Skip to content

Instantly share code, notes, and snippets.

@reyjrar reyjrar/unbound.pp
Created May 7, 2016

Embed
What would you like to do?
Puppet class to install unbound and use yoyo.org for blocking ad servers.
# puppet module install zleslie-unbound
class dns::caching {
# I'm using extlookup for a very small personal network, could be hiera
$trusted_ipv4 = extlookup('trusted_ipv4')
$trusted_ipv6 = extlookup('trusted_ipv6')
realize(Group['unbound'])
realize(User['unbound'])
$local_ad_servers = "/etc/unbound/local.d/adservers.conf"
$fetch_ad_servers = "/usr/bin/curl -sS -L --compressed 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext'"
# Install a cron job to renew the ad server list
cron {
"refresh_adservers":
user => "root",
command => "$fetch_ad_servers > $local_adservers && service unbound restart",
weekday => "1",
hour => "23",
minute => "13";
}
# Install it anyways
exec {
"fetch_ad_servers":
command => "$fetch_ad_servers > $local_ad_servers",
creates => "$local_ad_servers",
notify => Service['unbound'];
}
# Install and configure unbound with the aforementioned module
class {
"unbound":
access => flatten(["::1", "127.0.0.1",$trusted_ipv4,$trusted_ipv6]),
extended_statistics => 'yes',
interface => ["::0", "0.0.0.0"],
num_threads => inline_template("<%= scope.lookupvar('::processorcount').to_i / 2 %>"),
statistics_interval => 600,
custom_server_conf => "include: \"$local_ad_servers\"";
}
User['unbound'] -> Class['unbound']
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.