modules/roles/manifests/dns_primary.pp

   1 # the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling
   2 class roles::dns_primary {
   3   include named::primary
   4
   5   ssh::authorized_key_collect { 'dns_primary-dnsadm':
   6     target_user => 'dnsadm',
   7     collect_tag => 'dns_primary',
   8   }
   9   ssh::authorized_key_collect { 'dns_primary-letsencrypt':
  10     target_user => 'letsencrypt',
  11     collect_tag => 'dns_primary',
  12   }
  13   ssh::authorized_key_collect { 'dns_primary-geodnssync':
  14     target_user => 'geodnssync',
  15     collect_tag => 'dns_primary',
  16   }
  17
  18   ssh::keygen {'dnsadm': }
  19   ssh::authorized_key_add { 'dns_primary::geodns':
  20     target_user => 'geodnssync',
  21     command     => '/etc/bind/geodns/trigger',
  22     key         => $facts['dnsadm_key'],
  23     collect_tag => 'geodnssync-node',
  24   }
  25
  26   ssh::keygen {'letsencrypt': }
  27   ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
  28     target_user => 'puppet',
  29     command     => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
  30     key         => $facts['letsencrypt_key'],
  31     collect_tag => 'puppetmaster',
  32   }
  33 }