and gitolite ssh triggers to the dns host

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
new file mode 100644 (file)
index 0000000..65b16a2
--- /dev/null
+++ b/modules/roles/manifests/dns_primary.pp
@@ -0,0 +1,13 @@
+# the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling
+class roles::dns_primary {
+  include named::primary
+
+  ssh::authorized_key_collect { 'dns_primary-dnsadm':
+    target_user => 'dssadm',
+    collect_tag => 'dns_primary',
+  }
+  ssh::authorized_key_collect { 'dns_primary-letsencrypt':
+    target_user => 'letsencrypt',
+    collect_tag => 'dns_primary',
+  }
+}

diff --git a/modules/roles/manifests/dsa_gitolite.pp b/modules/roles/manifests/dsa_gitolite.pp
index 3151718..129b8b7 100644 (file)
--- a/modules/roles/manifests/dsa_gitolite.pp
+++ b/modules/roles/manifests/dsa_gitolite.pp
@@ -17,5 +17,20 @@ class roles::dsa_gitolite {
       key         => $facts['git_key'],
       collect_tag => 'puppetmaster',
     }
+
+
+    ssh::authorized_key_add { 'dsa_gitolite::dns_primary_dnsadm':
+      target_user => 'dnsadm',
+      command     => '/srv/dns.debian.org/bin/from-adayevskaya',
+      key         => $facts['git_key'],
+      collect_tag => 'dns_primary',
+    }
+
+    ssh::authorized_key_add { 'dsa_gitolite::dns_primary_letsencrypt':
+      target_user => 'letsencrypt',
+      command     => '/srv/letsencrypt.debian.org/bin/from-adayevskaya',
+      key         => $facts['git_key'],
+      collect_tag => 'dns_primary',
+    }
   }
 }

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index d9c4acc..5dd8293 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -153,7 +153,7 @@ class roles {
        }
 
        if has_role('dns_primary') {
-               include named::primary
+               include roles::dns_primary
        }
 
        if has_role('dns_geo') {