uppdate knot.conf template with ns2

From cnaas-ops

dns-rest-api1.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -1,5 +1,11 @@
 ---
 knot_rest_token_secret: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgBJrZoCKLB9RrjZtwYb5uFxDcuSngzvXVVZe3BtQdSgSq9PzG5dg9me59s7nhIj2WdWFuAdW+BuQ5pa8D+xxeKoqHhUQNCfgIE70tlhI0s9TrWJogDH+QZHE7TC3z8gUNdBo51C8Aq5FqU/Mql8MxnGMe2vgsT79pyM+2PZ6uqMqw1QiOjpFOgQ0uVb1qdYlOx6WbUuuRjGPxvxTogyX+ujdvVPnDmibgAv9UKYkfArsFLYRRB/p6uo4bTvyvwWLu1FLrVH8JSWP5o9otBNAJTCu49ayz09ED8CfnVRyRrgkKOOmqTeh44vyMJtgKjTKvldbypsdbvqFYgIazHBl3aCYlNs0GPyKVFtCNoWaAqv+waZCEccv6uz4q/9XdMLw6vcKYcc38EaYHUc0hp0XbKnGjgojsjhIjCEcqEsvbWyLqkH7Kf6Yot3zE8S3kp1LfV7eHipVysxVyHPTRKZXVl8s6nKvVGk5ZCyXS6B1Ky+aRVk7yt/QvtSAG19RRywhGVEOniugICCASnc4Dyeb1eQq6PBwq6O7b0A7QFIudR2LXNG8YHWqKBBOQMCk1n4sR0S+XgurQ5RX6G3L4hIJf6awZzD9pUdoDlRmnOduv7e1eg6vUstsFU1opEQM3P9BVQThv4wOVTjyJwscXAMFvwXEx2euyYY1qNp9rquBi/FHjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD1ryvEYNdTd0+wpque24SfgDBOr110Jqv+Xq/onLdb1vWs6czuTQsoXqglRuZ9xxl4jcbbTawO9IHpvWug233sWQY=]
+knot_tsig:
+  knot-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgArQaSsFq9yJcYkht/l3/FmpgcDcS4u9bWM27LKTgKAb86SSZmnkB9W2nYGqq1RZ9R9HmGrqQrwmT0xdNWWQSXpAHZ/EIg/Xeg/jGRvRuND9upuSLfrY72/dWDPGt1fXGPNXzgozhMIYC8DmPuZ1GfAC3PRJJAFmhq0Ynqe761aj2Bz//K5SGTzuYcTSRz42ZQ8Sojj9pTI7BmtRxISFpgBSO6jf/X0/6Xh/mHpgDQ/Rt4X6X1shqyqfGv4Wqlf81jE+DflXpcs+iPz/irpHKmfiYkKosOFLsPLqxe7esLCx4c/yC2DPS6cmCMVNCgjaL8oQrULnhisXwzl8FBAZIr8lMvPlitxjG4GebToYPIglTbdqaEi1sdDarSpNudjkJwMUAd8ZMGL0Yc5D5iCiCHjNHc6aN/dkBZAF5P53Du+GDlfGuDOoskPjBPkcLhJJkLYKYhx9Kl9X55/3DozXd4jocWz/pvKx8hnIWmpYqDFAgn+ZKg4o/ZoGu6Z1rrSCtlqqGE/ydpiZNdFZ1oY7Mt2hXVOcnJuhbTe1k+1bTTEBfvgp6aEonLgXaYt/59R75W8UZcO3n0fivBuo8KWtkLORgm6L/OrEYPToI6TlqIfGRnCtqgQKmzBs+FoTrTVW/C98G7SzwW5dtkRHglRZp93HUr8Vb50IqjI8jFEKnq3tjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAA7BBQTzi6WiPdXX4fXqMkgDDTkjtTf+zbSFSAuGoDAhRmODplTdJpViYxgnuu3UvX/G4qFRmA4X2giqe591qFXCA=]
+  alt-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgBJkVAcgcKO8YR0yr2nGVTSQWb7A1eJMqBbPrjTojKepIJN4zdGhLSjETmcMDDBhOVoWSRoE6U9+FRZSwjtRy2yVyPBvoMo7lENncLbT8vISWlyBhWTsXrk8SctgyaDhjD/lNwfzk1VquVuw7ncAEP/iquS+3oTM8BGs62jmVUdKaug5wJWsGDeEkxXhWwmllXCbqblkLZ2oDVW1cbMrgDAda+YT4XsncKjpyiouyvxyPvWM+6e2/9Ijg/TMljhKBT/2NRSglUH5crqpg2LDBbLavjO1gS9nsgPEUkDcUD1sWVJU4J5o+TTuPuVe69G2M4koFNEzmuM37C9jiGKWUKwzX11ayD2xs4QGWKLfG62MdlPycHcMwTHnF+Cbej9iLx5MobXFhGN1VSpUCMRdPswwrWwPodR8h/19NVYoRegiS6E/h4iWDcWlaA1b/MVk/iBy9vWXR/XHDym+8W0TwNHhYT/U4LhmPJ3BvagP86eNwyjO6XyGPxO9QOqG2f2lkB33XqE39UlJacmwV/ex2Fvej4wG3dL0qN51tH6a4KpYU+kpFYckntm9jnvnclTF8D0WjU/sH19W/GjYVoad5fzrllZr/5wGKRJr+g7X5c1GLGV8Lwu2SU36NVlHQiz5XPCoDKHVR5Qfc03FfWVDsdAJ8fJijVMAUwh/xTuhSaoijBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC/AZcyUWdl4sVHFWcs9xfkgDBwgB9SrJWksAkDU+GCplJz1ZsvqYVfIbzYb4omVc0LT0W4p12k4aCI0diQaBgIgAY=]
