common: Added helper nsupdate_keygen

4 years ago · 99e58d4224
parent 0b7e2cb923
commit 99e58d4224
3 changed files with 25 additions and 0 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -36,6 +36,7 @@ global_credentials_directory: "credentials"
 global_public_key_directory: "public_keys"

 global_dns_list_directory: "{{ global_public_key_directory }}/dns"
+global_dns_update_key_algorithm: "ED25519"

 global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
 global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
--- a/roles/common/tasks/helpers.yml
+++ b/roles/common/tasks/helpers.yml
@ -30,6 +30,7 @@
    - backup_autoremove.sh
    - backup_files.sh
    - backup_mysql_database.sh
+    - nsupdate_keygen.sh

 - name: Configure auto remove older backups
  cron:
--- a/roles/common/templates/nsupdate_keygen.sh
+++ b/roles/common/templates/nsupdate_keygen.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euxo pipefail;
+
+if [[ -z "${1+x}" ]]; then
+  echo "Usage: $(basename "$0") HOST [PATH]" >&2
+  exit 2;
+fi
+
+key_path="${2:-1}";
+if [[ "$key_path" = /* ]]; then
+  target="$key_path";
+else
+  target="$PWD/$key_path";
+fi
+
+tmpdir="$(mktemp --directory)";
+cd "$tmpdir";
+name="$(dnssec-keygen -a {{ global_dns_update_key_algorithm }} -n HOST -T KEY "$1")";
+for suffix in "key" "private"; do
+  mv "$tmpdir/$name.$suffix" "$target.$suffix";
+done
+rm -rf "$tmpdir";