home/hermes
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

move from nsd to powerdns

Browse source
This commit is contained in:
Pim Kunis 2023-06-17 22:21:16 +02:00
parent e4c430cbd9
commit 47436d79e1
14 changed files with 133 additions and 204 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ansible/hermes.yml
View file

@ -2,16 +2,24 @@
hosts: all hosts: all
gather_facts: no gather_facts: no
roles: roles:
- cloudinit-wait - cloudinit_wait
- name: Install services - name: Install services
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"
- name: Copy resolv.conf - name: Copy resolv.conf
copy: copy:
src: resolv.conf src: resolv.conf
dest: /etc/resolv.conf dest: /etc/resolv.conf
roles: roles:
- {role: apt, tags: apt} - {role: apt, tags: apt}
- {role: dnsmasq, tags: dnsmasq} - {role: dnsmasq, tags: dnsmasq}
- {role: nsd, tags: nsd} - {role: powerdns, tags: powerdns}

21
ansible/inventory/host_vars/hermes.yml
View file

@ -1,6 +1,9 @@
apt_install_packages: apt_install_packages:
- qemu-guest-agent - qemu-guest-agent
- dnsutils - dnsutils
- pdns-server
- pdns-backend-pgsql
- postgresql-client
ssh_ca_dir: /root/ssh_ca ssh_ca_dir: /root/ssh_ca
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ" ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
@ -61,3 +64,21 @@ ssh_ca_host_ca_private_key: !vault |
39346231666362313632363737623139373632376461373362656563616566633265653438393361 39346231666362313632363737623139373632376461373362656563616566633265653438393361
39393734393061653639313365633931373963666635316138663538356265386562373837393530 39393734393061653639313365633931373963666635316138663538356265386562373837393530
6537646639613534666533626339356335396634613765616664 6537646639613534666533626339356335396634613765616664
api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376335393463353232386437613533396261383332653738323764633965393262363239376165
3566666139376135643833343535663130353631326466610a623161633238363338633461383434
63373365613765663830613565313164323938336338616666313365623261663037626132623531
3638653833626532300a656632356563613631633162643464356236396635633237376133323433
37363261376535306161393039396333656430323534616462393366643662306631306339346363
3065303163643732613435323561663035646365383237643464
postgresql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64646633623535383761356434643064383736626638333738323363393037393133363130623361
3965323132656263393365366131343732646239316564390a613263386166383438366162303561
63626162656337313034663830626432303437363764653336613338393038393737663238313737
3164323834393165380a393138363265393963613835376331623735303538316162343036306230
63633335343332313861393135366332313061353064306265653631613735336631653438383066
3034323733323333646532613233666333323363643534336233

5
ansible/requirements.yml
View file

@ -1,6 +1,9 @@
- name: apt - name: apt
src: https://github.com/sunscrapers/ansible-role-apt.git src: https://github.com/sunscrapers/ansible-role-apt.git
scm: git scm: git
- name: cloudinit-wait - name: cloudinit_wait
src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
scm: git scm: git
- name: postgresql_database
src: https://git.pim.kunis.nl/home/ansible-role-postgresql-database
scm: git

29
ansible/roles/nsd/files/nsd.conf
View file

@ -1,29 +0,0 @@
server:
ip-address: ens4
port: 53
server-count: 1
verbosity: 1
hide-version: yes
zonesdir: "/etc/nsd/zones"
ip-transparent: yes
ip-freebind: yes
zone:
name: pim.kunis.nl
zonefile: pim.kunis.nl
zone:
name: pizzapim.nl
zonefile: pizzapim.nl
provide-xfr: 87.253.155.96/27 NOKEY
provide-xfr: 157.97.168.160/27 NOKEY
zone:
name: geokunis2.nl
zonefile: geokunis2.nl
provide-xfr: 87.253.155.96/27 NOKEY
provide-xfr: 157.97.168.160/27 NOKEY
zone:
name: kun.is
zonefile: kun.is

36
ansible/roles/nsd/files/zones/geokunis2.nl
View file

@ -1,36 +0,0 @@
$ORIGIN geokunis2.nl.
$TTL 60
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023052600 1800 3600 1209600 3600
NS ns.geokunis2.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
wg IN A 84.245.14.149
wg IN AAAA 2a02:58:1:e::1afb
wg4 IN A 84.245.14.149
wg6 IN AAAA 2a02:58:1:e::1afb
kms IN A 84.245.14.149
tuindersweijde IN A 84.245.14.149
files IN A 84.245.14.149
files IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
cyberchef IN A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee03
inbucket IN A 84.245.14.149
; proton shizzle
@ IN TXT "protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b"
@ IN TXT "sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb"
@ IN MX 10 mx1.simplelogin.co.
@ IN MX 20 mx2.simplelogin.co.
@ IN TXT "v=spf1 include:simplelogin.co ~all"
dkim02._domainkey IN CNAME dkim02._domainkey.simplelogin.co.
dkim._domainkey IN CNAME dkim._domainkey.simplelogin.co.
dkim03._domainkey IN CNAME dkim03._domainkey.simplelogin.co.
_dmarc IN TXT "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"

