From b77d49015733ac5f374759869eacecdf777227c3 Mon Sep 17 00:00:00 2001
From: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
Date: Sat, 5 Aug 2023 19:26:54 +0200
Subject: [PATCH] Implement DNSStubListenerExtra for resolved.conf

---
 manifests/init.pp         |  4 ++++
 manifests/resolved.pp     | 15 +++++++++++++++
 spec/classes/init_spec.rb |  2 ++
 3 files changed, 21 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index ce5c87e0..e6bf30a6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -66,6 +66,9 @@
 # @param dns_stub_listener
 #   Takes a boolean argument or one of "udp" and "tcp".
 #
+# @param dns_stub_listener_extra
+#   Additional addresses for the DNS stub listener to listen on
+#
 # @param manage_resolv_conf
 #   For when `manage_resolved` is `true` should the file `/etc/resolv.conf` be managed.
 #
@@ -197,6 +200,7 @@
   Variant[Boolean,Enum['yes', 'opportunistic', 'no']] $dnsovertls = false,
   Variant[Boolean,Enum['no-negative']]                $cache = false,
   Optional[Variant[Boolean,Enum['udp','tcp']]]        $dns_stub_listener = undef,
+  Optional[Array[String[1]]] $dns_stub_listener_extra = undef,
   Boolean                                             $manage_resolv_conf = true,
   Boolean                                             $use_stub_resolver = false,
   Boolean                                             $manage_networkd = false,
diff --git a/manifests/resolved.pp b/manifests/resolved.pp
index fa7b293b..963b56e7 100644
--- a/manifests/resolved.pp
+++ b/manifests/resolved.pp
@@ -41,6 +41,9 @@
 # @param dns_stub_listener
 #   Takes a boolean argument or one of "udp" and "tcp".
 #
+# @param dns_stub_listener_extra
+#   Additional addresses for the DNS stub listener to listen on
+#
 # @param use_stub_resolver
 #   Takes a boolean argument. When "false" (default) it uses /run/systemd/resolve/resolv.conf
 #   as /etc/resolv.conf. When "true", it uses /run/systemd/resolve/stub-resolv.conf
@@ -56,6 +59,7 @@
   Optional[Variant[Boolean,Enum['yes', 'opportunistic', 'no']]] $dnsovertls = $systemd::dnsovertls,
   Optional[Variant[Boolean,Enum['no-negative']]] $cache              = $systemd::cache,
   Optional[Variant[Boolean,Enum['udp', 'tcp']]] $dns_stub_listener   = $systemd::dns_stub_listener,
+  Optional[Array[String[1]]] $dns_stub_listener_extra                = $systemd::dns_stub_listener_extra,
   Boolean $use_stub_resolver                                         = $systemd::use_stub_resolver,
 ) {
   assert_private()
@@ -245,4 +249,15 @@
       notify  => Service['systemd-resolved'],
     }
   }
+
+  if $dns_stub_listener_extra {
+    ini_setting { 'dns_stub_listener':
+      ensure  => 'present',
+      value   => $dns_stub_listener_extra,
+      setting => 'DNSStubListenerExtra',
+      section => 'Resolve',
+      path    => '/etc/systemd/resolved.conf',
+      notify  => Service['systemd-resolved'],
+    }
+  }
 }
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 75afea3f..74f931f2 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -143,6 +143,7 @@
               dnsovertls: 'no',
               cache: true,
               dns_stub_listener: 'udp',
+              dns_stub_listener_extra: ['192.0.2.1', '2001:db8::1'],
             }
           end
 
@@ -164,6 +165,7 @@
           }
 
           it { is_expected.to contain_ini_setting('dns_stub_listener') }
+          it { is_expected.to contain_ini_setting('dns_stub_listener_extra') }
         end
 
         context 'when enabling resolved with no-negative cache variant' do