diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 02:01:04 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2021-12-30 03:01:21 +0100 |
| commit | dd95254b0b162082e203d66ca8f3f1d1833e5db0 (patch) | |
| tree | 20390541380e47590882740d932f69d9d91f928f | |
| parent | Cgit fixes. (diff) | |
| download | webdav_server-dd95254b0b162082e203d66ca8f3f1d1833e5db0.tar.gz webdav_server-dd95254b0b162082e203d66ca8f3f1d1833e5db0.tar.xz | |
Attempt setting up dns.
| -rw-r--r-- | .gitmodules | 3 | ||||
| -rw-r--r-- | manifests/site.pp | 95 | ||||
| m--------- | modules/dns | 0 |
3 files changed, 98 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules index 5d2a3ec..8d21984 100644 --- a/.gitmodules +++ b/.gitmodules @@ -58,3 +58,6 @@ [submodule "modules/letsencrypt"] path = modules/letsencrypt url = https://github.com/voxpupuli/puppet-letsencrypt +[submodule "modules/dns"] + path = modules/dns + url = https://github.com/theforeman/puppet-dns diff --git a/manifests/site.pp b/manifests/site.pp index fbdad07..8547ca2 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -15,6 +15,101 @@ node 'busting.adrift.space' { node 'gandalf.adrift.space' { + class { '::dns': + forwarders => [ + '8.8.8.8', + '8.8.4.4', + ], + dnssec_enable => 'no', + dnssec_validation => 'no', + # allow_query_cache => [ 'localnets', ], + allow_recursion => [ 'localnets', ], + empty_zones_enable => 'no', + acls => { + slaves => [ '83.250.160.195', ], + }, + config_check => false, + zonefilepath => $dns::params::vardir, + } + + $rev_zone = dns::reverse_dns($facts['networking']['network6'])[32,-1] + + dns::zone { + default: + manage_file => false, + manage_file_name => true, ; + 'hugo': + # defaults to "db.${title}" + filename => 'hugo.zone', ; + 'hornquist.se': + update_policy => { + 'hornquist.se' => { + action => 'grant', + matchtype => 'zonesub', + rr => 'ANY', + } + }, + filename => 'hornquist.se.zone', ; + 'adrift.space': + filename => 'adrift.space.zone', + update_policy => { + 'hornquist.se' => { + action => 'grant', + matchtype => 'zonesub', + rr => 'ANY', + }, + 'hornquist.se' => { + action => 'grant', + matchtype => 'name', + tname => 'dyntest.adrift.space', + rr => 'TXT', + }, + }, + allow_transfer => [ slaves, ], ; + 'sub.adrift.space': + filename => 'sub.adrift.space.zone', ; + '0.0.10.in-addr.arpa': + filename => '10.0.0.zone', + reverse => true, ; + '1.0.10.in-addr.arpa': + zonetype => 'forward', + forward => 'only', + forwarders => [ '10.0.0.1', ], ; + $rev_zone: + filename => 'ip6rev.zone', + } + + $key = lookup('nsupdate::secrets."hornquist.se"') + dns::key { 'hornquist.se': + algorithm => $key['algorithm'], + secret => $key['secret'], + } + + dns::logging::channel { 'xfer-log': + log_type => 'file', + file_path => '/var/log/named/log', + print_category => 'yes', + print_severity => 'yes', + severity => 'info', + file_size => '500K', + file_versions => 5, + } + + dns::logging::channel { 'default_syslog': + log_type => 'syslog', + syslog_facility => 'local2', + severity => 'info', + } + + dns::logging::category { [ + 'xfer-in', + 'xfer-out', + 'notify', + ]: + channels => [ 'xfer-log', ], + } + + profiles::remarkable { 'any name': addr => '3', } diff --git a/modules/dns b/modules/dns new file mode 160000 +Subproject 8e409eb24041aaba3022c32d4f4844871088205 |