aboutsummaryrefslogtreecommitdiffstats
path: root/deployment/dns
diff options
context:
space:
mode:
Diffstat (limited to 'deployment/dns')
-rw-r--r--deployment/dns/manifests/init.pp1
-rw-r--r--deployment/dns/manifests/reverse_zone.pp5
-rw-r--r--deployment/dns/manifests/server.pp7
-rw-r--r--deployment/dns/manifests/zone.pp5
-rw-r--r--deployment/dns/templates/2.1.0.0.0.0.0.1.b.0.e.0.1.0.a.2.ip6.arpa.zone12
-rw-r--r--deployment/dns/templates/7.0.0.0.2.0.0.0.8.7.1.2.2.0.a.2.ip6.arpa.zone19
-rw-r--r--deployment/dns/templates/mageia.org.zone174
7 files changed, 223 insertions, 0 deletions
diff --git a/deployment/dns/manifests/init.pp b/deployment/dns/manifests/init.pp
new file mode 100644
index 00000000..a84c8db7
--- /dev/null
+++ b/deployment/dns/manifests/init.pp
@@ -0,0 +1 @@
+class dns { }
diff --git a/deployment/dns/manifests/reverse_zone.pp b/deployment/dns/manifests/reverse_zone.pp
new file mode 100644
index 00000000..9095251d
--- /dev/null
+++ b/deployment/dns/manifests/reverse_zone.pp
@@ -0,0 +1,5 @@
+define dns::reverse_zone {
+ bind::zone::reverse { $name:
+ content => template("dns/${name}.zone")
+ }
+}
diff --git a/deployment/dns/manifests/server.pp b/deployment/dns/manifests/server.pp
new file mode 100644
index 00000000..c9467de8
--- /dev/null
+++ b/deployment/dns/manifests/server.pp
@@ -0,0 +1,7 @@
+class dns::server {
+ include bind::master
+ dns::zone { 'mageia.org': }
+
+ dns::reverse_zone { '7.0.0.0.2.0.0.0.8.7.1.2.2.0.a.2.ip6.arpa': }
+ dns::reverse_zone { '2.1.0.0.0.0.0.1.b.0.e.0.1.0.a.2.ip6.arpa': }
+}
diff --git a/deployment/dns/manifests/zone.pp b/deployment/dns/manifests/zone.pp
new file mode 100644
index 00000000..7d4da311
--- /dev/null
+++ b/deployment/dns/manifests/zone.pp
@@ -0,0 +1,5 @@
+define dns::zone {
+ bind::zone::master { $name:
+ content => template("dns/${name}.zone")
+ }
+}
diff --git a/deployment/dns/templates/2.1.0.0.0.0.0.1.b.0.e.0.1.0.a.2.ip6.arpa.zone b/deployment/dns/templates/2.1.0.0.0.0.0.1.b.0.e.0.1.0.a.2.ip6.arpa.zone
new file mode 100644
index 00000000..8ab67138
--- /dev/null
+++ b/deployment/dns/templates/2.1.0.0.0.0.0.1.b.0.e.0.1.0.a.2.ip6.arpa.zone
@@ -0,0 +1,12 @@
+$TTL 3D
+@ IN SOA ns0.mageia.org. root.mageia.org. (
+ 2024090202 ; Serial
+ 3600 ; Refresh
+ 3600 ; Retry
+ 3600000 ; Expire
+ 3600 ; Minimum TTL
+)
+
+; nameservers
+@ IN NS ns0.mageia.org.
+@ IN NS ns1.mageia.org.
diff --git a/deployment/dns/templates/7.0.0.0.2.0.0.0.8.7.1.2.2.0.a.2.ip6.arpa.zone b/deployment/dns/templates/7.0.0.0.2.0.0.0.8.7.1.2.2.0.a.2.ip6.arpa.zone
new file mode 100644
index 00000000..fdb83e63
--- /dev/null
+++ b/deployment/dns/templates/7.0.0.0.2.0.0.0.8.7.1.2.2.0.a.2.ip6.arpa.zone
@@ -0,0 +1,19 @@
+$TTL 3D
+@ IN SOA ns0.mageia.org. root.mageia.org. (
+ 2024090202 ; Serial
+ 3600 ; Refresh
+ 3600 ; Retry
+ 3600000 ; Expire
+ 3600 ; Minimum TTL
+)
+
+; nameservers
+@ IN NS ns0.mageia.org.
