Revert "move defaults to class so that puppet-strings can build bette…

…r docs" This reverts commit 62f97a2.
b4ldr · Apr 28, 2021 · b8b8f47 · b8b8f47
1 parent d45877a
commit b8b8f47
Show file tree

Hide file tree

Showing 10 changed files with 441 additions and 226 deletions.
diff --git a/data/common.yaml b/data/common.yaml
@@ -0,0 +1,208 @@
+---
+unbound::verbosity: 1
+unbound::statistics_interval: ~
+unbound::statistics_cumulative: false
+unbound::extended_statistics: false
+unbound::num_threads: 1
+unbound::port: 53
+unbound::interface: ~
+unbound::interface_automatic: false
+unbound::outgoing_interface: ~
+unbound::outgoing_range: ~
+unbound::outgoing_port_permit: '32768-65535'
+unbound::outgoing_port_avoid: '0-32767'
+unbound::outgoing_port_permit_first: true
+unbound::outgoing_num_tcp: ~
+unbound::incoming_num_tcp: ~
+unbound::edns_buffer_size: 1280
+unbound::max_udp_size: ~
+unbound::stream_wait_size: ~
+unbound::msg_buffer_size: ~
+unbound::msg_cache_size: ~
+unbound::msg_cache_slabs: ~
+unbound::num_queries_per_thread: ~
+unbound::jostle_timeout: ~
+unbound::delay_close: ~
+unbound::unknown_server_time_limit: ~
+unbound::so_rcvbuf: ~
+unbound::so_sndbuf: ~
+unbound::so_reuseport: false
+unbound::ip_transparent: false
+unbound::ip_freebind: false
+unbound::rrset_cache_size: ~
+unbound::rrset_cache_slabs: ~
+unbound::cache_max_ttl: ~
+unbound::cache_max_negative_ttl: ~
+unbound::cache_min_ttl: ~
+unbound::infra_host_ttl: ~
+unbound::infra_cache_numhosts: ~
+unbound::infra_cache_slabs: ~
+unbound::infra_cache_min_rtt: ~
+unbound::define_tag: ~
+unbound::do_ip4: true
+unbound::do_ip6: true
+unbound::prefer_ip6: false
+unbound::do_udp: true
+unbound::do_tcp: true
+unbound::tcp_mss: ~
+unbound::outgoing_tcp_mss: ~
+unbound::tcp_idle_timeout: ~
+unbound::edns_tcp_keepalive: false
+unbound::edns_tcp_keepalive_timeout: ~
+unbound::tcp_upstream: false
+unbound::udp_upstream_without_downstream: false
+unbound::tls_cert_bundle: ~
+unbound::tls_upstream: false
+unbound::ssl_upstream: false
+unbound::ssl_service_key: ~
+unbound::ssl_service_pem: ~
+unbound::ssl_port: ~
+unbound::tls_ciphers: ~
+unbound::tls_ciphersuites: ~
+unbound::use_systemd: false
+unbound::do_daemonize: true
+unbound::access_control: ~
+unbound::chroot: ~
+unbound::username: "%{hiera('unbound::owner')}"
+unbound::directory: "%{hiera('unbound::confdir')}"
+unbound::logfile: ~
+unbound::log_identity: ~
+unbound::log_time_ascii: false
+unbound::log_queries: false
+unbound::log_replies: false
+unbound::log_tag_queryreply: false
+unbound::log_local_actions: false
+unbound::log_servfail: false
+unbound::pidfile: '/var/run/unbound/unbound.pid'
+unbound::hide_identity: true
+unbound::identity: ~
+unbound::hide_version: true
+unbound::version: ~
+unbound::hide_trustanchor: true
+unbound::target_fetch_policy: ~
+unbound::harden_short_bufsize: false
+unbound::harden_large_queries: false
+unbound::harden_glue: true
+unbound::harden_dnssec_stripped: true
+unbound::harden_below_nxdomain: true
+unbound::harden_referral_path: false
+unbound::harden_algo_downgrade: false
+unbound::use_caps_for_id: false
+unbound::caps_whitlist: ~
+unbound::qname_minimisation: false
+unbound::qname_minimisation_strict: false
+unbound::private_address: ~
+unbound::private_domain: ~
+unbound::unwanted_reply_threshold: 10000000
+unbound::do_not_query_address: ~
+unbound::do_not_query_localhost: true
+unbound::prefetch: false
+unbound::prefetch_key: false
+unbound::deny_any: false
+unbound::rrset_roundrobin: false
+unbound::minimal_responses: false
+unbound::disable_dnssec_lame_check: false
+unbound::trust_anchor_file: ~
+unbound::auto_trust_anchor_file: "%{hiera('unbound::runtime_dir')}/root.key"
+unbound::trust_anchor: ~
+unbound::trusted_keys_file: "%{hiera('unbound::keys_d')}/*.key"
+unbound::trust_anchor_signaling: true
+unbound::domain_insecure: ~
+unbound::val_sig_skew_min: ~
+unbound::val_sig_skew_max: ~
+unbound::val_bogus_ttl: ~
+unbound::val_clean_additional: true
