From: Peter Palfrader Date: Sat, 7 Sep 2019 16:15:42 +0000 (+0200) Subject: and gitolite ssh triggers to the dns host X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=becc6e0114997e6a3489bbe2cab74170f62181fe;p=mirror%2Fdsa-puppet.git and gitolite ssh triggers to the dns host --- diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp new file mode 100644 index 000000000..65b16a211 --- /dev/null +++ b/modules/roles/manifests/dns_primary.pp @@ -0,0 +1,13 @@ +# the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling +class roles::dns_primary { + include named::primary + + ssh::authorized_key_collect { 'dns_primary-dnsadm': + target_user => 'dssadm', + collect_tag => 'dns_primary', + } + ssh::authorized_key_collect { 'dns_primary-letsencrypt': + target_user => 'letsencrypt', + collect_tag => 'dns_primary', + } +} diff --git a/modules/roles/manifests/dsa_gitolite.pp b/modules/roles/manifests/dsa_gitolite.pp index 3151718cc..129b8b757 100644 --- a/modules/roles/manifests/dsa_gitolite.pp +++ b/modules/roles/manifests/dsa_gitolite.pp @@ -17,5 +17,20 @@ class roles::dsa_gitolite { key => $facts['git_key'], collect_tag => 'puppetmaster', } + + + ssh::authorized_key_add { 'dsa_gitolite::dns_primary_dnsadm': + target_user => 'dnsadm', + command => '/srv/dns.debian.org/bin/from-adayevskaya', + key => $facts['git_key'], + collect_tag => 'dns_primary', + } + + ssh::authorized_key_add { 'dsa_gitolite::dns_primary_letsencrypt': + target_user => 'letsencrypt', + command => '/srv/letsencrypt.debian.org/bin/from-adayevskaya', + key => $facts['git_key'], + collect_tag => 'dns_primary', + } } } diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index d9c4accfd..5dd829320 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -153,7 +153,7 @@ class roles { } if has_role('dns_primary') { - include named::primary + include roles::dns_primary } if has_role('dns_geo') {