From 6e0cbd67c4c68e5a0201b2c364c8db63522dd7d3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 10 Nov 2022 17:33:25 +0100 Subject: pan: configure bind (WIP) --- chaos-at-home/ch-pan.yml | 8 +-- .../chaos-at-home/bind-zones/db.chaos-at-home.org | 71 ++++++++++++++++++++++ files/chaos-at-home/bind-zones/db.chaox.org | 19 ++++++ files/chaos-at-home/bind-zones/db.elev8.at | 57 +++++++++++++++++ files/chaos-at-home/bind-zones/db.gimpf.org | 24 ++++++++ "files/chaos-at-home/bind-zones/db.g\303\244h.org" | 19 ++++++ files/chaos-at-home/bind-zones/db.java-sucks.com | 29 +++++++++ files/chaos-at-home/bind-zones/db.movetogether.at | 19 ++++++ files/chaos-at-home/bind-zones/db.spreadspace | 46 ++++++++++++++ inventory/host_vars/ch-pan.yml | 63 +++++++++++++++++++ 10 files changed, 351 insertions(+), 4 deletions(-) create mode 100644 files/chaos-at-home/bind-zones/db.chaos-at-home.org create mode 100644 files/chaos-at-home/bind-zones/db.chaox.org create mode 100644 files/chaos-at-home/bind-zones/db.elev8.at create mode 100644 files/chaos-at-home/bind-zones/db.gimpf.org create mode 100644 "files/chaos-at-home/bind-zones/db.g\303\244h.org" create mode 100644 files/chaos-at-home/bind-zones/db.java-sucks.com create mode 100644 files/chaos-at-home/bind-zones/db.movetogether.at create mode 100644 files/chaos-at-home/bind-zones/db.spreadspace diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index f0bac40c..906699bd 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -7,7 +7,7 @@ - role: core/sshd/base - role: core/zsh -# - name: Payload Setup -# hosts: ch-pan -# roles: -# - role: network/bind +- name: Payload Setup + hosts: ch-pan + roles: + - role: network/bind diff --git a/files/chaos-at-home/bind-zones/db.chaos-at-home.org b/files/chaos-at-home/bind-zones/db.chaos-at-home.org new file mode 100644 index 00000000..38eea1a7 --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.chaos-at-home.org @@ -0,0 +1,71 @@ +$origin chaos-at-home.org. +$TTL 1h + +@ SOA ns0 hostmaster ( + 2022111000 + 1h + 15m + 30d + 1h ) + + NS ns0 + NS ns1 + + MX 10 mx0 + MX 10 mx1 + + A 89.106.215.17 + AAAA 2a02:3e0:407::17 + +gallery CNAME mimas +ipics CNAME mimas +mimas 600 A 178.63.180.142 +mx1 600 A 178.63.180.142 + +mimas2 600 A 116.203.212.131 +mimas2 600 AAAA 2a01:4f8:c2c:906c::2 +ns1 600 A 116.203.212.131 +ns1 600 AAAA 2a01:4f8:c2c:906c::2 + +deb CNAME pan +sigurd CNAME pan +wayne CNAME pan +www CNAME pan +mailrelay CNAME pan +irc CNAME pan +pan A 89.106.215.17 +pan AAAA 2a02:3e0:407::17 +ns0 A 89.106.215.19 +ns0 AAAA 2a02:3e0:407::19 +mx0 A 89.106.215.17 +mx0 AAAA 2a02:3e0:407::17 + +test-www CNAME testvm-atlas +test-smtp CNAME testvm-atlas +testvm-atlas A 89.106.215.20 +testvm-atlas AAAA 2a02:3e0:407::4 + +atlas A 89.106.215.29 +atlas AAAA 2a02:3e0:407::29 + +mariazell CNAME mzl.schaaas.at. + +magenta.router A 62.99.185.130 + +magenta.jump CNAME magenta.router +magenta.web cNAME magenta.router +magenta.mail CNAME magenta.router +magenta.passwd CNAME magenta.router + +router 600 CNAME magenta.router +jump 600 CNAME magenta.jump +web 600 CNAME magenta.web +mail 600 CNAME magenta.mail +passwd 600 CNAME magenta.passwd + +imap CNAME mail +webmail CNAME web +caldav CNAME web + +; old: clean this up as soon as everything is moved to caldav +webdav CNAME web diff --git a/files/chaos-at-home/bind-zones/db.chaox.org b/files/chaos-at-home/bind-zones/db.chaox.org new file mode 100644 index 00000000..a36b8e69 --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.chaox.org @@ -0,0 +1,19 @@ +$origin chaox.org. +$TTL 1W + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2022101400 + 1h + 15m + 30d + 1h ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + +webmail CNAME webmail.chaos-at-home.org. + +wolke 1200 CNAME mimas.chaos-at-home.org. diff --git a/files/chaos-at-home/bind-zones/db.elev8.at b/files/chaos-at-home/bind-zones/db.elev8.at new file mode 100644 index 00000000..ecec091c --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.elev8.at @@ -0,0 +1,57 @@ +$TTL 1h + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2022081402 + 1h + 5m + 30d + 10m ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + +lt A 116.203.45.184 + +wolke CNAME cloudio.skillz.biz. +office CNAME cloudio.skillz.biz. + +stun A 162.55.59.151 +_stun._udp SRV 10 0 3478 stun.elev8.at. +_stun._tcp SRV 10 0 3478 stun.elev8.at. +_stuns._udp SRV 10 0 443 stun.elev8.at. +_stuns._tcp SRV 10 0 443 stun.elev8.at. + +turn A 162.55.59.151 +_turn._udp SRV 10 0 3478 turn.elev8.at. +_turn._tcp SRV 10 0 3478 turn.elev8.at. +_turns._udp SRV 10 0 443 turn.elev8.at. +_turns._tcp SRV 10 0 443 turn.elev8.at. + +mumble A 162.55.59.151 +remote A 167.235.29.150 +meet CNAME cloudio.skillz.biz. + +testvm A 178.63.180.143 +meet-dev CNAME testvm +wolke-dev CNAME testvm + +media A 178.63.180.138 +;media CNAME elemedia.schaaas.at. + +mur A 89.106.215.21 + +emc-gw-fra A 178.63.180.138 + +stream CNAME emc-00 +emc-live CNAME emc-00 +emc-stats CNAME emc-00 + +; emc +emc-ctrl A 178.63.180.137 +emc-r0 A 195.201.26.175 +emc-e01 A 162.55.210.33 +emc-e02 A 94.130.174.89 +emc-e03 A 49.12.243.136 diff --git a/files/chaos-at-home/bind-zones/db.gimpf.org b/files/chaos-at-home/bind-zones/db.gimpf.org new file mode 100644 index 00000000..514c7297 --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.gimpf.org @@ -0,0 +1,24 @@ +$origin gimpf.org. +$TTL 1W + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2022101400 + 1h + 15m + 30d + 1h ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + + 1200 A 178.63.180.142 + +www 1200 CNAME mimas.chaos-at-home.org. +id CNAME www.myopenid.com. + +_xmpp-client._tcp SRV 10 0 5222 idl.wirdorange.org. +_xmpp-server._tcp SRV 10 0 5269 idl.wirdorange.org. +_jabber._tcp SRV 5 0 5269 idl.wirdorange.org. diff --git "a/files/chaos-at-home/bind-zones/db.g\303\244h.org" "b/files/chaos-at-home/bind-zones/db.g\303\244h.org" new file mode 100644 index 00000000..9086dfe7 --- /dev/null +++ "b/files/chaos-at-home/bind-zones/db.g\303\244h.org" @@ -0,0 +1,19 @@ +$TTL 1W + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2019102900 + 1h + 15m + 30d + 1h ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + + 1200 A 178.63.180.142 + +www CNAME mimas.chaos-at-home.org. +wolke CNAME mimas.chaos-at-home.org. diff --git a/files/chaos-at-home/bind-zones/db.java-sucks.com b/files/chaos-at-home/bind-zones/db.java-sucks.com new file mode 100644 index 00000000..959dbbbc --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.java-sucks.com @@ -0,0 +1,29 @@ +$origin java-sucks.com. +$TTL 1W + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2022101400 + 1h + 15m + 30d + 1h ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + + + 1200 A 178.63.180.142 + +www 1200 CNAME mimas.chaos-at-home.org. + +webmail CNAME webmail.chaos-at-home.org. + +gitlab A 49.12.116.141 +minio CNAME gitlab +registry CNAME gitlab + +ingress-a A 49.12.116.96 +hostnames CNAME ingress-a diff --git a/files/chaos-at-home/bind-zones/db.movetogether.at b/files/chaos-at-home/bind-zones/db.movetogether.at