From 8251e2842856ec2abcc5a4e189e5c28fae0e5e00 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 8 Mar 2016 18:22:05 +0100
Subject: [PATCH] Starting with states fro Bind

---
 bind/dirs.sls           | 44 +++++++++++++++++++++++++++++++++++++++++
 bind/files/rndc.key     |  5 +++++
 bind/files/rndc.private |  8 ++++++++
 bind/files/rndc.public  |  2 ++
 bind/init.sls           |  5 +++++
 bind/rndc.sls           | 39 ++++++++++++++++++++++++++++++++++++
 bind/user.sls           | 17 ++++++++++++++++
 7 files changed, 120 insertions(+)
 create mode 100644 bind/dirs.sls
 create mode 100644 bind/files/rndc.key
 create mode 100644 bind/files/rndc.private
 create mode 100644 bind/files/rndc.public
 create mode 100644 bind/init.sls
 create mode 100644 bind/rndc.sls
 create mode 100644 bind/user.sls

diff --git a/bind/dirs.sls b/bind/dirs.sls
new file mode 100644
index 0000000..152cfcc
--- /dev/null
+++ b/bind/dirs.sls
@@ -0,0 +1,44 @@
+
+/etc/bind:
+  file.directory:
+    - user: root
+    - group: bind
+    - dir_mode: 2755
+    - makedirs: True
+    - require:
+      - group: bind-group
+
+/etc/bind/zones:
+  file.directory:
+    - user: root
+    - group: bind
+    - dir_mode: 755
+    - require:
+      - file: /etc/bind
+
+/var/cache/bind:
+  file.directory:
+    - user: root
+    - group: bind
+    - dir_mode: 775
+    - makedirs: True
+    - require:
+      - group: bind-group
+
+/var/log/bind:
+  file.directory:
+    - user: bind
+    - group: bind
+    - dir_mode: 755
+    - makedirs: True
+    - require:
+      - group: bind-group
+      - user: bind-user
+
+/etc/bind/dnssec:
+  file.directory:
+    - user: root
+    - group: root
+    - dir_mode: 700
+    - makedirs: True
+
diff --git a/bind/files/rndc.key b/bind/files/rndc.key
new file mode 100644
index 0000000..3c88af6
--- /dev/null
+++ b/bind/files/rndc.key
@@ -0,0 +1,5 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+key "rndc-key" {
+	algorithm {{ dnssec.rndc.algo_name|lower|replace('_', '-') }};
+	secret "{{ dnssec.rndc.key }}";
+};
diff --git a/bind/files/rndc.private b/bind/files/rndc.private
new file mode 100644
index 0000000..a7fecb8
--- /dev/null
+++ b/bind/files/rndc.private
@@ -0,0 +1,8 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+Private-key-format: v1.3
+Algorithm: {{ dnssec.rndc.algo_nr }} ({{ dnssec.rndc.algo_name }})
+Key: {{ dnssec.rndc.key }}
+Bits: {{ dnssec.rndc.bits }}
+Created: {{ dnssec.rndc.date }}
+Publish: {{ dnssec.rndc.date }}
+Activate: {{ dnssec.rndc.date }}
diff --git a/bind/files/rndc.public b/bind/files/rndc.public
new file mode 100644
index 0000000..e4d94bf
--- /dev/null
+++ b/bind/files/rndc.public
@@ -0,0 +1,2 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+{{ dnssec.rndc.name }}. IN KEY {{ dnssec.rndc.bits_num }} 3 {{ dnssec.rndc.algo_nr }} {{ dnssec.rndc.key }}
diff --git a/bind/init.sls b/bind/init.sls
new file mode 100644
index 0000000..30be267
--- /dev/null
+++ b/bind/init.sls
@@ -0,0 +1,5 @@
+
+include:
+  - bind.user
+  - bind.dirs
+  - bind.rndc
diff --git a/bind/rndc.sls b/bind/rndc.sls
new file mode 100644
index 0000000..d8152b7
--- /dev/null
+++ b/bind/rndc.sls
@@ -0,0 +1,39 @@
+{%- set dnssec = salt['pillar.get']('bind:dnssec', {})  -%}
+
+/etc/bind/rndc.key:
+  file.managed:
+    - source: salt://bind/files/rndc.key
+    - user: bind
+    - group: bind
+    - mode: 640
+    - template: jinja
+    - backup: minion
+    - require:
+      - file: /etc/bind
+      - group: bind-group
+      - user: bind-user
+
+rndc-keyfile-public:
+  file.managed:
+    - name: /etc/bind/dnssec/K{{ dnssec.rndc.name }}.+{{ dnssec.rndc.algo_nr }}+{{ dnssec.rndc.footprint }}.key
+    - source: salt://bind/files/rndc.public
+    - user: root
+    - group: root
+    - mode: 600
+    - template: jinja
+    - backup: minion
+    - require:
+      - file: /etc/bind/dnssec
+
+rndc-keyfile-private:
+  file.managed:
+    - name: /etc/bind/dnssec/K{{ dnssec.rndc.name }}.+{{ dnssec.rndc.algo_nr }}+{{ dnssec.rndc.footprint }}.private
+    - source: salt://bind/files/rndc.private
+    - user: root
+    - group: root
+    - mode: 600
+    - template: jinja
+    - backup: minion
+    - require:
+      - file: /etc/bind/dnssec
+
diff --git a/bind/user.sls b/bind/user.sls
new file mode 100644
index 0000000..d105b44
--- /dev/null
+++ b/bind/user.sls
@@ -0,0 +1,17 @@
+
+bind-group:
+  group.present:
+    - name: bind
+    - system: True
+
+bind-user:
+  user.present:
+    - name: bind
+    - gid: bind
+    - fullname: Bind daemon user
+    - shell: /bin/false
+    - home: /var/cache/bind
+    - system: True
+    - createhome: False
+    - require:
+      - group: bind-group
-- 
2.39.5