+  sun-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgDcoiR9utHDFLRo0tTqOVpSkqwR0zq4ZYINcRT7FQJfN7A/3G6pJw5HbR62RxPXAZFWIoC/bqUWN4Yu7h47oSjG/rWPBlYRRPvs6Qk5BTkbkCofj32z+VT2dH65jgP0Td72kQFRVQ26j3S4D4WdylXZ/5aSIth9NxiKWcPo3to2WkDae2hPBoIg0OraLr3eRIQ3E/Ac8Mn6+zcN1HivE0QAz5jQPfagItbKqOitRY+hkCXWMxZhCJeGH7NQUizSuEEborqrsNIlQVuRs2/dhu4GZlZ4q7QnJCzl+ZjADhvXWfz0p1wDUkOArv7fmemAKkEkAIEOPTOC+nOKxceNYXDibguEV1U1Y2fWXIVdSUg5ghEuDm8683UtfFaf2MtMD0/zLdGc1n6j7FjTjYcPPs0vLdbbgSM0v87aWAgCnoEZnrAe58uUQuJKHjil96SI0blmaVLJkYeIlXtmV8b88jXdmpj8Ad1ZUczW/hANRd7Eu32CDRI9t6Ng57yH063yE7ulxzP0XhWyES47YttDCC97jqWx1qwx5I6a03rIZR17XJUvcXqX2D+W7W3IOjPlfi6N2LqnbZextZRdOyr6Kc1/hb05zRr+m8k6hhPoDPmckQURwPttpB/DRrTLFVr+ENukPmpxRyXL21Dhg1uT4KKl+1dbztgo5rQW5JNi9jn5wDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD6+s0d1++YsLTwWtCwPP/GgDDrNDxqNaifS5dl81F/Nv+9YNcYDt5l0YjYJhoXrcMstCIJdQk5yUHZ+o/yGpY4I9w=]
+  infra-utv-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgC0nCdeNmvlWHOrudr321lWnkSKHQiLL3/QV/a+PGXFH6zvlQQmWIXB/GXbkdqp6LV/9fBUQayW2jW71jqi1eOvkWAUeESaCxj7FEdCJvvIsJWal7Wz5zrlhrPZsDi5KkCi2FDyUnbSNiJ39b6PsG9N4uODGaSn0K+y2t1hX+yvSA/be+nNoIsj5qidv9g554u+hMVLYuv3Ha+5v4NQA+uBQqzeo3k1arzX0XtcAYQza2Se1ZkHyyTfnHx3P2a8PUcnfhJheLFlZGtFYPfS5saNjfjfalvCdOpZ/ptIhTZxQ6qT22d9pVWxppLjJQC8yunO/ZKgj73sXqe8XAww/0rbseqWvwk2TK+aK7TkAt0/m0J9+5PC4F9liCN1oOA/RhgOqcqfT132c4D2Zszol6oKWWp8wFIzE+sNFVM2tv3a+T/z0P4+l0oHkWS6Km+IrWqeR4Z2/I/VPdfGavhOZnjwVb9jy5x0rfcCA/UekCORuHXCIAz/bVFgQ0GpqLZfSATg0CFHU5V6x3JMNbe1QBvN55Q3loWHu8pygPz/fN/fnS59CMU1JBdKHyhzlyj5ooa1eiScX2go60JvYfIcQUTk0ZP45NyLMdpVa10cgYlMCcdhe7KrsjPCj6fvLoj/qrgTse8ws/ihAsTeX1bCWmPe8DIFHCRA1NRVcEGDz+S28DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBtZBGN6rYNGhGlphF+SjkkgDBMoBy/RLBRBGENGaZxZ9vPSUxojCtq0z60nwZT05r/x27+WqNHJ1og6us/xhpVD3Q=]
+  lab-utv-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgAV+Z3THlWHgOwWt6+KFt3peYIZkXs+JAzdzoCWhm1qqqMHZQ0lI2wDqvsyHX7ffh1h2hNUh9cFSGl8YSmJLqcFhKIJ3tpCEyIH4vYxY5IyBEXCAvng/fDrK9K46nIsL9oND6lamEDJc/PVEoiSwY4BdLcFGDdM7m8BXmi/vE2V93WRT99BWABhFE9vBtQ3bniphtGVvgraaoaO1e2Pc6Pn15EbRKWRlhGRcLyI3Db/k4DVoQZAbGRAmNUQJf5jPLNqz5kNwAEnsAU06V2ky37o041EMxaIF6zfBfFfhgkk1L8oIqjfRdN520XNCX0pUbYGakIP7OkTlKyoL9p3buUY0F3ou6MHUFHJENBslyXHra1AlOU6oP8VFDX6gWTpRNixTllGEnkuitBYcVFNeFoqqUjCp5wrq0nFDjJHtOiTmieAI9sPwRS+rvs2c5kdDnNpowzyBwFMF3pfH2T3s05KKmuFT04W6ajTXYz3mJ1xVuHnrkR2+jPC3I7t7Bf0edWeusDpGnz9x53NoarL99/FzjSb+Gxmtsao/1LSz0IC/Oe6xH1s4u/VxkDOMcHem4rBgr0bR8jixijdiA604MWiyP/1xvOlE3YhO33I8kus96TeS2YjrjXBAQCTOyIRyst/BpL0ISVUEH1i/j0wAw0XnyPR4nAPegd89Y/UJKMRCDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCoUpXn8Nq9hu0sx22HpLOSgDBksY4jO87KhP9Qws/bBeeRuDNSZo1245AYbBVcF9DZmkjcqZKGFFuLYgj/g4fqrIo=]
 certbot_acmed_clients:
   dns-rest-api.sunet.se:
     allowfrom: []

dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf

@@ -1,15 +1,51 @@
 # 0sunet.catalog (catalog generator)
 
-#acl:
-#  - id: slave_xfr
-#    address: [ <needs to be IPs> ]
-#    action: transfer
+acl:
+  - id: txt_ddns_allow
+    action: update
+    key: knot-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.alternativ.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_alt_ladok
+    action: update
+    key: alt-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.alt.ladok.se., _acme-challenge.*.*.alt.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_sun_ladok
+    action: update
+    key: sun-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.sun.ladok.se., _acme-challenge.*.*.sun.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_infra_utv_ladok
+    action: update
+    key: infra-utv-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.infra.utv.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_lab_utv_ladok
+    action: update
+    key: lab-utv-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.lab.utv.ladok.se. ]
+    update-owner-match: pattern
+
 
 template:
   - id: 0sunet-catz
     catalog-role: member
     catalog-zone: 0sunet.catalog.
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
     storage: "/var/lib/knot/catzones"
     file: "%s.zone"
@@ -17,12 +53,25 @@ template:
 zone:
   - domain: 0sunet.catalog.
     catalog-role: generate
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
 
   - domain: alternativ.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]
 
   - domain: alt.ladok.se.
     template: 0sunet-catz
+    acl: [ddns_allow_alt_ladok]
+
+  - domain: sun.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_sun_ladok]
+
+  - domain: infra.utv.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_infra_utv_ladok]
+
+  - domain: lab.utv.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_lab_utv_ladok]
 

dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/dco.sunet.se.conf

@@ -0,0 +1,6 @@
+# DCO.sunet.se (bj)
+
+zone:
+  - domain: dco.sunet.se
+    dnssec-signing: off
+    notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3, ns2-sunet-se ]

