This repository has been archived on 2023-04-26. You can view files and clone it, but cannot push or open issues or pull requests.
max/roles/nsd/tasks/main.yml

70 lines
1.8 KiB
YAML
Raw Permalink Normal View History

2023-01-07 11:02:04 +00:00
- name: Install nsd
apt:
pkg:
- nsd
- ldnsutils
2022-12-26 12:50:05 +00:00
- name: Copy nsd.conf
copy:
src: "{{ role_path }}/files/nsd.conf"
2023-01-07 11:02:04 +00:00
dest: /etc/nsd/nsd.conf
- name: Create zones directory
2022-12-26 12:50:05 +00:00
file:
2023-01-07 11:02:04 +00:00
path: /etc/nsd/zones
2022-12-26 12:50:05 +00:00
state: directory
- name: Copy zone files
copy:
src: "{{ role_path }}/files/zones/"
2023-01-07 11:02:04 +00:00
dest: /etc/nsd/zones
- name: Create keys directory
2022-12-26 12:50:05 +00:00
file:
2023-01-07 11:02:04 +00:00
path: /etc/nsd/keys
2022-12-26 12:50:05 +00:00
state: directory
- name: Copy KSK private keys
template:
src: "{{ item }}"
2023-01-07 11:02:04 +00:00
dest: "/etc/nsd/keys/{{ item | basename }}"
2022-12-26 12:50:05 +00:00
with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.private"
- name: Copy KSK keys
copy:
src: "{{ item }}"
2023-01-07 11:02:04 +00:00
dest: "/etc/nsd/keys/{{ item | basename }}"
2022-12-26 12:50:05 +00:00
with_fileglob:
- "{{ role_path }}/files/keys/*.ksk.key"
- name: Check if ZSKs exist
stat:
2023-01-07 11:02:04 +00:00
path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
2022-12-26 12:50:05 +00:00
register: zsks_exists
with_fileglob:
- "{{ role_path }}/files/zones/*"
- name: Create ZSK
command:
2023-01-07 11:02:04 +00:00
cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
chdir: /etc/nsd/keys
2022-12-26 12:50:05 +00:00
register: create_zsk
when: not item.stat.exists
with_items: "{{ zsks_exists.results }}"
- name: Rename ZSK key
command:
2023-01-07 11:02:04 +00:00
cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
chdir: /etc/nsd/keys
2022-12-26 12:50:05 +00:00
when: item.changed
with_items: "{{ create_zsk.results }}"
- name: Rename ZSK private key
command:
2023-01-07 11:02:04 +00:00
cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
chdir: /etc/nsd/keys
2022-12-26 12:50:05 +00:00
when: item.changed
with_items: "{{ create_zsk.results }}"
- name: Sign zones
command:
2023-01-07 11:02:04 +00:00
cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
chdir: /etc/nsd/zones
2022-12-26 12:50:05 +00:00
with_fileglob:
- "{{ role_path }}/files/zones/*"
2023-01-07 11:02:04 +00:00
- name: Restart NSD
systemd:
name: nsd
enabled: true
state: reloaded