Puppet Class: profile::dns::auth::acmechief_target

Defined in:
modules/profile/manifests/dns/auth/acmechief_target.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • acmechief_hosts (Array[Stdlib::Host]) (defaults to: lookup('profile::dns::auth::acmechief_target::acmechief_hosts')) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'modules/profile/manifests/dns/auth/acmechief_target.pp', line 2

class profile::dns::auth::acmechief_target(
    Array[Stdlib::Host] $acmechief_hosts = lookup('profile::dns::auth::acmechief_target::acmechief_hosts'),
){

    user { 'acme-chief':
        ensure => present,
        system => true,
        home   => '/nonexistent',
        shell  => '/bin/bash',
    }

    ssh::userkey { 'acme-chief':
        content => secret('keyholder/authdns_acmechief.pub'),
    }

    sudo::user { 'acme-chief':
        privileges => [
            'ALL = (gdnsd) NOPASSWD: /usr/bin/gdnsdctl -- acme-dns-01 *',
        ],
    }

    $hosts = join($acmechief_hosts, ' ')
    ferm::service { 'acmechief_dns_ssh':
        proto  => 'tcp',
        port   => '22',
        srange => "(@resolve((${hosts})) @resolve((${hosts}), AAAA))",
    }
}