first commit

2020-05-03 23:20:11 +02:00 · 2020-05-03 23:20:11 +02:00 · 04d35ca0a3
commit 04d35ca0a3
6 changed files with 118 additions and 0 deletions
--- a/roles/bind/templates/named.conf.j2
+++ b/roles/bind/templates/named.conf.j2
@ -0,0 +1,41 @@
+options {
+  directory "/var/cache/bind";
+  recursion no;
+};
+
+key "acme-key" {
+  algorithm hmac-sha512;
+  secret "{{ bind_acme_key }}";
+};
+key "update-key" {
+  algorithm hmac-sha512;
+  secret "{{ bind_update_key }}";
+};
+
+{% for domain in bind_zones.keys() %}
+zone "{{ domain }}" in {
+  type {{ 'master' if inventory_hostname in groups.bindmaster else 'slave' }};
+  file "{{ domain }}.zone";
+
+  {% if inventory_hostname in groups.bindmaster %}
+  update-policy {
+    grant acme-key name _acme-challenge.{{ domain }}. txt;
+  };
+  also-notify {
+    {% for server in groups.bindslave %}
+    {{ hostvars[server].ansible_default_ipv6.address }};
+    {% endfor %}
+  };
+  allow-transfer {
+    key update-key;
+  };
+  {% else %}
+  masters {
+    {% for server in groups.bindmaster %}
+    {{ hostvars[server].ansible_default_ipv6.address }} key "update-key";
+    {% endfor %}
+  };
+  {% endif %}
+
+};
+{% endfor %}