From 304a3bbe340a7281a50b454704e0912de8703fbb Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 17 Dec 2023 17:41:31 +0100
Subject: [PATCH] replace powerdns with BIND

---
 legacy/projects/hermes/ansible/hermes.yml     |  2 +-
 .../ansible/inventory/host_vars/hermes.yml    | 96 +++++++++++++++----
 .../projects/hermes/ansible/requirements.yml  |  1 +
 .../hermes/ansible/roles/powerdns/api.conf.j2 |  5 -
 .../ansible/roles/powerdns/gpgsql.conf.j2     |  5 -
 .../ansible/roles/powerdns/handlers/main.yml  |  4 -
 .../ansible/roles/powerdns/overwrite.conf     |  4 -
 .../ansible/roles/powerdns/tasks/main.yml     | 28 ------
 .../projects/hermes/ansible/show_leases.yml   | 10 --
 legacy/projects/hermes/{ => vm}/main.tf       |  0
 10 files changed, 79 insertions(+), 76 deletions(-)
 delete mode 100644 legacy/projects/hermes/ansible/roles/powerdns/api.conf.j2
 delete mode 100644 legacy/projects/hermes/ansible/roles/powerdns/gpgsql.conf.j2
 delete mode 100644 legacy/projects/hermes/ansible/roles/powerdns/handlers/main.yml
 delete mode 100644 legacy/projects/hermes/ansible/roles/powerdns/overwrite.conf
 delete mode 100644 legacy/projects/hermes/ansible/roles/powerdns/tasks/main.yml
 delete mode 100644 legacy/projects/hermes/ansible/show_leases.yml
 rename legacy/projects/hermes/{ => vm}/main.tf (100%)

diff --git a/legacy/projects/hermes/ansible/hermes.yml b/legacy/projects/hermes/ansible/hermes.yml
index 496ca8e..ae722f6 100644
--- a/legacy/projects/hermes/ansible/hermes.yml
+++ b/legacy/projects/hermes/ansible/hermes.yml
@@ -22,4 +22,4 @@
   roles:
     - {role: apt, tags: apt}
     - {role: dnsmasq, tags: dnsmasq}
-    - {role: powerdns, tags: powerdns}
+    - {role: bertvv.bind, tags: bind}
diff --git a/legacy/projects/hermes/ansible/inventory/host_vars/hermes.yml b/legacy/projects/hermes/ansible/inventory/host_vars/hermes.yml
index ab05003..2597f8a 100644
--- a/legacy/projects/hermes/ansible/inventory/host_vars/hermes.yml
+++ b/legacy/projects/hermes/ansible/inventory/host_vars/hermes.yml
@@ -1,9 +1,6 @@
 apt_install_packages:
   - qemu-guest-agent
   - dnsutils
-  - pdns-server
-  - pdns-backend-pgsql
-  - postgresql-client
 
 ssh_ca_dir: /root/ssh_ca
 ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
@@ -65,20 +62,81 @@ ssh_ca_host_ca_private_key: !vault |
   39393734393061653639313365633931373963666635316138663538356265386562373837393530
   6537646639613534666533626339356335396634613765616664
 
-api_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  65376335393463353232386437613533396261383332653738323764633965393262363239376165
-  3566666139376135643833343535663130353631326466610a623161633238363338633461383434
-  63373365613765663830613565313164323938336338616666313365623261663037626132623531
-  3638653833626532300a656632356563613631633162643464356236396635633237376133323433
-  37363261376535306161393039396333656430323534616462393366643662306631306339346363
-  3065303163643732613435323561663035646365383237643464
+bind_zone_ttl: 1h
+bind_allow_query:
+  - any
+bind_listen_ipv4:
+  - any
+bind_dnssec_enable: false
+bind_zones:
+  - name: kun.is
 
