run nsd on bare metal
This commit is contained in:
parent
9bb44e4978
commit
117d7d2cf4
11 changed files with 39 additions and 102 deletions
|
|
@ -1,14 +0,0 @@
|
|||
127.0.0.1 localhost
|
||||
127.0.1.1 ubuntu
|
||||
127.0.0.1 pizzapim.nl
|
||||
127.0.0.1 git.pizzapim.nl
|
||||
127.0.0.1 dav.pizzapim.nl
|
||||
127.0.0.1 social.pizzapim.nl
|
||||
127.0.0.1 www.pizzapim.nl
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
nameserver 192.168.30.1
|
||||
nameserver 1.1.1.1
|
||||
nameserver 1.0.0.1
|
||||
search lan
|
||||
|
|
|
|||
|
|
@ -23,7 +23,3 @@
|
|||
src: "{{ role_path }}/files/resolv.conf"
|
||||
dest: /etc/resolv.conf
|
||||
follow: true
|
||||
- name: Copy hosts file
|
||||
copy:
|
||||
src: "{{ role_path }}/files/hosts"
|
||||
dest: /etc/hosts
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
"ipv6": true
|
||||
}
|
||||
|
|
@ -29,11 +29,6 @@
|
|||
name:
|
||||
- docker
|
||||
- docker-compose
|
||||
- name: Enable IPv6
|
||||
copy:
|
||||
src: "{{ role_path }}/files/daemon.json"
|
||||
dest: /etc/docker/daemon.json
|
||||
register: daemon_file
|
||||
- name: Start Docker
|
||||
systemd:
|
||||
name: docker
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
nsd:
|
||||
container_name: nsd
|
||||
restart: always
|
||||
image: ghcr.io/the-kube-way/nsd:v4.6.0
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- /tmp
|
||||
- /var/db/nsd
|
||||
volumes:
|
||||
- /apps/nsd/conf:/etc/nsd:ro
|
||||
- /apps/nsd/zones:/zones
|
||||
- /apps/nsd/keys:/keys
|
||||
ports:
|
||||
- 53:53
|
||||
- 53:53/udp
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
server:
|
||||
ip-address: eth0 # TEMP until response from mailing list
|
||||
ip-address: enp3s0
|
||||
server-count: 1
|
||||
verbosity: 1
|
||||
hide-version: yes
|
||||
zonesdir: "/zones"
|
||||
zonesdir: "/etc/nsd/zones"
|
||||
ip-transparent: yes
|
||||
ip-freebind: yes
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
$ORIGIN geokunis2.nl.
|
||||
$TTL 60
|
||||
|
||||
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600
|
||||
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600
|
||||
NS ns.geokunis2.nl.
|
||||
NS ns0.transip.net.
|
||||
NS ns1.transip.nl.
|
||||
NS ns2.transip.eu.
|
||||
A 82.197.212.198
|
||||
A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
MX 0 .
|
||||
TXT "v=spf1 -all"
|
||||
CAA 0 issue "letsencrypt.org"
|
||||
jenl IN A 217.123.41.225
|
||||
kms IN A 82.197.212.198
|
||||
kms IN A 84.245.14.149
|
||||
_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
|
||||
ns A 82.197.212.198
|
||||
ns A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
|
|
|
|||
|
|
@ -1,22 +1,22 @@
|
|||
$ORIGIN pizzapim.nl.
|
||||
$TTL 60
|
||||
|
||||
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600
|
||||
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600
|
||||
|
||||
NS ns.pizzapim.nl.
|
||||
NS ns0.transip.net.
|
||||
NS ns1.transip.nl.
|
||||
NS ns2.transip.eu.
|
||||
A 82.197.212.198
|
||||
A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
TXT "v=spf1 ~all"
|
||||
CAA 0 issue "letsencrypt.org"
|
||||
|
||||
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
|
||||
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
|
||||
|
||||
www IN A 82.197.212.198
|
||||
www IN A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
ns IN A 82.197.212.198
|
||||
ns IN A 84.245.14.149
|
||||
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
|
||||
cloud IN CNAME www.pizzapim.nl
|
||||
social IN CNAME www.pizzapim.nl
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
dependencies:
|
||||
- role: common
|
||||
- role: docker
|
||||
|
|
@ -1,86 +1,69 @@
|
|||
- name: Create nsd app directory
|
||||
file:
|
||||
path: /apps/nsd
|
||||
state: directory
|
||||
- name: Create nsd configuration directory
|
||||
file:
|
||||
path: /apps/nsd/conf
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Install nsd
|
||||
apt:
|
||||
pkg:
|
||||
- nsd
|
||||
- ldnsutils
|
||||
- name: Copy nsd.conf
|
||||
copy:
|
||||
src: "{{ role_path }}/files/nsd.conf"
|
||||
dest: /apps/nsd/conf/nsd.conf
|
||||
- name: Create nsd zones directory
|
||||
dest: /etc/nsd/nsd.conf
|
||||
- name: Create zones directory
|
||||
file:
|
||||
path: /apps/nsd/zones
|
||||
path: /etc/nsd/zones
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Copy zone files
|
||||
copy:
|
||||
src: "{{ role_path }}/files/zones/"
|
||||
dest: /apps/nsd/zones
|
||||
- name: Create nsd keys directory
|
||||
dest: /etc/nsd/zones
|
||||
- name: Create keys directory
|
||||
file:
|
||||
path: /apps/nsd/keys
|
||||
path: /etc/nsd/keys
|
||||
state: directory
|
||||
owner: 991
|
||||
group: 991
|
||||
- name: Copy KSK private keys
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "/apps/nsd/keys/{{ item | basename }}"
|
||||
dest: "/etc/nsd/keys/{{ item | basename }}"
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/keys/*.ksk.private"
|
||||
- name: Copy KSK keys
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/apps/nsd/keys/{{ item | basename }}"
|
||||
dest: "/etc/nsd/keys/{{ item | basename }}"
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/keys/*.ksk.key"
|
||||
- name: Copy Docker Compose script
|
||||
copy:
|
||||
src: "{{ role_path }}/files/docker-compose.yml"
|
||||
dest: /apps/nsd/docker-compose.yml
|
||||
- name: Start Docker Compose
|
||||
docker_compose:
|
||||
project_src: /apps/nsd
|
||||
pull: true
|
||||
remove_orphans: true
|
||||
- name: Check if ZSKs exist
|
||||
stat:
|
||||
path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key"
|
||||
path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key"
|
||||
register: zsks_exists
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/zones/*"
|
||||
- name: Create ZSK
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}"
|
||||
chdir: /apps/nsd
|
||||
cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}"
|
||||
chdir: /etc/nsd/keys
|
||||
register: create_zsk
|
||||
when: not item.stat.exists
|
||||
with_items: "{{ zsks_exists.results }}"
|
||||
- name: Rename ZSK key
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
||||
chdir: /apps/nsd
|
||||
cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
||||
chdir: /etc/nsd/keys
|
||||
when: item.changed
|
||||
with_items: "{{ create_zsk.results }}"
|
||||
- name: Rename ZSK private key
|
||||
command:
|
||||
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
||||
chdir: /apps/nsd
|
||||
cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
||||
chdir: /etc/nsd/keys
|
||||
when: item.changed
|
||||
with_items: "{{ create_zsk.results }}"
|
||||
- name: Sign zones
|
||||
command:
|
||||
cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk'
|
||||
chdir: /apps/nsd
|
||||
cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk"
|
||||
chdir: /etc/nsd/zones
|
||||
with_fileglob:
|
||||
- "{{ role_path }}/files/zones/*"
|
||||
- name: Restart Docker Compose
|
||||
docker_compose:
|
||||
project_src: /apps/nsd
|
||||
restarted: true
|
||||
- name: Restart NSD
|
||||
systemd:
|
||||
name: nsd
|
||||
enabled: true
|
||||
state: reloaded
|
||||
|
|
|
|||
Reference in a new issue