reyjrar/unbound.pp

## unbound.pp
# puppet module install zleslie-unbound
class dns::caching {
    # I'm using extlookup for a very small personal network, could be hiera
    $trusted_ipv4 = extlookup('trusted_ipv4')
    $trusted_ipv6 = extlookup('trusted_ipv6')

    realize(Group['unbound'])
    realize(User['unbound'])

    $local_ad_servers = "/etc/unbound/local.d/adservers.conf"
    $fetch_ad_servers = "/usr/bin/curl -sS -L --compressed 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext'"

    # Install a cron job to renew the ad server list
    cron {
      "refresh_adservers":
        user    => "root",
        command => "$fetch_ad_servers > $local_adservers && service unbound restart",
        weekday => "1",
        hour    => "23",
        minute  => "13";
    }

    # Install it anyways
    exec {
      "fetch_ad_servers":
        command => "$fetch_ad_servers > $local_ad_servers",
        creates => "$local_ad_servers",
        notify  => Service['unbound'];
    }

    # Install and configure unbound with the aforementioned module
    class {
        "unbound":
          access              => flatten(["::1", "127.0.0.1",$trusted_ipv4,$trusted_ipv6]),
          extended_statistics => 'yes',
          interface           => ["::0", "0.0.0.0"],
          num_threads         => inline_template("<%= scope.lookupvar('::processorcount').to_i / 2 %>"),
          statistics_interval => 600,
          custom_server_conf  => "include: \"$local_ad_servers\"";
    }
    User['unbound'] -> Class['unbound']

}
	# puppet module install zleslie-unbound
	class dns::caching {
	# I'm using extlookup for a very small personal network, could be hiera
	$trusted_ipv4 = extlookup('trusted_ipv4')
	$trusted_ipv6 = extlookup('trusted_ipv6')

	realize(Group['unbound'])
	realize(User['unbound'])

	$local_ad_servers = "/etc/unbound/local.d/adservers.conf"
	$fetch_ad_servers = "/usr/bin/curl -sS -L --compressed 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext'"

	# Install a cron job to renew the ad server list
	cron {
	"refresh_adservers":
	user => "root",
	command => "$fetch_ad_servers > $local_adservers && service unbound restart",
	weekday => "1",
	hour => "23",
	minute => "13";
	}

	# Install it anyways
	exec {
	"fetch_ad_servers":
	command => "$fetch_ad_servers > $local_ad_servers",
	creates => "$local_ad_servers",
	notify => Service['unbound'];
	}

	# Install and configure unbound with the aforementioned module
	class {
	"unbound":
	access => flatten(["::1", "127.0.0.1",$trusted_ipv4,$trusted_ipv6]),
	extended_statistics => 'yes',
	interface => ["::0", "0.0.0.0"],
	num_threads => inline_template("<%= scope.lookupvar('::processorcount').to_i / 2 %>"),
	statistics_interval => 600,
	custom_server_conf => "include: \"$local_ad_servers\"";
	}
	User['unbound'] -> Class['unbound']

	}