diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/bind/defaults/main.yml | 14 | ||||
-rw-r--r-- | roles/bind/tasks/main.yml | 109 | ||||
-rw-r--r-- | roles/bind/templates/slave-zones.j2 | 22 | ||||
-rw-r--r-- | roles/network/bind/defaults/main.yml | 35 | ||||
-rw-r--r-- | roles/network/bind/handlers/main.yml (renamed from roles/bind/handlers/main.yml) | 0 | ||||
-rw-r--r-- | roles/network/bind/tasks/main.yml | 151 | ||||
-rw-r--r-- | roles/network/bind/templates/master-zones.j2 | 8 | ||||
-rw-r--r-- | roles/network/bind/templates/slave-zones.j2 | 22 |
8 files changed, 216 insertions, 145 deletions
diff --git a/roles/bind/defaults/main.yml b/roles/bind/defaults/main.yml deleted file mode 100644 index e5b4c688..00000000 --- a/roles/bind/defaults/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -## options - -# bind_option_empty_zones_enable: yes -# bind_option_allow_transfer: [] -# bind_option_allow_recursion: [] -# bind_option_notify: no - - -## zone configs - -# bind_empty_onion_zone: no -# bind_master_zones: ... -# bind_slave_zones: ... diff --git a/roles/bind/tasks/main.yml b/roles/bind/tasks/main.yml deleted file mode 100644 index 92e37e6a..00000000 --- a/roles/bind/tasks/main.yml +++ /dev/null @@ -1,109 +0,0 @@ ---- -- name: install bind - apt: - name: bind9 - state: present - -- name: set bind options - blockinfile: - path: /etc/bind/named.conf.options - block: | - {% if bind_option_empty_zones_enable is defined %} - empty-zones-enable {% if bind_option_empty_zones_enable %}yes{% else %}no{% endif %}; - {% endif %} - {% if bind_option_notify is defined %} - notify {% if bind_option_notify %}yes{% else %}no{% endif %}; - {% endif %} - {% if bind_option_allow_transfer is defined %} - - allow-transfer { - {% for item in bind_option_allow_transfer %} - {{ item }}; - {% endfor %} - }; - {% endif %} - {% if bind_option_allow_recursion is defined %} - - allow-recursion { - {% for item in bind_option_allow_recursion %} - {{ item }}; - {% endfor %} - }; - {% endif %} - insertbefore: '};' - marker: " // {mark} ansible managed block" - notify: reload bind - - -- name: add empty .onion zone - when: bind_empty_onion_zone - copy: - dest: /etc/bind/named.conf.onion - content: | - // block .onion addresses - zone "onion" { - type master; - file "/etc/bind/db.empty"; - notify no; - }; - notify: reload bind - -- name: remove empty .onion zone - when: not bind_empty_onion_zone - file: - path: /etc/bind/named.conf.onion - state: absent - notify: reload bind - -- name: enable/disable empty .onion zone - lineinfile: - path: /etc/bind/named.conf - line: 'include "/etc/bind/named.conf.onion";' - state: "{% if bind_empty_onion_zone %}present{% else %}absent{% endif %}" - notify: reload bind - - -- name: add slave zone configuration - when: bind_slave_zones is defined - template: - src: slave-zones.j2 - dest: /etc/bind/named.conf.slave-zones - notify: reload bind - -- name: remove slave zone configuration - when: bind_slave_zones is not defined - file: - path: /etc/bind/named.conf.slave-zones - state: absent - notify: reload bind - -- name: enable/disable slave zone configuration - lineinfile: - path: /etc/bind/named.conf - line: 'include "/etc/bind/named.conf.slave-zones";' - state: "{% if bind_slave_zones is defined %}present{% else %}absent{% endif %}" - notify: reload bind - - -# - name: add master zone configuration -# when: bind_master_zones is defined -# template: -# src: master-zones.j2 -# dest: /etc/bind/named.conf.master-zones -# notify: reload bind - -# - name: remove master zone configuration -# when: bind_master_zones is not defined -# file: -# path: /etc/bind/named.conf.master-zones -# state: absent -# notify: reload bind - -# ## TODO: install zone files for master zones - -# - name: enable/disable master zone configuration -# lineinfile: -# path: /etc/bind/named.conf -# line: 'include "/etc/bind/named.conf.master-zones";' -# state: "{% if bind_master_zones is defined %}present{% else %}absent{% endif %}" -# notify: reload bind diff --git a/roles/bind/templates/slave-zones.j2 b/roles/bind/templates/slave-zones.j2 deleted file mode 100644 index da9ba699..00000000 --- a/roles/bind/templates/slave-zones.j2 +++ /dev/null @@ -1,22 +0,0 @@ -// Masters - -{% for group in bind_slave_zones %} -masters {{ group.name }} { -{% for master in group.masters %} - {{ master }}; -{% endfor %} -}; - -{% endfor %} - -// Zones -{% for group in bind_slave_zones %} -{% for zone in group.zones %} - -zone "{{ zone }}" { - type slave; - file "/var/cache/bind/db.{{ zone }}.sec"; - masters { {{ group.name }}; }; -}; -{% endfor %} -{% endfor %} diff --git a/roles/network/bind/defaults/main.yml b/roles/network/bind/defaults/main.yml new file mode 100644 index 00000000..80dbe396 --- /dev/null +++ b/roles/network/bind/defaults/main.yml @@ -0,0 +1,35 @@ +--- +## options + +# bind_option_empty_zones_enable: yes +# bind_option_allow_query: [] +# bind_option_allow_recursion: [] +# bind_option_allow_update: [] +# bind_option_notify: '(yes|no|explicit)' +# bind_option_also_notify: [] +# bind_option_allow_transfer: [] + + +## zone configs + +bind_empty_onion_zone: no + +# bind_master_zones: +# example.com: +# content: | +# .... +# foo.bar: +# file: path/to/file + +# bind_slave_zones: +# example: +# masters: +# - 192.0.2.1 +# zones: +# - example.com +# - example.net +# foo: +# master: +# - 1.2.3.4 +# zone: +# - foo.bar diff --git a/roles/bind/handlers/main.yml b/roles/network/bind/handlers/main.yml index 1bb588c7..1bb588c7 100644 --- a/roles/bind/handlers/main.yml +++ b/roles/network/bind/handlers/main.yml diff --git a/roles/network/bind/tasks/main.yml b/roles/network/bind/tasks/main.yml new file mode 100644 index 00000000..39f144f5 --- /dev/null +++ b/roles/network/bind/tasks/main.yml @@ -0,0 +1,151 @@ +--- +- name: install bind + apt: + name: bind9 + state: present + +- name: set bind options + blockinfile: + path: /etc/bind/named.conf.options + block: | + {% if bind_option_empty_zones_enable is defined %} + empty-zones-enable {% if bind_option_empty_zones_enable %}yes{% else %}no{% endif %}; + {% endif %} + {% if bind_option_allow_query is defined %} + + allow-query { + {% for item in bind_option_allow_query %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_recursion is defined %} + + allow-recursion { + {% for item in bind_option_allow_recursion %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_update is defined %} + + allow-update { + {% for item in bind_option_allow_update %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_notify is defined %} + + notify {{ bind_option_notify }}; + {% endif %} + {% if bind_option_also_notify is defined %} + + also-notify { + {% for item in bind_option_also_notify %} + {{ item }}; + {% endfor %} + }; + {% endif %} + {% if bind_option_allow_transfer is defined %} + + allow-transfer { + {% for item in bind_option_allow_transfer %} + {{ item }}; + {% endfor %} + }; + {% endif %} + insertbefore: '};' + marker: " // {mark} ansible managed block" + notify: reload bind + + +- name: add empty .onion zone + when: bind_empty_onion_zone + copy: + dest: /etc/bind/named.conf.onion + content: | + // block .onion addresses + zone "onion" { + type master; + file "/etc/bind/db.empty"; + zone-statistics no; + notify no; + }; + notify: reload bind + +- name: remove empty .onion zone + when: not bind_empty_onion_zone + file: + path: /etc/bind/named.conf.onion + state: absent + notify: reload bind + +- name: enable/disable empty .onion zone + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.onion";' + state: "{{ bind_empty_onion_zone is defined | ternary('present', 'absent') }}" + notify: reload bind + + +- name: add slave zone configuration + when: bind_slave_zones is defined + template: + src: slave-zones.j2 + dest: /etc/bind/named.conf.slave-zones + notify: reload bind + +- name: remove slave zone configuration + when: bind_slave_zones is not defined + file: + path: /etc/bind/named.conf.slave-zones + state: absent + notify: reload bind + +- name: enable/disable slave zone configuration + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.slave-zones";' + state: "{{ bind_slave_zones is defined | ternary('present', 'absent') }}" + notify: reload bind + + +- name: add master zone configuration + when: bind_master_zones is defined + template: + src: master-zones.j2 + dest: /etc/bind/named.conf.master-zones + notify: reload bind + +- name: remove master zone configuration + when: bind_master_zones is not defined + file: + path: /etc/bind/named.conf.master-zones + state: absent + notify: reload bind + +- name: install master zone files (from local file) + when: bind_master_zones is defined + loop: "{{ bind_master_zones | dict2items | selectattr('value.file', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/bind/db.{{ item.key }}" + src: "{{ item.value.file }}" + +- name: install master zone files (from content) + when: bind_master_zones is defined + loop: "{{ bind_master_zones | dict2items | selectattr('value.content', 'defined') | list }}" + loop_control: + label: "{{ item.key }}" + copy: + dest: "/etc/bind/db.{{ item.key }}" + content: "{{ item.value.content }}" + +- name: enable/disable master zone configuration + lineinfile: + path: /etc/bind/named.conf + line: 'include "/etc/bind/named.conf.master-zones";' + state: "{{ bind_master_zones is defined | ternary('present', 'absent') }}" + notify: reload bind diff --git a/roles/network/bind/templates/master-zones.j2 b/roles/network/bind/templates/master-zones.j2 new file mode 100644 index 00000000..2e400711 --- /dev/null +++ b/roles/network/bind/templates/master-zones.j2 @@ -0,0 +1,8 @@ +// Zones +{% for zone in bind_master_zones.keys() %} + +zone "{{ zone }}" { + type master; + file "/etc/bind/db.{{ zone }}"; +}; +{% endfor %} diff --git a/roles/network/bind/templates/slave-zones.j2 b/roles/network/bind/templates/slave-zones.j2 new file mode 100644 index 00000000..7cf3a9b2 --- /dev/null +++ b/roles/network/bind/templates/slave-zones.j2 @@ -0,0 +1,22 @@ +// Masters + +{% for name,config in bind_slave_zones.items() %} +masters {{ name }} { +{% for master in config.masters %} + {{ master }}; +{% endfor %} +}; + +{% endfor %} + +// Zones +{% for name,config in bind_slave_zones.items() %} +{% for zone in config.zones %} + +zone "{{ zone }}" { + type slave; + file "/var/cache/bind/db.{{ zone }}.sec"; + masters { {{ name }}; }; +}; +{% endfor %} +{% endfor %} |