diff options
Diffstat (limited to 'roles/network/bind/tasks/main.yml')
| -rw-r--r-- | roles/network/bind/tasks/main.yml | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/roles/network/bind/tasks/main.yml b/roles/network/bind/tasks/main.yml new file mode 100644 index 00000000..39f144f5 --- /dev/null +++ b/roles/network/bind/tasks/main.yml @@ -0,0 +1,151 @@ +--- +- name: install bind + apt: + name: bind9 + state: present + +- name: set bind options + blockinfile: + path: /etc/bind/named.conf.options + block: | + {% if bind_option_empty_zones_enable is defined %} + empty-zones-enable {% if bind_option_empty_zones_enable %}yes{% else %}no{% endif %}; + {% endif %} + {% if bind_option_allow_query is defined %} + + allow-query { + {% for item in bind_option_allow_query %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_recursion is defined %} + + allow-recursion { + {% for item in bind_option_allow_recursion %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_update is defined %} + + allow-update { + {% for item in bind_option_allow_update %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_notify is defined %} + + notify {{ bind_option_notify }}; + {% endif %} + {% if bind_option_also_notify is defined %} + + also-notify { + {% for item in bind_option_also_notify %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_transfer is defined %} + + allow-transfer { + {% for item in bind_option_allow_transfer %} + {{ item }}; + {% endfor %} + }; + {% endif %} + insertbefore: '};' + marker: " // {mark} ansible managed block" + notify: reload bind + + +- name: add empty .onion zone + when: bind_empty_onion_zone + copy: + dest: /etc/bind/named.conf.onion + content: | + // block .onion addresses + zone "onion" { + type master; + file "/etc/bind/db.empty"; + zone-statistics no; + notify no; + }; + notify: reload bind + +- name: remove empty .onion zone + when: not bind_empty_onion_zone + file: + path: /etc/bind/named.conf.onion + state: absent + notify: reload bind + +- name: enable/disable empty .onion zone + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.onion";' + state: "{{ bind_empty_onion_zone is defined | ternary('present', 'absent') }}" + notify: reload bind + + +- name: add slave zone configuration + when: bind_slave_zones is defined + template: + src: slave-zones.j2 + dest: /etc/bind/named.conf.slave-zones + notify: reload bind + +- name: remove slave zone configuration + when: bind_slave_zones is not defined + file: + path: /etc/bind/named.conf.slave-zones + state: absent + notify: reload bind + +- name: enable/disable slave zone configuration + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.slave-zones";' + state: "{{ bind_slave_zones is defined | ternary('present', 'absent') }}" + notify: reload bind + + +- name: add master zone configuration + when: bind_master_zones is defined + template: + src: master-zones.j2 + dest: /etc/bind/named.conf.master-zones + notify: reload bind + +- name: remove master zone configuration + when: bind_master_zones is not defined + file: + path: /etc/bind/named.conf.master-zones + state: absent + notify: reload bind + +- name: install master zone files (from local file) + when: bind_master_zones is defined + loop: "{{ bind_master_zones | dict2items | selectattr('value.file', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/bind/db.{{ item.key }}" + src: "{{ item.value.file }}" + +- name: install master zone files (from content) + when: bind_master_zones is defined + loop: "{{ bind_master_zones | dict2items | selectattr('value.content', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/bind/db.{{ item.key }}" + content: "{{ item.value.content }}" + +- name: enable/disable master zone configuration + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.master-zones";' + state: "{{ bind_master_zones is defined | ternary('present', 'absent') }}" + notify: reload bind |