Skip to content

Commit

Permalink
feat(map.jinja): add Gentoo support
Browse files Browse the repository at this point in the history
  • Loading branch information
mgomersbach authored and myii committed Dec 21, 2019
1 parent b7b0d65 commit 7415a9b
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 1 deletion.
2 changes: 1 addition & 1 deletion bind/config.sls
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ bind_local_config:
- watch_in:
- service: bind
{% if grains['os_family'] not in ['Arch', 'FreeBSD'] %}
{% if grains['os_family'] not in ['Arch', 'FreeBSD', 'Gentoo'] %}
bind_default_config:
file.managed:
- name: {{ map.default_config }}
Expand Down
111 changes: 111 additions & 0 deletions bind/files/gentoo/named.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-* for more details.
* Online versions of the documentation can be found here:
* https://kb.isc.org/article/AA-01031
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/

options {
directory "{{ map.get('named_directory') }}";
pid-file "/run/named/named.pid";

bindkeys-file "/etc/bind/bind.keys";

{%- if salt['pillar.get']('bind:config:ipv6', False) %}
listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
{%- endif %}

listen-on { 127.0.0.1; };

{%- for statement, value in salt['pillar.get']('bind:config:options', {})|dictsort -%}
{%- if value is iterable and value is not string %}
{{ statement }} {
{%- for item in value %}
{{ item }};
{%- endfor %}
};
{%- else %}
{{ statement }} {{ value }};
{%- endif %}
{%- endfor %}
};

{% for incl in salt['pillar.get']('bind:config:includes', []) %}
include "{{ incl }}";
{% endfor %}


{%- if salt['pillar.get']('bind:controls', False) %}
controls {
{%- for name, control in salt['pillar.get']('bind:controls')|dictsort if control.get('enabled', True) %}
inet {{ control.get('bind', {}).get('address', '127.0.0.1') }} port {{ control.get('bind', {}).get('port', 953) }}
{%- if control.get('allow') %}
allow {
{%- for allow in control.allow %}
{{ allow }};
{%- endfor %}
}
{%- endif %}
{%- if control.get('keys') %}
keys {
{%- for key in control.get('keys') %}
{{ key }};
{%- endfor %}
}
{%- endif %};
{%- endfor %}

};
{%- endif %}

zone "." in {
type hint;
file "/var/bind/named.cache";
};

zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};

/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/

//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };

//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};

//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };

/* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };

/* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};

include "{{ map.local_config }}";
20 changes: 20 additions & 0 deletions bind/map.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,26 @@
'key_algorithm_field': '008',
'key_size': '4096',
},
'Gentoo': {
'pkgs': ['net-dns/bind', 'net-dns/bind-tools', 'net-dns/dnssec-tools'],
'service': 'named',
'config_source_dir': 'bind/files/gentoo',
'zones_source_dir': 'zones',
'config': '/etc/bind/named.conf',
'local_config': '/etc/bind/named.conf.local',
'named_directory': '/var/bind',
'zones_directory': '/var/bind/pri',
'chroot_dir': '',
'log_dir': '/var/log/named',
'log_mode': '660',
'user': 'root',
'group': 'named',
'mode': '640',
'key_directory': '/var/bind/dyn',
'key_algorithm': 'RSASHA256',
'key_algorithm_field': '008',
'key_size': '4096',
},
'Suse': {
'pkgs': ['bind'],
'service': 'named',
Expand Down

0 comments on commit 7415a9b

Please sign in to comment.