diff --git a/roles/common/files/hosts b/roles/common/files/hosts deleted file mode 100644 index 00dc10d..0000000 --- a/roles/common/files/hosts +++ /dev/null @@ -1,14 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 ubuntu -127.0.0.1 pizzapim.nl -127.0.0.1 git.pizzapim.nl -127.0.0.1 dav.pizzapim.nl -127.0.0.1 social.pizzapim.nl -127.0.0.1 www.pizzapim.nl - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/roles/common/files/resolv.conf b/roles/common/files/resolv.conf index 8a9bf12..863bc57 100644 --- a/roles/common/files/resolv.conf +++ b/roles/common/files/resolv.conf @@ -1,3 +1,4 @@ +nameserver 192.168.30.1 nameserver 1.1.1.1 nameserver 1.0.0.1 search lan diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 44966f8..7e13c12 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -23,7 +23,3 @@ src: "{{ role_path }}/files/resolv.conf" dest: /etc/resolv.conf follow: true -- name: Copy hosts file - copy: - src: "{{ role_path }}/files/hosts" - dest: /etc/hosts diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json deleted file mode 100644 index 8cef55b..0000000 --- a/roles/docker/files/daemon.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ipv6": true -} diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 6d8d1ce..1077edb 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -29,11 +29,6 @@ name: - docker - docker-compose -- name: Enable IPv6 - copy: - src: "{{ role_path }}/files/daemon.json" - dest: /etc/docker/daemon.json - register: daemon_file - name: Start Docker systemd: name: docker diff --git a/roles/nsd/files/docker-compose.yml b/roles/nsd/files/docker-compose.yml deleted file mode 100644 index 42d56dd..0000000 --- a/roles/nsd/files/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3.7' - -services: - nsd: - container_name: nsd - restart: always - image: ghcr.io/the-kube-way/nsd:v4.6.0 - read_only: true - tmpfs: - - /tmp - - /var/db/nsd - volumes: - - /apps/nsd/conf:/etc/nsd:ro - - /apps/nsd/zones:/zones - - /apps/nsd/keys:/keys - ports: - - 53:53 - - 53:53/udp diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf index 20245a0..f3460bf 100644 --- a/roles/nsd/files/nsd.conf +++ b/roles/nsd/files/nsd.conf @@ -1,9 +1,9 @@ server: - ip-address: eth0 # TEMP until response from mailing list + ip-address: enp3s0 server-count: 1 verbosity: 1 hide-version: yes - zonesdir: "/zones" + zonesdir: "/etc/nsd/zones" ip-transparent: yes ip-freebind: yes diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl index 3503a8d..1a5d776 100644 --- a/roles/nsd/files/zones/geokunis2.nl +++ b/roles/nsd/files/zones/geokunis2.nl @@ -1,18 +1,18 @@ $ORIGIN geokunis2.nl. $TTL 60 -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010600 1800 3600 1209600 3600 +geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023010601 1800 3600 1209600 3600 NS ns.geokunis2.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 + A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda MX 0 . TXT "v=spf1 -all" CAA 0 issue "letsencrypt.org" jenl IN A 217.123.41.225 -kms IN A 82.197.212.198 +kms IN A 84.245.14.149 _dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" -ns A 82.197.212.198 +ns A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl index dfb220e..19b8c82 100644 --- a/roles/nsd/files/zones/pizzapim.nl +++ b/roles/nsd/files/zones/pizzapim.nl @@ -1,22 +1,22 @@ $ORIGIN pizzapim.nl. $TTL 60 -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010600 1800 3600 1209600 3600 +pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023010700 1800 3600 1209600 3600 NS ns.pizzapim.nl. NS ns0.transip.net. NS ns1.transip.nl. NS ns2.transip.eu. - A 82.197.212.198 + A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda TXT "v=spf1 ~all" CAA 0 issue "letsencrypt.org" -_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" +_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" -www IN A 82.197.212.198 +www IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -ns IN A 82.197.212.198 +ns IN A 84.245.14.149 AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda cloud IN CNAME www.pizzapim.nl social IN CNAME www.pizzapim.nl diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml deleted file mode 100644 index 090690b..0000000 --- a/roles/nsd/meta/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -dependencies: - - role: common - - role: docker diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml index 32d67c2..2636079 100644 --- a/roles/nsd/tasks/main.yml +++ b/roles/nsd/tasks/main.yml @@ -1,86 +1,69 @@ -- name: Create nsd app directory - file: - path: /apps/nsd - state: directory -- name: Create nsd configuration directory - file: - path: /apps/nsd/conf - state: directory - owner: 991 - group: 991 +- name: Install nsd + apt: + pkg: + - nsd + - ldnsutils - name: Copy nsd.conf copy: src: "{{ role_path }}/files/nsd.conf" - dest: /apps/nsd/conf/nsd.conf -- name: Create nsd zones directory + dest: /etc/nsd/nsd.conf +- name: Create zones directory file: - path: /apps/nsd/zones + path: /etc/nsd/zones state: directory - owner: 991 - group: 991 - name: Copy zone files copy: src: "{{ role_path }}/files/zones/" - dest: /apps/nsd/zones -- name: Create nsd keys directory + dest: /etc/nsd/zones +- name: Create keys directory file: - path: /apps/nsd/keys + path: /etc/nsd/keys state: directory - owner: 991 - group: 991 - name: Copy KSK private keys template: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.private" - name: Copy KSK keys copy: src: "{{ item }}" - dest: "/apps/nsd/keys/{{ item | basename }}" + dest: "/etc/nsd/keys/{{ item | basename }}" with_fileglob: - "{{ role_path }}/files/keys/*.ksk.key" -- name: Copy Docker Compose script - copy: - src: "{{ role_path }}/files/docker-compose.yml" - dest: /apps/nsd/docker-compose.yml -- name: Start Docker Compose - docker_compose: - project_src: /apps/nsd - pull: true - remove_orphans: true - name: Check if ZSKs exist stat: - path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key" + path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key" register: zsks_exists with_fileglob: - "{{ role_path }}/files/zones/*" - name: Create ZSK command: - cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}" - chdir: /apps/nsd + cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" + chdir: /etc/nsd/keys register: create_zsk when: not item.stat.exists with_items: "{{ zsks_exists.results }}" - name: Rename ZSK key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Rename ZSK private key command: - cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" - chdir: /apps/nsd + cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" + chdir: /etc/nsd/keys when: item.changed with_items: "{{ create_zsk.results }}" - name: Sign zones command: - cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk' - chdir: /apps/nsd + cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" + chdir: /etc/nsd/zones with_fileglob: - "{{ role_path }}/files/zones/*" -- name: Restart Docker Compose - docker_compose: - project_src: /apps/nsd - restarted: true +- name: Restart NSD + systemd: + name: nsd + enabled: true + state: reloaded