summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Dns.hs
diff options
context:
space:
mode:
authorJoey Hess2015-01-04 14:20:22 -0400
committerJoey Hess2015-01-04 14:22:44 -0400
commitbb7b8e789104a77b12030df5fe508afbe0eac2a5 (patch)
treee0fa55fe5ebed586b9397b7635d1875534fc28a4 /src/Propellor/Property/Dns.hs
parent43e15c8addef95d300fbf1a84b06def9fd099c4d (diff)
add $INCLUDE of pubkeys before zone file is written, to avoid pogoing
Diffstat (limited to 'src/Propellor/Property/Dns.hs')
-rw-r--r--src/Propellor/Property/Dns.hs22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs
index c5a4efa9..e9c7c769 100644
--- a/src/Propellor/Property/Dns.hs
+++ b/src/Propellor/Property/Dns.hs
@@ -133,7 +133,7 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup
-- TODO enable dnssec options.
-- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
setup = combineProperties ("dns primary for " ++ domain ++ " (signed)")
- [ setupPrimary zonefile signedZoneFile hosts domain soa rs
+ [ setupPrimary zonefile signedZoneFile hosts domain soa rs'
, toProp (zoneSigned domain zonefile)
]
`onChange` Service.reloaded "bind9"
@@ -142,6 +142,10 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup
`onChange` toProp (revert (zoneSigned domain zonefile))
`onChange` Service.reloaded "bind9"
+ -- Include the public keys into the zone file.
+ rs' = include PubKSK : include PubZSK : rs
+ include k = (RootDomain, INCLUDE (keyFn domain k))
+
-- Put DNSSEC zone files in a different directory than is used for
-- the regular ones. This allows 'primary' to be reverted and
-- 'signedPrimary' enabled, without the reverted property stomping
@@ -267,6 +271,7 @@ rField (MX _ _) = "MX"
rField (NS _) = "NS"
rField (TXT _) = "TXT"
rField (SRV _ _ _ _) = "SRV"
+rField (INCLUDE _) = "$INCLUDE"
rValue :: Record -> String
rValue (Address (IPv4 addr)) = addr
@@ -280,6 +285,7 @@ rValue (SRV priority weight port target) = unwords
, show port
, dValue target
]
+rValue (INCLUDE f) = f
rValue (TXT s) = [q] ++ filter (/= q) s ++ [q]
where
q = '"'
@@ -345,12 +351,16 @@ genZoneFile (Zone zdomain soa rs) = unlines $
header = com $ "BIND zone file for " ++ zdomain ++ ". Generated by propellor, do not edit."
genRecord :: Domain -> (BindDomain, Record) -> String
+genRecord _ (_, record@(INCLUDE _)) = intercalate "\t"
+ [ rField record
+ , rValue record
+ ]
genRecord zdomain (domain, record) = intercalate "\t"
- [ domainHost zdomain domain
- , "IN"
- , rField record
- , rValue record
- ]
+ [ domainHost zdomain domain
+ , "IN"
+ , rField record
+ , rValue record
+ ]
genSOA :: SOA -> [String]
genSOA soa =