } + .filter { |zone| zone.last == 'master' } + zone_map = {} + zones.map do |zone| + zone_map["#{zone[0]}."] = dns.getresource(zone[0], Resolv::DNS::Resource::IN::SOA).serial + end + zone_map + end +end diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..ebb161b --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,94 @@ +# @param config_file +# Bind9 configuration file +# @param directory +# Maps to bind9 directory. Base for all relative paths. +# @param checkzone +# Absolute path to named-checkzone binary +# @param checkconf +# Absolute path to named-checkconf binary +# @param packagename +# Name of the bind9 system package +# @param manage_package +# Should the bind9 system package be managed by this module. +# @param rndc +# Absolute path to rndc binary +# @param keys +# Dns::Key resources to create +# @param zones +# Dns::Zones resources to create +# @param rndc_key_file +# Location of rndc key. Note that this doesn't change where it ends up, but rather were we expect it to end up. +# Key will be generated through `rndc-confgen -a`. +# @param servicename +# Name of the system service to manage +# @param rndc_confgen +# Path to rndc-confgen binary +class dns ( + String $config_file = '/etc/named.conf', + # String $config_dir = '/etc/named.d', + String $rndc_key_file = '/etc/rndc.key', + String $directory = '/var/named', + String $checkzone = '/usr/bin/named-checkzone', + String $checkconf = '/usr/bin/named-checkconf', + Array[Dns::Keyentry] $keys = [], + Array[Dns::Zoneentry] $zones = [], + String $packagename = 'bind9', + Boolean $manage_package = true, + String $servicename = 'named', + String $rndc = '/usr/bin/rndc', + String $rndc_confgen = '/usr/bin/rndc-confgen', +) { + $zone_directory = "${directory}/zones" + $jnl_directory = "${directory}/journal" + + file { $zone_directory: + ensure => directory, + recurse => true, + purge => true, + } + + file { $jnl_directory: + ensure => directory, + } + + if $manage_package { + package { $packagename: + ensure => installed, + } + } + + service { $servicename: + ensure => running, + enable => true, + } + + create_resources(dns::key, $keys) + create_resources(dns::zone, $zones) + + # file { $config_dir: + # ensure => directory, + # recurse => true, + # } + + exec { 'Setup rndc key': + cmd => [$rndc_confgen, '-a'], + creates => $rndc_key_file, + } + + concat { $config_file: + ensure_newline => true, + warn => '; File managed by Puppet. Local changes WILL be overwritter', + validate_cmd => "${checkconf} %", + notify => Service[$servicename], + } + + concat::fragment { 'named.conf main configuration': + target => $config_file, + content => epp("${module_name}/named.conf.epp"), + } + + concat::fragment { 'named.conf rndc configuration': + target => $config_file, + content => epp("${module_name}/named-rndc.conf.epp"), + } +} diff --git a/manifests/key.pp b/manifests/key.pp new file mode 100644 index 0000000..866bc70 --- /dev/null +++ b/manifests/key.pp @@ -0,0 +1,23 @@ +# @summary A single dns key (for zone updates and the like) +# +# TODO add stuff to autogenerate these, and insntead dump them to individual files. +# +# @param algorithm +# Algorithm used, must match secret +# @param secret +# Secret hash, must match algorithm +# @param keyname +# Name of key +class dns::key ( + String $algorithm, + Option[String, Sensitive[String]] $secret, + String $keyname = $name, +) { + concat::fragment { "Dns::Key - ${keyname}": + content => epp("${module_name}/key.epp", { + keyname => $keyname, + algorithm => $algorithm, + secret => $secret, + }), + } +} diff --git a/manifests/record.pp b/manifests/record.pp new file mode 100644 index 0000000..83476a0 --- /dev/null +++ b/manifests/record.pp @@ -0,0 +1,48 @@ +# @param type +# Record type (A, AAAA, ...) +# @param class +# DNS class type (IN, HS, CH, HS) +# @param dns_name +# Name of record (example.com.) +# Note that the trailing period **IS** significant +# @param ttl +# TTL for record. +# @param duplicate +# Allow multiple records with the same name and class. +# Most record types only allow one value, but some allow multiple. +# Setting this to true allows for multiple. This value is +# automatically true for TXT & NS. +# @param zone +# Name of the zone this record belongs to. +# @param value +# Record content. +# Syntax depends on `type`. +define dns::record ( + String $zone, + Dns::Rr $type, + String $value, + Dns::Class $class = 'IN', + String $dns_name = $name, + Optional[Dns::Ttl] $ttl = undef, + Boolean $duplicate = false, +) { + $allow_duplicate = case $type { + 'TXT', + 'NS': { + true + } + default: { + false + } + } + + $frag_name = if $allow_duplicate { + "Dns::Record - ${zone} - ${class} ${type} ${dns_name} ${value}" + } else { + "Dns::Record - ${zone} - ${class} ${type} ${dns_name}" + } + + concat::fragment { $frag_name: + target => "${dns::zone_directory}/${zone}.db", + } +} diff --git a/manifests/zone.pp b/manifests/zone.pp new file mode 100644 index 0000000..2226994 --- /dev/null +++ b/manifests/zone.pp @@ -0,0 +1,122 @@ +# @param zone +# Domain this zone controls. +# @param mname +# Primary master +# @param rname +# mail to zone admin +# @param retry +# Retry value for zone +# @param expire +# Expire value for zone +# @param negative_ttl +# Negative ttl for zone +# @param default_ttl +# Default ttl for zone +# @param refresh +# Refresh value for SOA +# @param records +# Hash of records to create. Instanciates Dns::Record resources. +# @param ns +# List of nameservers for this zone. Creates Dns::Record resources +# with NS entries. +# @param type +# Zonetype. master, slave, ... +# @param update_policy +# A bind9 update policy, as a string. +# @param dynamic +# However if this zone should be treated as a dynamic zone. If +# enabled rndc freezes and thaws the zone around static updates. +# Otherwise the zone file will be directly changed, and simply +# reloaded afterwards. +# +# Defaults to true if an update_policy is set. +define dns::zone ( + String $mname, + String $rname, + + Dns::Ttl $refresh, + Dns::Ttl $retry, + Dns::Ttl $expire, + Dns::Ttl $negative_ttl, + Dns::Ttl $default_ttl, + + String $zone = $name, + + Array[Dns::RecordEntry] $records = [], + + Array[String] $ns = [], + + String $type = 'master', + + Optional[String] $update_policy = undef, + Boolean $dynamic = $update_policy != undef, +) { + $zone_ = dns::ensure_ending_period($zone) + + concat { "${dns::zone_directory}/${zone}.db": + validate_cmd => "${dns::checkzone} '${zone}' %", + ensure_newline => true, + require => if $dynamic { Exec["Dns::zone freeze ${zone}"] } else { undef }, + } + + $zone_serial = $facts.get("dns_zone_serial.'