summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--chaos-at-home/ch-mimas2.yml1
-rw-r--r--inventory/host_vars/ch-mimas2.yml59
-rw-r--r--roles/bind/defaults/main.yml14
-rw-r--r--roles/bind/handlers/main.yml5
-rw-r--r--roles/bind/tasks/main.yml109
-rw-r--r--roles/bind/templates/slave-zones.j222
6 files changed, 210 insertions, 0 deletions
diff --git a/chaos-at-home/ch-mimas2.yml b/chaos-at-home/ch-mimas2.yml
index 974cd817..df340958 100644
--- a/chaos-at-home/ch-mimas2.yml
+++ b/chaos-at-home/ch-mimas2.yml
@@ -6,3 +6,4 @@
- role: sshd
- role: zsh
- role: admin-user
+ - role: bind
diff --git a/inventory/host_vars/ch-mimas2.yml b/inventory/host_vars/ch-mimas2.yml
index b8f30628..8cb08bd8 100644
--- a/inventory/host_vars/ch-mimas2.yml
+++ b/inventory/host_vars/ch-mimas2.yml
@@ -8,3 +8,62 @@ install:
root_lvm_size: all
network: {}
+
+bind_option_empty_zones_enable: no
+bind_option_allow_transfer: []
+bind_option_allow_recursion:
+ - localhost
+bind_option_notify: no
+
+bind_empty_onion_zone: yes
+bind_slave_zones:
+ - name: pan
+ masters:
+ - 89.106.215.17
+ - 2a02:3e0:407::17
+ zones:
+ ## formerly known as self
+ - chaos-at-home.org
+ - chaox.org
+ - spreadspace.org
+ - spreadspace.com
+ - spreadspace.net
+ - spreadspace.systems
+ - elev8.at
+ - java-sucks.com
+ - xn--gh-via.org
+ - schaaas.at
+ ## formerly known as others
+ - gimpf.org
+ - rabbitsatethesputnik.com
+ - gentealdente.com
+ - movetogether.at
+ ## formerly known as xro
+ - tittelbach.at
+ - tittelbach.org
+ ## formerly known as otti
+ - anytun.org
+ - gsenger.com
+ - wirdorange.org
+ - xn--3-0fa.at
+ - 5.208.106.89.in-addr.arpa
+ - 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.3.0.2.0.a.2.ip6.arpa
+
+ - name: realraum
+ masters:
+ - 89.106.211.33
+ - 2a02:3e0:4000:1::1
+ zones:
+ - realraum.at
+ - r3.at
+ - hack-challenge.at
+
+ - name: funkfeuer
+ masters:
+ - 193.33.150.114
+ zones:
+ - ffgraz.net
+ - graz.funkfeuer.at
+ - 10.in-addr.arpa
+ - 150.33.193.in-addr.arpa
+ - 151.33.193.in-addr.arpa
diff --git a/roles/bind/defaults/main.yml b/roles/bind/defaults/main.yml
new file mode 100644
index 00000000..e5b4c688
--- /dev/null
+++ b/roles/bind/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+## options
+
+# bind_option_empty_zones_enable: yes
+# bind_option_allow_transfer: []
+# bind_option_allow_recursion: []
+# bind_option_notify: no
+
+
+## zone configs
+
+# bind_empty_onion_zone: no
+# bind_master_zones: ...
+# bind_slave_zones: ...