dns-rest-api1.sunet.se/overlay/usr/sbin/knot_lastlogin

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import yaml
+import sqlite3
+
+try:
+    with open('/etc/knot_rest/knot_rest.yaml') as stream:
+        yamlconf = yaml.safe_load(stream)
+except Exception as e:
+    print(e)
+
+knotrestdb = yamlconf["database"].removeprefix("sqlite:///")
+
+try:
+    with sqlite3.connect(knotrestdb) as conn:
+        cur = conn.cursor()
+        cur.execute('select username, description, logged_in from user')
+        rows = cur.fetchall()
+        for row in rows:
+            username = row[0]
+            description = row[1]
+            if description == None:
+                description = "(no description)"
+            lastlogin = row[2]
+            if lastlogin == None:
+                lastlogin = "**never logged in**"
+            print(f"{username:<27}{description:<27}{lastlogin:<23}")
+except sqlite3.OperationalError as e:
+    print(e)

global/overlay/etc/cosmos/keys/acrn-9A6A3E85446B9DABDD90DAC4B189A302EB5F91CA.pub

@@ -0,0 +1,105 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGdEatABEACr5Hbp1ZNth5wDbij4TihAQdzbzc/5E2uxC5YvLwncTErlCoVw
+GhNcVfRMvqhbBbTdHmaCT/aZCHirnHjyG1Eay2mmjAeyiuXMJp/sYRYxvkeOZ0Mf
+3gKsB+KFwOEScDR6s62lju2c9eQo4WxQl9sojERNZm3KmEsvrmXkceNNMaXqoUoW
+YXciguEV891uUUeD0ft+vB9U8RQwsO/0qloNpqKj9FFFt0W0lvKEy+ErG+D0rlX3
+8N67syaxlRBl0zwgbnvAvnwr4nAFk/nGr9Hx/NhPrV/LU8leefPdzbtw/T+8ub8K
+smpatnUS4DrkDpLQoKQUACnqJObYN+pULBaO+L9E9/yngJJjYB5zG5S6b/Z+PZbJ
+/GRlnVay63PLRybYrOl2n8rjfwcUveHpPpw8wa2Vn/xbWtVKPfwiqBSthYudMiSz
+4kRb0jZ9W/YnRxgbY0QzXk3st6If0AulqDWEcx6vS5oG6tulTd+ZnpX7TylJ7aI9
+VZthPbzjSdsRRhzfjEW+A4x++ponU+rYaMvhIp2UnozT8PAuMlyFBf7aa2HWatnD
+OlMdtVngBFnkd4sLFcgLN0W+kzksxgz37DVDrLARN6J3YupcOLemNSnyK2dXw8vS
+qbjd34HsR9ZY+Vee4RyCVjhq7eDgogoCiPrXYLnxsO64ohcP9jur1hOe1wARAQAB
+iQKPBB8BCgCDBYJnRGrQBYkB4TOAAwsJBwkQsYmjAutfkcpHFAAAAAAAHgAgc2Fs
+dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnjLK0kPIQ1qp5Tlx/Ozh0v7IEnsBF
+tCgsPe0Ga6DLKYgDFQoIApsDAh4BFiEEmmo+hURrnavdkNrEsYmjAutfkcoAAMl7
+D/0SbZypsT7ankLo7Xh/Xqww5rVec7Mr7NSLGaDpn4XHlZSh6JPc48JNngItHaTz
+69ZsT7dYy8urajrfHccCnzO72vKOcudefXjJHAUQ7z523sw7WlaM3NVyfHb5lhkX
+c1oIKoJqCDvCVqn11j6FL7fXBQQGRQl2KVYwcXNxMa4s91m+9TBIOXDCLBeYgZ0f
+EW8s/ahUkDetGLRqAv0/ePQa3PKnUAs2lOQNvn5hdzLEyyQTdKu/zxUf92EYfYJ9
+ub0w7re+FBk6o/mdNRSfmJYK+OeB+020AtfYSbLDayQK7mtL6rJqbdbwej45RjKA
+4emjDPu9C2oz4jRiHHB18GquyAIdwttfAzCEz7odsfzaiH8+y38iQ89NcSe4aUVL
+2l95gmRmql0KLGs6/y82YMYzWK/9PrfHbS3k4pAOFTqcFvk3v9AjiWKkRFSSnq4j
+RUQBI+WtcM6Rt/0DS0nzOPulmAMv372x40dAmpAUL5hzLX+LRimVCEBO75wMAF1o
+LHGV/c0Ajt7aq2PtUEs8IvrTyMBVW8Ne2xd9oBZO4eep8RsLtWb9A8cBRgOG4dQ0
+dfcOQzr4DMwHTpQa2PDAIyMydy9SduSkLS+VdnPL9Jk/9J/P2pJvto0PiASfdI1B
+5Q4C14PSNmAcFuFF4+y0anbbjsNwfBiAd7oOHrJLHn/SybQqQW5kZXJzIE9za2Fy
+c2VuIDxhbmRlcnMub3NrYXJzZW5Ac3VuZXQuc2U+iQKSBBMBCgCGBYJnRGrQBYkB
+4TOAAwsJBwkQsYmjAutfkcpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p
+YS1wZ3Aub3JnQlyG/D7l+nGUu6q0HhBFyY+HXida3auwlgYLTEYxmlkDFQoIApkB
+ApsDAh4BFiEEmmo+hURrnavdkNrEsYmjAutfkcoAAMvuD/9tKCqkmR4pKrQG97Us
+R1Di44fV1uG2kxnZsQA5iWbQ84QuSOxr2W+W4bwbb750VsIg+unXE64LQbhxprFQ
+QCC0X/sBeAHxrJJg+fgBI2KqFaQ3tF/7wXfxGk2pUgTir+tYk23H3Rky6cjQZipg
+VcTD+VxBGusVslkHU5nK0hMhueXmA43t57S1EYojDSpHm23iordQLE3RJGKVUmHE
+CHOktL+IJdFtJbc8YNKsp8IbZIcfOcfAsQhe0siI2y+yixl1/g22EGfdRTZtIzLt
+RQ5O68LxsFNPXYESufZye/3bCDG1MYqi3Wo1/K1QjUK+zjTjhjYrZ1Fq1EoLxLCF
+3URiewWxGQWK1qlthxI4HU8ZDeKUL6D6SM+IljPP/o5zqERlthNIlsQBVsRa8uSF
+iFjOO+8gEEnPlTyQg7OYZ4UjaQl6PDeeEzpMP7jyAfClO2uzdKDidLhLWW2cifMU
+p1B9u0zTp3S0/4Er2C1BoDlY2c/lT2mQ5sqHszMq52p5g82jdR5gF3/U7dOHPyfQ
+idqfZyqmjoH5h/BX8fIFgEC8ZHFV17I3U/NAPtSDf/+b7yoMew1Kfp7cb3aZE09k
+4DfyOKyAFdOgNeX2ESe2zmqA+i7IRRdtwZR42FxgcNXWTiMl7ATlGg9cIUu25E3W
+j5RQhyX6duhhBJ2dsadFcdnHg4kCMwQQAQoAHRYhBBLseLUp/K0TNT1/qBRn+daR
+NcI2BQJnRIdSAAoJEBRn+daRNcI2Ik8P/1Qr+2JYhKSxzKDnGIS2WWDMdOVI9dbL
+tHj4y3P7fWVTN+WlO+uWBKhWTzngJ2AjNhXjbYGZtXjQVdYpzGgYFUsGsyd1l91X
