Puppet Class: profile::dns::auth::acmechief_target

Defined in:
modules/profile/manifests/dns/auth/acmechief_target.pp

Overview

Parameters:

  • acmechief_hosts (Any) (defaults to: hiera('profile::dns::auth::acmechief_target::acmechief_hosts'))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'modules/profile/manifests/dns/auth/acmechief_target.pp', line 1

class profile::dns::auth::acmechief_target(
    $acmechief_hosts=hiera('profile::dns::auth::acmechief_target::acmechief_hosts'),
) {
    user { 'acme-chief':
        ensure => present,
        system => true,
        home   => '/nonexistent',
        shell  => '/bin/bash',
    }

    ssh::userkey { 'acme-chief':
        content => secret('keyholder/authdns_acmechief.pub'),
    }

    sudo::user { 'acme-chief':
        privileges => [
            'ALL = (gdnsd) NOPASSWD: /usr/bin/gdnsdctl -- acme-dns-01 *',
        ],
    }

    $hosts = join($acmechief_hosts, ' ')
    ferm::service { 'acmechief_dns_ssh':
        proto  => 'tcp',
        port   => '22',
        srange => "(@resolve((${hosts})) @resolve((${hosts}), AAAA))",
    }
}