mirror of
https://github.com/saltstack-formulas/bind-formula.git
synced 2025-04-10 14:51:42 +00:00
b5efc0b9bd
Debian ships with an apparmor profile that specifies /var/log/named as the permissible log directory.
144 lines
4.9 KiB
Django/Jinja
144 lines
4.9 KiB
Django/Jinja
{% set map = salt['grains.filter_by']({
|
|
'Debian': {
|
|
'pkgs': ['bind9', 'bind9utils', 'dns-root-data'],
|
|
'service': 'bind9',
|
|
'config_source_dir': 'bind/files/debian',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/etc/bind/named.conf',
|
|
'local_config': '/etc/bind/named.conf.local',
|
|
'key_config': '/etc/bind/named.conf.key',
|
|
'options_config': '/etc/bind/named.conf.options',
|
|
'default_config': '/etc/default/bind9',
|
|
'default_zones_config': '/etc/bind/named.conf.default-zones',
|
|
'logging_config': '/etc/bind/named.conf.logging',
|
|
'rndc_client_config': '/etc/bind/rndc.conf',
|
|
'named_directory': '/var/cache/bind',
|
|
'zones_directory': '/var/cache/bind/zones',
|
|
'chroot_dir': '',
|
|
'log_dir': '/var/log/named',
|
|
'log_mode': '644',
|
|
'user': 'bind',
|
|
'group': 'bind',
|
|
'mode': '644',
|
|
'key_directory': '/etc/bind/keys',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
'options': {
|
|
'querylog': 'no'
|
|
}
|
|
},
|
|
'RedHat': {
|
|
'pkgs': ['bind'],
|
|
'service': 'named',
|
|
'config_source_dir': 'bind/files/redhat',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/etc/named.conf',
|
|
'local_config': '/etc/named.conf.local',
|
|
'default_config': '/etc/sysconfig/named',
|
|
'named_directory': '/var/named',
|
|
'chroot_dir': '',
|
|
'log_dir': '/var/named/data',
|
|
'log_mode': '640',
|
|
'user': 'named',
|
|
'group': 'named',
|
|
'mode': '640',
|
|
'key_directory': '/etc/named.keys',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
'options': {
|
|
'listen-on': 'port 53 { 127.0.0.1; }',
|
|
'listen-on-v6': 'port 53 { ::1; }',
|
|
'allow-query': '{ localhost; }',
|
|
'recursion': 'yes',
|
|
'dnssec-enable': 'yes',
|
|
'dnssec-validation': 'yes',
|
|
}
|
|
},
|
|
'Arch': {
|
|
'pkgs': ['bind', 'bind-tools', 'dnssec-tools'],
|
|
'service': 'named',
|
|
'config_source_dir': 'bind/files/arch',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/etc/named.conf',
|
|
'local_config': '/etc/named.conf.local',
|
|
'named_directory': '/var/named',
|
|
'chroot_dir': '',
|
|
'log_dir': '/var/log/named',
|
|
'log_mode': '640',
|
|
'user': 'root',
|
|
'group': 'named',
|
|
'mode': '640',
|
|
'key_directory': '/etc/named.keys',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
},
|
|
'FreeBSD': {
|
|
'pkgs': ['bind911'],
|
|
'service': 'named',
|
|
'config_source_dir': 'bind/files/freebsd',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/usr/local/etc/namedb/named.conf',
|
|
'local_config': '/usr/local/etc/namedb/named.conf.local',
|
|
'logging_config': '/usr/local/etc/namedb/named.conf.logging',
|
|
'named_directory': '/usr/local/etc/namedb/working',
|
|
'chroot_dir': '',
|
|
'log_dir': '/var/log/named',
|
|
'log_mode': '660',
|
|
'user': 'root',
|
|
'group': 'bind',
|
|
'mode': '640',
|
|
'key_directory': '/usr/local/etc/namedb/keys',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
},
|
|
'Gentoo': {
|
|
'pkgs': ['net-dns/bind', 'net-dns/bind-tools', 'net-dns/dnssec-tools'],
|
|
'service': 'named',
|
|
'config_source_dir': 'bind/files/gentoo',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/etc/bind/named.conf',
|
|
'local_config': '/etc/bind/named.conf.local',
|
|
'named_directory': '/var/bind',
|
|
'zones_directory': '/var/bind/pri',
|
|
'chroot_dir': '',
|
|
'log_dir': '/var/log/named',
|
|
'log_mode': '660',
|
|
'user': 'root',
|
|
'group': 'named',
|
|
'mode': '640',
|
|
'key_directory': '/var/bind/dyn',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
},
|
|
'Suse': {
|
|
'pkgs': ['bind'],
|
|
'service': 'named',
|
|
'config_source_dir': 'bind/files/suse',
|
|
'zones_source_dir': 'zones',
|
|
'config': '/etc/named.conf',
|
|
'local_config': '/etc/named.d/named.conf.local',
|
|
'default_config': '/etc/sysconfig/named',
|
|
'named_directory': '/var/lib/named',
|
|
'chroot_dir': '/var/lib/named',
|
|
'log_dir': '/var/log',
|
|
'log_mode': '660',
|
|
'user': 'root',
|
|
'group': 'named',
|
|
'mode': '640',
|
|
'key_directory': '/etc/named.keys',
|
|
'key_algorithm': 'RSASHA256',
|
|
'key_algorithm_field': '008',
|
|
'key_size': '4096',
|
|
}
|
|
}, merge=salt['grains.filter_by']({
|
|
}, grain='oscodename', merge=salt['grains.filter_by']({
|
|
'Ubuntu': {
|
|
'log_dir': '/var/log/named',
|
|
'user': 'bind'
|
|
},
|
|
}, grain='os', merge=salt['pillar.get']('bind:lookup')))) %}
|