From 969411a8d7dfccc24c3436a91c8ba92e6059d93a Mon Sep 17 00:00:00 2001 From: VC Date: Fri, 3 Jan 2025 10:14:06 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A5:=20remove=20nsd=20completely?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inventory/host_vars/dns1.dmz.mateu.be.yml | 2 - .../host_vars/nsd-master1.ext.mateu.be.yml | 2 - inventory/production.yml | 7 - playbooks/nsd.yml | 7 - playbooks/site.yml | 2 - roles/firewall/templates/firewall.j2 | 47 ------- roles/munin_client/files/nsd | 127 ------------------ roles/munin_client/tasks/main.yml | 5 - roles/munin_client/tasks/nsd.yml | 21 --- roles/munin_client/templates/nsd.j2 | 2 - roles/nsd/defaults/main.yml | 3 - roles/nsd/handlers/main.yml | 11 -- roles/nsd/tasks/cron.yml | 18 --- roles/nsd/tasks/main.yml | 68 ---------- roles/nsd/tasks/prerequisites.yml | 30 ----- roles/nsd/tasks/zones.yml | 56 -------- roles/nsd/templates/nsd.conf.j2 | 11 -- roles/nsd/templates/resignall.sh.j2 | 17 --- roles/nsd/templates/zone.j2 | 23 ---- roles/nsd/templates/zones/libertus.eu.zone.j2 | 33 ----- roles/nsd/templates/zones/mateu.be.zone.j2 | 103 -------------- .../nsd/templates/zones/nintendojo.fr.zone.j2 | 25 ---- .../templates/zones/nintendojofr.com.zone.j2 | 22 --- roles/nsd/templates/zones/parking.zone.j2 | 19 --- .../templates/zones/sebicomics.com.zone.j2 | 23 ---- roles/nsd/vars/main.yml | 5 - 26 files changed, 689 deletions(-) delete mode 100644 inventory/host_vars/dns1.dmz.mateu.be.yml delete mode 100644 inventory/host_vars/nsd-master1.ext.mateu.be.yml delete mode 100644 playbooks/nsd.yml delete mode 100644 roles/munin_client/files/nsd delete mode 100644 roles/munin_client/tasks/nsd.yml delete mode 100644 roles/munin_client/templates/nsd.j2 delete mode 100644 roles/nsd/defaults/main.yml delete mode 100644 roles/nsd/handlers/main.yml delete mode 100644 roles/nsd/tasks/cron.yml delete mode 100644 roles/nsd/tasks/main.yml delete mode 100644 roles/nsd/tasks/prerequisites.yml delete mode 100644 roles/nsd/tasks/zones.yml delete mode 100644 roles/nsd/templates/nsd.conf.j2 delete mode 100644 roles/nsd/templates/resignall.sh.j2 delete mode 100644 roles/nsd/templates/zone.j2 delete mode 100644 roles/nsd/templates/zones/libertus.eu.zone.j2 delete mode 100644 roles/nsd/templates/zones/mateu.be.zone.j2 delete mode 100644 roles/nsd/templates/zones/nintendojo.fr.zone.j2 delete mode 100644 roles/nsd/templates/zones/nintendojofr.com.zone.j2 delete mode 100644 roles/nsd/templates/zones/parking.zone.j2 delete mode 100644 roles/nsd/templates/zones/sebicomics.com.zone.j2 delete mode 100644 roles/nsd/vars/main.yml diff --git a/inventory/host_vars/dns1.dmz.mateu.be.yml b/inventory/host_vars/dns1.dmz.mateu.be.yml deleted file mode 100644 index 6559c14..0000000 --- a/inventory/host_vars/dns1.dmz.mateu.be.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -natted_ipv4: 82.66.135.228 diff --git a/inventory/host_vars/nsd-master1.ext.mateu.be.yml b/inventory/host_vars/nsd-master1.ext.mateu.be.yml deleted file mode 100644 index d0fe04b..0000000 --- a/inventory/host_vars/nsd-master1.ext.mateu.be.