move from nsd to powerdns

ansible/roles/nsd/files/nsd.conf

@@ -1,29 +0,0 @@
-server:
-        ip-address: ens4
-	port: 53
-        server-count: 1
-        verbosity: 1
-        hide-version: yes
-        zonesdir: "/etc/nsd/zones"
-        ip-transparent: yes
-        ip-freebind: yes
-
-zone:
-	name: pim.kunis.nl
-	zonefile: pim.kunis.nl
-
-zone:
-	name: pizzapim.nl
-	zonefile: pizzapim.nl
-	provide-xfr: 87.253.155.96/27 NOKEY
-        provide-xfr: 157.97.168.160/27 NOKEY
-
-zone:
-	name: geokunis2.nl
-	zonefile: geokunis2.nl
-	provide-xfr: 87.253.155.96/27 NOKEY
-        provide-xfr: 157.97.168.160/27 NOKEY
-
-zone:
-	name: kun.is
-	zonefile: kun.is

ansible/roles/nsd/files/zones/geokunis2.nl

@@ -1,36 +0,0 @@
-$ORIGIN geokunis2.nl.
-$TTL 60
-
-geokunis2.nl.		IN	SOA	ns.geokunis2.nl. niels.kunis.nl. 2023052600 1800 3600 1209600 3600
-				NS	ns.geokunis2.nl.
-				NS	ns0.transip.net.
-				NS	ns1.transip.nl.
-				NS	ns2.transip.eu.
-				A	84.245.14.149
-				AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
-				CAA	0 issue "letsencrypt.org"
-jenl			IN	A	217.123.41.225
-wg				IN	A	84.245.14.149
-wg				IN	AAAA	2a02:58:1:e::1afb
-wg4				IN	A	84.245.14.149
-wg6				IN	AAAA	2a02:58:1:e::1afb
-kms				IN	A	84.245.14.149
-tuindersweijde	IN	A	84.245.14.149
-files			IN	A	84.245.14.149
-files			IN	AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
-ns				A	84.245.14.149
-				AAAA	2a02:58:19a:f730:c8fe:c0ff:feff:ee07
-cyberchef		IN	A	84.245.14.149
-				AAAA	2a02:58:19a:f730:c8fe:c0ff:feff:ee03
-inbucket		IN	A	84.245.14.149
-
-; proton shizzle
-@			IN	TXT	"protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b"
-@			IN	TXT	"sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb"
-@			IN	MX	10 mx1.simplelogin.co.
-@			IN	MX	20 mx2.simplelogin.co.
-@			IN	TXT	"v=spf1 include:simplelogin.co ~all"
-dkim02._domainkey	IN	CNAME	dkim02._domainkey.simplelogin.co.
-dkim._domainkey		IN	CNAME	dkim._domainkey.simplelogin.co.
-dkim03._domainkey	IN	CNAME	dkim03._domainkey.simplelogin.co.
-_dmarc			IN	TXT	"v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"

ansible/roles/nsd/files/zones/kun.is

@@ -1,13 +0,0 @@
-$ORIGIN kun.is.
-$TTL 60
-
-kun.is.	IN 	SOA	ns1.kun.is. pim.kunis.nl. 2023051702 1800 3600 1209600 3600
-		NS	ns1.kun.is.
-		NS	ns2.kun.is.
-
-ns1		A	84.245.14.149
-ns2		A	84.245.14.149
-
-pim		A	84.245.14.149
-
-*		A	84.245.14.149