${zone_}'", 0) + + concat::fragment { "Dns::Record - ${zone} - SOA": + target => "${dns::zone_directory}/${zone}.db", + order => '01', + content => epp("${module_name}/zone.epp", { + zone => $zone_, + mname => dns::ensure_ending_period($mname), + rname => dns::convert_to_rname($rname), + serial => $zone_serial + 1, + refresh => $refresh, + expire => $expire, + negative_ttl => $negative_ttl, + default_ttl => $default_ttl, + }), + } + + concat::fragment { "Dns::Zone - ${zone}": + target => $dns::config_file, + content => epp("${module_name}/zoneconf.epp", { + zone => $zone_, + type => $type, + update_policy => $update_policy, + }), + } + + $ns.each |$ns| { + dns::record { "Dns::Zore - record - ${zone} NS ${ns}": + type => 'NS', + zone => $zone, + } + } + + $fixed_records = $records.each |$record| { + { "Dns::Zone - record - ${zone} - ${record['class']} ${record['type']} ${record['key']} ${record['value']}" + => $record + { dns_name => $record['key'] } } + } + + create_resources(dns::record, $fixed_records, { + zone => $zone, + }) + + if $dynamic { + exec { "Dns::zone freeze ${zone}": + command => [$dns::rndc, 'freeze', $zone], + refreshonly => true, + } + + exec { "Dns::zone thaw ${zone}": + command => [$dns::rndc, 'thaw', $zone], + refreshonly => true, + subscribe => Concat["${dns::zone_directory}/${zone}.db"], + } + } else { + exec { "Dns::zone reload ${zone}": + command => [$dns::rndc, 'reload', $zone], + refreshonly => true, + subscribe => Concat["${dns::zone_directory}/${zone}.db"], + } + } +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..f2843d8 --- /dev/null +++ b/metadata.json @@ -0,0 +1,26 @@ +{ + "name": "HugoNikanor-dns", + "version": "0.1.0", + "author": "Hugo Hörnquist", + "license": "Apache-2.0", + "summary": "Bind9, zonefiles and records. A complete DNS solution ", + "source": "https://git.hornquist.se/puppet/dns", + "dependencies": [ + { + "name": "puppetlabs/stdlib", + "version_requirement": ">= 8.1.0 < 9.0.0" + }, + { + "name": "puppetlabs/concat", + "version_requirement": ">= 7.2.0 < 8.0.0" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Archlinux" + } + ], + "pdk-version": "2.5.0", + "template-url": "pdk-default#2.5.0", + "template-ref": "tags/2.5.0-0-g369d483" +} diff --git a/pdk.yaml b/pdk.yaml new file mode 100644 index 0000000..4bef4bd --- /dev/null +++ b/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: [] diff --git a/templates/key.epp b/templates/key.epp new file mode 100644 index 0000000..b64ae76 --- /dev/null +++ b/templates/key.epp @@ -0,0 +1,8 @@ +<%- | String $keyname, + String $algorithm, + String $secret, + | -%> +key "<%= $keyname %>" { + algorithm <%= $algorithm %>; + secret "<%= $secret %>"; +}; diff --git a/templates/named-rndc.conf.epp b/templates/named-rndc.conf.epp new file mode 100644 index 0000000..5c56cce --- /dev/null +++ b/templates/named-rndc.conf.epp @@ -0,0 +1,5 @@ +include "<%= $dns::rndc_key_file %>"; + +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; +} diff --git a/templates/named.conf.epp b/templates/named.conf.epp new file mode 100644 index 0000000..c8f7fda --- /dev/null +++ b/templates/named.conf.epp @@ -0,0 +1,13 @@ +options { + directory "<%= $dns::zone_directory %>"; + forwarers { 8.8.8.8; 8.8.4.4; }; + recursion yes; + allow-query { any; }; + dnssec-validation yes; + + empty-zone-enable yes; + + listen-on-v6 { any; }; + + allow-recursion { localnets; localhost; }; +}; diff --git a/templates/zone.epp b/templates/zone.epp new file mode 100644 index 0000000..76fac34 --- /dev/null +++ b/templates/zone.epp @@ -0,0 +1,24 @@ +<%- | String $zone, + String $mname, + String $rname, + String $serial, + String $refresh, + String $retry, + String $expire, + String $negative_ttl, + String $default_ttl, + | -%> + +<%# The actual zonefile %> +; File managed by Puppet. +; Local changes WILL be overwritten! +$ORIGIN <%= $zone %> +$TTL <%= $default_ttl %> + +@ SOA <%= $mname %> <%= $rname %> ( + <%= $serial %> + <%= $refresh %> + <%= $retry %> + <%= $expire %> + <%= $negative_ttl %> + ) diff --git a/templates/zoneconf.epp b/templates/zoneconf.epp new file mode 100644 index 0000000..cb702be --- /dev/null +++ b/templates/zoneconf.epp @@ -0,0 +1,20 @@ +<%- | String $zone, + String $type, + String $update_policy, + | -%> +<%# one zone entry for the bind9 configuration file %> +zone "<%= $zone %>" { + type <%= $type %>; + file "zones/<%= $zone %>.db"; + + <%- if $type == 'master' or $type == 'slave' { %> + journal "journal/<%= $zone %>.jnl"; + <%- } %> + + + <%- if $update_policy { %> + update-policy { + <%= $update_policy %>; + }; + <%- } %> +}; diff --git a/types/class.pp b/types/class.pp new file mode 100644 index 0000000..503f5e3 --- /dev/null +++ b/types/class.pp @@ -0,0 +1,6 @@ +type Dns::Class = Enum[ + 'IN', + 'CS', + 'CH', + 'HS', +] diff --git a/types/keyentry.pp b/types/keyentry.pp new file mode 100644 index 0000000..2429758 --- /dev/null +++ b/types/keyentry.pp @@ -0,0 +1,4 @@ +type Dns::Keyentry = Struct[{ + algorithm => String, + secret => String, +}] diff --git a/types/recordentry.pp b/types/recordentry.pp new file mode 100644 index 0000000..adcca7d --- /dev/null +++ b/types/recordentry.pp @@ -0,0 +1,7 @@ +type Dns::Recordentry = Struct[{ + key => String, + value => String, + type => Dns::Rr, + ttl => Optional[Dns::Ttl], + dns_class => Optional[Dns::Class], +}] diff --git a/types/rr.pp b/types/rr.pp new file mode 100644 index 0000000..db62f14 --- /dev/null +++ b/types/rr.pp @@ -0,0 +1,91 @@ +type Dns::Rr = Enum[ + 'A', + 'NS', + 'MD', + 'MF', + 'CNAME', + # 'SOA', # Explicitly removed since handled by dns::zone directly. + 'MB', + 'MG', + 'MR', + 'NULL', + 'WKS', + 'PTR', + 'HINFO', + 'MINFO', + 'MX', + 'TXT', + 'RP', + 'AFSDB', + 'X25', + 'ISDN', + 'RT', + 'NSAP', + 'NSAP-PTR', + 'SIG', + 'KEY', + 'PX', + 'GPOS', + 'AAAA', + 'LOC', + 'NXT', + 'EID', + 'NIMLOC', + 'SRV', + 'ATMA', + 'NAPTR', + 'KX', + 'CERT', + 'A6', + 'DNAME', + 'SINK', + 'OPT', + 'APL', + 'DS', + 'SSHFP', + 'IPSECKEY', + 'RRSIG', + 'NSEC', + 'DNSKEY', + 'DHCID', + 'NSEC3', + 'NSEC3PARAM', + 'TLSA', + 'SMIMEA', + 'HIP', + 'NINFO', + 'RKEY', + 'TALINK', + 'CDS', + 'CDNSKEY', + 'OPENPGPKEY', + 'CSYNC', + 'ZONEMD', + 'SVCB', + 'HTTPS', + 'SPF', + 'UINFO', + 'UID', + 'GID', + 'UNSPEC', + 'NID', + 'L32', + 'L64', + 'LP', + 'EUI48', + 'EUI64', + 'TKEY', + 'TSIG', + 'IXFR', + 'AXFR', + 'MAILB', + 'MAILA', + '*', + 'URI', + 'CAA', + 'AVC', + 'DOA', + 'AMTRELAY', + 'TA', + 'DLV', +] diff --git a/types/ttl.pp b/types/ttl.pp new file mode 100644 index 0000000..2674172 --- /dev/null +++ b/types/ttl.pp @@ -0,0 +1,6 @@ +# https://www.zytrax.com/books/dns/apa/time.html +# NOTE Ttl fields might be limited to 32 bits. Possibly ensure that +# this number is lower than that. +type Dns::Ttl = Pattern[ + /(?i:([0-9]+[smhdw]?)+)/, +] diff --git a/types/zoneentry.pp b/types/zoneentry.pp new file mode 100644 index 0000000..94e1abb --- /dev/null +++ b/types/zoneentry.pp @@ -0,0 +1,6 @@ +type Dns::Zoneentry = Struct[{ + mname => String, + rname => String, + ns => Optional[Array[String]], + records => Optional[Array[Dns::Recordentry]], +}] |