dns-ops/global/overlay/etc/puppet/modules/dns/manifests/knotdns.pp

class dns::knotdns(
    $knotdnsrepo = 'ppa:cz.nic-labs/knot-dns-latest',
    $knotrestrepo = 'ppa:pettai/knot-rest',
    $knotrestversion = '0.0.2-1~ubuntu22.04',
){

    $knot_rest_token_secret = lookup({ 'name' => 'knot_rest_token_secret', 'default_value' => undef })

    # Stop & disable systemd-resloved
    service { "systemd-resolved":
       ensure => 'stopped',
       enable => false,
    }
    # Use SUNETs resolvers directly (no local cache)
    file { "/etc/resolv.conf":
       ensure  => "file",
       content => template("dns/knot/resolv.conf.erb")
    }

    # This is a control file used to skip these semi-heavy installation steps
    $control_file="/var/cache/cosmos/knotdns_install_complete.txt"

    exec {"Add KnotDNS repo":
       command => "add-apt-repository $knotdnsrepo && apt-get update",
       unless  => "test -f $control_file",
    } ->
    exec {"Add KnotREST repository":
       command => "add-apt-repository $knotrestrepo && apt-get update",
       unless  => "test -f $control_file",
    }

    # Install the package stuff
    package { ['knot', 'knot-host', 'knot-dnsutils', 'libknot14']:
       ensure => installed,
    }

    exec {"Install KnotREST":
       command => "apt install -fy python3-knot-rest=$knotrestversion && touch $control_file",
       unless  => "test -f $control_file",
    }
    exec {"Let user knot_rest use knot's socket":
       command => "usermod -a -G knot knot_rest",
       unless  => "test -f $control_file",
    }

    # Install KnotDNS configuration
    file { "/etc/knot/knot.conf":
       ensure  => "file",
       content => template("dns/knot/knot.conf.erb")
    }
    file { '/etc/knot/conf.d':
       ensure => directory,
       mode    => '0750',
       owner   => 'root',
       group   => 'knot',
    }
    file { '/var/lib/knot/zones':
       ensure => directory,
       mode    => '0750',
       owner   => 'knot',
       group   => 'knot',
    }

    # Install KnotREST configuration
    if $knot_rest_token_secret {
        file { "/etc/knot_rest/knot_rest.yaml":
           ensure  => "file",
           content => template("dns/knot/knot_rest.yaml.erb")
        }
    }
    file{"/var/log/knot_rest":
       ensure  => directory,
       mode    => '0750',
       owner   => 'knot_rest',
       group   => 'knot_rest',
    }
}