+@ IN NS ns1.mageia.org.
+
+1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR gw-ipv6.mageia.org.
+4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ecosse.mageia.org.
+6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fiona.mageia.org.
+7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR sucuk.mageia.org.
+8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR rabbit.mageia.org.
+9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR duvel.mageia.org.
diff --git a/deployment/dns/templates/mageia.org.zone b/deployment/dns/templates/mageia.org.zone
new file mode 100644
index 00000000..a04ca19b
--- /dev/null
+++ b/deployment/dns/templates/mageia.org.zone
@@ -0,0 +1,174 @@
+<%-
+ # nodes list defined in puppet/manifests/nodes_ip.pp
+ nodes = scope.lookupvar('::nodes_ipaddr')
+-%>
+; puppet-distributed file
+; local modifications will be lost
+; $Id$
+$TTL 30m
+@ IN SOA ns0.mageia.org. root.mageia.org. (
+ 2025100701 ; Serial
+ 7200 ; Refresh
+ 3600 ; Retry
+ 3600000 ; Expire
+ 300 ; Minimum TTL
+ )
+
+; nameservers
+@ IN NS ns0.mageia.org.
+@ IN NS ns1.mageia.org.
+
+@ IN MX 10 sucuk.mageia.org.
+@ IN MX 20 neru.mageia.org.
+
+; DKIM for mageia.org
+sucuk._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGH25Jb2Al84XlTfSWuqZL8f6K6b+QhJjvV3zbF1/t31WmLwEt0So+p3FbFeKmaq/e0nJ+wKteTSVZsl3xwux+MaARKJDpEXslEgy+ojCedWqqpP6xLUjPuYPimGPljwkLwDoJxwvjiLa2POebec7C+R/nzaGm2nnTFwYQomqlvQIDAQAB"
+sucuk._domainkey.group IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBRrdmAaYpDBHCtzkephaLX9LrMFJvgq84dS0ogTIb0xD32qxQF69FU/gEUlfTjzJooTJQC3PK7R3oLnfoWttMlbHCGg/llSfoSI0gD/4UolZokzWZY3qdqMz+zKi9+bfjz0y4Fwx5EPyda1ihHhVB6c+wq6cekhDNOH8PHhO74QIDAQAB"
+sucuk._domainkey.duvel IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHYgFMZTHMYlymX0WJ17ZvgchABE+5O/c6np1gj5sBV2BPIJGs+h/i+Iq6jLYVhSOWEI+6wQKza/8r3Vr4ddi3/UPDzllfqMnKsbPHC/LscyIkQmpNiO2n0nIUhKbuVU1SsRC1B8svO9iNmEjg33/lrLiaV3DtDbGr0ozmBmeFVwIDAQAB"
+sucuk._domainkey.fiona IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeFoY9MTeZD4Z3OnxUJvp6Nr5UF6+rBwCg0TwVWwe/17uCQ4M6ptDxPSGgVIMYJowg/VUcbqNLlt56kluC4mO/gVVUyPQe6EjYib+NV5PkvgHx2TOJfb27ANPiZ4f57eEFqmE3eD7SxqUqF9j2Vobt0J+XgFuyFUBzHZsRTNUpzQIDAQAB"
