projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
lists -> hiera role
[mirror/dsa-puppet.git] / modules / roles / manifests / dns_primary.pp
diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 65b16a2..3e9c5bf 100644 (file)
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -3,11 +3,31 @@ class roles::dns_primary {
   include named::primary
 
   ssh::authorized_key_collect { 'dns_primary-dnsadm':
-    target_user => 'dssadm',
+    target_user => 'dnsadm',
     collect_tag => 'dns_primary',
   }
   ssh::authorized_key_collect { 'dns_primary-letsencrypt':
     target_user => 'letsencrypt',
     collect_tag => 'dns_primary',
   }
+  ssh::authorized_key_collect { 'dns_primary-geodnssync':
+    target_user => 'geodnssync',
+    collect_tag => 'dns_primary',
+  }
+
+  ssh::keygen {'dnsadm': }
+  ssh::authorized_key_add { 'dns_primary::geodns':
+    target_user => 'geodnssync',
+    command     => '/etc/bind/geodns/trigger',
+    key         => $facts['dnsadm_key'],
+    collect_tag => 'geodnssync-node',
+  }
+
+  ssh::keygen {'letsencrypt': }
+  ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
+    target_user => 'puppet',
+    command     => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
+    key         => $facts['letsencrypt_key'],
+    collect_tag => 'puppetmaster',
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.