do nsec3 via puppet

author Peter Palfrader <peter@palfrader.org>

Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)
diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp

index 75d50d2..800c536 100644 (file)
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -49,4 +49,16 @@ class named::primary inherits named::authoritative {
                         };
                         | EOF
         }
+
+       concat::fragment { 'dsa-puppet-stuff--nsec3':
+               target => '/etc/cron.d/dsa-puppet-stuff',
+               content  => @(EOF)
+                       13 19 4 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.net
+                       29 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debian.org
+                       32 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) debconf.org
+                       36 12 7 * * root chronic /usr/sbin/rndc signing -nsec3param 1 0 16 $(head -c 20 /dev/urandom | sha512sum | cut -b 1-10) _openpgpkey.debian.org
+
+                       | EOF
+       }
+
  }
author	Peter Palfrader <peter@palfrader.org>
	Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 7 Jul 2019 18:12:11 +0000 (20:12 +0200)