From becc6e0114997e6a3489bbe2cab74170f62181fe Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Sep 2019 18:15:42 +0200
Subject: [PATCH] and gitolite ssh triggers to the dns host

---
 modules/roles/manifests/dns_primary.pp  | 13 +++++++++++++
 modules/roles/manifests/dsa_gitolite.pp | 15 +++++++++++++++
 modules/roles/manifests/init.pp         |  2 +-
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 modules/roles/manifests/dns_primary.pp

diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp
new file mode 100644
index 000000000..65b16a211
--- /dev/null
+++ b/modules/roles/manifests/dns_primary.pp
@@ -0,0 +1,13 @@
+# the primary (hidden master) nameserver does bind zone file stuff and letsencrypt cert handling
+class roles::dns_primary {
+  include named::primary
+
+  ssh::authorized_key_collect { 'dns_primary-dnsadm':
+    target_user => 'dssadm',
+    collect_tag => 'dns_primary',
+  }
+  ssh::authorized_key_collect { 'dns_primary-letsencrypt':
+    target_user => 'letsencrypt',
+    collect_tag => 'dns_primary',
+  }
+}
diff --git a/modules/roles/manifests/dsa_gitolite.pp b/modules/roles/manifests/dsa_gitolite.pp
index 3151718cc..129b8b757 100644
--- a/modules/roles/manifests/dsa_gitolite.pp
+++ b/modules/roles/manifests/dsa_gitolite.pp
@@ -17,5 +17,20 @@ class roles::dsa_gitolite {
       key         => $facts['git_key'],
       collect_tag => 'puppetmaster',
     }
+
+
+    ssh::authorized_key_add { 'dsa_gitolite::dns_primary_dnsadm':
+      target_user => 'dnsadm',
+      command     => '/srv/dns.debian.org/bin/from-adayevskaya',
+      key         => $facts['git_key'],
+      collect_tag => 'dns_primary',
+    }
+
+    ssh::authorized_key_add { 'dsa_gitolite::dns_primary_letsencrypt':
+      target_user => 'letsencrypt',
+      command     => '/srv/letsencrypt.debian.org/bin/from-adayevskaya',
+      key         => $facts['git_key'],
+      collect_tag => 'dns_primary',
+    }
   }
 }
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index d9c4accfd..5dd829320 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -153,7 +153,7 @@ class roles {
 	}
 
 	if has_role('dns_primary') {
-		include named::primary
+		include roles::dns_primary
 	}
 
 	if has_role('dns_geo') {
-- 
2.20.1