X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fdns_geodns.pp;h=4560fba4f1f1e114374a2347f17d50d500269919;hb=8e73118c48c6ce00092efbb09bfde05c355933fe;hp=f2197c56cf5a6a37dbe589364f87353ace40d570;hpb=5cc4b8da58962991fcb4281caa9ded4f6139d47a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/dns_geodns.pp b/modules/roles/manifests/dns_geodns.pp
index f2197c56c..4560fba4f 100644
--- a/modules/roles/manifests/dns_geodns.pp
+++ b/modules/roles/manifests/dns_geodns.pp
@@ -3,9 +3,23 @@ class roles::dns_geodns {
   include named::geodns
 
   ssh::keygen { 'geodnssync': }
+  ssh::authorized_key_add { 'dns_geodns::pull-from-primary':
+    target_user => 'geodnssync',
+    command     => '/usr/bin/rsync --server --sender -logDtprze.iL . zonefiles/',
+    key         => $facts['geodnssync_key'],
+    collect_tag => 'dns_primary',
+  }
 
   ssh::authorized_key_collect { 'geodnssync-node':
     target_user => 'geodnssync',
     collect_tag => 'geodnssync-node',
   }
+
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::primary::ferm',
+    description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 }