adds local keystore insertion of sig0 KEY RRs

prototypefund · Apr 21, 2024 · fdde847 · fdde847
1 parent 9cbd216
commit fdde847
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 2 deletions.
diff --git a/bind9/ansible/roles/sig0namectl/tasks/main.yml b/bind9/ansible/roles/sig0namectl/tasks/main.yml
@@ -10,3 +10,57 @@
     dest: src/sig0namectl
   become: true
   become_user: ansible
+
+# if keypair for host exists in local keystore, copy .key & .private files to host keystore
+#
+- name: does host .key exist in local keystore
+  delegate_to: localhost
+  find:
+    paths: "{{ sig0namectl_local_keystore }}"
+    patterns: "K{{ sig0namectl_key }}*.key"
+  register: sig0_keyfile
+
+- name: does host .private exist in local keystore
+  delegate_to: localhost
+  find:
+    paths: "{{ sig0namectl_local_keystore }}"
+    patterns: "K{{ sig0namectl_key }}*.private"
+  register: sig0_privatefile
+
+- name: copy keyfile if key exists in local keystore
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "{{ sig0namectl_remote_keystore }}"
+    mode: preserve
+  loop: "{{ sig0_keyfile.files|map(attribute='path')|list }}"
+  become: true
+  become_user: ansible
+  when: sig0_keyfile.matched|int == 1
+
+- name: copy privatefile if key exists in local keystore
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "{{ sig0namectl_remote_keystore }}"
+    mode: preserve
+  loop: "{{ sig0_privatefile.files|map(attribute='path')|list }}"
+  become: true
+  become_user: ansible
+  when: sig0_privatefile.matched|int == 1
+
+  # - name: debug getting KEY RR from host .key file
+  #   ansible.builtin.slurp:
+  #     src: "{{ sig0_keyfile.files|map(attribute='path') }}"
+  #   register: sig0_keyfile_RR
+
+  #- name: testing
+  #  debug:
+  #    # msg: "{{ lookup('file', sig0_keyfile.files['path']|string) }}"
+  #    msg: "{{ lookup('file', sig0_keyfile.files|map(attribute='path')|string) }}"
+  #    # msg: "{{ sig0_keyfile.files|map(attribute='path')|string }}"
+  #
+- name: get KEY RR
+  command: "cat {{ sig0namectl_remote_keystore }}/{{ sig0_keyfile.files[0].path|basename }}"
+  become: true
+  become_user: ansible
+  register: sig0_keyRR
+  when: sig0_keyfile.matched|int == 1
diff --git a/bind9/ansible/sig0namectl.yml b/bind9/ansible/sig0namectl.yml
@@ -3,10 +3,15 @@
   hosts: dns_servers
   vars:
     # allow_new_zones: true # allow zone management through rndc
+    # sig0namectl_local_keystore: "/home/vortex/src/sig0namectl/keystore"
+    sig0namectl_local_keystore: "~/src/sig0namectl/keystore"
+    sig0namectl_remote_keystore: "~/src/sig0namectl/keystore"
+    sig0namectl_key: vmtest.zenr.io
     bind_zone_ttl: "30" # wind down cacheing TTL to 30 seconds
     bind_zone_subdirs: true
     bind_zones:
-      - name: vmtest.zenr.io
+      - name: "{{ sig0namectl_key }}"
+        add_sig0_key: true
         # auto_dnssec: maintain
         dnssec_policy_default: true
         create_reverse_zones: false
@@ -25,7 +30,7 @@
           - name: '@'
             ip: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}"
             ipv6: "{{ ansible_default_ipv6.address|default(ansible_all_ipv6_addresses[0]) }}"
-      - name: _signal.vmtest.zenr.io
+      - name: "_signal.{{ sig0namectl_key }}"
         # auto_dnssec: maintain
         dnssec_policy_default: true
         create_reverse_zones: false

diff --git a/env.dnssd-service b/env.dnssd-service
@@ -0,0 +1,3 @@
+#NSUPDATE_SIG0_KEYPATH="${HOME}/src/great-dane/test_go"
+DEBUG="true"
+DNSSD_SERVICES=${DNSSD_SERVICES:-"_ssh._tcp _telnet._tcp _gopher._tcp _http._tcp _ftp._tcp _loclist._udp" }