41 lines
No EOL
897 B
Django/Jinja
41 lines
No EOL
897 B
Django/Jinja
options {
|
|
directory "/var/cache/bind";
|
|
recursion no;
|
|
};
|
|
|
|
key "acme-key" {
|
|
algorithm hmac-sha512;
|
|
secret "{{ bind_acme_key }}";
|
|
};
|
|
key "update-key" {
|
|
algorithm hmac-sha512;
|
|
secret "{{ bind_update_key }}";
|
|
};
|
|
|
|
{% for domain in bind_zones.keys() %}
|
|
zone "{{ domain }}" in {
|
|
type {{ 'master' if inventory_hostname in groups.bindmaster else 'slave' }};
|
|
file "{{ domain }}.zone";
|
|
|
|
{% if inventory_hostname in groups.bindmaster %}
|
|
update-policy {
|
|
grant acme-key name _acme-challenge.{{ domain }}. txt;
|
|
};
|
|
also-notify {
|
|
{% for server in groups.bindslave %}
|
|
{{ hostvars[server].ansible_default_ipv6.address }};
|
|
{% endfor %}
|
|
};
|
|
allow-transfer {
|
|
key update-key;
|
|
};
|
|
{% else %}
|
|
masters {
|
|
{% for server in groups.bindmaster %}
|
|
{{ hostvars[server].ansible_default_ipv6.address }} key "update-key";
|
|
{% endfor %}
|
|
};
|
|
{% endif %}
|
|
|
|
};
|
|
{% endfor %} |