1 # the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling
2 class roles::dns_primary {
5 ssh::authorized_key_collect { 'dns_primary-dnsadm':
6 target_user => 'dnsadm',
7 collect_tag => 'dns_primary',
9 ssh::authorized_key_collect { 'dns_primary-letsencrypt':
10 target_user => 'letsencrypt',
11 collect_tag => 'dns_primary',
13 ssh::authorized_key_collect { 'dns_primary-geodnssync':
14 target_user => 'geodnssync',
15 collect_tag => 'dns_primary',
18 ssh::keygen {'dnsadm': }
19 ssh::authorized_key_add { 'dns_primary::geodns':
20 target_user => 'geodnssync',
21 command => '/etc/bind/geodns/trigger',
22 key => $facts['dnsadm_key'],
23 collect_tag => 'geodnssync-node',
26 ssh::keygen {'letsencrypt': }
27 ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
28 target_user => 'puppet',
29 command => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
30 key => $facts['letsencrypt_key'],
31 collect_tag => 'puppetmaster',