Add dnssec policy propagation-delay option

galaxy.yml

@@ -1,4 +1,3 @@
-### REQUIRED
 # The namespace of the collection. This can be a company/brand/organization or product namespace under which all
 # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
 # underscores or numbers and cannot contain consecutive underscores
@@ -8,7 +7,7 @@ namespace: s3lph
 name: nameserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: "0.3.1"
+version: "0.3.2"
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

roles/knot/defaults/main.yml

@@ -27,6 +27,7 @@ knot_dnssec_policy_zsk_size: 384
 knot_dnssec_policy_zsk_lifetime: 30d
 knot_dnssec_policy_ksk_lifetime: 0
 knot_dnssec_policy_cds_publish: 'double-ds'
+knot_dnssec_policy_propagation_delay: 1h
 
 knot_dnssec_submission_check_interval: 1h
 knot_dnssec_submission_timeout: 0

roles/knot/templates/etc/knot/knot.conf.j2

@@ -112,6 +112,7 @@ policy:
     ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }}
     ksk-submission: submission-{{ zone.name }}
     ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
+    propagation-delay: {{ zone.propagation_delay | default(knot_dnssec_policy_propagation_delay) }}
     cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}
 {% endif %}
 {% endfor %}