13
ansible/roles/nsd/files/zones/kun.is
View file

@ -1,13 +0,0 @@
$ORIGIN kun.is.
$TTL 60
kun.is. IN SOA ns1.kun.is. pim.kunis.nl. 2023051702 1800 3600 1209600 3600
NS ns1.kun.is.
NS ns2.kun.is.
ns1 A 84.245.14.149
ns2 A 84.245.14.149
pim A 84.245.14.149
* A 84.245.14.149

33
ansible/roles/nsd/files/zones/pim.kunis.nl
View file

@ -1,33 +0,0 @@
$ORIGIN pim.kunis.nl.
$TTL 60
pim.kunis.nl. IN SOA ns.pim.kunis.nl. pim.kunis.nl. 2023052000 1800 3600 1209600 3600
NS ns.pim.kunis.nl.
A 84.245.14.149
# AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all"
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
www IN A 84.245.14.149
ns IN A 84.245.14.149
IN AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
social IN CNAME www.pim.kunis.nl.
dav IN CNAME www.pim.kunis.nl.
git IN CNAME www.pim.kunis.nl.
meet IN CNAME www.pim.kunis.nl.
rss IN CNAME www.pim.kunis.nl.
latex IN CNAME www.pim.kunis.nl.
md IN CNAME www.pim.kunis.nl.
swarm IN CNAME www.pim.kunis.nl.
traefik IN CNAME www.pim.kunis.nl.
syncthing IN CNAME www.pim.kunis.nl.
cloud IN CNAME www.pim.kunis.nl.
pihole IN CNAME www.pim.kunis.nl.
ntfy IN CNAME www.pim.kunis.nl.
apprise IN CNAME www.pim.kunis.nl.
uptime IN CNAME www.pim.kunis.nl.
concourse IN CNAME www.pim.kunis.nl.
discourse IN CNAME www.pim.kunis.nl.

18
ansible/roles/nsd/files/zones/pizzapim.nl
View file

@ -1,18 +0,0 @@
$ORIGIN pizzapim.nl.
$TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023050400 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 84.245.14.149
TXT "v=spf1 ~all"
CAA 0 issue "letsencrypt.org"
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
social IN A 84.245.14.149
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07

18
ansible/roles/nsd/tasks/main.yml
View file

@ -1,18 +0,0 @@
- name: Install nsd
apt:
name: nsd
- name: Copy nsd.conf
copy:
src: "{{ role_path }}/files/nsd.conf"
dest: /etc/nsd/nsd.conf
register: config
- name: Copy zone directory
copy:
src: "{{ role_path }}/files/zones"
dest: /etc/nsd
register: zones
- name: Enable nsd
systemd:
name: nsd
enabled: true
state: "{{ 'restarted' if config.changed or zones.changed else 'started' }}"

5
ansible/roles/powerdns/api.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
api=yes
api-key={{ api_key }}
webserver-address=0.0.0.0
webserver-port=3000
webserver-allow-from=0.0.0.0/0

5
ansible/roles/powerdns/gpgsql.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
launch=gpgsql
gpgsql-host=thecloud.dmz
gpgsql-dbname=powerdns
gpgsql-user=powerdns
gpgsql-password={{ postgresql_password }}

4
ansible/roles/powerdns/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: restart powerdns
systemd:
name: pdns
state: restarted

2
ansible/roles/powerdns/overwrite.conf Normal file
View file

@ -0,0 +1,2 @@
local-address=192.168.30.7, 127.0.0.1, ::
default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600

28
ansible/roles/powerdns/tasks/main.yml Normal file
View file

@ -0,0 +1,28 @@
- name: Remove BIND powerdns config
file:
path: /etc/powerdns/pdns.d/bind.conf
state: absent
notify: restart powerdns
- name: Copy postgresql powerdns config
template:
src: gpgsql.conf.j2
dest: /etc/powerdns/pdns.d/gpgsql.conf
notify: restart powerdns
- name: Add API powerdns config
template:
src: api.conf.j2
dest: /etc/powerdns/pdns.d/api.conf
notify: restart powerdns
- name: Overwrite powerdns config
copy:
src: overwrite.conf
dest: /etc/powerdns/pdns.d/overwrite.conf
notify: restart powerdns
- name: Start powerdns
systemd:
name: pdns
state: started