From 7c7085efea1b8f25c151b75e9cc448d66bfe2820 Mon Sep 17 00:00:00 2001
From: Valentin Samir <valentin.samir@crans.org>
Date: Fri, 14 Feb 2014 00:58:53 +0100
Subject: [PATCH] =?UTF-8?q?[gen=5Fconfs/bind]=20R=C3=A9cup=C3=A9ration=20d?=
 =?UTF-8?q?es=20certificats=20pour=20le=20TLSA=20de=20fa=C3=A7on=20plus=20?=
 =?UTF-8?q?paresseuse?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gestion/gen_confs/bind.py | 45 ++++++++++++++++++++++++++++-----------
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/gestion/gen_confs/bind.py b/gestion/gen_confs/bind.py
index 8c6451e6..4335ba72 100755
--- a/gestion/gen_confs/bind.py
+++ b/gestion/gen_confs/bind.py
@@ -445,19 +445,6 @@ class dns(gen_config) :
     }
 
 
-    EXTRAS = {
-        'crans.org' : [
-             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
-        ]
-    }
-
     hostname = short_name(gethostname())
     serial = int(time.time()) + 1000000000
     TTL = 3600
@@ -467,6 +454,38 @@ class dns(gen_config) :
     else:
         restart_cmd = '/etc/init.d/bind9 reload'
 
+    def __init__(self, *args, **kwargs):
+        xmpp_cert = ssl.get_server_certificate(('xmpp.crans.org', 443), ca_certs='/etc/ssl/certs/ca-certificates.crt')
+        self.EXTRAS = {
+        'crans.org' : [
+             TLSA('crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('www.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet2.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('git.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('nagios.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('pad.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('news.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('asterisk.crans.org.', 5061, 'tcp', None, 3, 2),
+             TLSA('smtp.crans.org.', 465, 'tcp', None, 3, 2),
+             TLSA('imap.crans.org.', 993, 'tcp', None, 3, 2),
+             TLSA('xmpp', 5222, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 5269, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 443, 'tcp', xmpp_cert, 3, 2),
+             TLSA('jabber', 443, 'tcp', xmpp_cert, 3, 2),
+        ],
+        'wifi.crans.org' : [
+             TLSA('wifi.crans.org.', 443, 'tcp', None, 3, 2),
+        ],
+        }
+        super(dns, self).__init__(*args, **kwargs)
 
     def gen_soa(self, ns_list, serial, ttl):
         return SOA(ns_list[0], 'root.crans.org', serial, 21600, 3600, 1209600, ttl)