+C3tXdH5UTkaHgmP+zdrobszJxyfgfUGnbu5SUZsqnkoR3Qh4fjM55B4swQwyapB/
+IDcvC6fylEHaDh5ycZgndW8m89kuqCP7mIQjr9Q7gFJDl5i/6tDbjDYHDquftPq3
+Xg/i6/YjB9RC9JS0cWJMKjc2NtL1UwG9cgm8jmOE2MLESeJcOCKy+bFT98bzTZrn
+XZw0yOHAFcWL1/2P0wOGqKOWhurY1wbuOgbt025uWKAsZbTix7WV56iF0fwFTbsO
+jfBWrpmsdzgSMJZYWgIJXE4iOPM9JDtkXF0I8iZWUuXBH4tcp3T7ee2aUeYa4e9d
+qairZYYwkX8JJRvB7AfEazofu8Pc+b3r2fTagl9BF+agECRcabyWCzjDHbIwO4a7
+oofgozJ33nFpGfzbQj0kj/d85Vhdu1ro3uuGfVgLWKjBntnrG6EwIqHn70GJiZCX
+NY5KGH7uoS3i81LflqTj71gFS5YDMaHGNxbTbKsfYTH3h2AvLhQcCPcpQAjQnSWh
+vPTdDaBSsB5MNgO7WPcIlI4TMnQC1S1dCux6ggVhDf+Nn0exPt04DuqPucChLNfV
+q0qFPfUp5FIzuQINBGdEatABEACt6iuXs5y2M4dyRSUqezL1fu95aO4nA1FOMX0f
+LXAw/S0NAgimWbd8TlQLebCeiTt/NevU+eaGjLLeTkONQ+h+NiZ3fIgh+onTBWFU
+w/MXqj/gaZ0d+0U5gcIDohaw0ixCAy1RCR1Iv32wkzqICQtIdNuQ9AhUp0YWkJdb
+adzbHxZVMlxcxJ4ribjHPwWbs47aIArahJ6j3TNwyScRmRzSlpYXIMckj3+wnWBO
+u1sHNSLZpCydFE6xkK67icuDPL4tYk8mC6ZhTZGyhw5LUdIEUIMWXdPiCzYiOQiT
+19Q9G6MUOxqom5g+Vl3mBSq+nuG8WEPhCkqBv209hsg2c/jRgAGeIETrsp0zBEf9
+zwaaiXD6sozLYjAnLwi5ikIcdhkle9SjeXkZtyDJIURG8seJ0JXnBER0p7XPXLbq
+LDXQgD16TtYO8nO7qfl6QskcKYrDDeg9hmdMban6Tu9A5CtlTMV1iZBuBgkuADl6
+skqhfK6SjoPEo4qUGyd1K91d+gyPbO40WIUDV9skMOZYj9KhR4px7WeCRwxU//x9
+bnQkX7oL5HT6loka2rQh8RXFKguUb1kJi2x6DNydZLxOBwaou/SEGMC9519O1gMQ
+Pv3a21MPTalb+kYGoCrfZ43rroX9nkk9steQaZMZrhw1tJq95VkaLmLC8ZtiukFC
+RK1l2wARAQABiQKEBBgBCgB4BYJnRGrQBYkB4TOACRCxiaMC61+RykcUAAAAAAAe
+ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmfEs49ykl8gTmr2djmkdTdh
+tq/JHkmf2kt5anEgqs5kwQKbIBYhBJpqPoVEa52r3ZDaxLGJowLrX5HKAACf9g//
+RkyHb3ceNXRpMA+cNuRTRN6PbrlsjYK7afON8bxhbiwGwyM8p9Z3ckWTY0wFwUbJ
+uK7FskdjNn9wfz3922IqN/0/uU2G+wmTuQn6XJacrBKpQT2WidG0r1Xmu7QqSnkf
+iFgr5wjrGt3+pVn1Yf8DQTLf4UxwM+hAmMbCMNhfagVdCCVezozNrkwJfwADPknp
+AzzWZwsnFCHc4+CmJpgGaVt9VhUHsxEfcNACGbBsn+PbpJDWSoK2Cxi1d9iM+4x8
+kYke8LIrEHE8sUfcZbR27ybLdH6XiScmoOxoM3hCASmVpyxCAVFq0Apf3yT6+ra5
+BHme8QoQYbpgiwWAhZ7ghOkmTnVNbbYBOiJJbbtbl7Tl32pRrpf19UBaMHFMrGJx