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -master: true diff --git a/inventory/production.yml b/inventory/production.yml index 5a8f1e4..10d6b60 100644 --- a/inventory/production.yml +++ b/inventory/production.yml @@ -37,11 +37,6 @@ resticservers: voice1.dmz.mateu.be: web[1:3].dmz.mateu.be: -nsdservers: - hosts: - dns1.dmz.mateu.be: - nsd-master1.ext.mateu.be: - garageservers: children: garage_prd_cluster: @@ -152,7 +147,6 @@ disabled_munin: baybay-ponay.mateu.be: muse-HP-EliteBook-820-G2.home.arpa: pinkypie.home.arpa: - nsd-master1.ext.mateu.be: pt-runner1.ext.mateu.be: disabled_syslog: @@ -160,7 +154,6 @@ disabled_syslog: baybay-ponay.mateu.be: machinbox.mateu.be: muse-HP-EliteBook-820-G2.home.arpa: - nsd-master1.ext.mateu.be: pinkypie.home.arpa: pt-runner1.ext.mateu.be: diff --git a/playbooks/nsd.yml b/playbooks/nsd.yml deleted file mode 100644 index 9829147..0000000 --- a/playbooks/nsd.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Deploy NSD - hosts: nsdservers - diff: true - roles: - - nsd diff --git a/playbooks/site.yml b/playbooks/site.yml index b6c4d58..9e86586 100644 --- a/playbooks/site.yml +++ b/playbooks/site.yml @@ -6,8 +6,6 @@ import_playbook: nas.yml - name: Run usb playbook import_playbook: usb.yml -- name: Run nsd playbook - import_playbook: nsd.yml - name: Run smtprelay playbook import_playbook: smtprelay.yml - name: Run restic playbook diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index 997fca1..1aa198a 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -339,53 +339,6 @@ config redirect option dest_port '64738' option target 'DNAT' -# Allow DNS traffic -config rule - option name 'Allow-INPUT-DNS' - option src 'wan' - list proto 'tcp' - list proto 'udp' - option dest 'dmz' - option dest_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' - option dest_port '53' - option target 'ACCEPT' - option family 'ipv6' - -config redirect - option name 'Allow-INPUT-DNS' - option src 'wan' - option src_dport '53' - list proto 'tcp' - list proto 'udp' - option dest 'dmz' - option dest_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' - option dest_port '53' - option target 'DNAT' - -config rule - option name 'Allow-OUTPUT-DNS' - option src 'dmz' - option src_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' - list proto 'tcp' - list proto 'udp' - option dest 'wan' - option dest_port '53' - option dest_ip '{{ hostvars['nsd-master1.ext.mateu.be']['ansible_default_ipv4']['address'] }}' - option target 'ACCEPT' - option family 'ipv4' - -config rule - option name 'Allow-OUTPUT-DNS' - option src 'dmz' - option src_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}' - list proto 'tcp' - list proto 'udp' - option dest 'wan' - option dest_port '53' - option dest_ip '{{ hostvars['nsd-master1.ext.mateu.be']['ansible_default_ipv6']['address'] }}' - option target 'ACCEPT' - option family 'ipv6' - # Allow mail traffic config rule option name 'Allow-OUTPUT-SMTP' diff --git a/roles/munin_client/files/nsd b/roles/munin_client/files/nsd deleted file mode 100644 index dbba03d..0000000 --- a/roles/munin_client/files/nsd +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/sh - -: << =cut - -=head1 NAME - -nsd - Plugin to monitor nsd DNS server - -=head1 CONFIGURATION - -No configuration - -=head1 AUTHOR - -Kim Heino - -=head1 LICENSE - -GPLv2 - -=head1 MAGIC MARKERS - - #%# family=auto - #%# capabilities=autoconf - -=cut - -if [ "$1" = "autoconf" ]; then - if [ -x /usr/sbin/nsd-control ]; then - echo "yes" - exit 0 - else - echo "no (no /usr/sbin/nsd-control)" - exit 0 - fi -fi - -if [ "$1" = "config" ]; then - echo 'graph_title NSD queries' - echo 'graph_vlabel queries / second' - echo 'graph_category dns' - echo 'graph_info Queries per second, by query type' - echo 'a.label A' - echo 'a.type DERIVE' - echo 'a.min 0' - echo 'aaaa.label AAAA' - echo 'aaaa.type DERIVE' - echo 'aaaa.min 0' - echo 'ptr.label PTR' - echo 'ptr.type DERIVE' - echo 'ptr.min 0' - echo 'cname.label CNAME' - echo 'cname.type DERIVE' - echo 'cname.min 0' - echo 'mx.label MX' - echo 'mx.type DERIVE' - echo 'mx.min 0' - echo 'txt.label TXT' - echo 'txt.type DERIVE' - echo 'txt.min 0' - echo 'soa.label SOA' - echo 'soa.type DERIVE' - echo 'soa.min 0' - echo 'ns.label NS' - echo 'ns.type DERIVE' - echo 'ns.min 0' - echo 'srv.label SRV' - echo 'srv.type DERIVE' - echo 'srv.min 0' - echo 'dnskey.label DNSKEY' - echo 'dnskey.type DERIVE' - echo 'dnskey.min 0' - echo 'axfr.label AXFR' - echo 'axfr.type DERIVE' - echo 'axfr.min 0' - echo 'snxd.label NXDOMAIN' - echo 'snxd.type DERIVE' - echo 'snxd.min 0' - echo 'rq.label Total Successful' - echo 'rq.type DERIVE' - echo 'rq.min 0' - exit 0 -fi - -/usr/sbin/nsd-control stats_noreset | sed 's/=/ /; s/\.//g' | ( - numtypeA=0 - numtypeAAAA=0 - numtypePTR=0 - numtypeCNAME=0 - numtypeMX=0 - numtypeTXT=0 - numtypeSOA=0 - numtypeNS=0 - numtypeSRV=0 - numtypeDNSKEY=0 - numraxfr=0 - numrcodeNXDOMAIN=0 - numqueries=0 - while read -r key value rest; do - [ "${key}" = "numtypeA" ] && numtypeA=${value} - [ "${key}" = "numtypeAAAA" ] && numtypeAAAA=${value} - [ "${key}" = "numtypePTR" ] && numtypePTR=${value} - [ "${key}" = "numtypeCNAME" ] && numtypeCNAME=${value} - [ "${key}" = "numtypeMX" ] && numtypeMX=${value} - [ "${key}" = "numtypeTXT" ] && numtypeTXT=${value} - [ "${key}" = "numtypeSOA" ] && numtypeSOA=${value} - [ "${key}" = "numtypeNS" ] && numtypeNS=${value} - [ "${key}" = "numtypeSRV" ] && numtypeSRV=${value} - [ "${key}" = "numtypeDNSKEY" ] && numtypeDNSKEY=${value} - [ "${key}" = "numraxfr" ] && numraxfr=${value} - [ "${key}" = "numrcodeNXDOMAIN" ] && numrcodeNXDOMAIN=${value} - [ "${key}" = "numqueries" ] && numqueries=${value} - done - echo "a.value ${numtypeA}" - echo "aaaa.value ${numtypeAAAA}" - echo "ptr.value ${numtypePTR}" - echo "cname.value ${numtypeCNAME}" - echo "mx.value ${numtypeMX}" - echo "txt.value ${numtypeTXT}" - echo "soa.value ${numtypeSOA}" - echo "ns.value ${numtypeNS}" - echo "srv.value ${numtypeSRV}" - echo "dnskey.value ${numtypeDNSKEY}" - echo "axfr.value ${numraxfr}" - echo "snxd.value ${numrcodeNXDOMAIN}" - echo "rq.value ${numqueries}" -) diff --git a/roles/munin_client/tasks/main.yml b/roles/munin_client/tasks/main.yml index 1d6779c..4ae9178 100644 --- a/roles/munin_client/tasks/main.yml +++ b/roles/munin_client/tasks/main.yml @@ -135,8 +135,3 @@ - name: Execute specific garage commands ansible.builtin.include_tasks: garage.yml when: "'garageservers' in group_names" - -# Specific nsd commands -- name: Execute specific nsd commands - ansible.builtin.include_tasks: nsd.yml - when: "'dns' in inventory_hostname" diff --git a/roles/munin_client/tasks/nsd.yml b/roles/munin_client/tasks/nsd.yml deleted file mode 100644 index b06cc35..0000000 --- a/roles/munin_client/tasks/nsd.