commit 04d35ca0a387cb0953ccf1d56e9a6fedab57ddc0 Author: Stefan Schwarz Date: Sun May 3 23:20:11 2020 +0200 first commit diff --git a/inventory/group_vars/all/bind.yaml b/inventory/group_vars/all/bind.yaml new file mode 100644 index 0000000..562fec2 --- /dev/null +++ b/inventory/group_vars/all/bind.yaml @@ -0,0 +1,27 @@ +bind_nameservers: + - ns1.f2odns.de + - ns2.f2odns.de + +bind_zones: + doesnt.social: + - { name: '@', type: MX 0, value: mailu.kube.f2o.io. } + - { name: '@', type: TXT, value: v=spf1 include:f2o.io -all } + - { name: '@', type: A, value: 88.198.138.11 } + - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 } + - { name: _matrix._tcp, type: SRV, value: 10 0 443 doesnt.social. } + f2o.at: + - { name: '@', type: MX 0, value: mailu.kube.f2o.io. } + - { name: '@', type: TXT, value: v=spf1 include:f2o.io -all } + - { name: '@', type: A, value: 88.198.138.11 } + - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 } + - { name: blog, type: CNAME, value: web.f2o.io. } + - { name: paste, type: CNAME, value: web.f2o.io. } + - { name: web, type: CNAME, value: web.f2o.io. } + - { name: www, type: CNAME, value: web.f2o.io. } + f2o.io: + - { name: '@', type: NS, value: ns1.f2odns.de. } + - { name: '@', type: NS, value: ns2.f2odns.de. } + - { name: '@', type: MX 0, value: mailu.kube.f2o.io. } + - { name: '@', type: TXT, value: v=spf1 mx -all } + - { name: '@', type: A, value: 88.198.138.11 } + - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 } diff --git a/roles/bind/defaults/main.yaml b/roles/bind/defaults/main.yaml new file mode 100644 index 0000000..82bf92f --- /dev/null +++ b/roles/bind/defaults/main.yaml @@ -0,0 +1,3 @@ +--- + +bind_zones: {} diff --git a/roles/bind/handlers/main.yaml b/roles/bind/handlers/main.yaml new file mode 100644 index 0000000..3f03374 --- /dev/null +++ b/roles/bind/handlers/main.yaml @@ -0,0 +1,6 @@ +--- + +- name: bind_restart + systemd: + name: bind9 + state: restarted diff --git a/roles/bind/tasks/main.yaml b/roles/bind/tasks/main.yaml new file mode 100644 index 0000000..84f336e --- /dev/null +++ b/roles/bind/tasks/main.yaml @@ -0,0 +1,23 @@ +--- + +- name: bind_install + apt: + name: + - bind9 + - dnsutils + install_recommends: no + +- name: bind_config + template: + dest: /etc/bind/named.conf + src: named.conf.j2 + notify: + - bind_restart + +- name: bind_zones + template: + dest: "/var/cache/bind/{{ item.key }}.zone" + src: zone.j2 + loop: "{{ bind_zones | dict2items }}" + notify: + - bind_restart diff --git a/roles/bind/templates/named.conf.j2 b/roles/bind/templates/named.conf.j2 new file mode 100644 index 0000000..d7d79e0 --- /dev/null +++ b/roles/bind/templates/named.conf.j2 @@ -0,0 +1,41 @@ +options { + directory "/var/cache/bind"; + recursion no; +}; + +key "acme-key" { + algorithm hmac-sha512; + secret "{{ bind_acme_key }}"; +}; +key "update-key" { + algorithm hmac-sha512; + secret "{{ bind_update_key }}"; +}; + +{% for domain in bind_zones.keys() %} +zone "{{ domain }}" in { + type {{ 'master' if inventory_hostname in groups.bindmaster else 'slave' }}; + file "{{ domain }}.zone"; + + {% if inventory_hostname in groups.bindmaster %} + update-policy { + grant acme-key name _acme-challenge.{{ domain }}. txt; + }; + also-notify { + {% for server in groups.bindslave %} + {{ hostvars[server].ansible_default_ipv6.address }}; + {% endfor %} + }; + allow-transfer { + key update-key; + }; + {% else %} + masters { + {% for server in groups.bindmaster %} + {{ hostvars[server].ansible_default_ipv6.address }} key "update-key"; + {% endfor %} + }; + {% endif %} + +}; +{% endfor %} \ No newline at end of file diff --git a/roles/bind/templates/zone.j2 b/roles/bind/templates/zone.j2 new file mode 100644 index 0000000..35bd12b --- /dev/null +++ b/roles/bind/templates/zone.j2 @@ -0,0 +1,18 @@ +$ORIGIN {{ item.key }}. +$TTL 300 + +@ IN SOA {{ bind_nameservers | first }}. noc.{{ item.key }} ( + {{ ansible_date_time.epoch }} ; serial + 7200 ; refresh + 3600 ; retry + 1209600 ; expire + 3600 ; min +) + +{% for ns in bind_nameservers %} +@ IN NS {{ ns }}{{ '.' if not ns.endswith('.') else '' }} +{% endfor %} + +{% for record in item.value -%} +{{ record.name }} IN {{ record.type }} {{ record.value }} +{% endfor %} \ No newline at end of file