From dd95254b0b162082e203d66ca8f3f1d1833e5db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= Date: Thu, 30 Dec 2021 02:01:04 +0100 Subject: Attempt setting up dns. --- .gitmodules | 3 ++ manifests/site.pp | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ modules/dns | 1 + 3 files changed, 99 insertions(+) create mode 160000 modules/dns diff --git a/.gitmodules b/.gitmodules index 5d2a3ec..8d21984 100644 --- a/.gitmodules +++ b/.gitmodules @@ -58,3 +58,6 @@ [submodule "modules/letsencrypt"] path = modules/letsencrypt url = https://github.com/voxpupuli/puppet-letsencrypt +[submodule "modules/dns"] + path = modules/dns + url = https://github.com/theforeman/puppet-dns diff --git a/manifests/site.pp b/manifests/site.pp index fbdad07..8547ca2 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -15,6 +15,101 @@ node 'busting.adrift.space' { node 'gandalf.adrift.space' { + class { '::dns': + forwarders => [ + '8.8.8.8', + '8.8.4.4', + ], + dnssec_enable => 'no', + dnssec_validation => 'no', + # allow_query_cache => [ 'localnets', ], + allow_recursion => [ 'localnets', ], + empty_zones_enable => 'no', + acls => { + slaves => [ '83.250.160.195', ], + }, + config_check => false, + zonefilepath => $dns::params::vardir, + } + + $rev_zone = dns::reverse_dns($facts['networking']['network6'])[32,-1] + + dns::zone { + default: + manage_file => false, + manage_file_name => true, ; + 'hugo': + # defaults to "db.${title}" + filename => 'hugo.zone', ; + 'hornquist.se': + update_policy => { + 'hornquist.se' => { + action => 'grant', + matchtype => 'zonesub', + rr => 'ANY', + } + }, + filename => 'hornquist.se.zone', ; + 'adrift.space': + filename => 'adrift.space.zone', + update_policy => { + 'hornquist.se' => { + action => 'grant', + matchtype => 'zonesub', + rr => 'ANY', + }, + 'hornquist.se' => { + action => 'grant', + matchtype => 'name', + tname => 'dyntest.adrift.space', + rr => 'TXT', + }, + }, + allow_transfer => [ slaves, ], ; + 'sub.adrift.space': + filename => 'sub.adrift.space.zone', ; + '0.0.10.in-addr.arpa': + filename => '10.0.0.zone', + reverse => true, ; + '1.0.10.in-addr.arpa': + zonetype => 'forward', + forward => 'only', + forwarders => [ '10.0.0.1', ], ; + $rev_zone: + filename => 'ip6rev.zone', + } + + $key = lookup('nsupdate::secrets."hornquist.se"') + dns::key { 'hornquist.se': + algorithm => $key['algorithm'], + secret => $key['secret'], + } + + dns::logging::channel { 'xfer-log': + log_type => 'file', + file_path => '/var/log/named/log', + print_category => 'yes', + print_severity => 'yes', + severity => 'info', + file_size => '500K', + file_versions => 5, + } + + dns::logging::channel { 'default_syslog': + log_type => 'syslog', + syslog_facility => 'local2', + severity => 'info', + } + + dns::logging::category { [ + 'xfer-in', + 'xfer-out', + 'notify', + ]: + channels => [ 'xfer-log', ], + } + + profiles::remarkable { 'any name': addr => '3', } diff --git a/modules/dns b/modules/dns new file mode 160000 index 0000000..8e409eb --- /dev/null +++ b/modules/dns @@ -0,0 +1 @@ +Subproject commit 8e409eb24041aaba3022c32d4f48448710882054 -- cgit v1.2.3