First commit - Added DNS playbooks
This commit is contained in:
commit
2a01f9e57d
GPG key ID:
873D883BD359DEE2
8 changed files with 143 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
/.vscode/
|
||||||
|
/inventory/
|
||||||
3
ansible.cfg
Normal file
3
ansible.cfg
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
[defaults]
|
||||||
|
inventory = inventory/hosts.yml
|
||||||
|
collections_path = .
|
||||||
31
files/ns/zones/trans13nrv.eu.org.zone
Normal file
31
files/ns/zones/trans13nrv.eu.org.zone
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
$ORIGIN trans13nrv.eu.org.
|
||||||
|
$TTL 300s
|
||||||
|
@ SOA ns1 postmaster (
|
||||||
|
2024051400 ; Serial
|
||||||
|
8h ; Refresh
|
||||||
|
30m ; Retry
|
||||||
|
1w ; Expire
|
||||||
|
1h ) ; Negative Cache TTL
|
||||||
|
|
||||||
|
; name servers
|
||||||
|
NS ns1
|
||||||
|
|
||||||
|
ns1 A 137.74.82.130
|
||||||
|
|
||||||
|
; mailing
|
||||||
|
@ MX 10 mail.hebergemoi.fr.
|
||||||
|
|
||||||
|
;;; XMPP ;;;
|
||||||
|
; server IP / name
|
||||||
|
;_jabber A 0.0.0.1
|
||||||
|
;xmpp CNAME _jabber
|
||||||
|
|
||||||
|
; ports
|
||||||
|
;_xmpp-server._tcp IN SRV 0 0 5269 _jabber
|
||||||
|
;_xmpp-client._tcp IN SRV 0 0 5222 _jabber
|
||||||
|
|
||||||
|
; multi-user-chat
|
||||||
|
;muc CNAME _jabber
|
||||||
|
|
||||||
|
; web UI
|
||||||
|
;chat CNAME _jabber
|
||||||
44
playbooks/01-primary-ns.yaml
Normal file
44
playbooks/01-primary-ns.yaml
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
- hosts: dns-hosts
|
||||||
|
name: Configuration of ns zones
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Use variables
|
||||||
|
include_vars: vars.yml
|
||||||
|
|
||||||
|
|
||||||
|
- name: Ensure bind is installed
|
||||||
|
package:
|
||||||
|
name: bind9
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Ensure dnssec-tools is installed
|
||||||
|
package:
|
||||||
|
name: dnsutils
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Ensure required master zone directory is present
|
||||||
|
file:
|
||||||
|
path: "{{ dns.paths.primary_zones }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ root.user }}"
|
||||||
|
group: "{{ dns.group }}"
|
||||||
|
|
||||||
|
- name: Ensure required keys zone directory is present
|
||||||
|
file:
|
||||||
|
path: "{{ dns.paths.keys }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ dns.user }}"
|
||||||
|
group: "{{ dns.group }}"
|
||||||
|
|
||||||
|
- name: Prymary Zones
|
||||||
|
vars:
|
||||||
|
zones:
|
||||||
|
- zome:
|
||||||
|
domain_name: trans13nrv.eu.org
|
||||||
|
include_tasks: tasks/ns/primary-zone.yml
|
||||||
|
loop: "{{ zones }}"
|
||||||
|
|
||||||
|
- name: Reload bind9 service
|
||||||
|
service:
|
||||||
|
name: bind9
|
||||||
|
state: reloaded
|
||||||
27
playbooks/tasks/ns/primary-zone.yml
Normal file
27
playbooks/tasks/ns/primary-zone.yml
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: "Setup variable for zone {{ zone.domain_name }}"
|
||||||
|
register:
|
||||||
|
domain_name: "{{ zone.domain_name }}"
|
||||||
|
transfer_hosts: "{{ zone.transfer_hosts }}"
|
||||||
|
zone_config_file: "{{ dns.paths.etc }}/named.conf.{{ domain_name }}"
|
||||||
|
zone_db_file: "{{ dns.paths.dns.paths.primary_zones }}/db.{{ zone.domain_zone }}"
|
||||||
|
|
||||||
|
- name: Updating primary zone db file
|
||||||
|
file:
|
||||||
|
src: "file/ns/zone/db.{{ domain_name }}"
|
||||||
|
dest: "{{ zone_db_file }}"
|
||||||
|
|
||||||
|
- name: "Creating zone {{ domain_name }}"
|
||||||
|
template:
|
||||||
|
src: templates/ns/zone/named.conf.primary-zone.j2
|
||||||
|
dest: "{{ zone_config_file }}"
|
||||||
|
|
||||||
|
- name: "Including zone configuration to global configuration"
|
||||||
|
blockinfile:
|
||||||
|
path: "{{ dns.path.etc }}/named.conf.local"
|
||||||
|
state: present
|
||||||
|
marker: "// {mark} ANSIBLE MANAGED BLOCK FOR {{ domain_name }} ZONE" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
|
||||||
|
block: |
|
||||||
|
"include \"{{ zone_config_file }}\"";
|
||||||
|
marker_begin: BEGIN
|
||||||
|
marker_end: END
|
||||||
9
playbooks/vars.yml
Normal file
9
playbooks/vars.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
dns:
|
||||||
|
paths:
|
||||||
|
etc: /etc/bind/
|
||||||
|
primary_zones: /etc/bind/primary
|
||||||
|
keys: /etc/bind/primary/keys
|
||||||
|
user: bind
|
||||||
|
group: bind
|
||||||
|
root:
|
||||||
|
user: root
|
||||||
5
requirement.yaml
Normal file
5
requirement.yaml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
collections:
|
||||||
|
- name: community.general
|
||||||
|
- name: hebergemoi.incus
|
||||||
|
source: ssh://git@git.hebergemoi.fr:2222/heberge-moi/hebergemoi.incus.git
|
||||||
|
type: git
|
||||||
22
templates/ns/zone/named.conf.primary-zone.j2
Normal file
22
templates/ns/zone/named.conf.primary-zone.j2
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
acl "{{ domain_name }}-acl" {
|
||||||
|
{% if transfer_hosts %}
|
||||||
|
{% for ip in transfer_hosts %}
|
||||||
|
{{ ip }};
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
none;
|
||||||
|
{% endif %}
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "{{ domain_name }}" IN {
|
||||||
|
type master;
|
||||||
|
file "{{ dns.paths.primary_zones }}/db.{{ domain_name }}";
|
||||||
|
#auto-dnssec maintain;
|
||||||
|
inline-signing yes;
|
||||||
|
dnssec-policy default;
|
||||||
|
serial-update-method increment;
|
||||||
|
allow-update { none; };
|
||||||
|
allow-transfer { {{ domain_name }}-acl; };
|
||||||
|
notify yes;
|
||||||
|
key-directory "{{ dns.paths.keys }}";
|
||||||
|
};
|
||||||
Loading…
Add table
Add a link
Reference in a new issue