From 593880316179c1be3655193a774827a1a3178a70 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 21 Jan 2023 23:02:22 +0100
Subject: [PATCH] Manage dnsmasq on h1

* Add support for FreeIPA DNS entries
---
 .../modules/freeipa/manifests/dnsmasq.pp       | 18 ++++++++++++++++++
 .../modules/freeipa/templates/dnsmasq.epp      | 12 ++++++++++++
 personal_infra/puppet/site/h1.pdp7.net.pp      |  1 +
 personal_infra/puppet/site/h2.pdp7.net.pp      |  8 ++++++++
 4 files changed, 39 insertions(+)
 create mode 100644 personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp
 create mode 100644 personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp

diff --git a/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp
new file mode 100644
index 0000000..2185fa5
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/manifests/dnsmasq.pp
@@ -0,0 +1,18 @@
+class freeipa::dnsmasq {
+  $services = [
+    {'service' => '_kerberos-master', 'protocol' => '_tcp', 'port' => '88'},
+    {'service' => '_kerberos-master', 'protocol' => '_udp', 'port' => '88'},
+    {'service' => '_kerberos', 'protocol' => '_tcp', 'port' => '88'},
+    {'service' => '_kerberos', 'protocol' => '_udp', 'port' => '88'},
+    {'service' => '_kpasswd', 'protocol' => '_tcp', 'port' => '464'},
+    {'service' => '_kpasswd', 'protocol' => '_udp', 'port' => '464'},
+    {'service' => '_ldap', 'protocol' => '_tcp', 'port' => '389'},
+  ]
+
+  file {'/etc/dnsmasq.d/ipa':
+    notify => Service['dnsmasq'],
+    content => epp('freeipa/dnsmasq', {'services' => $services,
+                                       'freeipa' => lookup("freeipa"),
+                                      }),
+  }
+}
diff --git a/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp
new file mode 100644
index 0000000..37940d7
--- /dev/null
+++ b/personal_infra/puppet/modules/freeipa/templates/dnsmasq.epp
@@ -0,0 +1,12 @@
+<%- | $services,
+      $freeipa,
+| -%>
+<% $services.each |$service| { $freeipa["servers"].each |$server| { %>
+srv-host=<%= $service['service'] %>.<%= $service['protocol'] %>.<%= $freeipa["domain"] %>,<%= $server %>,<%= $service['port'] %>
+<% }} %>
+<% $freeipa["ntp_servers"].each |$ntp_server| { %>
+srv-host=_ntp._udp.<%= $freeipa["domain"] %>,<%= $ntp_server %>,123
+<% } %>
+<% $freeipa["ca_servers"].each |$ca_server| { %>
+host-record=ipa-ca.<%= $freeipa["domain"] %>,<%= $ca_server %>
+<% } %>
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index 0af8c68..abfe997 100644
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -1,6 +1,7 @@
 node 'h1.pdp7.net' {
   class {'proxmox':}
   class {'dns_dhcp':}
+  class {'freeipa::dnsmasq':}
 
   # TODO: ugly; tinc scripts require this :(
   package {'net-tools':}
diff --git a/personal_infra/puppet/site/h2.pdp7.net.pp b/personal_infra/puppet/site/h2.pdp7.net.pp
index ab3c14d..99255f1 100644
--- a/personal_infra/puppet/site/h2.pdp7.net.pp
+++ b/personal_infra/puppet/site/h2.pdp7.net.pp
@@ -1,2 +1,10 @@
 node 'h2.pdp7.net' {
+  class {'dns_dhcp':}
+  class {'freeipa::dnsmasq':}
+
+  file {'/etc/dnsmasq.d/static.conf':
+    content => "dhcp-host=freeswitch,10.42.42.3,freeswitch
+host-record=h2.h2.int.pdp7.net,10.42.42.1
+",
+  }    
 }
-- 
2.47.3