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- - -- name: Put nsd plugin configuration - ansible.builtin.template: - src: nsd.j2 - dest: /etc/munin/plugin-conf.d/nsd - owner: root - group: root - mode: "0o640" - notify: - - Restart munin-node - -- name: Put nsd scripts - ansible.builtin.copy: - src: files/nsd - dest: /etc/munin/plugins/nsd - owner: root - group: root - mode: "0o755" - notify: - - Restart munin-node diff --git a/roles/munin_client/templates/nsd.j2 b/roles/munin_client/templates/nsd.j2 deleted file mode 100644 index 14b746c..0000000 --- a/roles/munin_client/templates/nsd.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[nsd] -user root diff --git a/roles/nsd/defaults/main.yml b/roles/nsd/defaults/main.yml deleted file mode 100644 index 6bda0b1..0000000 --- a/roles/nsd/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -nsd_master: "{{ master | default(false) }}" diff --git a/roles/nsd/handlers/main.yml b/roles/nsd/handlers/main.yml deleted file mode 100644 index 30bbd62..0000000 --- a/roles/nsd/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Restart nsd - ansible.builtin.service: - name: nsd - state: restarted - -- name: Restart systemd-resolved - ansible.builtin.service: - name: systemd-resolved - state: restarted diff --git a/roles/nsd/tasks/cron.yml b/roles/nsd/tasks/cron.yml deleted file mode 100644 index bbf4f7d..0000000 --- a/roles/nsd/tasks/cron.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- name: Install cron script - ansible.builtin.template: - src: resignall.sh.j2 - dest: "{{ nsd_cron_script }}" - owner: root - group: root - mode: "0o750" - -- name: Install cron - ansible.builtin.cron: - name: "NSD zone resign" - hour: "3" - minute: "2" - weekday: "3" - job: "{{ nsd_cron_script }} &> /dev/null" - state: present diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml deleted file mode 100644 index 857f074..0000000 --- a/roles/nsd/tasks/main.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - -- name: Install & check prerequisites - ansible.builtin.include_tasks: prerequisites.yml - -- name: Create slave group - ansible.builtin.group_by: - key: slave_nsdservers - when: not nsd_master - -- name: Create master group - ansible.builtin.group_by: - key: master_nsdservers - when: nsd_master - -- name: Create zone dir - ansible.builtin.file: - path: "{{ nsd_default_etc_path }}zones" - owner: nsd - group: nsd - mode: "0o755" - state: directory - -- name: Create key dir - ansible.builtin.file: - path: "{{ nsd_default_etc_path }}keys" - owner: nsd - group: nsd - mode: "0o700" - state: directory - -- name: Create nsd.conf - ansible.builtin.template: - src: nsd.conf.j2 - dest: "{{ nsd_default_etc_path }}nsd.conf" - owner: root - group: root - mode: "0o640" - notify: - - Restart nsd - -- name: Create each zone in NSD - ansible.builtin.template: - src: zone.j2 - dest: "{{ nsd_default_etc_path }}nsd.conf.d/{{ item.name }}.conf" - owner: root - group: root - mode: "0o644" - loop: "{{ zones }}" - notify: - - Restart nsd - -- name: Force zone reload - ansible.builtin.meta: flush_handlers - -- name: Create zone and reload - ansible.builtin.include_tasks: zones.yml - loop: "{{ zones }}" - when: nsd_master - -- name: Install renew cron - ansible.builtin.include_tasks: cron.yml - when: nsd_master - -- name: Ensure nsd is started - ansible.builtin.service: - name: nsd - state: started diff --git a/roles/nsd/tasks/prerequisites.yml b/roles/nsd/tasks/prerequisites.yml deleted file mode 100644 index 9315d1e..0000000 --- a/roles/nsd/tasks/prerequisites.