diff --git a/roles/bind/handlers/main.yml b/roles/bind/handlers/main.yml
new file mode 100644
index 00000000..1bb588c7
--- /dev/null
+++ b/roles/bind/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload bind
+ systemd:
+ name: bind9
+ state: reloaded
diff --git a/roles/bind/tasks/main.yml b/roles/bind/tasks/main.yml
new file mode 100644
index 00000000..92e37e6a
--- /dev/null
+++ b/roles/bind/tasks/main.yml
@@ -0,0 +1,109 @@
+---
+- name: install bind
+ apt:
+ name: bind9
+ state: present
+
+- name: set bind options
+ blockinfile:
+ path: /etc/bind/named.conf.options
+ block: |
+ {% if bind_option_empty_zones_enable is defined %}
+ empty-zones-enable {% if bind_option_empty_zones_enable %}yes{% else %}no{% endif %};
+ {% endif %}
+ {% if bind_option_notify is defined %}
+ notify {% if bind_option_notify %}yes{% else %}no{% endif %};
+ {% endif %}
+ {% if bind_option_allow_transfer is defined %}
+
+ allow-transfer {
+ {% for item in bind_option_allow_transfer %}
+ {{ item }};
+ {% endfor %}
+ };
+ {% endif %}
+ {% if bind_option_allow_recursion is defined %}
+
+ allow-recursion {
+ {% for item in bind_option_allow_recursion %}
+ {{ item }};
+ {% endfor %}
+ };
+ {% endif %}
+ insertbefore: '};'
+ marker: " // {mark} ansible managed block"
+ notify: reload bind
+
+
+- name: add empty .onion zone
+ when: bind_empty_onion_zone
+ copy:
+ dest: /etc/bind/named.conf.onion
+ content: |
+ // block .onion addresses
+ zone "onion" {
+ type master;
+ file "/etc/bind/db.empty";
+ notify no;
+ };
+ notify: reload bind
+
+- name: remove empty .onion zone
+ when: not bind_empty_onion_zone
+ file:
+ path: /etc/bind/named.conf.onion
+ state: absent
+ notify: reload bind
+
+- name: enable/disable empty .onion zone
+ lineinfile:
+ path: /etc/bind/named.conf
+ line: 'include "/etc/bind/named.conf.onion";'
+ state: "{% if bind_empty_onion_zone %}present{% else %}absent{% endif %}"
+ notify: reload bind
+
+
+- name: add slave zone configuration
+ when: bind_slave_zones is defined
+ template:
+ src: slave-zones.j2
+ dest: /etc/bind/named.conf.slave-zones
+ notify: reload bind
+
+- name: remove slave zone configuration
+ when: bind_slave_zones is not defined
+ file:
+ path: /etc/bind/named.conf.slave-zones
+ state: absent
+ notify: reload bind
+
+- name: enable/disable slave zone configuration
+ lineinfile:
+ path: /etc/bind/named.conf
+ line: 'include "/etc/bind/named.conf.slave-zones";'
+ state: "{% if bind_slave_zones is defined %}present{% else %}absent{% endif %}"
+ notify: reload bind
+
+
+# - name: add master zone configuration
+# when: bind_master_zones is defined
+# template:
+# src: master-zones.j2
+# dest: /etc/bind/named.conf.master-zones
+# notify: reload bind
+
+# - name: remove master zone configuration
+# when: bind_master_zones is not defined
+# file:
+# path: /etc/bind/named.conf.master-zones
+# state: absent
+# notify: reload bind
+
+# ## TODO: install zone files for master zones
+
+# - name: enable/disable master zone configuration
+# lineinfile:
+# path: /etc/bind/named.conf
+# line: 'include "/etc/bind/named.conf.master-zones";'
+# state: "{% if bind_master_zones is defined %}present{% else %}absent{% endif %}"
+# notify: reload bind
diff --git a/roles/bind/templates/slave-zones.j2 b/roles/bind/templates/slave-zones.j2
new file mode 100644
index 00000000..da9ba699
--- /dev/null
+++ b/roles/bind/templates/slave-zones.j2
@@ -0,0 +1,22 @@
+// Masters
+
+{% for group in bind_slave_zones %}
+masters {{ group.name }} {
+{% for master in group.masters %}
+ {{ master }};
+{% endfor %}
+};
+
+{% endfor %}
+
+// Zones
+{% for group in bind_slave_zones %}
+{% for zone in group.zones %}
+
+zone "{{ zone }}" {
+ type slave;
+ file "/var/cache/bind/db.{{ zone }}.sec";
+ masters { {{ group.name }}; };
+};
+{% endfor %}
+{% endfor %}