-postgresql_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  64646633623535383761356434643064383736626638333738323363393037393133363130623361
-  3965323132656263393365366131343732646239316564390a613263386166383438366162303561
-  63626162656337313034663830626432303437363764653336613338393038393737663238313737
-  3164323834393165380a393138363265393963613835376331623735303538316162343036306230
-  63633335343332313861393135366332313061353064306265653631613735336631653438383066
-  3034323733323333646532613233666333323363643534336233
+    primaries:
+      - 192.168.30.7
+
+    name_servers:
+      - ns1.kun.is.
+      - ns2.kun.is.
+
+    hosts:
+      - name: ns
+        ip: 84.245.14.149
+      - name: ns1
+        ip: 84.245.14.149
+      - name: ns2
+        ip: 84.245.14.149
+      - name: '*'
+        ip: 84.245.14.149
+      - name: fcfe5d31d5b7ae1af0b352a6b4c75d3f
+        aliases:
+          - verify.bing.com.
+    text:
+      - name: '@'
+        text: "\\\"google-site-verification=sznWJNdSZfiAESJhnDQEJ6hf06W9vndvhMi6wP_HH04\\\""
+
+  - name: geokunis2.nl
+    primaries:
+      - 192.168.30.7
+
+    name_servers:
+      - ns.geokunis2.nl.
+      - ns0.transip.net.
+      - ns1.transip.nl.
+      - ns2.transip.eu.
+
+    hosts:
+      - name: '@'
+        ip: 84.245.14.149
+        ipv6: 2a02:58:19a:f730:b62e:99ff:fe77:1bda
+      - name: mail
+        ip: 84.245.14.149
+      - name: wg
+        ip: 84.245.14.149
+        ipv6: 2a02:58:1:e::1afb
+      - name: wg4
+        ip: 84.245.14.149
+      - name: wg6
+        ipv6: 2a02:58:1:e::1afb
+      - name: tuindersweijde
+        ip: 84.245.14.149
+      - name: ns
+        ip: 84.245.14.149
+        ipv6: 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
+      - name: files
+        ip: 84.245.14.149
+        ipv6: 2a02:58:19a:f730:b62e:99ff:fe77:1bda
+      - name: cyberchef
+        ip: 84.245.14.149
+        ipv6: 2a02:58:19a:f730:c8fe:c0ff:feff:ee03
+      - name: inbucket
+        ip: 84.245.14.149
+      - name: kms
+        ip: 84.245.14.149
+
+    mail_servers:
+      - name: mail
+        preference: 10
+
+    caa:
+      - name: '@'
+        text: "0 issue \\\"letsencrypt.org\\\""
diff --git a/legacy/projects/hermes/ansible/requirements.yml b/legacy/projects/hermes/ansible/requirements.yml
index 17fea38..a5ba78b 100644
--- a/legacy/projects/hermes/ansible/requirements.yml
+++ b/legacy/projects/hermes/ansible/requirements.yml
@@ -7,3 +7,4 @@
 - name: postgresql_database
   src: https://git.kun.is/home/ansible-role-postgresql-database
   scm: git
+- name: bertvv.bind
diff --git a/legacy/projects/hermes/ansible/roles/powerdns/api.conf.j2 b/legacy/projects/hermes/ansible/roles/powerdns/api.conf.j2
deleted file mode 100644
index fdbf48d..0000000
--- a/legacy/projects/hermes/ansible/roles/powerdns/api.conf.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-api=yes
-api-key={{ api_key }}
-webserver-address=0.0.0.0
-webserver-port=3000
-webserver-allow-from=0.0.0.0/0
diff --git a/legacy/projects/hermes/ansible/roles/powerdns/gpgsql.conf.j2 b/legacy/projects/hermes/ansible/roles/powerdns/gpgsql.conf.j2
deleted file mode 100644
index 7401f94..0000000
--- a/legacy/projects/hermes/ansible/roles/powerdns/gpgsql.conf.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-launch=gpgsql
-gpgsql-host=192.168.30.10
-gpgsql-dbname=powerdns
-gpgsql-user=powerdns
-gpgsql-password={{ postgresql_password }}
diff --git a/legacy/projects/hermes/ansible/roles/powerdns/handlers/main.yml b/legacy/projects/hermes/ansible/roles/powerdns/handlers/main.yml
deleted file mode 100644
index d358e6e..0000000
--- a/legacy/projects/hermes/ansible/roles/powerdns/handlers/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-- name: restart powerdns
-  systemd:
-    name: pdns
-    state: restarted
diff --git a/legacy/projects/hermes/ansible/roles/powerdns/overwrite.conf b/legacy/projects/hermes/ansible/roles/powerdns/overwrite.conf
deleted file mode 100644
index cd4116b..0000000
--- a/legacy/projects/hermes/ansible/roles/powerdns/overwrite.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-local-address=192.168.30.7, 127.0.0.1, ::
-default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600
-# allow zone transfers from Transip ip's. see also: https://www.transip.nl/knowledgebase/artikel/26-nameservers-instellen-transip-nameservers-secondary/
-allow-axfr-ips=87.253.155.96/27,157.97.168.160/27
diff --git a/legacy/projects/hermes/ansible/roles/powerdns/tasks/main.yml b/legacy/projects/hermes/ansible/roles/powerdns/tasks/main.yml
deleted file mode 100644
index aa50105..0000000
--- a/legacy/projects/hermes/ansible/roles/powerdns/tasks/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-- name: Remove BIND powerdns config
-  file:
-    path: /etc/powerdns/pdns.d/bind.conf
-    state: absent
-  notify: restart powerdns
-
-- name: Copy postgresql powerdns config
-  template:
-    src: gpgsql.conf.j2
-    dest: /etc/powerdns/pdns.d/gpgsql.conf
-  notify: restart powerdns
-
-- name: Add API powerdns config
-  template:
-    src: api.conf.j2
-    dest: /etc/powerdns/pdns.d/api.conf
-  notify: restart powerdns
-
-- name: Overwrite powerdns config
-  copy:
-    src: overwrite.conf
-    dest: /etc/powerdns/pdns.d/overwrite.conf
-  notify: restart powerdns
-
-- name: Start powerdns
-  systemd:
-    name: pdns
-    state: started
diff --git a/legacy/projects/hermes/ansible/show_leases.yml b/legacy/projects/hermes/ansible/show_leases.yml
deleted file mode 100644
index cdd7c8a..0000000
--- a/legacy/projects/hermes/ansible/show_leases.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- hosts: hermes
-  tasks:
-    - name: Read dnsmasq leases
-      command: cat /mnt/data/dnsmasq.leases
-      register: leases
-
-    - name: Print dnsmasq leases
-      debug:
-        msg: "{{ leases.stdout_lines }}"
diff --git a/legacy/projects/hermes/main.tf b/legacy/projects/hermes/vm/main.tf
similarity index 100%
rename from legacy/projects/hermes/main.tf
rename to legacy/projects/hermes/vm/main.tf