+bT37N/3FGpcdcTqblfPVS+MUUgLwD98xOPe5cRlENHEcaiFvE6Tf2+x5nIPMwAEB
+65MrMPYZ+n/q0EuFZFM6nVs51CNn8geKoMKk5RLPQUh31uGV3CDoCXcuNObfV+6+
+CODBpz8/O+XNdTuIYGAaRZ0VzpFqxI5SHwCXDpMdZqE29qVD8EQzapvOZ5Er8e3w
+J/6d+hDhWeQefX4i5O1Vp7xDmfqF2XW3z9XElCtdXhoBM75+LCpkYQdKGHnDeI++
+hDQCk6ZyaaHuZED2HsC0BOT1eDS1PpQJ1DYbtM4PeYm5Ag0EZ0Rq0AEQAOCGd1qx
+mk7Qxi63Q8hMbESq6jByZ7sqhQ/wlCIpkPMrJAdLrpV7mus0JneLru7rhjkm4BJo
+eii0riDHPeA5l2a8jeY7EV8U5/vuOmny4PLmhKvGUeIxawTmInyGROzjBwGi60bL
+V5IvVOd5Cwqtvh3ecyxGxEXKiM+tvmlhP2yOrCO4pbf1OUkHY05cYrSw34birt9n
+U+2+4hEgceimNw3HAYnqNAILGRv2CYOMsNVzr7hI55Av41ZWSzwc5Hb4mW3Sftmt
+GD5130k9BVvCm/XInb7M010dVMFZhY+NhEpezGDpXK3cSCio7CxRuDEYTPPDxM1k
+LfO002kVS1L5VcpU/SsW7QZoPcLVwWFwrrm8HXTcVc/OVG6cI5Ki3+5K61neNkJ0
+TWG8oHZ4OCkaQePvnZjbKJj13TG3YcNIHoQHc+uUhiJBHn4nL6McdABbu3xOTIki
+j8GoYYMfWYARGh40AcSzgyKn/R2/ENgJQuQTrsvRevvshKq/3fcqqCwRQgJdNzyk
+md1qmxTO1BxalhFHEL+tdTCIr2MYIgVXiClg6wLlIWrTzYUGBnAEVlPi3ZjDwBHf
+43G4xcOoEzqu2ACJeYjypI24DM9hrJsG1ASXAVfzKQnWEiu+bEnOIXvTOPSvOzJ6
+DwTP8Me18gVxXbEU4gutAs30c8YlUTBZWrbtABEBAAGJAoQEGAEKAHgFgmdEatAF
+iQHhM4AJELGJowLrX5HKRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEt
+cGdwLm9yZ3UWdPz3a9vVsYUckrd6tvHaUbjXEDRLFj0WbZKe8nkcApsMFiEEmmo+
+hURrnavdkNrEsYmjAutfkcoAAL7mD/90KIWazWF4iZ4icF8Bkn8VsEPPOFvIlW0R
+t2u90MfWc2ogTS1CulX0pFzir2obo6lH0+7DK3+gTIOCe1evaqWm5ITDV1O2nbYW
+HD4Ace3zSrwTVoBlZJgn5m0MoPinHSWUejkMPzQZxqRz1UaUHwyoyLMfeE08ESAH
+gJWy91X120YXfXnfad71QJFuzz48T1Nmg0xJDY+ZZeqXszUtxQb8/sYSrubS4JLf
+yvXDHFVqHG7EC/c+7DKdxcAzm4xMbRaJvt7KYJg4emd1I0AHyeBGprtYWfdMOeBr
+tfnvdZpRsYWk0pCcufvct9+6LfqnSkNfknwOOd6kJk2Waf2WdKB8nAnhkddwTZhy
+hGQB12r4mE4WfvuKJYUQMOn7RUirJ90TKZxMrOcpVa2jyU4qKjwr7rvcMW9c4+75
+sz8pyOGEZS0t1TrJwdbOIBZ+ZwGYfYuLSZVjjaRm/s3Ynah2o/XO4h4L2JbVhXIP
+8JOE4r7IKXswfTGPRsTDD4Cu5EH/xw+LJLcffpvn10JvWViEhLQTRLsyrLoH7BcE
+1i8Wiz5xLASldJ6OIsbUVQBPpFFhZkE3KhkF7R64UJHZgtwGGv9WNHpFQcyenqn3
+kK+LbuiztBrUXIr7D2xndVtQbbtghboRcBcyDECNfo6EmsPd93XygoQDkSePuCED
++BnXKK29rg==
+=scZl
+-----END PGP PUBLIC KEY BLOCK-----

