From 9262b789ae47161d50dd2b44c6159756f9763f88 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 19 May 2014 22:29:03 +0200
Subject: [PATCH] Create shared TSIG keys between denis and geo[123]

---
 modules/named/files/common/named.conf.local   | 21 +++++++++++++++++++
 modules/named/manifests/authoritative.pp      |  7 -------
 modules/named/manifests/init.pp               |  8 +++++++
 .../named/templates/named.conf.options.erb    |  2 --
 .../named.conf.puppet-shared-keys.erb         |  5 ++++-
 5 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/modules/named/files/common/named.conf.local b/modules/named/files/common/named.conf.local
index 5397f6d3..df100682 100644
--- a/modules/named/files/common/named.conf.local
+++ b/modules/named/files/common/named.conf.local
@@ -5,3 +5,24 @@
 
 include "/etc/bind/named.conf.acl";
 include "/etc/bind/geodns/named.conf.geo";
+
+view "default" {
+  match-clients { any; };
+
+  zone "security.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.security.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+  zone "www.debian.org" {
+    type master;
+    file "/etc/bind/geodns/zonefiles/db.www.debian.org";
+    notify no;
+    allow-query { any; };
+    allow-transfer { };
+  };
+
+};
diff --git a/modules/named/manifests/authoritative.pp b/modules/named/manifests/authoritative.pp
index 5a381410..d33e406e 100644
--- a/modules/named/manifests/authoritative.pp
+++ b/modules/named/manifests/authoritative.pp
@@ -12,11 +12,4 @@ class named::authoritative inherits named {
 		owner   => root,
 		group   => bind,
 	}
-	file { '/etc/bind/named.conf.puppet-shared-keys':
-		mode    => '0640',
-		content => template('named/named.conf.puppet-shared-keys.erb'),
-		owner   => root,
-		group   => bind,
-		notify  => Service['bind9'],
-	}
 }
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0fa51233..33dc0592 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -62,4 +62,12 @@ class named {
 		group  => bind,
 		mode   => '0775',
 	}
+
+	file { '/etc/bind/named.conf.puppet-shared-keys':
+		mode    => '0640',
+		content => template('named/named.conf.puppet-shared-keys.erb'),
+		owner   => root,
+		group   => bind,
+		notify  => Service['bind9'],
+	}
 }
diff --git a/modules/named/templates/named.conf.options.erb b/modules/named/templates/named.conf.options.erb
index 203d2a51..5c649bb8 100644
--- a/modules/named/templates/named.conf.options.erb
+++ b/modules/named/templates/named.conf.options.erb
@@ -83,6 +83,4 @@ logging {
 
 };
 
-<% if classes.include?('named::authoritative') -%>
 include "/etc/bind/named.conf.puppet-shared-keys";
-<% end -%>
diff --git a/modules/named/templates/named.conf.puppet-shared-keys.erb b/modules/named/templates/named.conf.puppet-shared-keys.erb
index ab9c65d5..be4f011d 100644
--- a/modules/named/templates/named.conf.puppet-shared-keys.erb
+++ b/modules/named/templates/named.conf.puppet-shared-keys.erb
@@ -9,7 +9,10 @@ pairs = [
 	[ 'denis.debian.org', 'ravel.debian.org' ],
 	[ 'denis.debian.org', 'senfl.debian.org' ],
 	[ 'denis.debian.org', 'diamond.debian.org' ],
-	[ 'denis.debian.org', 'orff.debian.org' ]
+	[ 'denis.debian.org', 'orff.debian.org' ],
+	[ 'denis.debian.org', 'geo1.debian.org' ],
+	[ 'denis.debian.org', 'geo2.debian.org' ],
+	[ 'denis.debian.org', 'geo3.debian.org' ]
 	]
 
 lines = []
-- 
2.39.2