From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 7 Jul 2019 18:12:11 +0000 (+0200)
Subject: do nsec3 via puppet
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=7089d71c0209bb35fe1b8ce6a761405beb97f7db;p=mirror%2Fdsa-puppet.git

do nsec3 via puppet
---

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index 75d50d296..800c5360d 100644
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -49,4 +49,16 @@ class named::primary inherits named::authoritative {
 			};
 			| EOF
 	}
+
+	concat::fragment { 'dsa-puppet-stuff--nsec3':
+		target => '/etc/cron.d/dsa-puppet-stuff',
+		content  => @(EOF)
+			13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net
+			29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org
+			32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org
+			36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org
+
+			| EOF
+	}
+
 }