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -- name: Gather facts on listening ports - community.general.listen_ports_facts: - -- name: Detect systemd-resolve - ansible.builtin.set_fact: - _systemd_resolve_enable: "{{ ansible_facts.udp_listen | selectattr('port', 'eq', 53) | selectattr('name', 'eq', 'systemd-resolve') | count > 0 }}" - -- name: Deactivate DNS stublistener - ansible.builtin.lineinfile: - path: /etc/systemd/resolved.conf - regex: '^#DNSStubListener=yes' - line: DNSStubListener=no - when: _systemd_resolve_enable - notify: - - Restart systemd-resolved - -- name: Force restart for stub resolver - ansible.builtin.meta: flush_handlers - -- name: Install nsd & utilities - ansible.builtin.package: - name: - - nsd - - dnsutils - - ldnsutils - - cron - state: present - update_cache: true diff --git a/roles/nsd/tasks/zones.yml b/roles/nsd/tasks/zones.yml deleted file mode 100644 index aad7c59..0000000 --- a/roles/nsd/tasks/zones.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- - -- name: Create zone file - ansible.builtin.template: - src: "{{ 'zones/parking.zone.j2' if item.parking | default(false) else 'zones/' ~ item.name ~ '.zone.j2' }}" - dest: "{{ nsd_default_etc_path }}zones/{{ item.name }}.zone" - owner: nsd - group: nsd - mode: "0o644" - vars: - dns_serial: "{{ ansible_date_time.epoch }}" - web_hostname_block: |- - {% for webserver in groups['webservers'] | sort -%} - {% for web_hostname in (hostvars[webserver]['web_hostname'] | selectattr('host', 'match', '.+' ~ item.name) | sort(attribute='host')) -%} - {{ web_hostname.host | regex_replace('\.' ~ item.name ~ '$', '') }} IN CNAME {{ webserver }}. - {% endfor %} - {% endfor %} - -- name: Create zone key dir - ansible.builtin.file: - path: "{{ nsd_default_etc_path }}keys/{{ item.name }}/" - owner: nsd - group: nsd - mode: "0o750" - state: directory - -- name: Create the associated keys - become: true - become_user: nsd - ansible.builtin.command: - cmd: "ldns-keygen -a ECDSAP256SHA256 -k -s {{ item.name }}" - chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/" - creates: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds" - -- name: Check zone file - ansible.builtin.command: - cmd: "nsd-checkzone {{ item.name }} {{ nsd_default_etc_path }}zones/{{ item.name }}.zone" - changed_when: false - -- name: Stat associated keys - ansible.builtin.stat: - path: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds" - register: _stat_keys - -- name: Sign zone file - become: true - become_user: nsd - ansible.builtin.command: - chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/" - cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}" - changed_when: true - -- name: Reload zone - ansible.builtin.command: - cmd: "nsd-control reload {{ item.name }}" - changed_when: false diff --git a/roles/nsd/templates/nsd.conf.j2 b/roles/nsd/templates/nsd.conf.j2 deleted file mode 100644 index 265e07a..0000000 --- a/roles/nsd/templates/nsd.