From 3865e57f9a51b08c13d182f47336fece9321675c Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 19 Mar 2023 11:44:16 +0100 Subject: [PATCH] remove authoritative DNS server --- README.md | 1 - playbooks/all.yml | 1 - roles/nsd/files/keys/Kgeokunis2.nl.ksk.key | 1 - .../nsd/files/keys/Kgeokunis2.nl.ksk.private | 10 --- roles/nsd/files/keys/Kpizzapim.nl.ksk.key | 1 - roles/nsd/files/keys/Kpizzapim.nl.ksk.private | 10 --- roles/nsd/files/nsd.conf | 24 ------- roles/nsd/files/zones/geokunis2.nl | 26 ------- roles/nsd/files/zones/pim.kunis.nl | 19 ----- roles/nsd/files/zones/pizzapim.nl | 19 ----- roles/nsd/meta/main.yml | 2 - roles/nsd/tasks/main.yml | 70 ------------------- roles/nsd/vars/main.yml | 3 - 13 files changed, 187 deletions(-) delete mode 100644 roles/nsd/files/keys/Kgeokunis2.nl.ksk.key delete mode 100644 roles/nsd/files/keys/Kgeokunis2.nl.ksk.private delete mode 100644 roles/nsd/files/keys/Kpizzapim.nl.ksk.key delete mode 100644 roles/nsd/files/keys/Kpizzapim.nl.ksk.private delete mode 100644 roles/nsd/files/nsd.conf delete mode 100644 roles/nsd/files/zones/geokunis2.nl delete mode 100644 roles/nsd/files/zones/pim.kunis.nl delete mode 100644 roles/nsd/files/zones/pizzapim.nl delete mode 100644 roles/nsd/meta/main.yml delete mode 100644 roles/nsd/tasks/main.yml delete mode 100644 roles/nsd/vars/main.yml diff --git a/README.md b/README.md index 4216704..0f9e51d 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ The other roles are specifically for the various services we run. All services below are running under Docker, except NSD and Borg. -- Authoritative DNS using [NSD](https://www.nlnetlabs.nl/projects/nsd/about/) (ns.pizzapim.nl) - Reverse proxy using [Traefik](https://doc.traefik.io/traefik/) - Git server using [Forgejo](https://forgejo.org/) ([git.pizzapim.nl](https://git.pizzapim.nl)) - Static website using [Jekyll](https://jekyllrb.com/) ([pizzapim.nl](https://pizzapim.nl)) diff --git a/playbooks/all.yml b/playbooks/all.yml index c27e7d6..913f1f5 100644 --- a/playbooks/all.yml +++ b/playbooks/all.yml @@ -4,7 +4,6 @@ - {role: 'ssh', tags: 'ssh'} - {role: 'watchtower', tags: 'watchtower'} - {role: 'borg', tags: 'borg'} - - {role: 'nsd', tags: 'nsd'} - {role: 'forgejo', tags: 'forgejo'} - {role: 'syncthing', tags: 'syncthing'} - {role: 'kms', tags: 'kms'} diff --git a/roles/nsd/files/keys/Kgeokunis2.nl.ksk.key b/roles/nsd/files/keys/Kgeokunis2.nl.ksk.key deleted file mode 100644 index 26bd681..0000000 --- a/roles/nsd/files/keys/Kgeokunis2.nl.ksk.key +++ /dev/null @@ -1 +0,0 @@ -geokunis2.nl. IN DNSKEY 257 3 15 8DFshejNxv4d9ZkSRY53kEay06aOhHm77EOYNSZFp/w= ;{id = 64014 (ksk), size = 256b} diff --git a/roles/nsd/files/keys/Kgeokunis2.nl.ksk.private b/roles/nsd/files/keys/Kgeokunis2.nl.ksk.private deleted file mode 100644 index 4b74954..0000000 --- a/roles/nsd/files/keys/Kgeokunis2.nl.ksk.private +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -33306239336639653065343862633935396534373739613332356638343037646530333331343835 -6464303336356534653431663938383732383863366238320a663430613133363134336264343734 -31343731373239613330633935636137646133616334353565663061356566666465326261306362 -3463633863626666330a383461656632346361646365383234653963333561366463373331346539 -30633237346532633634636537663936353337353331393663363363363566663738643632363761 -66323032383862306635656130366261303161636232633561313630316537626262356532313131 -63616437633333346431303539306433613130373934393036356563316365373966346536353764 -39343038373162303933653335393432636332613038366531353432346332333936656464626536 -64633030353336616561656539313863306534633863633835333531306533313930 diff --git a/roles/nsd/files/keys/Kpizzapim.nl.ksk.key b/roles/nsd/files/keys/Kpizzapim.nl.ksk.key deleted file mode 100644 index 92f07c1..0000000 --- a/roles/nsd/files/keys/Kpizzapim.nl.ksk.key +++ /dev/null @@ -1 +0,0 @@ -pizzapim.nl. IN DNSKEY 257 3 15 PL2LJmmaooqVFVIrvdFzS+X0YiEgz+fLlr7jm54nX/E= ;{id = 47515 (ksk), size = 256b} diff --git a/roles/nsd/files/keys/Kpizzapim.nl.ksk.private b/roles/nsd/files/keys/Kpizzapim.nl.ksk.private deleted file mode 100644 index bc136ed..0000000 --- a/roles/nsd/files/keys/Kpizzapim.nl.ksk.private +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36343534663736653462386238363734646238306365393233633530663039656335623961663131 -6436373566336464336330326438656137646536656333370a386539613239343962373562653264 -66616530343235333964343332386234666266643933393531323066666164623862633962376666 -3230333539393335630a653532396665383536633164643534303461636135653737616137313034 -33653838653538623934353631393636363937333831313036643334343261363836393235313235 -36613966343431333364336437393430653366643263643130376437663164353361633735616332 -35656666353037643739356133303064633166323535323265323134363963316566323165643165 -36656264353962346530323830623432616238653966613433616235336539396461376162316564 -61643465323165643961303639653466663961333531663133636666643437333233 diff --git a/roles/nsd/files/nsd.conf b/roles/nsd/files/nsd.conf deleted file mode 100644 index 60c65a4..0000000 --- a/roles/nsd/files/nsd.conf +++ /dev/null @@ -1,24 +0,0 @@ -server: - ip-address: enp3s0 - server-count: 1 - verbosity: 1 - hide-version: yes - zonesdir: "/etc/nsd/zones" - ip-transparent: yes - ip-freebind: yes - -zone: - name: pizzapim.nl - zonefile: pizzapim.nl.signed - provide-xfr: 87.253.155.96/27 NOKEY - provide-xfr: 157.97.168.160/27 NOKEY - -zone: - name: geokunis2.nl - zonefile: geokunis2.nl.signed - provide-xfr: 87.253.155.96/27 NOKEY - provide-xfr: 157.97.168.160/27 NOKEY - -zone: - name: pim.kunis.nl - zonefile: pim.kunis.nl diff --git a/roles/nsd/files/zones/geokunis2.nl b/roles/nsd/files/zones/geokunis2.nl deleted file mode 100644 index 8d7bf7d..0000000 --- a/roles/nsd/files/zones/geokunis2.nl +++ /dev/null @@ -1,26 +0,0 @@ -$ORIGIN geokunis2.nl. -$TTL 60 - -geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023030500 1800 3600 1209600 3600 - NS ns.geokunis2.nl. - NS ns0.transip.net. - NS ns1.transip.nl. - NS ns2.transip.eu. - A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -; MX 0 . -; TXT "v=spf1 -all" - CAA 0 issue "letsencrypt.org" -mail IN A 84.245.14.149 - MX 10 mail.geokunis2.nl -jenl IN A 217.123.41.225 -wg IN A 84.245.14.149 -wg IN AAAA 2a02:58:1:e::1afb -wg4 IN A 84.245.14.149 -wg6 IN AAAA 2a02:58:1:e::1afb -kms IN A 84.245.14.149 -files IN A 84.245.14.149 -files IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -_dmarc IN TXT "v=DMARC1; p=reject; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" -ns A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/files/zones/pim.kunis.nl b/roles/nsd/files/zones/pim.kunis.nl deleted file mode 100644 index f68d70d..0000000 --- a/roles/nsd/files/zones/pim.kunis.nl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN pim.kunis.nl. -$TTL 60 - -pim.kunis.nl. IN SOA ns.pim.kunis.nl. pim.kunis.nl. 2023020800 1800 3600 1209600 3600 - - NS ns.pim.kunis.nl. - A 84.245.14.149 - TXT "v=spf1 ~all" - -_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" - -www IN A 84.245.14.149 -ns IN A 84.245.14.149 - -social IN CNAME www.pim.kunis.nl. -dav IN CNAME www.pim.kunis.nl. -git IN CNAME www.pim.kunis.nl. -meet IN CNAME www.pim.kunis.nl. -rss IN CNAME www.pim.kunis.nl. diff --git a/roles/nsd/files/zones/pizzapim.nl b/roles/nsd/files/zones/pizzapim.nl deleted file mode 100644 index 3892920..0000000 --- a/roles/nsd/files/zones/pizzapim.nl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN pizzapim.nl. -$TTL 60 - -pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023020900 1800 3600 1209600 3600 - - NS ns.pizzapim.nl. - NS ns0.transip.net. - NS ns1.transip.nl. - NS ns2.transip.eu. - A 84.245.14.149 - TXT "v=spf1 ~all" - CAA 0 issue "letsencrypt.org" - -_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;" - -social IN A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda -ns IN A 84.245.14.149 - AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda diff --git a/roles/nsd/meta/main.yml b/roles/nsd/meta/main.yml deleted file mode 100644 index 9711b33..0000000 --- a/roles/nsd/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml deleted file mode 100644 index 9f556d4..0000000 --- a/roles/nsd/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ -- name: Install nsd - apt: - pkg: - - nsd - - ldnsutils -- name: Copy nsd.conf - copy: - src: "{{ role_path }}/files/nsd.conf" - dest: /etc/nsd/nsd.conf -- name: Create zones directory - file: - path: /etc/nsd/zones - state: directory -- name: Copy zone files - copy: - src: "{{ role_path }}/files/zones/" - dest: /etc/nsd/zones -- name: Create keys directory - file: - path: /etc/nsd/keys - state: directory -- name: Copy KSK private keys - template: - src: "{{ item }}" - dest: "/etc/nsd/keys/{{ item | basename }}" - with_fileglob: - - "{{ role_path }}/files/keys/*.ksk.private" -- name: Copy KSK keys - copy: - src: "{{ item }}" - dest: "/etc/nsd/keys/{{ item | basename }}" - with_fileglob: - - "{{ role_path }}/files/keys/*.ksk.key" -- name: Check if ZSKs exist - stat: - path: "/etc/nsd/keys/K{{ item | basename }}.zsk.key" - register: zsks_exists - with_fileglob: - - "{{ role_path }}/files/zones/*" -- name: Create ZSK - command: - cmd: "ldns-keygen -a ED25519 {{ item.item | basename }}" - chdir: /etc/nsd/keys - register: create_zsk - when: not item.stat.exists and (item.item | basename) in sign_zones - with_items: "{{ zsks_exists.results }}" -- name: Rename ZSK key - command: - cmd: "mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key" - chdir: /etc/nsd/keys - when: item.changed and (item.item | basename) in sign_zones - with_items: "{{ create_zsk.results }}" -- name: Rename ZSK private key - command: - cmd: "mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private" - chdir: /etc/nsd/keys - when: item.changed and (item.item | basename) in sign_zones - with_items: "{{ create_zsk.results }}" -- name: Sign zones - command: - cmd: "ldns-signzone {{ item | basename }} /etc/nsd/keys/K{{ item | basename }}.zsk /etc/nsd/keys/K{{ item | basename }}.ksk" - chdir: /etc/nsd/zones - when: (item | basename) in sign_zones - with_fileglob: - - "{{ role_path }}/files/zones/*" -- name: Restart NSD - systemd: - name: nsd - enabled: true - state: reloaded diff --git a/roles/nsd/vars/main.yml b/roles/nsd/vars/main.yml deleted file mode 100644 index 45cb37c..0000000 --- a/roles/nsd/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -sign_zones: - - geokunis2.nl - - pizzapim.nl