Manage dnsmasq on h1

author alex <alex@pdp7.net>

Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)

committer alex <alex@pdp7.net>

Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)
author alex <alex@pdp7.net>
Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)
committer alex <alex@pdp7.net>
Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)
diff --git a/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp

new file mode 100644 (file)

index 0000000..2185fa5
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp
@@ -0,0 +1,18 @@
+class freeipa::dnsmasq {
+  $services = [
+    {'service' => '_kerberos-master', 'protocol' => '_tcp', 'port' => '88'},
+    {'service' => '_kerberos-master', 'protocol' => '_udp', 'port' => '88'},
+    {'service' => '_kerberos', 'protocol' => '_tcp', 'port' => '88'},
+    {'service' => '_kerberos', 'protocol' => '_udp', 'port' => '88'},
+    {'service' => '_kpasswd', 'protocol' => '_tcp', 'port' => '464'},
+    {'service' => '_kpasswd', 'protocol' => '_udp', 'port' => '464'},
+    {'service' => '_ldap', 'protocol' => '_tcp', 'port' => '389'},
+  ]
+
+  file {'/etc/dnsmasq.d/ipa':
+    notify => Service['dnsmasq'],
+    content => epp('freeipa/dnsmasq', {'services' => $services,
+                                       'freeipa' => lookup("freeipa"),
+                                      }),
+  }
+}
diff --git a/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp

new file mode 100644 (file)

index 0000000..37940d7
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp
@@ -0,0 +1,12 @@
+<%- | $services,
+      $freeipa,
+| -%>
+<% $services.each |$service| { $freeipa["servers"].each |$server| { %>
+srv-host=<%= $service['service'] %>.<%= $service['protocol'] %>.<%= $freeipa["domain"] %>,<%= $server %>,<%= $service['port'] %>
+<% }} %>
+<% $freeipa["ntp_servers"].each |$ntp_server| { %>
+srv-host=_ntp._udp.<%= $freeipa["domain"] %>,<%= $ntp_server %>,123
+<% } %>
+<% $freeipa["ca_servers"].each |$ca_server| { %>
+host-record=ipa-ca.<%= $freeipa["domain"] %>,<%= $ca_server %>
+<% } %>
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp

index 0af8c6899b4790b1b13b05343289569a694bfa38..abfe997eca8511cc67aa9962e34bda47ead9c032 100644 (file)
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -1,6 +1,7 @@
  node 'h1.pdp7.net' {
    class {'proxmox':}
    class {'dns_dhcp':}
+  class {'freeipa::dnsmasq':}
  
    # TODO: ugly; tinc scripts require this :(
    package {'net-tools':}
diff --git a/personal_infra/puppet/site/h2.pdp7.net.pp b/personal_infra/puppet/site/h2.pdp7.net.pp

index ab3c14db8288baf1b48ba23847f3335b678d805a..99255f19b4fbe471c152961ca7ab74b03f65622f 100644 (file)
--- a/personal_infra/puppet/site/h2.pdp7.net.pp
+++ b/personal_infra/puppet/site/h2.pdp7.net.pp
@@ -1,2 +1,10 @@
  node 'h2.pdp7.net' {
+  class {'dns_dhcp':}
+  class {'freeipa::dnsmasq':}
+
+  file {'/etc/dnsmasq.d/static.conf':
+    content => "dhcp-host=freeswitch,10.42.42.3,freeswitch
+host-record=h2.h2.int.pdp7.net,10.42.42.1
+",
+  }    
  }
author	alex <alex@pdp7.net>
	Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)
committer	alex <alex@pdp7.net>
	Sat, 21 Jan 2023 22:02:22 +0000 (23:02 +0100)
personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp	[new file with mode: 0644]	patch \| blob
personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp	[new file with mode: 0644]	patch \| blob
personal_infra/puppet/site/h1.pdp7.net.pp		patch \| blob \| history
personal_infra/puppet/site/h2.pdp7.net.pp		patch \| blob \| history