+sucuk._domainkey.forums IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEVhhONroS/ayEPs+9fmom34EWsny7asKVxIuyJh8EzvPJmx6ODYtX/tN1ul++3xoFNHeAe5YSSGyK+7EgJ5E5wlhw6FwnHPnYp/eMsShDI2dyfYsQnS2Yc1VXkI9s83ZWaVTL9uPRDETMKDIF+QjljFQZAN+eaH55q9u3EZRrWwIDAQAB"
+sucuk._domainkey.identity IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBv4aqFb9cQQkPB30zRfCtcquWKsP5G2Nhh3HSEdN0fFvOegQnGykuGq6lDED9iJuiNSVGO2cjtWtFTwX3+1/W1AW7pmaUD7U9HzPoZgxGPWtvFcJ/tZ1mjKNoGaPa5vLaVpXwxNKjPUCI+w2t5cM8JPnemW1Vm/LeEJ0XLE0InwIDAQAB"
+sucuk._domainkey.madb IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI9WOO3aRQLLnXc08q9HP15VY79TQZR5GqdBcYu0H+jAiuR+OKz6NUSNoYdeNQ4FSvrz27elW6thNcKQg4wYNT4tsJ8d4OU5ScFcrPJszPucVyMpkl/ybCgVq0CmXgOh1yXYwl2YY4AfzUQ6skpTE5G2abIWBvPOvs8Q92vYJ1nwIDAQAB"
+sucuk._domainkey.rabbit IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZYdG5dEd0CHAYGPRG+OXm2gJTDVpjmsKkn5+4BISToAOXXyogRcJN/P6oPySlG+CyUl5PW/2nBIiiUfHNKxVSa9gPO3vS0nlEppSHulkhth4deNu8YXRgJQp31IgaD0/Cbu7CKcDJbxTKGdnMV7XPKoIxB/Mjn0TxUS+WC2WY6QIDAQAB"
+sucuk._domainkey.sucuk IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdzn4W4Tl4sJ0pfhktNVlWRYFXnIwaMENqmi2vgc/P8M/zVxysVuWPcEwhy+IiVT8tMleXMt9dreErzJS+8ZmMd8oTqRXM55ZzRuBtqiecKnbIrXpecYUhh+2o0BMouTRHZvrPK5PV6Y2PrXkXwLF8qOS/eslZDk7hLRk2XBVDWwIDAQAB"
+sucuk._domainkey.ml IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4uPUsb1kvNCXT1AsEBldhU/9akmeRrRHOQtI8g60K+y2fRRur5l+TJDZ/+bnyVS69AMhyfeWEaWGhQytvmkKZBQyHZ6JzS2him+HT/x7xCYOHlQ5vixy0t4jYqbYZ04pdokJ4jcJ3pU7CFisgzk2Ln7HA4JDD1Dc+kCYbOvivtQIDAQAB"
+sucuk._domainkey.neru IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4uPUsb1kvNCXT1AsEBldhU/9akmeRrRHOQtI8g60K+y2fRRur5l+TJDZ/+bnyVS69AMhyfeWEaWGhQytvmkKZBQyHZ6JzS2him+HT/x7xCYOHlQ5vixy0t4jYqbYZ04pdokJ4jcJ3pU7CFisgzk2Ln7HA4JDD1Dc+kCYbOvivtQIDAQAB"
+
+; TODO use a loop here
+ml IN MX 10 sucuk.mageia.org.
+ml IN MX 20 neru.mageia.org.
+
+; Sender Policy Framework for mailing lists & some automated mails
+@ IN TXT "v=spf1 include:smtp.dnamail.fi mx ~all"
+ml IN TXT "v=spf1 mx ~all"
+group IN TXT "v=spf1 mx ~all"
+
+group IN MX 10 sucuk.mageia.org.
+group IN MX 20 neru.mageia.org.
