first commit

inventory/group_vars/all/bind.yaml

@@ -0,0 +1,27 @@
+bind_nameservers:
+    - ns1.f2odns.de
+    - ns2.f2odns.de
+
+bind_zones:
+  doesnt.social:
+    - { name: '@', type: MX 0, value: mailu.kube.f2o.io. }
+    - { name: '@', type: TXT, value: v=spf1 include:f2o.io -all }
+    - { name: '@', type: A, value: 88.198.138.11 }
+    - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 }
+    - { name: _matrix._tcp, type: SRV, value: 10 0 443 doesnt.social. }
+  f2o.at:
+    - { name: '@', type: MX 0, value: mailu.kube.f2o.io. }
+    - { name: '@', type: TXT, value: v=spf1 include:f2o.io -all }
+    - { name: '@', type: A, value: 88.198.138.11 }
+    - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 }
+    - { name: blog, type: CNAME, value: web.f2o.io. }
+    - { name: paste, type: CNAME, value: web.f2o.io. }
+    - { name: web, type: CNAME, value: web.f2o.io. }
+    - { name: www, type: CNAME, value: web.f2o.io. }
+  f2o.io:
+    - { name: '@', type: NS, value: ns1.f2odns.de. }
+    - { name: '@', type: NS, value: ns2.f2odns.de. }
+    - { name: '@', type: MX 0, value: mailu.kube.f2o.io. }
+    - { name: '@', type: TXT, value: v=spf1 mx -all }
+    - { name: '@', type: A, value: 88.198.138.11 }
+    - { name: '@', type: AAAA, value: 2a01:4f8:c0c:28b8::1 }

roles/bind/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+
+bind_zones: {}

roles/bind/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+
+- name: bind_restart
+  systemd:
+    name: bind9
+    state: restarted

roles/bind/tasks/main.yaml

@@ -0,0 +1,23 @@
+---
+
+- name: bind_install
+  apt:
+    name:
+      - bind9
+      - dnsutils
+    install_recommends: no
+
+- name: bind_config
+  template:
+    dest: /etc/bind/named.conf
+    src: named.conf.j2
+  notify:
+    - bind_restart
+
+- name: bind_zones
+  template:
+    dest: "/var/cache/bind/{{ item.key }}.zone"
+    src: zone.j2
+  loop: "{{ bind_zones | dict2items }}"
+  notify:
+    - bind_restart

roles/bind/templates/named.conf.j2

@@ -0,0 +1,41 @@
+options {
+  directory "/var/cache/bind";
+  recursion no;
+};
+
+key "acme-key" {
+  algorithm hmac-sha512;
+  secret "{{ bind_acme_key }}";
+};
+key "update-key" {
+  algorithm hmac-sha512;
+  secret "{{ bind_update_key }}";
+};
+
+{% for domain in bind_zones.keys() %}
+zone "{{ domain }}" in {
+  type {{ 'master' if inventory_hostname in groups.bindmaster else 'slave' }};
+  file "{{ domain }}.zone";
+
+  {% if inventory_hostname in groups.bindmaster %}
+  update-policy {
+    grant acme-key name _acme-challenge.{{ domain }}. txt;
+  };
+  also-notify {
+    {% for server in groups.bindslave %}
+    {{ hostvars[server].ansible_default_ipv6.address }};
+    {% endfor %}
+  };
+  allow-transfer {
+    key update-key;
+  };
+  {% else %}
+  masters {
+    {% for server in groups.bindmaster %}
+    {{ hostvars[server].ansible_default_ipv6.address }} key "update-key";
+    {% endfor %}
+  };
+  {% endif %}
+
+};
+{% endfor %}

roles/bind/templates/zone.j2

@@ -0,0 +1,18 @@
+$ORIGIN {{ item.key }}.
+$TTL 300
+
+@ IN SOA {{ bind_nameservers | first }}. noc.{{ item.key }} (
+  {{ ansible_date_time.epoch }} ; serial
+  7200 ; refresh
+  3600 ; retry
+  1209600 ; expire
+  3600 ; min
+)
+
+{% for ns in bind_nameservers %}
+@ IN NS {{ ns }}{{ '.' if not ns.endswith('.') else '' }}
+{% endfor %}
+
+{% for record in item.value -%}
+{{ record.name }} IN {{ record.type }} {{ record.value }}
+{% endfor %}