+unbound::val_log_level: ~
+unbound::val_permissive_mode: false
+unbound::ignore_cd_flag: false
+unbound::serve_expired: false
+unbound::serve_expired_ttl: ~
+unbound::serve_expired_ttl_reset: false
+unbound::serve_expired_reply_ttl: ~
+unbound::serve_expired_client_timeout: ~
+unbound::val_nsec3_keysize_iterations: ~
+unbound::add_holddown: ~
+unbound::del_holddown: ~
+unbound::keep_missing: ~
+unbound::permit_small_holddown: false
+unbound::key_cache_size: ~
+unbound::key_cache_slabs: ~
+unbound::neg_cache_size: ~
+unbound::unblock_lan_zones: false
+unbound::insecure_lan_zones: false
+unbound::local_zone: ~
+unbound::local_data: ~
+unbound::local_data_ptr: ~
+unbound::local_zone_tag: ~
+unbound::local_zone_override: ~
+unbound::ratelimit: ~
+unbound::ratelimit_size: ~
+unbound::ratelimit_slabs: ~
+unbound::ratelimit_factor: ~
+unbound::ratelimit_for_domain: ~
+unbound::ratelimit_below_domain: ~
+unbound::ip_ratelimit: ~
+unbound::ip_ratelimit_size: ~
+unbound::ip_ratelimit_slabs: ~
+unbound::ip_ratelimit_factor: ~
+unbound::fast_server_permil: ~
+unbound::fast_server_num: ~
+
+unbound::confdir: '/etc/unbound'
+unbound::service_name: 'unbound'
+unbound::service_hasstatus: true
+unbound::service_enable: true
+unbound::service_ensure: 'running'
+unbound::package_name: 'unbound'
+unbound::package_ensure: 'installed'
+unbound::package_provider: ~
+unbound::runtime_dir: "%{hiera('unbound::confdir')}"
+unbound::owner: 'unbound'
+unbound::validate_cmd: '/usr/sbin/unbound-checkconf %'
+unbound::restart_cmd: "/bin/systemctl restart %{hiera('unbound::service_name')}"
+
+unbound::forward: {}
+unbound::stub: {}
+unbound::record: {}
+
+unbound::access:
+  - '::1'
+  - '127.0.0.1/8'
+unbound::anchor_fetch_command: "unbound-anchor -a %{hiera('unbound::auto_trust_anchor_file')}"
+unbound::conf_d: "%{hiera('unbound::confdir')}/conf.d"
+unbound::config_file: "%{hiera('unbound::confdir')}/unbound.conf"
+unbound::control_enable: false
+unbound::control_setup_path: '/usr/sbin/unbound-control-setup'
+unbound::control_path: '/usr/sbin/unbound-control'
+unbound::fetch_client: 'wget -O'
+unbound::group: 'unbound'
+unbound::keys_d: "%{hiera('unbound::confdir')}/keys.d"
+unbound::module_config: ~
+unbound::root_hints_url: 'https://www.internic.net/domain/named.root'
+unbound::custom_server_conf: []
+unbound::skip_roothints_download: false
+unbound::python_script: ~
+unbound::dns64_prefix: '64:ff9b::/96'
+unbound::dns64_synthall: false
+unbound::send_client_subnet: ~
+unbound::client_subnet_zone: ~
+unbound::client_subnet_always_forward: false
+unbound::max_client_subnet_ipv6: 56
+unbound::max_client_subnet_ipv4: 24
+unbound::min_client_subnet_ipv6: ~
+unbound::min_client_subnet_ipv4: ~
+unbound::max_ecs_tree_size_ipv4: ~
+unbound::max_ecs_tree_size_ipv6: ~
+unbound::ipsecmod_enabled: true
+unbound::ipsecmod_hook: ~
+unbound::ipsecmod_strict: false
+unbound::ipsecmod_max_ttl: 3600
+unbound::ipsecmod_ignore_bogus: false
+unbound::ipsecmod_whitelist: ~
+unbound::backend: ~
+unbound::secret_seed: default
+unbound::redis_server_host: 127.0.0.1
+unbound::redis_server_port: 6379
+unbound::redis_timeout: 100
+unbound::unbound_conf_d: "%{hiera('unbound::confdir')}/unbound.conf.d"
+unbound::purge_unbound_conf_d: false
diff --git a/data/os/OpenBSD.yaml b/data/os/OpenBSD.yaml
@@ -4,8 +4,7 @@ unbound::pidfile: '/var/run/unbound.pid'
 unbound::logdir: '/var/log/unbound'
 unbound::owner: '_unbound'
 unbound::group: '_unbound'
-unbound::service_name: 'unbound'
 unbound::fetch_client: 'ftp -o'
 unbound::validate_cmd: '/usr/sbin/unbound-checkconf %'
 unbound::package_name: ''
-unbound::restart_cmd: "/usr/sbin/rcctl restart %{lookup('unbound::service_name')}"
+unbound::restart_cmd: "/usr/sbin/rcctl restart %{hiera('unbound::service_name')}"
diff --git a/hiera.yaml b/hiera.yaml
@@ -10,4 +10,6 @@ hierarchy:
     path: "os/%{facts.os.family}/%{facts.os.name}.yaml"
   - name: "family"
     path: "os/%{facts.os.family}.yaml"
+  - name: "common"
+    path: "common.yaml"