+
+
+; machines
+<%-
+ nodes_txt = ''
+ nodes.keys.sort.each{|nodename|
+ spf = ''
+ if nodes[nodename].has_key?('ipv4')
+ nodes_txt += nodename + ' IN A ' + nodes[nodename]['ipv4'] + "\n"
+ spf += ' ip4:' + nodes[nodename]['ipv4']
+ end
+ if nodes[nodename].has_key?('ipv6')
+ nodes_txt += nodename + ' IN AAAA ' + nodes[nodename]['ipv6'] + "\n"
+ spf += ' ip6:' + nodes[nodename]['ipv6']
+ end
+ nodes_txt += nodename + ' IN TXT "v=spf1 ' + spf + ' mx:mageia.org ~all" ' + "\n"
+ }
+-%>
+<%= nodes_txt %>
+
+;SSHFP
+
+; sucuk
+ns0 IN A <%= nodes['sucuk']['ipv4'] %>
+ns0 IN AAAA <%= nodes['sucuk']['ipv6'] %>
+; neru
+ns1 IN A <%= nodes['neru']['ipv4'] %>
+ns1 IN AAAA <%= nodes['neru']['ipv6'] %>
+
+; mageia.org set to IP of neru
+mageia.org. IN A <%= nodes['neru']['ipv4'] %>
+mageia.org. IN AAAA <%= nodes['neru']['ipv6'] %>
+
+; madb on mageia.madb.org
+;madb IN A 163.172.201.211
+; temporarily for hosting a redirect while the real madb is down
+madb IN CNAME neru
+
+; since we have a subdomain, we cannot use a CNAME
+ml IN A <%= nodes['sucuk']['ipv4'] %>
+ml IN AAAA <%= nodes['sucuk']['ipv6'] %>
+
+; aliases
+ldap-slave-1 IN CNAME neru
+
+archives IN CNAME neru
+blog IN CNAME neru
+dashboard IN CNAME neru
+doc IN CNAME neru
+hugs IN CNAME neru
+meetbot IN CNAME neru
+planet IN CNAME neru
+releases IN CNAME neru
+start IN CNAME neru
+static IN CNAME neru
+www-test IN CNAME neru
+
+rsync IN CNAME duvel
+svn IN CNAME duvel
+git IN CNAME duvel
+puppetmaster IN CNAME duvel
+puppet IN CNAME duvel
+pkgsubmit IN CNAME duvel
+binrepo IN CNAME duvel
+repository IN CNAME duvel
+maintdb IN CNAME duvel
+ldap IN CNAME duvel
+ldap-master IN CNAME duvel
+advisories IN CNAME duvel
+projects IN CNAME duvel
+bcd IN CNAME rabbit
+
+epoll IN CNAME sucuk
+forums IN CNAME sucuk
+forum IN CNAME sucuk
+
+send IN CNAME sucuk
+bugs IN CNAME sucuk
+check IN CNAME sucuk
+gitweb IN CNAME sucuk
+identity IN A <%= nodes['sucuk']['ipv4'] %>
+identity-trunk IN CNAME sucuk
+mirrors IN CNAME sucuk
+nav IN CNAME sucuk
+people IN CNAME sucuk
+perl IN CNAME sucuk
+pg IN CNAME sucuk
+pkgcpan IN CNAME sucuk
+svnweb IN CNAME sucuk
+treasurer IN CNAME sucuk
+wiki IN CNAME sucuk
+www IN CNAME sucuk
+xymon IN CNAME sucuk
+
+; build nodes aliases
+ecosse0 IN CNAME ecosse
+ecosse1 IN CNAME ecosse
+rabbit0 IN CNAME rabbit
+rabbit1 IN CNAME rabbit
+rabbit2 IN CNAME rabbit
+ec2aa1-a IN CNAME ec2aa1
+ec2aa1-b IN CNAME ec2aa1
+ec2aa2-a IN CNAME ec2aa2
+ec2aa2-b IN CNAME ec2aa2
+ec2aa3-a IN CNAME ec2aa3
+ec2aa3-b IN CNAME ec2aa3
+ec2x1-a IN CNAME ec2x1
+ec2x1-b IN CNAME ec2x1
+ec2x2-a IN CNAME ec2x2
+ec2x2-b IN CNAME ec2x2
+pktaa1-a IN CNAME pktaa1
+pktaa1-b IN CNAME pktaa1
+pktaa1-c IN CNAME pktaa1
+pktaa1-d IN CNAME pktaa1
+pktaa1-e IN CNAME pktaa1
+pktaa1-f IN CNAME pktaa1
+ociaa1-a IN CNAME ociaa1
+ociaa1-b IN CNAME ociaa1
+ociaa1-c IN CNAME ociaa1
+ociaa2-a IN CNAME ociaa2
+ociaa2-b IN CNAME ociaa2
+ociaa2-c IN CNAME ociaa2
+ncaa1-a IN CNAME ncaa1
+ncaa1-b IN CNAME ncaa1
+ncaa1-c IN CNAME ncaa1
+
+<%# vim: set filetype=bindzone : -%>
generated by cgit v1.2.1 (git 2.21.0) at 2025-11-12 17:25:12 +0000