Created
May 7, 2016 04:12
-
-
Save reyjrar/12a398274dbcec846807f50bad32558c to your computer and use it in GitHub Desktop.
Puppet class to install unbound and use yoyo.org for blocking ad servers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# puppet module install zleslie-unbound | |
class dns::caching { | |
# I'm using extlookup for a very small personal network, could be hiera | |
$trusted_ipv4 = extlookup('trusted_ipv4') | |
$trusted_ipv6 = extlookup('trusted_ipv6') | |
realize(Group['unbound']) | |
realize(User['unbound']) | |
$local_ad_servers = "/etc/unbound/local.d/adservers.conf" | |
$fetch_ad_servers = "/usr/bin/curl -sS -L --compressed 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext'" | |
# Install a cron job to renew the ad server list | |
cron { | |
"refresh_adservers": | |
user => "root", | |
command => "$fetch_ad_servers > $local_adservers && service unbound restart", | |
weekday => "1", | |
hour => "23", | |
minute => "13"; | |
} | |
# Install it anyways | |
exec { | |
"fetch_ad_servers": | |
command => "$fetch_ad_servers > $local_ad_servers", | |
creates => "$local_ad_servers", | |
notify => Service['unbound']; | |
} | |
# Install and configure unbound with the aforementioned module | |
class { | |
"unbound": | |
access => flatten(["::1", "127.0.0.1",$trusted_ipv4,$trusted_ipv6]), | |
extended_statistics => 'yes', | |
interface => ["::0", "0.0.0.0"], | |
num_threads => inline_template("<%= scope.lookupvar('::processorcount').to_i / 2 %>"), | |
statistics_interval => 600, | |
custom_server_conf => "include: \"$local_ad_servers\""; | |
} | |
User['unbound'] -> Class['unbound'] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment