move from nsd to powerdns
This commit is contained in:
parent
e4c430cbd9
commit
47436d79e1
14 changed files with 133 additions and 204 deletions
|
|
@ -2,16 +2,24 @@
|
|||
hosts: all
|
||||
gather_facts: no
|
||||
roles:
|
||||
- cloudinit-wait
|
||||
- cloudinit_wait
|
||||
|
||||
- name: Install services
|
||||
hosts: all
|
||||
pre_tasks:
|
||||
- name: Delete externally managed environment file
|
||||
shell:
|
||||
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
|
||||
register: rm
|
||||
changed_when: "rm.rc == 0"
|
||||
failed_when: "false"
|
||||
|
||||
- name: Copy resolv.conf
|
||||
copy:
|
||||
src: resolv.conf
|
||||
dest: /etc/resolv.conf
|
||||
|
||||
roles:
|
||||
- {role: apt, tags: apt}
|
||||
- {role: dnsmasq, tags: dnsmasq}
|
||||
- {role: nsd, tags: nsd}
|
||||
- {role: powerdns, tags: powerdns}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
apt_install_packages:
|
||||
- qemu-guest-agent
|
||||
- dnsutils
|
||||
- pdns-server
|
||||
- pdns-backend-pgsql
|
||||
- postgresql-client
|
||||
|
||||
ssh_ca_dir: /root/ssh_ca
|
||||
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
|
||||
|
|
@ -61,3 +64,21 @@ ssh_ca_host_ca_private_key: !vault |
|
|||
39346231666362313632363737623139373632376461373362656563616566633265653438393361
|
||||
39393734393061653639313365633931373963666635316138663538356265386562373837393530
|
||||
6537646639613534666533626339356335396634613765616664
|
||||
|
||||
api_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
65376335393463353232386437613533396261383332653738323764633965393262363239376165
|
||||
3566666139376135643833343535663130353631326466610a623161633238363338633461383434
|
||||
63373365613765663830613565313164323938336338616666313365623261663037626132623531
|
||||
3638653833626532300a656632356563613631633162643464356236396635633237376133323433
|
||||
37363261376535306161393039396333656430323534616462393366643662306631306339346363
|
||||
3065303163643732613435323561663035646365383237643464
|
||||
|
||||
postgresql_password: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
64646633623535383761356434643064383736626638333738323363393037393133363130623361
|
||||
3965323132656263393365366131343732646239316564390a613263386166383438366162303561
|
||||
63626162656337313034663830626432303437363764653336613338393038393737663238313737
|
||||
3164323834393165380a393138363265393963613835376331623735303538316162343036306230
|
||||
63633335343332313861393135366332313061353064306265653631613735336631653438383066
|
||||
3034323733323333646532613233666333323363643534336233
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
- name: apt
|
||||
src: https://github.com/sunscrapers/ansible-role-apt.git
|
||||
scm: git
|
||||
- name: cloudinit-wait
|
||||
- name: cloudinit_wait
|
||||
src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
|
||||
scm: git
|
||||
- name: postgresql_database
|
||||
src: https://git.pim.kunis.nl/home/ansible-role-postgresql-database
|
||||
scm: git
|
||||
|
|
|
|||
|
|
@ -1,29 +0,0 @@
|
|||
server:
|
||||
ip-address: ens4
|
||||
port: 53
|
||||
server-count: 1
|
||||
verbosity: 1
|
||||
hide-version: yes
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
ip-transparent: yes
|
||||
ip-freebind: yes
|
||||
|
||||
zone:
|
||||
name: pim.kunis.nl
|
||||
zonefile: pim.kunis.nl
|
||||
|
||||
zone:
|
||||
name: pizzapim.nl
|
||||
zonefile: pizzapim.nl
|
||||
provide-xfr: 87.253.155.96/27 NOKEY
|
||||
provide-xfr: 157.97.168.160/27 NOKEY
|
||||
|
||||
zone:
|
||||
name: geokunis2.nl
|
||||
zonefile: geokunis2.nl
|
||||
provide-xfr: 87.253.155.96/27 NOKEY
|
||||
provide-xfr: 157.97.168.160/27 NOKEY
|
||||
|
||||
zone:
|
||||
name: kun.is
|
||||
zonefile: kun.is
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
$ORIGIN geokunis2.nl.
|
||||
$TTL 60
|
||||
|
||||
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023052600 1800 3600 1209600 3600
|
||||
NS ns.geokunis2.nl.
|
||||
NS ns0.transip.net.
|
||||
NS ns1.transip.nl.
|
||||
NS ns2.transip.eu.
|
||||
A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
CAA 0 issue "letsencrypt.org"
|
||||
jenl IN A 217.123.41.225
|
||||
wg IN A 84.245.14.149
|
||||
wg IN AAAA 2a02:58:1:e::1afb
|
||||
wg4 IN A 84.245.14.149
|
||||
wg6 IN AAAA 2a02:58:1:e::1afb
|
||||
kms IN A 84.245.14.149
|
||||
tuindersweijde IN A 84.245.14.149
|
||||
files IN A 84.245.14.149
|
||||
files IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
ns A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
|
||||
cyberchef IN A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee03
|
||||
inbucket IN A 84.245.14.149
|
||||
|
||||
; proton shizzle
|
||||
@ IN TXT "protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b"
|
||||
@ IN TXT "sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb"
|
||||
@ IN MX 10 mx1.simplelogin.co.
|
||||
@ IN MX 20 mx2.simplelogin.co.
|
||||
@ IN TXT "v=spf1 include:simplelogin.co ~all"
|
||||
dkim02._domainkey IN CNAME dkim02._domainkey.simplelogin.co.
|
||||
dkim._domainkey IN CNAME dkim._domainkey.simplelogin.co.
|
||||
dkim03._domainkey IN CNAME dkim03._domainkey.simplelogin.co.
|
||||
_dmarc IN TXT "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
$ORIGIN kun.is.
|
||||
$TTL 60
|
||||
|
||||
kun.is. IN SOA ns1.kun.is. pim.kunis.nl. 2023051702 1800 3600 1209600 3600
|
||||
NS ns1.kun.is.
|
||||
NS ns2.kun.is.
|
||||
|
||||
ns1 A 84.245.14.149
|
||||
ns2 A 84.245.14.149
|
||||
|
||||
pim A 84.245.14.149
|
||||
|
||||
* A 84.245.14.149
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
$ORIGIN pim.kunis.nl.
|
||||
$TTL 60
|
||||
|
||||
pim.kunis.nl. IN SOA ns.pim.kunis.nl. pim.kunis.nl. 2023052000 1800 3600 1209600 3600
|
||||
|
||||
NS ns.pim.kunis.nl.
|
||||
A 84.245.14.149
|
||||
# AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
TXT "v=spf1 ~all"
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
|
||||
|
||||
www IN A 84.245.14.149
|
||||
ns IN A 84.245.14.149
|
||||
IN AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
|
||||
|
||||
social IN CNAME www.pim.kunis.nl.
|
||||
dav IN CNAME www.pim.kunis.nl.
|
||||
git IN CNAME www.pim.kunis.nl.
|
||||
meet IN CNAME www.pim.kunis.nl.
|
||||
rss IN CNAME www.pim.kunis.nl.
|
||||
latex IN CNAME www.pim.kunis.nl.
|
||||
md IN CNAME www.pim.kunis.nl.
|
||||
swarm IN CNAME www.pim.kunis.nl.
|
||||
traefik IN CNAME www.pim.kunis.nl.
|
||||
syncthing IN CNAME www.pim.kunis.nl.
|
||||
cloud IN CNAME www.pim.kunis.nl.
|
||||
pihole IN CNAME www.pim.kunis.nl.
|
||||
ntfy IN CNAME www.pim.kunis.nl.
|
||||
apprise IN CNAME www.pim.kunis.nl.
|
||||
uptime IN CNAME www.pim.kunis.nl.
|
||||
concourse IN CNAME www.pim.kunis.nl.
|
||||
discourse IN CNAME www.pim.kunis.nl.
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
$ORIGIN pizzapim.nl.
|
||||
$TTL 60
|
||||
|
||||
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023050400 1800 3600 1209600 3600
|
||||
|
||||
NS ns.pizzapim.nl.
|
||||
NS ns0.transip.net.
|
||||
NS ns1.transip.nl.
|
||||
NS ns2.transip.eu.
|
||||
A 84.245.14.149
|
||||
TXT "v=spf1 ~all"
|
||||
CAA 0 issue "letsencrypt.org"
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
|
||||
|
||||
social IN A 84.245.14.149
|
||||
ns IN A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
- name: Install nsd
|
||||
apt:
|
||||
name: nsd
|
||||
- name: Copy nsd.conf
|
||||
copy:
|
||||
src: "{{ role_path }}/files/nsd.conf"
|
||||
dest: /etc/nsd/nsd.conf
|
||||
register: config
|
||||
- name: Copy zone directory
|
||||
copy:
|
||||
src: "{{ role_path }}/files/zones"
|
||||
dest: /etc/nsd
|
||||
register: zones
|
||||
- name: Enable nsd
|
||||
systemd:
|
||||
name: nsd
|
||||
enabled: true
|
||||
state: "{{ 'restarted' if config.changed or zones.changed else 'started' }}"
|
||||
5
ansible/roles/powerdns/api.conf.j2
Normal file
5
ansible/roles/powerdns/api.conf.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
api=yes
|
||||
api-key={{ api_key }}
|
||||
webserver-address=0.0.0.0
|
||||
webserver-port=3000
|
||||
webserver-allow-from=0.0.0.0/0
|
||||
5
ansible/roles/powerdns/gpgsql.conf.j2
Normal file
5
ansible/roles/powerdns/gpgsql.conf.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
launch=gpgsql
|
||||
gpgsql-host=thecloud.dmz
|
||||
gpgsql-dbname=powerdns
|
||||
gpgsql-user=powerdns
|
||||
gpgsql-password={{ postgresql_password }}
|
||||
4
ansible/roles/powerdns/handlers/main.yml
Normal file
4
ansible/roles/powerdns/handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart powerdns
|
||||
systemd:
|
||||
name: pdns
|
||||
state: restarted
|
||||
2
ansible/roles/powerdns/overwrite.conf
Normal file
2
ansible/roles/powerdns/overwrite.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
local-address=192.168.30.7, 127.0.0.1, ::
|
||||
default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600
|
||||
28
ansible/roles/powerdns/tasks/main.yml
Normal file
28
ansible/roles/powerdns/tasks/main.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
- name: Remove BIND powerdns config
|
||||
file:
|
||||
path: /etc/powerdns/pdns.d/bind.conf
|
||||
state: absent
|
||||
notify: restart powerdns
|
||||
|
||||
- name: Copy postgresql powerdns config
|
||||
template:
|
||||
src: gpgsql.conf.j2
|
||||
dest: /etc/powerdns/pdns.d/gpgsql.conf
|
||||
notify: restart powerdns
|
||||
|
||||
- name: Add API powerdns config
|
||||
template:
|
||||
src: api.conf.j2
|
||||
dest: /etc/powerdns/pdns.d/api.conf
|
||||
notify: restart powerdns
|
||||
|
||||
- name: Overwrite powerdns config
|
||||
copy:
|
||||
src: overwrite.conf
|
||||
dest: /etc/powerdns/pdns.d/overwrite.conf
|
||||
notify: restart powerdns
|
||||
|
||||
- name: Start powerdns
|
||||
systemd:
|
||||
name: pdns
|
||||
state: started
|
||||
Reference in a new issue