From 7089d71c0209bb35fe1b8ce6a761405beb97f7db Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 7 Jul 2019 20:12:11 +0200
Subject: [PATCH] do nsec3 via puppet

---
 modules/named/manifests/primary.pp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index 75d50d296..800c5360d 100644
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -49,4 +49,16 @@ class named::primary inherits named::authoritative {
 			};
 			| EOF
 	}
+
+	concat::fragment { 'dsa-puppet-stuff--nsec3':
+		target => '/etc/cron.d/dsa-puppet-stuff',
+		content  => @(EOF)
+			13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net
+			29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org
+			32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org
+			36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org
+
+			| EOF
+	}
+
 }
-- 
2.20.1