X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fdns_primary.pp;h=3e9c5bf40d7791d7293fcbbc62572ba648a9c532;hb=f7adabc11f4b86313d541b2007570cf3e475320b;hp=193cf61698080c364408a27c37e24cdbdecbe88a;hpb=5cc4b8da58962991fcb4281caa9ded4f6139d47a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
index 193cf6169..3e9c5bf40 100644
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -10,12 +10,24 @@ class roles::dns_primary {
     target_user => 'letsencrypt',
     collect_tag => 'dns_primary',
   }
-  ssh::keygen {'dnsadm': }
+  ssh::authorized_key_collect { 'dns_primary-geodnssync':
+    target_user => 'geodnssync',
+    collect_tag => 'dns_primary',
+  }
 
+  ssh::keygen {'dnsadm': }
   ssh::authorized_key_add { 'dns_primary::geodns':
     target_user => 'geodnssync',
     command     => '/etc/bind/geodns/trigger',
     key         => $facts['dnsadm_key'],
     collect_tag => 'geodnssync-node',
   }
+
+  ssh::keygen {'letsencrypt': }
+  ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
+    target_user => 'puppet',
+    command     => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
+    key         => $facts['letsencrypt_key'],
+    collect_tag => 'puppetmaster',
+  }
 }