86 lines
2.4 KiB
YAML
86 lines
2.4 KiB
YAML
- name: Create nsd app directory
|
|
file:
|
|
path: /apps/nsd
|
|
state: directory
|
|
- name: Create nsd configuration directory
|
|
file:
|
|
path: /apps/nsd/conf
|
|
state: directory
|
|
owner: 991
|
|
group: 991
|
|
- name: Copy nsd.conf
|
|
copy:
|
|
src: "{{ role_path }}/files/nsd.conf"
|
|
dest: /apps/nsd/conf/nsd.conf
|
|
- name: Create nsd zones directory
|
|
file:
|
|
path: /apps/nsd/zones
|
|
state: directory
|
|
owner: 991
|
|
group: 991
|
|
- name: Copy zone files
|
|
copy:
|
|
src: "{{ role_path }}/files/zones/"
|
|
dest: /apps/nsd/zones
|
|
- name: Create nsd keys directory
|
|
file:
|
|
path: /apps/nsd/keys
|
|
state: directory
|
|
owner: 991
|
|
group: 991
|
|
- name: Copy KSK private keys
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "/apps/nsd/keys/{{ item | basename }}"
|
|
with_fileglob:
|
|
- "{{ role_path }}/files/keys/*.ksk.private"
|
|
- name: Copy KSK keys
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "/apps/nsd/keys/{{ item | basename }}"
|
|
with_fileglob:
|
|
- "{{ role_path }}/files/keys/*.ksk.key"
|
|
- name: Copy Docker Compose script
|
|
copy:
|
|
src: "{{ role_path }}/files/docker-compose.yml"
|
|
dest: /apps/nsd/docker-compose.yml
|
|
- name: Start Docker Compose
|
|
docker_compose:
|
|
project_src: /apps/nsd
|
|
pull: true
|
|
remove_orphans: true
|
|
- name: Check if ZSKs exist
|
|
stat:
|
|
path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key"
|
|
register: zsks_exists
|
|
with_fileglob:
|
|
- "{{ role_path }}/files/zones/*"
|
|
- name: Create ZSK
|
|
command:
|
|
cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}"
|
|
chdir: /apps/nsd
|
|
register: create_zsk
|
|
when: not item.stat.exists
|
|
with_items: "{{ zsks_exists.results }}"
|
|
- name: Rename ZSK key
|
|
command:
|
|
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
|
|
chdir: /apps/nsd
|
|
when: item.changed
|
|
with_items: "{{ create_zsk.results }}"
|
|
- name: Rename ZSK private key
|
|
command:
|
|
cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
|
|
chdir: /apps/nsd
|
|
when: item.changed
|
|
with_items: "{{ create_zsk.results }}"
|
|
- name: Sign zones
|
|
command:
|
|
cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk'
|
|
chdir: /apps/nsd
|
|
with_fileglob:
|
|
- "{{ role_path }}/files/zones/*"
|
|
- name: Restart Docker Compose
|
|
docker_compose:
|
|
project_src: /apps/nsd
|
|
restarted: true
|