1 # the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling
2 class roles::dns_primary {
5 ssh::authorized_key_collect { 'dns_primary-dnsadm':
6 target_user => 'dnsadm',
7 collect_tag => 'dns_primary',
9 ssh::authorized_key_collect { 'dns_primary-letsencrypt':
10 target_user => 'letsencrypt',
11 collect_tag => 'dns_primary',
13 ssh::keygen {'dnsadm': }
15 ssh::authorized_key_add { 'dns_primary::geodns':
16 target_user => 'geodnssync',
17 command => '/etc/bind/geodns/trigger',
18 key => $facts['dnsadm_key'],
19 collect_tag => 'geodnssync-node',