diff options
Diffstat (limited to 'modules/nsupdate/manifests/instance.pp')
-rw-r--r-- | modules/nsupdate/manifests/instance.pp | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/modules/nsupdate/manifests/instance.pp b/modules/nsupdate/manifests/instance.pp deleted file mode 100644 index 7f2f3ff..0000000 --- a/modules/nsupdate/manifests/instance.pp +++ /dev/null @@ -1,64 +0,0 @@ -# type DNSRecordType = ['A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS', -# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48', -# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX', -# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG', -# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA', -# 'TSIG', 'TXT', 'URI', 'ZA', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS', -# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48', -# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX', -# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG', -# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA', -# 'TSIG', 'TXT', 'URI', 'ZONEMD'] - -type DNSRecordType = Enum['A'] - -type DNSRecord = Struct[{ - domain => String, - type => DNSRecordType, - ttl => Integer, -}] - -# Sets up a single instance of a reoccuring nsupdate. -# Note that nsupdate::secret.$keyname needs to be made available through hiera -# /etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml -define nsupdate::instance ( - String $nameserver, - Array[DNSRecord] $records, - String $iface = $facts['networking']['primary'], - Enum['present', 'absent'] $ensure = present, - String $keyname = $name, -) { - - require ::nsupdate::setup - - file { "/usr/libexec/nsupdate/${name}": - ensure => $ensure, - mode => '0555', - content => epp('nsupdate/nsupdate.epp', { - iface => $iface, - nameserver => $nameserver, - records => $records, - keyname => $keyname, - }) - } - - $key = $nsupdate::secrets[$keyname] - $secret = Sensitive($key['secret']) - file { "/var/lib/nsupdate/${keyname}.key": - ensure => file, - mode => '0400', - show_diff => false, - content => @("EOF") - key "${keyname}" { - algorithm ${key['algorithm']}; - secret "${secret.unwrap}"; - }; - | EOF - } - - cron { "nsupdate ${name}": - ensure => $ensure, - command => "/usr/libexec/nsupdate/${name}", - minute => 0, - } -} |