#
-# Cookbook Name:: geodns
+# Cookbook:: geodns
# Recipe:: default
#
-# Copyright 2011, OpenStreetMap Foundation
+# Copyright:: 2011, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# limitations under the License.
#
-package "geoip-database-contrib"
+include_recipe "geoipupdate"
-package "gdnsd"
+servers = search(:node, "roles:geodns").collect(&:name).sort
-service "gdnsd" do
- action [:enable, :start]
- supports :status => true, :restart => true, :reload => true
+servers << "dummy.example.com" if servers.empty?
+
+package %w[
+ gdnsd
+]
+
+link "/etc/gdnsd/geoip/GeoLite2-Country.mmdb" do
+ to "#{node[:geoipupdate][:directory]}/GeoLite2-Country.mmdb"
+end
+
+directory "/etc/gdnsd/config.d" do
+ owner "nobody"
+ group "nogroup"
+ mode "755"
+end
+
+%w[nominatim].each do |zone|
+ %w[map resource weighted].each do |type|
+ template "/etc/gdnsd/config.d/#{zone}.#{type}" do
+ action :create_if_missing
+ source "zone.#{type}.erb"
+ owner "nobody"
+ group "nogroup"
+ mode "644"
+ variables :zone => zone
+ end
+ end
end
template "/etc/gdnsd/config" do
source "config.erb"
owner "root"
group "root"
- mode 0644
+ mode "644"
notifies :restart, "service[gdnsd]"
end
source "geo.erb"
owner "root"
group "root"
- mode 0644
+ mode "644"
+ variables :servers => servers
notifies :restart, "service[gdnsd]"
end
+service "gdnsd" do
+ action [:enable, :start]
+ supports :status => true, :restart => true, :reload => true
+end
+
+systemd_service "gdnsd-reload" do
+ description "Reload gdnsd configuration"
+ type "simple"
+ user "root"
+ exec_start "/bin/systemctl reload-or-restart gdnsd"
+ standard_output "null"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_path "gdnsd-reload" do
+ description "Reload gdnsd configuration"
+ path_changed "/etc/gdnsd/config.d"
+end
+
+service "gdnsd-reload.path" do
+ action [:enable, :start]
+ subscribes :restart, "systemd_path[gdnsd-reload]"
+end
+
firewall_rule "accept-dns-udp" do
action :accept
- source "net"
- dest "fw"
- proto "udp"
+ context :incoming
+ protocol :udp
dest_ports "domain"
end
firewall_rule "accept-dns-tcp" do
action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
+ context :incoming
+ protocol :tcp
dest_ports "domain"
end