Commit 92be55e7 authored by skorpy's avatar skorpy 👷

init knot-dns/nextnode

parent a7abb6cb
Pipeline #24129 passed with stages
in 1 minute and 45 seconds
# -*- coding: utf-8 -*-
import logging
"""Expexted output as an array for
nextnode.ffffm.net:
- net: 2a06:8187:fbc0::/48
A: [ 10.176.15.254 ]
AAAA: [ fd06:8187:fbc0::1:1 ]
so we need:
- net: domains.dom0.global_prefix6
A: [domains.dom0.nextnode4]
AAAA: [domains.dom0.nextnode6]
"""
def knot_yaml():
# pylint: disable=undefined-variable
tmp = []
for domain in __salt__['pillar.get']('domains'):
global_prefix6 = __salt__['pillar.get'](
'domains:{}:global_prefix6'.format(domain))
nextnode4 = __salt__['pillar.get'](
'domains:{}:nextnode4'.format(domain))
nextnode6 = __salt__['pillar.get'](
'domains:{}:nextnode6'.format(domain))
tmp.extend([{"net": global_prefix6, "A": [nextnode4], "AAAA": [nextnode6]}])
return tmp
......@@ -15,6 +15,8 @@ log:
# Log info and more serious events to syslog.
- target: syslog
any: info
# https://www.knot-dns.cz/docs/latest/html/modules.html#synthrecord-automatic-forward-reverse-records
mod-synthrecord:
- id: fb00
type: reverse
......@@ -29,11 +31,19 @@ mod-synthrecord:
ttl: 200
network: 185.206.208.0/22
# https://www.knot-dns.cz/docs/latest/html/modules.html#rrl-response-rate-limiting
mod-rrl:
- id: default
rate-limit: 200 # Allow 200 resp/s for each flow
slip: 2 # Every other response slips
# https://www.knot-dns.cz/docs/latest/html/modules.html#geoip-geography-based-responses
mod-geoip:
- id: nextnode
config-file: /var/lib/knot/nextnode.conf
ttl: 200
mode: subnet
template:
- id: default
file: /var/lib/knot/zones/%s.zone
......
{# upstream docu: https://www.knot-dns.cz/docs/latest/html/modules.html?highlight=subnet#using-subnets #}
nextnode.ffffm.net:
{{ salt['nextnode.knot_yaml']()|yaml(False)| indent(2) }}
......@@ -35,6 +35,16 @@ knot:
- pkg: git
- pkg: knot
//var/lib/knot/nextnode.conf:
file.managed:
- source: salt://knot-dns/files/nextnode.conf.j2
- user: knot
- group: knot
- mode: '0644'
- template: jinja
- require:
- pkg: knot
/etc/ferm/conf.d/40-knot.conf:
file.managed:
- source: salt://knot-dns/files/ferm.conf.j2
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment