2023-01-07 11:02:04 +00:00
|
|
|
- name: Install nsd
|
|
|
|
apt:
|
|
|
|
pkg:
|
|
|
|
- nsd
|
|
|
|
- ldnsutils
|
2022-12-26 12:50:05 +00:00
|
|
|
- name: Copy nsd.conf
|
|
|
|
copy:
|
|
|
|
src: "{{ role_path }}/files/nsd.conf"
|
2023-01-07 11:02:04 +00:00
|
|
|
dest: /etc/nsd/nsd.conf
|
|
|
|
- name: Create zones directory
|
2022-12-26 12:50:05 +00:00
|
|
|
file:
|
2023-01-07 11:02:04 +00:00
|
|
|
path: /etc/nsd/zones
|
2022-12-26 12:50:05 +00:00
|
|
|
state: directory
|
|
|
|
- name: Copy zone files
|
|
|
|
copy:
|
|
|
|
src: "{{ role_path }}/files/zones/"
|
2023-01-07 11:02:04 +00:00
|
|
|
dest: /etc/nsd/zones
|
|
|
|
- name: Create keys directory
|
2022-12-26 12:50:05 +00:00
|
|
|
file:
|
2023-01-07 11:02:04 +00:00
|
|
|
path: /etc/nsd/keys
|
2022-12-26 12:50:05 +00:00
|
|
|
state: directory
|
|
|
|
- name: Copy KSK private keys
|
|
|
|
template:
|
|
|
|
src: "{{ item }}"
|
2023-01-07 11:02:04 +00:00
|
|
|
dest: "/etc/nsd/keys/{{ item | basename }}"
|
2022-12-26 12:50:05 +00:00
|
|
|
with_fileglob:
|
|
|
|
- "{{ role_path }}/files/keys/*.ksk.private"
|
|
|
|
- name: Copy KSK keys
|
|
|
|
copy:
|
|
|
|
src: "{{ item }}"
|
2023-01-07 11:02:04 +00:00
|
|
|
dest: "/etc/nsd/keys/{{ item | basename }}"
|
2022-12-26 12:50:05 +00:00
|
|
|
with_fileglob:
|
|
|
|
- "{{ role_path }}/files/keys/*.ksk.key"
|
|
|
|
- name: Check if ZSKs exist
|
|
|
|
stat:
|
2023-01-07 11:02:04 +00:00
|
|
|
path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
|
2022-12-26 12:50:05 +00:00
|
|
|
register: zsks_exists
|
|
|
|
with_fileglob:
|
|
|
|
- "{{ role_path }}/files/zones/*"
|
|
|
|
- name: Create ZSK
|
|
|
|
command:
|
2023-01-07 11:02:04 +00:00
|
|
|
cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
|
|
|
|
chdir: /etc/nsd/keys
|
2022-12-26 12:50:05 +00:00
|
|
|
register: create_zsk
|
2023-02-08 07:27:30 +00:00
|
|
|
when: not item.stat.exists and (item.item | basename) in sign_zones
|
2022-12-26 12:50:05 +00:00
|
|
|
with_items: "{{ zsks_exists.results }}"
|
|
|
|
- name: Rename ZSK key
|
|
|
|
command:
|
2023-01-07 11:02:04 +00:00
|
|
|
cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
|
|
|
chdir: /etc/nsd/keys
|
2023-02-08 07:27:30 +00:00
|
|
|
when: item.changed and (item.item | basename) in sign_zones
|
2022-12-26 12:50:05 +00:00
|
|
|
with_items: "{{ create_zsk.results }}"
|
|
|
|
- name: Rename ZSK private key
|
|
|
|
command:
|
2023-01-07 11:02:04 +00:00
|
|
|
cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
|
|
|
chdir: /etc/nsd/keys
|
2023-02-08 07:27:30 +00:00
|
|
|
when: item.changed and (item.item | basename) in sign_zones
|
2022-12-26 12:50:05 +00:00
|
|
|
with_items: "{{ create_zsk.results }}"
|
|
|
|
- name: Sign zones
|
|
|
|
command:
|
2023-01-07 11:02:04 +00:00
|
|
|
cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
|
|
|
|
chdir: /etc/nsd/zones
|
2023-02-08 07:27:30 +00:00
|
|
|
when: (item | basename) in sign_zones
|
2022-12-26 12:50:05 +00:00
|
|
|
with_fileglob:
|
|
|
|
- "{{ role_path }}/files/zones/*"
|
2023-01-07 11:02:04 +00:00
|
|
|
- name: Restart NSD
|
|
|
|
systemd:
|
|
|
|
name: nsd
|
|
|
|
enabled: true
|
|
|
|
state: reloaded
|