feat(map.jinja): add Gentoo support

mgomersbach · myii · commit 7415a9b0ce78 · 2019-12-21T11:37:59.000Z
diff --git a/bind/config.sls b/bind/config.sls
@@ -100,7 +100,7 @@ bind_local_config:
     - watch_in:
       - service: bind
 
-{% if grains['os_family'] not in ['Arch', 'FreeBSD']  %}
+{% if grains['os_family'] not in ['Arch', 'FreeBSD', 'Gentoo']  %}
 bind_default_config:
   file.managed:
     - name: {{ map.default_config }}
diff --git a/bind/files/gentoo/named.conf b/bind/files/gentoo/named.conf
@@ -0,0 +1,111 @@
+/*
+ * Refer to the named.conf(5) and named(8) man pages, and the documentation
+ * in /usr/share/doc/bind-* for more details.
+ * Online versions of the documentation can be found here:
+ * https://kb.isc.org/article/AA-01031
+ *
+ * If you are going to set up an authoritative server, make sure you
+ * understand the hairy details of how DNS works. Even with simple mistakes,
+ * you can break connectivity for affected parties, or cause huge amounts of
+ * useless Internet traffic.
+ */
+
+options {
+	directory "{{ map.get('named_directory') }}";
+	pid-file "/run/named/named.pid";
+
+	bindkeys-file "/etc/bind/bind.keys";
+
+{%- if salt['pillar.get']('bind:config:ipv6', False) %}
+	listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; };
+{%- endif %}
+
+	listen-on { 127.0.0.1; };
+
+{%- for statement, value in salt['pillar.get']('bind:config:options', {})|dictsort -%}
+	{%- if value is iterable and value is not string %}
+	{{ statement }} {
+		{%- for item in value %}
+			  {{ item }};
+		{%- endfor %}
+	};
+	{%- else %}
+	{{ statement }} {{ value }};
+	{%- endif %}
+{%- endfor %}
+};
+
+{% for incl in salt['pillar.get']('bind:config:includes', []) %}
+include "{{ incl }}";
+{% endfor %}
+
+
+{%- if salt['pillar.get']('bind:controls', False) %}
+controls {
+	{%- for name, control in salt['pillar.get']('bind:controls')|dictsort if control.get('enabled', True) %}
+	inet {{ control.get('bind', {}).get('address', '127.0.0.1') }} port {{ control.get('bind', {}).get('port', 953) }}
+	{%- if control.get('allow') %}
+	allow {
+		{%- for allow in control.allow %}
+		{{ allow }};
+		{%- endfor %}
+	}
+	{%- endif %}
+	{%- if control.get('keys') %}
+	keys {
+		{%- for key in control.get('keys') %}
+		{{ key }};
+		{%- endfor %}
+	}
+	{%- endif %};
+	{%- endfor %}
+
+};
+{%- endif %}
+
+zone "." in {
+	type hint;
+	file "/var/bind/named.cache";
+};
+
+zone "localhost" IN {
+	type master;
+	file "pri/localhost.zone";
+	notify no;
+};
+
+/*
+ * Briefly, a zone which has been declared delegation-only will be effectively
+ * limited to containing NS RRs for subdomains, but no actual data beyond its
+ * own apex (for example, its SOA RR and apex NS RRset). This can be used to
+ * filter out "wildcard" or "synthesized" data from NAT boxes or from
+ * authoritative name servers whose undelegated (in-zone) data is of no
+ * interest.
+ * See http://www.isc.org/software/bind/delegation-only for more info
+ */
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+//zone "YOUR-DOMAIN.TLD" {
+//	type master;
+//	file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
+//	allow-query { any; };
+//	allow-transfer { xfer; };
+//};
+
+//zone "YOUR-SLAVE.TLD" {
+//	type slave;
+//	file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
+//	masters { <MASTER>; };
+
+	/* Anybody is allowed to query but transfer should be controlled by the master. */
+//	allow-query { any; };
+//	allow-transfer { none; };
+
+	/* The master should be the only one who notifies the slaves, shouldn't it? */
+//	allow-notify { <MASTER>; };
+//	notify no;
+//};
+
+include "{{ map.local_config }}";
diff --git a/bind/map.jinja b/bind/map.jinja
@@ -95,6 +95,26 @@
         'key_algorithm_field': '008',
         'key_size': '4096',
     },
+    'Gentoo': {
+        'pkgs': ['net-dns/bind', 'net-dns/bind-tools', 'net-dns/dnssec-tools'],
+        'service': 'named',
+        'config_source_dir': 'bind/files/gentoo',
+        'zones_source_dir': 'zones',
+        'config': '/etc/bind/named.conf',
+        'local_config': '/etc/bind/named.conf.local',
+        'named_directory': '/var/bind',
+        'zones_directory': '/var/bind/pri',
+        'chroot_dir': '',
+        'log_dir': '/var/log/named',
+        'log_mode': '660',
+        'user': 'root',
+        'group': 'named',
+        'mode': '640',
+        'key_directory': '/var/bind/dyn',
+        'key_algorithm': 'RSASHA256',
+        'key_algorithm_field': '008',
+        'key_size': '4096',
+    },
     'Suse': {
         'pkgs': ['bind'],
         'service': 'named',
