From 9bbffa5f1fd54aad73340ef739c91944d18d6f1f Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Date: Sat, 18 Feb 2023 16:04:57 +0100
Subject: [PATCH] feat(keys): allow pillar based management

Introduce managed TSIG keys configuration using pillar data.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 nsd/config/init.sls                         |  1 +
 nsd/config/keys.sls                         | 14 ++++++++++++++
 nsd/files/default/generated-keys.conf.jinja | 11 +++++++++++
 pillar.example                              |  7 +++++++
 4 files changed, 33 insertions(+)
 create mode 100644 nsd/config/keys.sls
 create mode 100644 nsd/files/default/generated-keys.conf.jinja

diff --git a/nsd/config/init.sls b/nsd/config/init.sls
index b768b95..fd12ae6 100644
--- a/nsd/config/init.sls
+++ b/nsd/config/init.sls
@@ -6,3 +6,4 @@ include:
   - .config_files
   - .file
   - .zones
+  - .keys
diff --git a/nsd/config/keys.sls b/nsd/config/keys.sls
new file mode 100644
index 0000000..eb0047d
--- /dev/null
+++ b/nsd/config/keys.sls
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
+
+{%- set keys = nsd.get('keys', {}) %}
+
+{%- if keys | length > 0 %}
+
+{{    config_file('80-generated-keys', 'generated-keys') }}
+
+{%- endif %}
diff --git a/nsd/files/default/generated-keys.conf.jinja b/nsd/files/default/generated-keys.conf.jinja
new file mode 100644
index 0000000..cf0873d
--- /dev/null
+++ b/nsd/files/default/generated-keys.conf.jinja
@@ -0,0 +1,11 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+
+{%- for name, config in nsd.get('keys').items() %}
+key:
+  name: "{{ name }}"
+  algorithm: "{{ config['algorithm'] }}"
+  secret: "{{ config['secret'] }}"
+{%- endfor %}
diff --git a/pillar.example b/pillar.example
index e26fbd9..d3ee892 100644
--- a/pillar.example
+++ b/pillar.example
@@ -22,6 +22,13 @@ nsd:
   #   # 90-generated-zones is reserved for zones generated by this formula
   #   # 10-salt is reserved for general configuration generated by this formula
 
+  # If this section is present in your Pillar data,
+  # nsd.conf.d/80-generated-keys will be created and managed
+  keys:
+    examplekey:
+      algorithm: hmac-sha512
+      secret: encryptme
+
   # If this section is present in your Pillar data,
   # nsd.conf.d/90-generated-zones will be created and managed.
   zones: