From 8e0837340370f3d86b7bf4a831c9e90e400ebc71 Mon Sep 17 00:00:00 2001
From: pettai <pettai@sunet.se>
Date: Tue, 11 Jun 2024 15:56:14 +0200
Subject: [PATCH] add initial KnotDNS stuff

---
 .../etc/puppet/modules/dns/manifests/knot.pp  | 35 +++++++++++++++++++
 .../modules/dns/templates/knot/knot.conf.erb  | 34 ++++++++++++++++++
 .../dns/templates/knot/knot_rest.yaml.erb     | 15 ++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/dns/manifests/knot.pp
 create mode 100644 global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb
 create mode 100644 global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb

diff --git a/global/overlay/etc/puppet/modules/dns/manifests/knot.pp b/global/overlay/etc/puppet/modules/dns/manifests/knot.pp
new file mode 100644
index 0000000..d4dbb9b
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/dns/manifests/knot.pp
@@ -0,0 +1,35 @@
+class dns::knotdns(
+    $knotdnsrepo = "ppa:cz.nic-labs/knot-dns-latest"
+    $knotrestrepo = "ppa:pettai/knot-rest"
+    $knotrestversion = "0.0.2-1"
+){
+
+    # This is a control file used to skip these semi-heavy installation steps
+    $control_file="/var/cache/cosmos/knotdns_install_complete.txt"
+
+    exec {"Add KnotDNS repo":
+       command => "add-apt-repository $knotdnsrepo && apt-get update",
+       unless  => "test -f $control_file",
+    } ->
+    exec {"Add KnotREST repository":
+       command => "add-apt-repository $knotrestrepo && apt-get update",
+       unless  => "test -f $control_file",
+    }
+
+    # Install the package stuff
+    exec {"Install KnotDNS + KnotREST":
+       command => "apt-get install -fy knot python3-knot-rest=$knotrestversion && touch $control_file",
+    }
+
+    # Install KnotDNS configuration
+    file { "/etc/knot/knot.conf":
+       ensure  => "file",
+       content => template("dns/knot/knot.conf.erb")
+    }
+
+    # Install KnotREST configuration
+    file { "/etc/knot_rest/knot_rest.yaml":
+       ensure  => "file",
+       content => template("dns/knot/knot_rest.yaml.erb")
+    }
+}
diff --git a/global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb b/global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb
new file mode 100644
index 0000000..73fa039
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb
@@ -0,0 +1,34 @@
+# This is a sample of a minimal configuration file for Knot DNS.
+# See knot.conf(5) or refer to the server documentation.
+
+server:
+    rundir: "/run/knot"
+    user: knot:knot
+    automatic-acl: on
+    listen: [ 0.0.0.0@53, ::0@53 ]
+
+log:
+  - target: syslog
+    any: info
+
+database:
+    storage: "/var/lib/knot"
+
+remote:
+  - id: localhost
+    address: 127.0.0.1@53
+
+template:
+  - id: default
+    storage: "/var/lib/knot/zones"
+    file: "%s.zone"
+
+zone:
+    # Primary zones
+  - domain: example.com
+    dnssec-signing: off
+    notify: [ localhost ]
+
+  - domain: example.net
+    dnssec-signing: off
+    notify: [ localhost ]
diff --git a/global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb b/global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb
new file mode 100644
index 0000000..dcde5c2
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/dns/templates/knot/knot_rest.yaml.erb
@@ -0,0 +1,15 @@
+audit-log: '/var/log/knot_rest/audit.log'
+
+database: 'sqlite:////var/lib/knot_rest/database.db'
+
+default-ttl: 3600
+
+libknot: '/usr/lib/x86_64-linux-gnu/libknot.so.14'
+
+socket:
+  path: '/var/run/knot/knot.sock'
+  timeout: 60
+
+token:
+  secret: '<%= @knot_rest_token_secret %>'
+  expiration: 600