new file mode 100644 index 00000000..f308cdf9 --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.movetogether.at @@ -0,0 +1,19 @@ +$origin movetogether.at. +$TTL 1W + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 202211400 + 1h + 15m + 30d + 1h ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + + 1200 A 178.63.180.142 + +www 1200 CNAME mimas.chaos-at-home.org. diff --git a/files/chaos-at-home/bind-zones/db.spreadspace b/files/chaos-at-home/bind-zones/db.spreadspace new file mode 100644 index 00000000..63471c2a --- /dev/null +++ b/files/chaos-at-home/bind-zones/db.spreadspace @@ -0,0 +1,46 @@ +$TTL 1h + +@ SOA ns0.chaos-at-home.org. hostmaster ( + 2022101400 + 1h + 5m + 30d + 10m ) + + NS ns0.chaos-at-home.org. + NS ns1.chaos-at-home.org. + + MX 10 mx0.chaos-at-home.org. + MX 10 mx1.chaos-at-home.org. + + 1200 A 89.106.215.17 + 1200 AAAA 2a02:3e0:407::17 +build 1200 A 89.106.215.18 +; build 1200 AAAA 2a02:3e0:407::18 + +webmail CNAME webmail.chaos-at-home.org. + +www CNAME pan.chaos-at-home.org. +git 1200 CNAME mimas.chaos-at-home.org. +svn 1200 CNAME mimas.chaos-at-home.org. +websvn 1200 CNAME mimas.chaos-at-home.org. +stream 1200 CNAME mimas.chaos-at-home.org. + + +; GLT + +gl0t1 600 CNAME linuxtage.at. +glt02 600 CNAME linuxtage.at. +glt03 600 CNAME linuxtage.at. +glt04 600 CNAME linuxtage.at. +glt05 600 CNAME linuxtage.at. +glt06 600 CNAME linuxtage.at. +glt07 600 CNAME linuxtage.at. +glt08 600 CNAME linuxtage.at. +glt09 600 CNAME linuxtage.at. +glt10 600 CNAME linuxtage.at. +glt11 600 CNAME linuxtage.at. +glt12 600 A 159.69.7.206 +glt13 600 A 116.203.33.90 +glt-live 600 CNAME linuxtage.at. +glt-stream 600 A 188.34.176.173 diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index 624743bc..30a6b491 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -29,3 +29,66 @@ network: gateway6: "{{ vm_host.network.bridges.public.gateway6 }}" interfaces: - *_network_primary_ + + + + +bind_option_empty_zones_enable: no + +bind_option_notify: explicit +bind_option_allow_transfer: + - 116.203.212.131 + - 2a01:4f8:c2c:906c::2 + +bind_option_allow_update: + - none +bind_option_allow_recursion: + - localhost + +bind_empty_onion_zone: yes + +bind_master_zones: + chaos-at-home.org: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.chaos-at-home.org" + chaox.org: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.chaox.org" + spreadspace.org: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.spreadspace" + spreadspace.com: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.spreadspace" + spreadspace.net: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.spreadspace" + spreadspace.systems: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.spreadspace" + elev8.at: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.elev8.at" + java-sucks.com: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.java-sucks.com" + xn--gh-via.org: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.gäh.org" + # schaaas.at: + # file: ... + gimpf.org: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.gimpf.org" + movetogether.at: + file: "{{ global_files_dir }}/chaos-at-home/bind-zones/db.movetogether.at" + +bind_slave_zones: + realraum: + masters: + - 89.106.211.33 + - 2a02:3e0:4000:1::1 + zones: + - realraum.at + - r3.at + - hack-challenge.at + + funkfeuer: + masters: + - 193.33.150.114 + zones: + - ffgraz.net + - graz.funkfeuer.at + - 10.in-addr.arpa + - 150.33.193.in-addr.arpa + - 151.33.193.in-addr.arpa -- cgit v1.2.3