global/overlay/etc/hiera/data/common.yaml

@@ -25,14 +25,14 @@ mgmt_addresses:
 # installed anywhere. Real ACLs refer to keys in this database.
 sunet_ssh_keys:
 
-  'pettai+07431497':
-    name   : 'pettai+07431497@sunet.se'
-    key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDnIQ2mZJT13YuBUOLM4Xlkp1165nlKvSC3oNE2Z47sKmcgwgKwPJssd1WsmkKDOsoxsvS6FJiAbmCQe/EdwT4dolRpVjczpp9p+w6wjtTXsWPsSUDbT0ZD8IOmOr24F8Z0WY/ho1Bmm3LwCMbW30KROpZn9VWyzGT6QTGwiZF/lyItsdGcYC2qgaXJpI0sEc5W1WK4ozpTu7z3BtzpyjOvVAQirF7Dp2yU3dLB93vj+/BYnB5F/1cmTWfu6lGRtO60E0j9DSH20AqTGfsJI4fPM7tbJnT2Fhj+MS8bHf6iEnh2QwlUSUdMlJAxXVu1XcLiSbbHXV4Mh7gCuGB0p0rMGiBg9W/t+D2dYsBQxuXq8fT4iqlaHaUwoVYtsDTMIg3c17mcYni5VRk2d49qpva6zR0zU3v0X2YtvHWlCCYBmjWSS/8X8FUgHVOaCEAOjTU89TvG9uvxXoqO64Wznx7sjywkaWuwmNck2K3xlhccw5iy+K1xxalKgcel6nMxdoBuW2RFRAYCCAT8IH+ONzLOcGj/+sRJx+bl18qYWcZGcYA9IbfJCNXuQHX4uRLjtml+zNac3Kefmw1jyBRUUkWbdcAsW3kvf3+CcP62URCk+eFMywnGk8N6UX9akSxgMKTR3IHuqZLHtzbgUxgeRHCLUid9GwsqDmu3fC8fLRK7sQ=='
+  'pettai+820E4E151A5370474619E77AD536054C16A6F808':
+    name   : 'pettai+820E4E151A5370474619E77AD536054C16A6F808@sunet.se'
+    key    : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDb6d7D12Q7XQ1Qez4rO9iAYGywd72yjGk1DvVVkLts+2Adp3QkuPHkWlxpSN6DgiP24qTg2JsYDIWOfRoXp827kDPfkiU92rlFnEiAOUH27218MYfFO2NQwXWPXATcxi6xRL8Zg6G3vNJ7PWs2GGytl8LODrSc6RfKvK10t0zCwhWLSdW5P0ZxM8gSuBRghd+4iQv92sq6SqBqwbvFKDNzG12wi9LPHLJbnyOBtm9rIWujRWPwBqFLCFgJV/I1cQpXNUGJy+qesxnioninF4l/1OxpbZ6XXmg5Xh/3idj7MZMe8Pg8QlJIbmlSvZck3Zb3mIPZkcV6y0D1Pojzcn6vJMVH+y321N0S30KmSQqA+2pABKScbgJ8f8UM0fcATG0YIrdJxl+299puiufdeaEd8mEYTFDdbwwimziIOMO+CISOvjQ0NHd/c8DJeoP87mRUh5xAh4AEoRyc234EoIcvMS763qZ+seatwvsaVeE6w47KpEkY6/PjMHtwY37LNAlVABz+/emLJL1OVH/Sin0U8c4pVUQdXcf+rrCOr3xpwnJKLxVtRjwhnJJ9l8y/+90GbcfcpLcqy7CVa2SGSQ7EUT5kh4HZCmTilPL4eCu5KK5rkrzeqSDczkbep/ktT2tij1qmSW6l9wK5ImzQpoWS4P4TQ/P4qdZm4mtCojyh3Q=='
   'patlu-2249F294':
     name    : 'patlu+2249F294'
     key     : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCquMY5L5QIVq2QjLpfitlS1dSitYThlYxCxyhUG7Hl5IdM5w+PAm45hb/ensn8e/oWXk/W4NoYTlP22KzFwkEeUNlEq21AdYAcb+MwJdCqF/iLP0qpKsznWio7OU3gBn1XqsdVrpewnXIEH9rkin1YIa+m263lrvLKWOhWiu9dGyZYlbA3fIivBTad6gplWfMwjfbeS2uxPoLdN1lP7UYWefe9iVXvgVi19omA836fLRZKi+znHVdvExXVGfSxhF0OOylbjT9gohiaqhCWaIoskRaVqHHTQlqOwcei7XCrdz94Cmxq1XnkvKA9vNVWyv84i5DTpAcxIA/yEE5BXe3qLgek6H5POx6xjyp7EjOw533Q01iYBDXTiCzoK8zanPNYqlcwb0tYXfxT8HTSgUeHKQL1990yRIuKiwkK2YecFfCvpfz257VAZkVjN8IEfw/WhFxSOwL00pUmTLA/DxVFyHuYvdvEs+FANgXX81v1eniExslCcHp9HiOK3odVM1eE02V6O1Kwxyp7cooUEDZ610x0eePhvx20ssTm3qSXdWS1rgZ+ZTzhkwxm8OpSFGDrCgxdUs4tmTtjwcUDeOfTu77ef5t3XTqP9QoCz9CuSi3ZfKM9G1FXTcgU9ApEgCqeUA/56RgUjFvwt9TTnC6I71/0E2olIrp3O5B8l1kLXQ=='
 
 dns_ssh_keys:
   'root':
-    - 'pettai+07431497'
+    - 'pettai+820E4E151A5370474619E77AD536054C16A6F808'
     - 'patlu-2249F294'

global/overlay/etc/puppet/modules/dns/manifests/init.pp

@@ -22,4 +22,6 @@ class dns {
   #  match => '^SystemMaxUse=',
   #  line  => 'SystemMaxUse=500M',
   #}
+
+  include sunet::starship
 }

global/overlay/etc/puppet/modules/dns/templates/knot/knot.conf.erb

@@ -20,6 +20,8 @@ remote:
   - id: ns1-sunet-se
     address: 89.47.185.240@53
     address: 2001:6b0:5a:4020::384@53
+  - id: ns2-sunet-se
+    address: 130.242.114.44@53
   - id: sunic-node1
     address: 130.242.3.49@53
     address: 2001:6b0:1e:2::22d@53