add initial KnotDNS stuff

2024-06-11 15:56:14 +02:00 · 2024-06-11 15:56:14 +02:00 · 8e08373403
parent 87e380a4fa
commit 8e08373403
3 changed files with 84 additions and 0 deletions
--- a/global/overlay/etc/puppet/modules/dns/manifests/knot.pp
+++ b/global/overlay/etc/puppet/modules/dns/manifests/knot.pp
@ -0,0 +1,35 @@
+class dns::knotdns(
+    $knotdnsrepo = "ppa:cz.nic-labs/knot-dns-latest"
+    $knotrestrepo = "ppa:pettai/knot-rest"
+    $knotrestversion = "0.0.2-1"
+){
+
+    # This is a control file used to skip these semi-heavy installation steps
+    $control_file="/var/cache/cosmos/knotdns_install_complete.txt"
+
+    exec {"Add KnotDNS repo":
+       command => "add-apt-repository $knotdnsrepo && apt-get update",
+       unless  => "test -f $control_file",
+    } ->
+    exec {"Add KnotREST repository":
+       command => "add-apt-repository $knotrestrepo && apt-get update",
+       unless  => "test -f $control_file",
+    }
+
+    # Install the package stuff
+    exec {"Install KnotDNS + KnotREST":
+       command => "apt-get install -fy knot python3-knot-rest=$knotrestversion && touch $control_file",
+    }
+
+    # Install KnotDNS configuration
+    file { "/etc/knot/knot.conf":
+       ensure  => "file",
+       content => template("dns/knot/knot.conf.erb")
+    }
+
+    # Install KnotREST configuration
+    file { "/etc/knot_rest/knot_rest.yaml":
+       ensure  => "file",
+       content => template("dns/knot/knot_rest.yaml.erb")
+    }
+}
--- a/global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb
+++ b/global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb
@ -0,0 +1,34 @@
+# This is a sample of a minimal configuration file for Knot DNS.
+# See knot.conf(5) or refer to the server documentation.
+
+server:
+    rundir: "/run/knot"
+    user: knot:knot
+    automatic-acl: on
+    listen: [ 0.0.0.0@53, ::0@53 ]
+
+log:
+  - target: syslog
+    any: info
+
+database:
+    storage: "/var/lib/knot"
+
+remote:
+  - id: localhost
+    address: 127.0.0.1@53
+
+template:
+  - id: default
+    storage: "/var/lib/knot/zones"
+    file: "%s.zone"
+
+zone:
+    # Primary zones
+  - domain: example.com
+    dnssec-signing: off
+    notify: [ localhost ]
+
+  - domain: example.net
+    dnssec-signing: off
+    notify: [ localhost ]
--- a/global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb
+++ b/global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb
@ -0,0 +1,15 @@
+audit-log: '/var/log/knot_rest/audit.log'
+
+database: 'sqlite:////var/lib/knot_rest/database.db'
+
+default-ttl: 3600
+
+libknot: '/usr/lib/x86_64-linux-gnu/libknot.so.14'
+
+socket:
+  path: '/var/run/knot/knot.sock'
+  timeout: 60
+
+token:
+  secret: '<%= @knot_rest_token_secret %>'
+  expiration: 600