sunetdrive/manifests/resolve.pp

41 lines
1.1 KiB
ObjectPascal
Raw Permalink Normal View History

2023-02-13 09:44:56 +00:00
include stdlib
# Sunet drive resolver
class sunetdrive::resolve($location=undef) {
$unbound_conf = '# This file is managed by puppet
server:
interface: 0.0.0.0
interface: ::0
access-control: 37.156.195.0/24 allow
access-control: 89.45.237.0/24 allow
access-control: 89.45.20.0/24 allow
access-control: 89.45.21.0/24 allow
access-control: 2001:6b0:1c::/64 allow
access-control: 2001:6b0:6c::/64 allow'
file { 'sunetdrive_unbound_conf' :
ensure => 'file',
name => '/etc/unbound/unbound.conf.d/sunetdrive.conf',
mode => '0644',
content => $unbound_conf,
}
file_line {'disable_systemd_stubresolver':
line => 'DNSStubListener=no',
path => '/etc/systemd/resolved.conf'
}
-> exec {'disable_systemd_resolved':
command => 'systemctl disable --now systemd-resolved.service',
onlyif => 'systemctl is-enabled systemd-resolved.service',
}
sunet::misc::ufw_allow { 'dns_port_ufw_udp':
from => 'any',
port => 53,
proto => 'udp',
}
sunet::misc::ufw_allow { 'dns_port_ufw_tcp':
from => 'any',
port => 53,
proto => 'tcp',
}
}