Set up SpamAssassin
Scan incoming and outgoing email for spam. Use a local Unbound for DNS, so we don't run into blocks for RBL queries.
This commit is contained in:
Râu Cao
116
cookbooks/unbound/resources/config_dnstap.rb
Normal file
116
cookbooks/unbound/resources/config_dnstap.rb
Normal file
@@ -0,0 +1,116 @@
|
||||
#
|
||||
# Cookbook:: unbound
|
||||
# Resource:: config_dnstap
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
unified_mode true
|
||||
|
||||
use 'partials/_config_file'
|
||||
|
||||
property :config_file, String,
|
||||
default: lazy { "#{config_dir}/dnstap.conf" },
|
||||
desired_state: false,
|
||||
description: 'Set to override unbound configuration file.'
|
||||
|
||||
property :dnstap_enable, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_bidirectional, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_socket_path, String
|
||||
|
||||
property :dnstap_ip, String
|
||||
|
||||
property :dnstap_tls, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_tls_server_name, String
|
||||
|
||||
property :dnstap_tls_cert_bundle, String
|
||||
|
||||
property :dnstap_tls_client_key_file, String
|
||||
|
||||
property :dnstap_tls_client_cert_file, String
|
||||
|
||||
property :dnstap_send_identity, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_send_version, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_identity, String
|
||||
|
||||
property :dnstap_version, String
|
||||
|
||||
property :dnstap_log_resolver_query_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_log_resolver_response_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_log_client_query_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_log_client_response_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_log_forwarder_query_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
property :dnstap_log_forwarder_response_messages, [String, true, false],
|
||||
coerce: proc { |p| unbound_yes_no?(p) }
|
||||
|
||||
load_current_value do |new_resource|
|
||||
current_value_does_not_exist! unless ::File.exist?(new_resource.config_file)
|
||||
|
||||
if ::File.exist?(new_resource.config_file)
|
||||
owner ::Etc.getpwuid(::File.stat(new_resource.config_file).uid).name
|
||||
group ::Etc.getgrgid(::File.stat(new_resource.config_file).gid).name
|
||||
mode ::File.stat(new_resource.config_file).mode.to_s(8)[-4..-1]
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
def do_template_action
|
||||
zone_config = {
|
||||
'dnstap-enable' => new_resource.dnstap_enable,
|
||||
'dnstap-bidirectional' => new_resource.dnstap_bidirectional,
|
||||
'dnstap-socket-path' => new_resource.dnstap_socket_path,
|
||||
'dnstap-ip' => new_resource.dnstap_ip,
|
||||
'dnstap-tls' => new_resource.dnstap_tls,
|
||||
'dnstap-tls-server-name' => new_resource.dnstap_tls_server_name,
|
||||
'dnstap-tls-cert-bundle' => new_resource.dnstap_tls_cert_bundle,
|
||||
'dnstap-tls-client-key-file' => new_resource.dnstap_tls_client_key_file,
|
||||
'dnstap-tls-client-cert-file' => new_resource.dnstap_tls_client_cert_file,
|
||||
'dnstap-send-identity' => new_resource.dnstap_send_identity,
|
||||
'dnstap-send-version' => new_resource.dnstap_send_version,
|
||||
'dnstap-identity' => new_resource.dnstap_identity,
|
||||
'dnstap-version' => new_resource.dnstap_version,
|
||||
'dnstap-log-resolver-query-messages' => new_resource.dnstap_log_resolver_query_messages,
|
||||
'dnstap-log-resolver-response-messages' => new_resource.dnstap_log_resolver_response_messages,
|
||||
'dnstap-log-client-query-messages' => new_resource.dnstap_log_client_query_messages,
|
||||
'dnstap-log-client-response-messages' => new_resource.dnstap_log_client_response_messages,
|
||||
'dnstap-log-forwarder-query-messages' => new_resource.dnstap_log_forwarder_query_messages,
|
||||
'dnstap-log-forwarder-response-messages' => new_resource.dnstap_log_forwarder_response_messages,
|
||||
}.compact
|
||||
|
||||
config = {
|
||||
'dnstap' => zone_config,
|
||||
}
|
||||
|
||||
perform_config_action(config)
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user