Try to add openpgpkey zone

author Peter Palfrader <peter@palfrader.org>

Sun, 7 Jul 2019 09:38:16 +0000 (11:38 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 7 Jul 2019 09:40:22 +0000 (11:40 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 7 Jul 2019 09:38:16 +0000 (11:38 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 7 Jul 2019 09:40:22 +0000 (11:40 +0200)
diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp

index 9593ca4..cafad2b 100644 (file)
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -11,4 +11,26 @@ class roles::keyring {
         }
  
         include named::authoritative
+
+       $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+
+       concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
+               target => '/etc/bind/named.conf.puppet-misc',
+               order  => '020',
+               content  => @("EOF"),
+                       zone "_openpgpkey.debian.org" {
+                               type master;
+                                       file "/srv/keyring.debian.org/_openpgpkey.debian.org.zone";
+                                       allow-query { any; };
+                                       allow-transfer {
+                                               key tsig-denis.debian.org-kaufmann.debian.org ;
+                                               127.0.0.1;
+                                       };
+                                       also-notify {
+                                               $notify_address;
+                                       };
+                       }
+                       | EOF
+       }
+
  }
author	Peter Palfrader <peter@palfrader.org>
	Sun, 7 Jul 2019 09:38:16 +0000 (11:38 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 7 Jul 2019 09:40:22 +0000 (11:40 +0200)