First commit - Added DNS playbooks

2024-05-14 18:41:12 +02:00 · 2024-05-14 18:41:12 +02:00 · 2a01f9e57d
commit 2a01f9e57d
8 changed files with 143 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+/.vscode/
+/inventory/
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory/hosts.yml
+collections_path = .
--- a/files/ns/zones/trans13nrv.eu.org.zone
+++ b/files/ns/zones/trans13nrv.eu.org.zone
@ -0,0 +1,31 @@
+$ORIGIN trans13nrv.eu.org.
+$TTL 300s
+@   SOA ns1 postmaster (
+                    2024051400 ; Serial
+                    8h         ; Refresh
+                    30m        ; Retry
+                    1w         ; Expire
+                    1h )       ; Negative Cache TTL
+
+; name servers
+    NS  ns1
+
+ns1     A       137.74.82.130
+
+; mailing
+@       MX      10      mail.hebergemoi.fr.
+
+;;; XMPP ;;;
+; server IP / name
+;_jabber A   0.0.0.1
+;xmpp    CNAME _jabber
+
+; ports
+;_xmpp-server._tcp   IN SRV  0 0 5269 _jabber
+;_xmpp-client._tcp   IN SRV  0 0 5222 _jabber
+
+; multi-user-chat
+;muc CNAME _jabber
+
+; web UI
+;chat    CNAME _jabber
--- a/playbooks/01-primary-ns.yaml
+++ b/playbooks/01-primary-ns.yaml
@ -0,0 +1,44 @@
+- hosts: dns-hosts
+  name: Configuration of ns zones
+
+  tasks:
+  - name: Use variables
+    include_vars: vars.yml
+
+      
+  - name: Ensure bind is installed
+    package:
+      name: bind9
+      state: latest
+
+  - name: Ensure dnssec-tools is installed
+    package:
+      name: dnsutils
+      state: latest
+
+  - name: Ensure required master zone directory is present
+    file:
+      path: "{{ dns.paths.primary_zones }}"
+      state: directory
+      owner: "{{ root.user }}"
+      group: "{{ dns.group }}"
+
+  - name: Ensure required keys zone directory is present
+    file:
+      path: "{{ dns.paths.keys }}"
+      state: directory
+      owner: "{{ dns.user }}"
+      group: "{{ dns.group }}"
+
+  - name: Prymary Zones
+    vars:
+      zones:
+        - zome: 
+            domain_name: trans13nrv.eu.org
+    include_tasks: tasks/ns/primary-zone.yml
+    loop: "{{ zones }}"
+
+  - name: Reload bind9 service
+    service:
+      name: bind9
+      state: reloaded
--- a/playbooks/tasks/ns/primary-zone.yml
+++ b/playbooks/tasks/ns/primary-zone.yml
@ -0,0 +1,27 @@
+---
+  - name: "Setup variable for zone {{ zone.domain_name }}"
+    register:
+      domain_name: "{{ zone.domain_name }}"
+      transfer_hosts: "{{ zone.transfer_hosts }}"
+      zone_config_file: "{{ dns.paths.etc }}/named.conf.{{ domain_name }}"
+      zone_db_file: "{{ dns.paths.dns.paths.primary_zones }}/db.{{ zone.domain_zone }}"
+
+  - name: Updating primary zone db file
+    file:
+      src: "file/ns/zone/db.{{ domain_name }}"
+      dest: "{{ zone_db_file }}"
+
+  - name: "Creating zone {{ domain_name }}"
+    template:
+      src: templates/ns/zone/named.conf.primary-zone.j2
+      dest: "{{ zone_config_file }}"
+  
+  - name: "Including zone configuration to global configuration"
+    blockinfile:
+      path: "{{ dns.path.etc }}/named.conf.local"
+      state: present
+      marker: "// {mark} ANSIBLE MANAGED BLOCK FOR {{ domain_name }} ZONE" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
+      block: |
+        "include \"{{ zone_config_file }}\"";
+      marker_begin: BEGIN
+      marker_end: END
--- a/playbooks/vars.yml
+++ b/playbooks/vars.yml
@ -0,0 +1,9 @@
+dns:
+  paths:
+    etc: /etc/bind/
+    primary_zones: /etc/bind/primary
+    keys: /etc/bind/primary/keys
+  user: bind
+  group: bind
+root:
+  user: root
--- a/requirement.yaml
+++ b/requirement.yaml
@ -0,0 +1,5 @@
+collections:
+  - name: community.general
+  - name: hebergemoi.incus
+    source: ssh://git@git.hebergemoi.fr:2222/heberge-moi/hebergemoi.incus.git
+    type: git
--- a/templates/ns/zone/named.conf.primary-zone.j2
+++ b/templates/ns/zone/named.conf.primary-zone.j2
@ -0,0 +1,22 @@
+acl "{{ domain_name }}-acl" {
+{% if transfer_hosts %}
+{% for ip in transfer_hosts %}
+  {{ ip }};
+{% endfor %}
+{% else %}
+  none;
+{% endif %}
+};
+
+zone "{{ domain_name }}" IN {
+  type master;
+  file "{{ dns.paths.primary_zones }}/db.{{ domain_name }}";
+  #auto-dnssec maintain;
+  inline-signing yes;
+  dnssec-policy default;
+  serial-update-method increment;
+  allow-update { none; };
+  allow-transfer { {{ domain_name }}-acl; };
+  notify yes;
+  key-directory "{{ dns.paths.keys }}";
+};