From 1709cf98ed0c2283c9f81f1f76302f7a539a62c3 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Sun, 22 Mar 2015 17:11:23 +0100
Subject: trust anchors

---
 .../puppet/modules/sunet/manifests/dockerhost.pp   | 56 ++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp

(limited to 'global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp')

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
new file mode 100644
index 0000000..67f75f9
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
@@ -0,0 +1,56 @@
+# Install docker from https://get.docker.com/ubuntu
+class sunet::dockerhost {
+  apt::source {'docker_official':
+     location           => 'https://get.docker.com/ubuntu',
+     release            => 'docker',
+     repos              => 'main',
+     key                => 'A88D21E9',
+     include_src        => false
+  }
+  package {'lxc-docker':
+     ensure             => latest,
+  }
+
+  class {'docker':
+     manage_package     => false,
+  }
+
+  package { 'unbound': ensure => 'latest' }
+  service { 'unbound': ensure => 'running' }
+
+  file { '/usr/local/etc/docker.d/20unbound':
+    ensure  => file,
+    path    => '/usr/local/etc/docker.d/20unbound',
+    mode    => '0755',
+    content => template('sunet/dockerhost/20unbound.erb'),
+  }
+
+  file { '/etc/logrotate.d/docker-containers':
+    ensure  => file,
+    path    => '/etc/logrotate.d/docker-containers',
+    mode    => '0644',
+    content => template('sunet/dockerhost/logrotate_docker-containers.erb'),
+  }
+
+  file { '/etc/unbound/unbound.conf.d/docker.conf':
+    ensure  => file,
+    path    => '/etc/unbound/unbound.conf.d/docker.conf',
+    mode    => '0644',
+    content => template('sunet/dockerhost/unbound_docker.conf.erb'),
+    notify  => Service['unbound'],
+  }
+
+  ufw::allow { 'allow-docker-resolving_udp':
+    port  => '53',
+    ip    => $::ipaddress_docker0,    # both IPv4 and IPv6
+    from  => '172.16.0.0/12',
+    proto => 'udp',
+  }
+  ufw::allow { 'allow-docker-resolving_tcp':
+    port  => '53',
+    ip    => $::ipaddress_docker0,    # both IPv4 and IPv6
+    from  => '172.16.0.0/12',
+    proto => 'tcp',
+  }
+
+}
-- 
cgit v1.1