2 rsync::site { 'keyring':
3 source => 'puppet:///modules/roles/keyring/rsyncd.conf',
4 sslname => 'keyring.debian.org',
7 ssl::service { 'keyring.debian.org':
8 notify => Exec['service apache2 reload'],
10 tlsaport => [443, 1873],
13 include named::authoritative
15 $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), " ")
16 $notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
18 @ferm::rule { '01-dsa-bind':
20 description => 'Allow nameserver access',
21 rule => "\&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $notify_address ) )",
24 concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
25 target => '/etc/bind/named.conf.puppet-misc',
28 zone "_openpgpkey.debian.org" {
30 file "/srv/keyring.debian.org/_openpgpkey.debian.org.zone";
33 key tsig-denis.debian.org-kaufmann.debian.org ;