X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fdns_geodns.pp;h=4560fba4f1f1e114374a2347f17d50d500269919;hb=3d1e20d9385fd27268e268d7d022b86ac6c905c5;hp=48bb916c6be82b2162ea2d1081edaa1f5f00db5e;hpb=e34d8e0cd1246d068196493701922e4e1645b9e6;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index 48bb916c6..4560fba4f 100644
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,4 +3,23 @@ class roles::dns_geodns {
   include named::geodns
 
   ssh::keygen { 'geodnssync': }
+  ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+    target_user => 'geodnssync',
+    command     => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+    key         => $facts['geodnssync_key'],
+    collect_tag => 'dns_primary',
+  }
+
+  ssh::authorized_key_collect { 'geodnssync-node':
+    target_user => 'geodnssync',
+    collect_tag => 'geodnssync-node',
+  }
+
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::primary::ferm',
+    description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 }