summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-06-14 05:48:35 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2022-06-14 11:59:26 +0000
commiteaa69380ee40333fce799e44dd6191f8f0a0dd76 (patch)
tree775593ae545584f76b6008b4c521a6c307e2a69d
parentConsistently using curly braces for variables in git-whoami. (diff)
downloadservice-tools-eaa69380ee40333fce799e44dd6191f8f0a0dd76.tar.xz
service-tools-eaa69380ee40333fce799e44dd6191f8f0a0dd76.zip
Adding support for individual TSIG files per record, zone, and nameserver rather than having one global key for all updates in dehydrated-nsupdate.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate35
1 files changed, 30 insertions, 5 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
index 61c2e84..5bb253a 100755
--- a/dehydrated/bin/dehydrated-nsupdate
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -136,13 +136,38 @@ fi
NAMESERVERS="$(echo "${NAMESERVERS}" | sed -e 's| |\n|g' | sort -u -V)"
# update nameservers
-if [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
-then
- NSUPDATE_OPTIONS="-k ${TSIG_KEYFILE}"
-fi
-
for NAMESERVER in ${NAMESERVERS}
do
+ if [ -e "/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key" ]
+ then
+ # specific key per record
+ KEY="/etc/dehydrated/tsig/$(basename "${TXT_RECORD}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${ZONE}" .).key" ]
+ then
+ # specific key per zone
+ KEY="/etc/dehydrated/tsig/$(basename "${ZONE}" .).key"
+ elif [ -e "/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key" ]
+ then
+ # specific key per nameserver
+ KEY="/etc/dehydrated/tsig/$(basename "${NAMESERVER}" .).key"
+ elif [ -e "/etc/dehydrated/tsig.key" ]
+ then
+ # global key (filesystem)
+ KEY="/etc/dehydrated/tsig.key"
+ elif [ -n "${TSIG_KEYFILE}" ] && [ -e "${TSIG_KEYFILE}" ]
+ then
+ # global key (conffile)
+ KEY="${TSIG_KEYFILE}"
+ else
+ # no key
+ KEY=""
+ fi
+
+ if [ -n "${KEY}" ]
+ then
+ NSUPDATE_OPTIONS="-k ${KEY}"
+ fi
+
echo -n " + sending '${HOOK_ACTION}' for ${TXT_RECORD} to ${NAMESERVER}..."
# shellcheck disable=SC2086