41 lines
1.1 KiB
Puppet
41 lines
1.1 KiB
Puppet
include stdlib
|
|
# Sunet drive resolver
|
|
class sunetdrive::resolve($location=undef) {
|
|
$unbound_conf = '# This file is managed by puppet
|
|
server:
|
|
interface: 0.0.0.0
|
|
interface: ::0
|
|
access-control: 37.156.195.0/24 allow
|
|
access-control: 89.45.237.0/24 allow
|
|
access-control: 89.45.20.0/24 allow
|
|
access-control: 89.45.21.0/24 allow
|
|
access-control: 2001:6b0:1c::/64 allow
|
|
access-control: 2001:6b0:6c::/64 allow'
|
|
|
|
file { 'sunetdrive_unbound_conf' :
|
|
ensure => 'file',
|
|
name => '/etc/unbound/unbound.conf.d/sunetdrive.conf',
|
|
mode => '0644',
|
|
content => $unbound_conf,
|
|
}
|
|
file_line {'disable_systemd_stubresolver':
|
|
line => 'DNSStubListener=no',
|
|
path => '/etc/systemd/resolved.conf'
|
|
}
|
|
-> exec {'disable_systemd_resolved':
|
|
command => 'systemctl disable --now systemd-resolved.service',
|
|
onlyif => 'systemctl is-enabled systemd-resolved.service',
|
|
}
|
|
sunet::misc::ufw_allow { 'dns_port_ufw_udp':
|
|
from => 'any',
|
|
port => 53,
|
|
proto => 'udp',
|
|
}
|
|
sunet::misc::ufw_allow { 'dns_port_ufw_tcp':
|
|
from => 'any',
|
|
port => 53,
|
|
proto => 'tcp',
|
|
}
|
|
|
|
}
|