Puppet Class: profile::wikidough

Defined in:
modules/profile/manifests/wikidough.pp

Overview

Parameters:

  • resolver (Dnsdist::Resolver) (defaults to: lookup(profile::wikidough::dnsdist::resolver))
  • tls_common (Dnsdist::TLS_common) (defaults to: lookup(profile::wikidough::dnsdist::tls::common))
  • tls_config_doh (Dnsdist::TLS_config) (defaults to: lookup(profile::wikidough::dnsdist::tls::doh))
  • tls_config_dot (Dnsdist::TLS_config) (defaults to: lookup(profile::wikidough::dnsdist::tls::dot))
  • webserver_config (Dnsdist::Webserver_config) (defaults to: lookup(profile::wikidough::dnsdist::webserver, {'merge' => hash}))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'modules/profile/manifests/wikidough.pp', line 1

class profile::wikidough (
    Dnsdist::Resolver         $resolver         = lookup(profile::wikidough::dnsdist::resolver),
    Dnsdist::TLS_common       $tls_common       = lookup(profile::wikidough::dnsdist::tls::common),
    Dnsdist::TLS_config       $tls_config_doh   = lookup(profile::wikidough::dnsdist::tls::doh),
    Dnsdist::TLS_config       $tls_config_dot   = lookup(profile::wikidough::dnsdist::tls::dot),
    Dnsdist::Webserver_config $webserver_config = lookup(profile::wikidough::dnsdist::webserver, {'merge' => hash}),
) {

    include network::constants
    include passwords::wikidough::dnsdist

    ferm::service { 'wikidough-doh':
        proto   => 'tcp',
        notrack => true,
        port    => 443,
    }

    ferm::service { 'wikidough-dot':
        proto   => 'tcp',
        notrack => true,
        port    => 853,
    }

    ferm::service { 'wikidough-dnsdist-webserver':
        proto  => 'tcp',
        port   => $webserver_config['port'],
        srange => '$PRODUCTION_NETWORKS',
    }

    class { 'dnsrecursor':
        listen_addresses         => [$resolver['host']],
        allow_from               => ['127.0.0.0/8'],
        allow_forward_zones      => false,
        allow_incoming_ecs       => true,
        allow_qname_minimisation => true,
        enable_pdns43            => true,
    }

    acme_chief::cert { 'wikidough':
        puppet_svc => 'dnsdist',
        key_group  => '_dnsdist',
    }

    class { 'dnsdist':
        resolver         => $resolver,
        tls_common       => $tls_common,
        tls_config_doh   => $tls_config_doh,
        tls_config_dot   => $tls_config_dot,
        enable_console   => true,
        console_key      => $passwords::wikidough::dnsdist::console_key,
        enable_webserver => true,
        webserver_config => $webserver_config,
        require          => Class['dnsrecursor'],
    }

}