diff options
| author | alex <alex@pdp7.net> | 2023-01-21 23:02:22 +0100 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2023-01-21 23:02:22 +0100 |
| commit | 593880316179c1be3655193a774827a1a3178a70 (patch) | |
| tree | 151a20346bb4d688dc47850eca95a6b29ec1a217 | |
| parent | 3e74826f7a0e15d707c32228a87a9ada3215d2e8 (diff) | |
Manage dnsmasq on h1
* Add support for FreeIPA DNS entries
4 files changed, 39 insertions, 0 deletions
diff --git a/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp new file mode 100644 index 00000000..2185fa56 --- /dev/null +++ b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp @@ -0,0 +1,18 @@ +class freeipa::dnsmasq { + $services = [ + {'service' => '_kerberos-master', 'protocol' => '_tcp', 'port' => '88'}, + {'service' => '_kerberos-master', 'protocol' => '_udp', 'port' => '88'}, + {'service' => '_kerberos', 'protocol' => '_tcp', 'port' => '88'}, + {'service' => '_kerberos', 'protocol' => '_udp', 'port' => '88'}, + {'service' => '_kpasswd', 'protocol' => '_tcp', 'port' => '464'}, + {'service' => '_kpasswd', 'protocol' => '_udp', 'port' => '464'}, + {'service' => '_ldap', 'protocol' => '_tcp', 'port' => '389'}, + ] + + file {'/etc/dnsmasq.d/ipa': + notify => Service['dnsmasq'], + content => epp('freeipa/dnsmasq', {'services' => $services, + 'freeipa' => lookup("freeipa"), + }), + } +} diff --git a/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp new file mode 100644 index 00000000..37940d75 --- /dev/null +++ b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp @@ -0,0 +1,12 @@ +<%- | $services, + $freeipa, +| -%> +<% $services.each |$service| { $freeipa["servers"].each |$server| { %> +srv-host=<%= $service['service'] %>.<%= $service['protocol'] %>.<%= $freeipa["domain"] %>,<%= $server %>,<%= $service['port'] %> +<% }} %> +<% $freeipa["ntp_servers"].each |$ntp_server| { %> +srv-host=_ntp._udp.<%= $freeipa["domain"] %>,<%= $ntp_server %>,123 +<% } %> +<% $freeipa["ca_servers"].each |$ca_server| { %> +host-record=ipa-ca.<%= $freeipa["domain"] %>,<%= $ca_server %> +<% } %> diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index 0af8c689..abfe997e 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -1,6 +1,7 @@ node 'h1.pdp7.net' { class {'proxmox':} class {'dns_dhcp':} + class {'freeipa::dnsmasq':} # TODO: ugly; tinc scripts require this :( package {'net-tools':} diff --git a/personal_infra/puppet/site/h2.pdp7.net.pp b/personal_infra/puppet/site/h2.pdp7.net.pp index ab3c14db..99255f19 100644 --- a/personal_infra/puppet/site/h2.pdp7.net.pp +++ b/personal_infra/puppet/site/h2.pdp7.net.pp @@ -1,2 +1,10 @@ node 'h2.pdp7.net' { + class {'dns_dhcp':} + class {'freeipa::dnsmasq':} + + file {'/etc/dnsmasq.d/static.conf': + content => "dhcp-host=freeswitch,10.42.42.3,freeswitch +host-record=h2.h2.int.pdp7.net,10.42.42.1 +", + } } |