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -key: - name: "{{ nsd_tsig_key_name }}" - algorithm: hmac-sha256 - secret: "{{ tsig_key }}" - -server: - log-only-syslog: yes - hide-version: yes - zonesdir: "/etc/nsd/zones" - -include: "/etc/nsd/nsd.conf.d/*.conf" diff --git a/roles/nsd/templates/resignall.sh.j2 b/roles/nsd/templates/resignall.sh.j2 deleted file mode 100644 index 5e8cecd..0000000 --- a/roles/nsd/templates/resignall.sh.j2 +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -for i in {{ nsd_default_etc_path }}keys/*/*.ds -do - # Get the different names - FILENAME=${i##*/} - KEYNAME=${FILENAME/.ds/} - DIRPATH=${i/${FILENAME}/} - _ZONEFILEPATH=${DIRPATH/keys/zones} - ZONEFILEPATH=${_ZONEFILEPATH%/*}.zone - _ZONENAME=${_ZONEFILEPATH%/*} - ZONENAME=${_ZONENAME##*/} - - cd $DIRPATH - sudo -u nsd /usr/bin/ldns-signzone -o ${ZONENAME} -u ${ZONEFILEPATH} ${KEYNAME} - /usr/sbin/nsd-control reload ${ZONENAME} -done diff --git a/roles/nsd/templates/zone.j2 b/roles/nsd/templates/zone.j2 deleted file mode 100644 index 3c9c776..0000000 --- a/roles/nsd/templates/zone.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{% set other_server = groups['slave_nsdservers'] if nsd_master else (groups['master_nsdservers'] | first) -%} -{% set default_ipv4 = hostvars[other_server].ansible_default_ipv4.address -%} -{% set default_ipv6 = hostvars[other_server].ansible_default_ipv6.address -%} -zone: - name: "{{ item.name }}" - zonefile: {{ item.name }}.zone.signed - {% if nsd_master -%} - {% for server in other_server -%} - {% set default_ipv4 = hostvars[server].natted_ipv4 | default(hostvars[server].ansible_default_ipv4.address) -%} - {% set default_ipv6 = hostvars[server].ansible_default_ipv6.address -%} - notify: {{ default_ipv4 }} {{ nsd_tsig_key_name }} - provide-xfr: {{ default_ipv4 }} {{ nsd_tsig_key_name }} - notify: {{ default_ipv6 }} {{ nsd_tsig_key_name }} - provide-xfr: {{ default_ipv6 }} {{ nsd_tsig_key_name }} - {% endfor -%} - {% else -%} - {% set default_ipv4 = hostvars[other_server].natted_ipv4 | default(hostvars[other_server].ansible_default_ipv4.address) -%} - {% set default_ipv6 = hostvars[other_server].ansible_default_ipv6.address -%} - allow-notify: {{ default_ipv4 }} {{ nsd_tsig_key_name }} - request-xfr: {{ default_ipv4 }} {{ nsd_tsig_key_name }} - allow-notify: {{ default_ipv6 }} {{ nsd_tsig_key_name }} - request-xfr: {{ default_ipv6 }} {{ nsd_tsig_key_name }} - {% endif -%} diff --git a/roles/nsd/templates/zones/libertus.eu.zone.j2 b/roles/nsd/templates/zones/libertus.eu.zone.j2 deleted file mode 100644 index db7ac00..0000000 --- a/roles/nsd/templates/zones/libertus.eu.zone.j2 +++ /dev/null @@ -1,33 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN MX 1 mail.dmz.mateu.be. -@ IN A 82.66.135.228 -@ IN AAAA 2a01:e0a:9bd:2811::10 -@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" -@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:report@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -_jabber._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. -_xmpp-client._tcp IN SRV 0 0 5222 jabber.dmz.mateu.be. -_xmpp-server._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. -_xmppconnect IN TXT "_xmpp-client-xbosh=https://xmpp.libertus.eu/http-bind" -altsrv IN CNAME ks3370405.kimsufi.com. -p IN MX 1 