ansible/roles/nsd/files/zones/pim.kunis.nl

@@ -1,33 +0,0 @@
-$ORIGIN pim.kunis.nl.
-$TTL 60
-
-pim.kunis.nl.	IN 	SOA	ns.pim.kunis.nl. pim.kunis.nl. 2023052000 1800 3600 1209600 3600
-
-			NS	ns.pim.kunis.nl.
-			A	84.245.14.149
-#			AAAA	2a02:58:19a:f730:b62e:99ff:fe77:1bda
-			TXT	"v=spf1 ~all"
-
-_dmarc		IN	TXT	"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
-
-www		IN	A	84.245.14.149
-ns		IN	A	84.245.14.149
-		IN	AAAA	2a02:58:19a:f730:c8fe:c0ff:feff:ee07
-
-social		IN	CNAME	www.pim.kunis.nl.
-dav		IN	CNAME	www.pim.kunis.nl.
-git		IN	CNAME	www.pim.kunis.nl.
-meet            IN      CNAME   www.pim.kunis.nl.
-rss             IN      CNAME   www.pim.kunis.nl.
-latex		IN	CNAME	www.pim.kunis.nl.
-md		IN	CNAME	www.pim.kunis.nl.
-swarm		IN	CNAME	www.pim.kunis.nl.
-traefik		IN	CNAME	www.pim.kunis.nl.
-syncthing	IN	CNAME	www.pim.kunis.nl.
-cloud		IN	CNAME	www.pim.kunis.nl.
-pihole		IN	CNAME	www.pim.kunis.nl.
-ntfy		IN	CNAME	www.pim.kunis.nl.
-apprise		IN	CNAME	www.pim.kunis.nl.
-uptime		IN	CNAME	www.pim.kunis.nl.
-concourse	IN	CNAME	www.pim.kunis.nl.
-discourse	IN	CNAME	www.pim.kunis.nl.

ansible/roles/nsd/files/zones/pizzapim.nl

@@ -1,18 +0,0 @@
-$ORIGIN pizzapim.nl.
-$TTL 60
-
-pizzapim.nl.	IN 	SOA	ns.pizzapim.nl. pim.kunis.nl. 2023050400 1800 3600 1209600 3600
-
-			NS	ns.pizzapim.nl.
-			NS	ns0.transip.net.
-			NS	ns1.transip.nl.
-			NS	ns2.transip.eu.
-			A	84.245.14.149
-			TXT	"v=spf1 ~all"
-			CAA	0 issue "letsencrypt.org"
-
-_dmarc		IN	TXT	"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
-
-social		IN	A	84.245.14.149
-ns		IN	A	84.245.14.149
-			AAAA	2a02:58:19a:f730:c8fe:c0ff:feff:ee07

ansible/roles/nsd/tasks/main.yml

@@ -1,18 +0,0 @@
-- name: Install nsd
-  apt:
-    name: nsd
-- name: Copy nsd.conf
-  copy:
-    src: "{{ role_path }}/files/nsd.conf"
-    dest: /etc/nsd/nsd.conf
-  register: config
-- name: Copy zone directory
-  copy:
-    src: "{{ role_path }}/files/zones"
-    dest: /etc/nsd
-  register: zones
-- name: Enable nsd
-  systemd:
-    name: nsd
-    enabled: true
-    state: "{{ 'restarted' if config.changed or zones.changed else 'started' }}"

ansible/roles/powerdns/api.conf.j2

@@ -0,0 +1,5 @@
+api=yes
+api-key={{ api_key }}
+webserver-address=0.0.0.0
+webserver-port=3000
+webserver-allow-from=0.0.0.0/0

ansible/roles/powerdns/gpgsql.conf.j2

@@ -0,0 +1,5 @@
+launch=gpgsql
+gpgsql-host=thecloud.dmz
+gpgsql-dbname=powerdns
+gpgsql-user=powerdns
+gpgsql-password={{ postgresql_password }}

ansible/roles/powerdns/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart powerdns
+  systemd:
+    name: pdns
+    state: restarted

ansible/roles/powerdns/overwrite.conf

@@ -0,0 +1,2 @@
+local-address=192.168.30.7, 127.0.0.1, ::
+default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600

ansible/roles/powerdns/tasks/main.yml

@@ -0,0 +1,28 @@
+- name: Remove BIND powerdns config
+  file:
+    path: /etc/powerdns/pdns.d/bind.conf
+    state: absent
+  notify: restart powerdns
+
+- name: Copy postgresql powerdns config
+  template:
+    src: gpgsql.conf.j2
+    dest: /etc/powerdns/pdns.d/gpgsql.conf
+  notify: restart powerdns
+
+- name: Add API powerdns config
+  template:
+    src: api.conf.j2
+    dest: /etc/powerdns/pdns.d/api.conf
+  notify: restart powerdns
+
+- name: Overwrite powerdns config
+  copy:
+    src: overwrite.conf
+    dest: /etc/powerdns/pdns.d/overwrite.conf
+  notify: restart powerdns
+
+- name: Start powerdns
+  systemd:
+    name: pdns
+    state: started