commit 2a01f9e57dcd351b1466b26f525a16829881bc33 Author: Floréal Toumikian Date: Tue May 14 18:41:12 2024 +0200 First commit - Added DNS playbooks diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5df1376 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/.vscode/ +/inventory/ diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..8be7511 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = inventory/hosts.yml +collections_path = . \ No newline at end of file diff --git a/files/ns/zones/trans13nrv.eu.org.zone b/files/ns/zones/trans13nrv.eu.org.zone new file mode 100644 index 0000000..1f0b904 --- /dev/null +++ b/files/ns/zones/trans13nrv.eu.org.zone @@ -0,0 +1,31 @@ +$ORIGIN trans13nrv.eu.org. +$TTL 300s +@ SOA ns1 postmaster ( + 2024051400 ; Serial + 8h ; Refresh + 30m ; Retry + 1w ; Expire + 1h ) ; Negative Cache TTL + +; name servers + NS ns1 + +ns1 A 137.74.82.130 + +; mailing +@ MX 10 mail.hebergemoi.fr. + +;;; XMPP ;;; +; server IP / name +;_jabber A 0.0.0.1 +;xmpp CNAME _jabber + +; ports +;_xmpp-server._tcp IN SRV 0 0 5269 _jabber +;_xmpp-client._tcp IN SRV 0 0 5222 _jabber + +; multi-user-chat +;muc CNAME _jabber + +; web UI +;chat CNAME _jabber \ No newline at end of file diff --git a/playbooks/01-primary-ns.yaml b/playbooks/01-primary-ns.yaml new file mode 100644 index 0000000..d51712f --- /dev/null +++ b/playbooks/01-primary-ns.yaml @@ -0,0 +1,44 @@ +- hosts: dns-hosts + name: Configuration of ns zones + + tasks: + - name: Use variables + include_vars: vars.yml + + + - name: Ensure bind is installed + package: + name: bind9 + state: latest + + - name: Ensure dnssec-tools is installed + package: + name: dnsutils + state: latest + + - name: Ensure required master zone directory is present + file: + path: "{{ dns.paths.primary_zones }}" + state: directory + owner: "{{ root.user }}" + group: "{{ dns.group }}" + + - name: Ensure required keys zone directory is present + file: + path: "{{ dns.paths.keys }}" + state: directory + owner: "{{ dns.user }}" + group: "{{ dns.group }}" + + - name: Prymary Zones + vars: + zones: + - zome: + domain_name: trans13nrv.eu.org + include_tasks: tasks/ns/primary-zone.yml + loop: "{{ zones }}" + + - name: Reload bind9 service + service: + name: bind9 + state: reloaded \ No newline at end of file diff --git a/playbooks/tasks/ns/primary-zone.yml b/playbooks/tasks/ns/primary-zone.yml new file mode 100644 index 0000000..19bb979 --- /dev/null +++ b/playbooks/tasks/ns/primary-zone.yml @@ -0,0 +1,27 @@ +--- + - name: "Setup variable for zone {{ zone.domain_name }}" + register: + domain_name: "{{ zone.domain_name }}" + transfer_hosts: "{{ zone.transfer_hosts }}" + zone_config_file: "{{ dns.paths.etc }}/named.conf.{{ domain_name }}" + zone_db_file: "{{ dns.paths.dns.paths.primary_zones }}/db.{{ zone.domain_zone }}" + + - name: Updating primary zone db file + file: + src: "file/ns/zone/db.{{ domain_name }}" + dest: "{{ zone_db_file }}" + + - name: "Creating zone {{ domain_name }}" + template: + src: templates/ns/zone/named.conf.primary-zone.j2 + dest: "{{ zone_config_file }}" + + - name: "Including zone configuration to global configuration" + blockinfile: + path: "{{ dns.path.etc }}/named.conf.local" + state: present + marker: "// {mark} ANSIBLE MANAGED BLOCK FOR {{ domain_name }} ZONE" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs. + block: | + "include \"{{ zone_config_file }}\""; + marker_begin: BEGIN + marker_end: END \ No newline at end of file diff --git a/playbooks/vars.yml b/playbooks/vars.yml new file mode 100644 index 0000000..f64d538 --- /dev/null +++ b/playbooks/vars.yml @@ -0,0 +1,9 @@ +dns: + paths: + etc: /etc/bind/ + primary_zones: /etc/bind/primary + keys: /etc/bind/primary/keys + user: bind + group: bind +root: + user: root \ No newline at end of file diff --git a/requirement.yaml b/requirement.yaml new file mode 100644 index 0000000..4134a4a --- /dev/null +++ b/requirement.yaml @@ -0,0 +1,5 @@ +collections: + - name: community.general + - name: hebergemoi.incus + source: ssh://git@git.hebergemoi.fr:2222/heberge-moi/hebergemoi.incus.git + type: git \ No newline at end of file diff --git a/templates/ns/zone/named.conf.primary-zone.j2 b/templates/ns/zone/named.conf.primary-zone.j2 new file mode 100644 index 0000000..d253088 --- /dev/null +++ b/templates/ns/zone/named.conf.primary-zone.j2 @@ -0,0 +1,22 @@ +acl "{{ domain_name }}-acl" { +{% if transfer_hosts %} +{% for ip in transfer_hosts %} + {{ ip }}; +{% endfor %} +{% else %} + none; +{% endif %} +}; + +zone "{{ domain_name }}" IN { + type master; + file "{{ dns.paths.primary_zones }}/db.{{ domain_name }}"; + #auto-dnssec maintain; + inline-signing yes; + dnssec-policy default; + serial-update-method increment; + allow-update { none; }; + allow-transfer { {{ domain_name }}-acl; }; + notify yes; + key-directory "{{ dns.paths.keys }}"; +};