roles/bind/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

---
- name: install bind
  apt:
    name: bind9
    state: present

- name: set bind options
  blockinfile:
    path: /etc/bind/named.conf.options
    block: |
      {% if bind_option_empty_zones_enable is defined %}
              empty-zones-enable {% if bind_option_empty_zones_enable %}yes{% else %}no{% endif %};
      {% endif %}
      {% if bind_option_notify is defined %}
              notify {% if bind_option_notify %}yes{% else %}no{% endif %};
      {% endif %}
      {% if bind_option_allow_transfer is defined %}

              allow-transfer {
      {%   for item in bind_option_allow_transfer %}
                      {{ item }};
      {%   endfor %}
              };
      {% endif %}
      {% if bind_option_allow_recursion is defined %}

              allow-recursion {
      {%   for item in bind_option_allow_recursion %}
                      {{ item }};
      {%   endfor %}
              };
      {% endif %}
    insertbefore: '};'
    marker: "        // {mark} ansible managed block"
  notify: reload bind


- name: add empty .onion zone
  when: bind_empty_onion_zone
  copy:
    dest: /etc/bind/named.conf.onion
    content: |
      // block .onion addresses
      zone "onion" {
              type master;
              file "/etc/bind/db.empty";
              notify no;
      };
  notify: reload bind

- name: remove empty .onion zone
  when: not bind_empty_onion_zone
  file:
    path: /etc/bind/named.conf.onion
    state: absent
  notify: reload bind

- name: enable/disable empty .onion zone
  lineinfile:
    path: /etc/bind/named.conf
    line: 'include "/etc/bind/named.conf.onion";'
    state: "{% if bind_empty_onion_zone %}present{% else %}absent{% endif %}"
  notify: reload bind


- name: add slave zone configuration
  when: bind_slave_zones is defined
  template:
    src: slave-zones.j2
    dest: /etc/bind/named.conf.slave-zones
  notify: reload bind

- name: remove slave zone configuration
  when: bind_slave_zones is not defined
  file:
    path: /etc/bind/named.conf.slave-zones
    state: absent
  notify: reload bind

- name: enable/disable slave zone configuration
  lineinfile:
    path: /etc/bind/named.conf
    line: 'include "/etc/bind/named.conf.slave-zones";'
    state: "{% if bind_slave_zones is defined %}present{% else %}absent{% endif %}"
  notify: reload bind


# - name: add master zone configuration
#   when: bind_master_zones is defined
#   template:
#     src: master-zones.j2
#     dest: /etc/bind/named.conf.master-zones
#   notify: reload bind

# - name: remove master zone configuration
#   when: bind_master_zones is not defined
#   file:
#     path: /etc/bind/named.conf.master-zones
#     state: absent
#   notify: reload bind

# ## TODO: install zone files for master zones

# - name: enable/disable master zone configuration
#   lineinfile:
#     path: /etc/bind/named.conf
#     line: 'include "/etc/bind/named.conf.master-zones";'
#     state: "{% if bind_master_zones is defined %}present{% else %}absent{% endif %}"
#   notify: reload bind