feat(keys): allow pillar based management

Introduce managed TSIG keys configuration using pillar data.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

nsd/config/init.sls

@@ -6,3 +6,4 @@ include:
   - .config_files
   - .file
   - .zones
+  - .keys

nsd/config/keys.sls

@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as nsd with context %}
+{%- from tplroot ~ "/macros.jinja" import config_file with context %}
+
+{%- set keys = nsd.get('keys', {}) %}
+
+{%- if keys | length > 0 %}
+
+{{    config_file('80-generated-keys', 'generated-keys') }}
+
+{%- endif %}

nsd/config/zones.sls

@@ -28,10 +28,14 @@ nsd-config-zones-file-directory:
 "{{ identifier }}":
   file.managed:
     - name: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+    {%- if 'zone_source' in config %}
+    - source: {{ config['zone_source'] }}
+    {%- else %}
     - source: {{ files_switch([template, template+'.jinja'],
                               lookup=identifier
                  )
               }}
+    {%- endif %}
     - mode: 644
     - user: root
     - group: {{ nsd.rootgroup }}

nsd/files/default/generated-keys.conf.jinja

@@ -0,0 +1,11 @@
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+
+{%- for name, config in nsd.get('keys').items() %}
+key:
+  name: "{{ name }}"
+  algorithm: "{{ config['algorithm'] }}"
+  secret: "{{ config['secret'] }}"
+{%- endfor %}

nsd/files/default/generated-zones.conf.jinja

@@ -1,4 +1,5 @@
 {%- from "nsd/macros.jinja" import zonefile_name with context -%}
+{%- set extraopts = ['allow-notify', 'request-xfr', 'outgoing-interface'] -%}
 ########################################################################
 # File managed by Salt at <{{ source }}>.
 # Your changes will be overwritten.
@@ -8,4 +9,9 @@
 zone:
   name: "{{ name }}"
   zonefile: "{{ nsd.zones_dir }}/{{ zonefile_name(name, config) }}"
+  {%- for option in extraopts %}
+  {%- if option in config %}
+  {{ option }}: "{{ config[option] }}"
+  {%- endif %}
+  {%- endfor %}
 {%- endfor %}

pillar.example

@@ -22,6 +22,13 @@ nsd:
   #   # 90-generated-zones is reserved for zones generated by this formula
   #   # 10-salt is reserved for general configuration generated by this formula
 
+  # If this section is present in your Pillar data,
+  # nsd.conf.d/80-generated-keys will be created and managed
+  keys:
+    examplekey:
+      algorithm: hmac-sha512
+      secret: encryptme
+
   # If this section is present in your Pillar data,
   # nsd.conf.d/90-generated-zones will be created and managed.
   zones:
@@ -31,6 +38,11 @@ nsd:
     "168.192.in-addr.arpa": {}
     # NSD's include-pattern directive may be a better way to share configuration
     # across zones than using YAML anchors.
+    #
+    # You can load the zone file from a custom source and specify additional configuration options:
+    # example.com:
+    #   zone_source: salt://zones/example.com.zone
+    #   request-xfr: 192.168.0.1
 
   # If this section is present in your Pillar data,
   # nsd.conf.d/10-salt.conf will be created and managed