From f8fd6700dabe4fc7a6ed2ce7ef63710b51e08c44 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Tue, 23 Apr 2024 22:39:33 +1000
Subject: [PATCH 1/2] feat: enable selecting nameserver by fact

- enable selecting nameservers to use by region, country or all
- set default for nameservers to be region
---
 hieradata/common.yaml               |  1 +
 site/profiles/manifests/dns/base.pp | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 185780a..9dd7df2 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -57,6 +57,7 @@ profiles::base::puppet_servers:
 
 profiles::dns::master::basedir: '/var/named/sources'
 profiles::dns::base::ns_role: 'roles::infra::dns::resolver'
+profiles::dns::base::use_ns: 'region'
 
 profiles::packages::install:
   - bash-completion
diff --git a/site/profiles/manifests/dns/base.pp b/site/profiles/manifests/dns/base.pp
index 6bd2458..dcb43af 100644
--- a/site/profiles/manifests/dns/base.pp
+++ b/site/profiles/manifests/dns/base.pp
@@ -3,16 +3,24 @@ class profiles::dns::base (
   String $ns_role = undef,
   Array  $search  = [],
   Array  $nameservers = ['8.8.8.8', '1.1.1.1'],
+  Enum[
+    'all',
+    'region',
+    'country'
+  ]      $use_ns  = 'all',
 ){
 
   # install bind_utils
   include bind::updater
 
   # if ns_role is set, find all hosts matching that enc_role
-  if $ns_role == undef {
-    $nameserver_array = $nameservers
-  }else{
-    $nameserver_array = query_nodes("enc_role='${ns_role}'", 'networking.ip')
+  $nameserver_array = $ns_role ? {
+    undef   => $nameservers,
+    default => $use_ns ? {
+      'all'     => query_nodes("enc_role='${ns_role}'", 'networking.ip'),
+      'region'  => query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.ip'),
+      'country' => query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.ip'),
+    }
   }
 
   # if search is undef, fallback to domainname from facts

From b8d799e8e950f4f38db090d53c5ee6e0c3731640 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Wed, 24 Apr 2024 18:41:12 +1000
Subject: [PATCH 2/2] feat: select nameserver in soa based on role

- find all dns servers in $ns_use (region/country/all),
- or use the current node as the only nameserver
---
 hieradata/roles/infra/dns/master.yaml |  6 ++----
 site/profiles/manifests/dns/master.pp | 22 ++++++++++++++++++++--
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/hieradata/roles/infra/dns/master.yaml b/hieradata/roles/infra/dns/master.yaml
index 84ed6cc..e9b81b7 100644
--- a/hieradata/roles/infra/dns/master.yaml
+++ b/hieradata/roles/infra/dns/master.yaml
@@ -1,8 +1,6 @@
 ---
-profiles::dns::master::nameservers:
-  - prodinf01n23.main.unkin.net
-  - prodinf01n24.main.unkin.net
-
+profiles::dns::master::ns_role: roles::infra::dns::master
+profiles::dns::master::use_ns: region
 profiles::dns::master::acls:
   acl-main.unkin.net:
     addresses:
diff --git a/site/profiles/manifests/dns/master.pp b/site/profiles/manifests/dns/master.pp
index a66b665..440325e 100644
--- a/site/profiles/manifests/dns/master.pp
+++ b/site/profiles/manifests/dns/master.pp
@@ -1,6 +1,5 @@
 # profiles::dns::master authoritative service
 class profiles::dns::master (
-  Array[String] $nameservers,
   Stdlib::AbsolutePath $basedir,
   Hash    $acls  = {},
   Hash    $zones = {},
@@ -13,8 +12,27 @@ class profiles::dns::master (
   String  $owner = 'root',
   String  $group = 'named',
   Boolean $dnssec = false,
+  Variant[String, Undef]            $ns_role = undef,
+  Enum['all', 'region', 'country']  $use_ns  = 'all',
 ){
 
+  # if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
+  $nameservers_array = $ns_role ? {
+    undef   => [$facts['networking']['fqdn']],
+    default => $use_ns ? {
+      'all'     => query_nodes("enc_role='${ns_role}'", 'networking.fqdn'),
+      'region'  => query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn'),
+      'country' => query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn'),
+    }
+  }
+
+  # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
+  $nameservers = empty($nameservers_array) ? {
+    true  => [$facts['networking']['fqdn']],
+    false => $nameservers_array,
+    default => [$facts['networking']['fqdn']],
+  }
+
   class {'profiles::dns::server':
     acls       => $acls,
     zones      => $zones,
@@ -37,7 +55,7 @@ class profiles::dns::master (
       profiles::dns::zone { $name:
         zone        => $data['domain'],
         basedir     => $basedir,
-        nameservers => $nameservers,
+        nameservers => sort($nameservers),
         owner       => $owner,
         group       => $group,
         before      => Bind::Zone[$name]