mail.dmz.mateu.be. -p 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" -p 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc.p 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:report@mateu.be; adkim=s; aspf=s" -dkim._domainkey.p 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/mateu.be.zone.j2 b/roles/nsd/templates/zones/mateu.be.zone.j2 deleted file mode 100644 index 8cc7fb5..0000000 --- a/roles/nsd/templates/zones/mateu.be.zone.j2 +++ /dev/null @@ -1,103 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server | regex_replace('^([a-z0-9-]+)\\.', '\\1-v4.') }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN MX 1 mail.dmz.mateu.be. -@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" -@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:report@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" -nintendojo.fr._report._dmarc 3600 IN TXT "v=DMARC1;" -p.libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" -altsrv IN CNAME ks3370405.kimsufi.com. -backup IN A 10.233.212.60 -baybay-ponay IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88 -bt.dmz IN A 82.66.135.228 -bt.dmz IN AAAA 2a01:e0a:9bd:2811::3 -ciol IN A 109.190.68.133 -derdriu IN A 10.233.212.77 -dns1.dmz IN A 82.66.135.228 -dns1-v4.dmz IN A 82.66.135.228 -dns1.dmz IN AAAA 2a01:e0a:9bd:2811::16 -dns1-v6.dmz IN AAAA 2a01:e0a:9bd:2811::16 -dom IN A 10.233.212.15 -dom.dmz IN A 82.66.135.228 -dom.dmz IN AAAA 2a01:e0a:9bd:2811::15 -emerandon.st IN CNAME altsrv -enbarr.dmz IN AAAA 2a01:e0a:9bd:2811::50 -es1.dmz IN A 82.66.135.228 -es1.dmz IN AAAA 2a01:e0a:9bd:2811::21 -evse IN A 10.233.211.198 -fc IN A 10.233.211.194 -frederica.dmz IN A 82.66.135.228 -frederica.dmz IN AAAA 2a01:e0a:9bd:2811::60 -ftp IN A 10.233.212.14 -ftp.dmz IN A 82.66.135.228 -ftp.dmz IN AAAA 2a01:e0a:9bd:2811::14 -garage1.dmz IN A 82.66.135.228 -garage1.dmz IN AAAA 2a01:e0a:9bd:2811::11 -garreg-mach IN A 10.233.212.66 -haproxy.dmz IN A 82.66.135.228 -haproxy.dmz IN AAAA 2a01:e0a:9bd:2811::2 -imprimante IN A 10.233.212.94 -jabber.dmz IN A 82.66.135.228 -jabber.dmz IN AAAA 2a01:e0a:9bd:2811::10 -k3sn0.dmz IN A 82.66.135.228 -k3sn0.dmz IN AAAA 2a01:e0a:9bd:2811::40 -k3sn1.dmz IN A 82.66.135.228 -k3sn1.dmz IN AAAA 2a01:e0a:9bd:2811::41 -k3sn2.dmz IN A 82.66.135.228 -k3sn2.dmz IN AAAA 2a01:e0a:9bd:2811::42 -machinbox IN A 82.66.135.228 -machinbox IN AAAA 2a01:e0a:9bd:2810::1 -mail-relay IN A 37.187.5.75 -mail.dmz IN A 82.66.135.228 -mail.dmz IN AAAA 2a01:e0a:9bd:2811::4 -mailalt IN CNAME altsrv -masto1.dmz IN A 82.66.135.228 -masto1.dmz IN AAAA 2a01:e0a:9bd:2811::19 -memcardprogc IN A 10.233.211.199 -munin.dmz IN A 82.66.135.228 -munin.dmz IN AAAA 2a01:e0a:9bd:2811::12 -nfs IN A 10.233.212.60 -nsd-master1.ext IN A 51.158.245.194 -nsd-master1-v4.ext IN A 51.158.245.194 -nsd-master1.ext IN AAAA 2001:bc8:5090:79b:dc00:ff:fe25:ad75 -nsd-master1-v6.ext IN AAAA 2001:bc8:5090:79b:dc00:ff:fe25:ad75 -patoche.ext IN A 51.159.156.201 -patoche.ext IN AAAA 2001:bc8:1210:2efc:dc00:ff:fe4e:ef53 -pt1.dmz IN A 82.66.135.228 -pt1.dmz IN AAAA 2a01:e0a:9bd:2811::20 -pt-runner1.ext IN AAAA 2001:bc8:1d90:b77:dc00:ff:fe17:bc83 -rb IN A 194.156.203.253 -rc IN A 10.233.211.195 -sachetpa.st IN CNAME altsrv -serenor.dmz IN A 82.66.135.228 -serenor.dmz IN AAAA 2a01:e0a:9bd:2811::59 -syslog.dmz IN AAAA 2a01:e0a:9bd:2811::8 -unifi.dmz IN A 82.66.135.228 -unifi.dmz IN AAAA 2a01:e0a:9bd:2811::13 -veretcle.st IN CNAME altsrv -voice1.dmz IN A 82.66.135.228 -voice1.dmz IN AAAA 2a01:e0a:9bd:2811::7 -voice3.dmz IN A 82.66.135.228 -voice3.dmz IN AAAA 2a01:e0a:9bd:2811::9 -web1.dmz IN A 82.66.135.228 -web1.dmz IN AAAA 2a01:e0a:9bd:2811::5 -web2.dmz IN A 82.66.135.228 -web2.dmz IN AAAA 2a01:e0a:9bd:2811::6 -web3.dmz IN A 82.66.135.228 -web3.dmz IN AAAA 2a01:e0a:9bd:2811::17 -{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 b/roles/nsd/templates/zones/nintendojo.fr.zone.j2 deleted file mode 100644 index fa7eb42..0000000 --- a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 +++ /dev/null @@ -1,25 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN MX 1 mail.dmz.mateu.be. -@ IN A 82.66.135.228 -@ IN AAAA 2a01:e0a:9bd:2811::6 -@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" -@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -@ 3600 IN TXT "google-site-verification=rIe1fnrQnv-E1H8qsMtEIhM4XYUqCELshWH9pHkwPBI" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:report@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -mumble IN CNAME voice1.dmz.mateu.be. -{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/nintendojofr.com.zone.j2 b/roles/nsd/templates/zones/nintendojofr.com.zone.j2 deleted file mode 100644 index a79d410..0000000 --- a/roles/nsd/templates/zones/nintendojofr.com.zone.j2 +++ /dev/null @@ -1,22 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN MX 0 . -@ IN A 82.66.135.228 -@ IN AAAA 2a01:e0a:9bd:2811::6 -@ IN TXT "v=spf1 -all" -@ IN TXT "spf2.0/mfrom -all" -_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" -{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/parking.zone.j2 b/roles/nsd/templates/zones/parking.zone.j2 deleted file mode 100644 index 3d80b0f..0000000 --- a/roles/nsd/templates/zones/parking.zone.j2 +++ /dev/null @@ -1,19 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue ";" -@ IN MX 0 . -@ IN TXT "v=spf1 -all" -@ IN TXT "spf2.0/mfrom -all" -_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" diff --git a/roles/nsd/templates/zones/sebicomics.com.zone.j2 b/roles/nsd/templates/zones/sebicomics.com.zone.j2 deleted file mode 100644 index 1a66fa3..0000000 --- a/roles/nsd/templates/zones/sebicomics.com.zone.j2 +++ /dev/null @@ -1,23 +0,0 @@ -$TTL 86400 -@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( - {{ dns_serial }}; timestamp serial number - 28800; Refresh - 7200; Retry - 864000; Expire - 86400; Min TTL - ) - -{% for server in groups['nsdservers'] %} -@ IN NS {{ server }}. -{% endfor %} - -$ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN A 82.66.135.228 -@ IN AAAA 2a01:e0a:9bd:2811::17 -@ IN MX 0 . -@ 3600 IN TXT "v=spf1 -all" -@ 3600 IN TXT "spf2.0/mfrom -all" -_dmarc 3600 IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" -@ 3600 IN TXT "google-site-verification=Ptj7up6CWDNVy_AQjKrJf9yY08Tu7OTE30XIgG-ISGU" -{{ web_hostname_block }} diff --git a/roles/nsd/vars/main.yml b/roles/nsd/vars/main.yml deleted file mode 100644 index 3cb5fe8..0000000 --- a/roles/nsd/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -nsd_default_etc_path: "/etc/nsd/" -nsd_tsig_key_name: "tsig0" -nsd_cron_script: /usr/local/bin/resignall.sh