1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# File 'modules/profile/manifests/dns/auth/acmechief_target.pp', line 1
class profile::dns::auth::acmechief_target(
$acmechief_hosts=hiera('profile::dns::auth::acmechief_target::acmechief_hosts'),
) {
user { 'acme-chief':
ensure => present,
system => true,
home => '/nonexistent',
shell => '/bin/bash',
}
ssh::userkey { 'acme-chief':
content => secret('keyholder/authdns_acmechief.pub'),
}
sudo::user { 'acme-chief':
privileges => [
'ALL = (gdnsd) NOPASSWD: /usr/bin/gdnsdctl -- acme-dns-01 *',
],
}
$hosts = join($acmechief_hosts, ' ')
ferm::service { 'acmechief_dns_ssh':
proto => 'tcp',
port => '22',
srange => "(@resolve((${hosts})) @resolve((${hosts}), AAAA))",
}
}
|