🔥: remove nsd completely

2025-01-03 10:14:06 +01:00
parent d203265b1a
commit 969411a8d7
26 changed files with 0 additions and 689 deletions
--- a/roles/nsd/tasks/cron.yml
+++ b/roles/nsd/tasks/cron.yml
@@ -1,18 +0,0 @@
---
-
- name: Install cron script
-  ansible.builtin.template:
-    src: resignall.sh.j2
-    dest: "{{ nsd_cron_script }}"
-    owner: root
-    group: root
-    mode: "0o750"
-
- name: Install cron
-  ansible.builtin.cron:
-    name: "NSD zone resign"
-    hour: "3"
-    minute: "2"
-    weekday: "3"
-    job: "{{ nsd_cron_script }} &> /dev/null"
-    state: present
--- a/roles/nsd/tasks/main.yml
+++ b/roles/nsd/tasks/main.yml
@@ -1,68 +0,0 @@
---
-
- name: Install & check prerequisites
-  ansible.builtin.include_tasks: prerequisites.yml
-
- name: Create slave group
-  ansible.builtin.group_by:
-    key: slave_nsdservers
-  when: not nsd_master
-
- name: Create master group
-  ansible.builtin.group_by:
-    key: master_nsdservers
-  when: nsd_master
-
- name: Create zone dir
-  ansible.builtin.file:
-    path: "{{ nsd_default_etc_path }}zones"
-    owner: nsd
-    group: nsd
-    mode: "0o755"
-    state: directory
-
- name: Create key dir
-  ansible.builtin.file:
-    path: "{{ nsd_default_etc_path }}keys"
-    owner: nsd
-    group: nsd
-    mode: "0o700"
-    state: directory
-
- name: Create nsd.conf
-  ansible.builtin.template:
-    src: nsd.conf.j2
-    dest: "{{ nsd_default_etc_path }}nsd.conf"
-    owner: root
-    group: root
-    mode: "0o640"
-  notify:
-    - Restart nsd
-
- name: Create each zone in NSD
-  ansible.builtin.template:
-    src: zone.j2
-    dest: "{{ nsd_default_etc_path }}nsd.conf.d/{{ item.name }}.conf"
-    owner: root
-    group: root
-    mode: "0o644"
-  loop: "{{ zones }}"
-  notify:
-    - Restart nsd
-
- name: Force zone reload
-  ansible.builtin.meta: flush_handlers
-
- name: Create zone and reload
-  ansible.builtin.include_tasks: zones.yml
-  loop: "{{ zones }}"
-  when: nsd_master
-
- name: Install renew cron
-  ansible.builtin.include_tasks: cron.yml
-  when: nsd_master
-
- name: Ensure nsd is started
-  ansible.builtin.service:
-    name: nsd
-    state: started
--- a/roles/nsd/tasks/prerequisites.yml
+++ b/roles/nsd/tasks/prerequisites.yml
@@ -1,30 +0,0 @@
---
-
- name: Gather facts on listening ports
-  community.general.listen_ports_facts:
-
- name: Detect systemd-resolve
-  ansible.builtin.set_fact:
-    _systemd_resolve_enable: "{{ ansible_facts.udp_listen | selectattr('port', 'eq', 53) | selectattr('name', 'eq', 'systemd-resolve') | count > 0 }}"
-
- name: Deactivate DNS stublistener
-  ansible.builtin.lineinfile:
-    path: /etc/systemd/resolved.conf
-    regex: '^#DNSStubListener=yes'
-    line: DNSStubListener=no
-  when: _systemd_resolve_enable
-  notify:
-    - Restart systemd-resolved
-
- name: Force restart for stub resolver
-  ansible.builtin.meta: flush_handlers
-
- name: Install nsd & utilities
-  ansible.builtin.package:
-    name:
-      - nsd
-      - dnsutils
-      - ldnsutils
-      - cron
-    state: present
-    update_cache: true
--- a/roles/nsd/tasks/zones.yml
+++ b/roles/nsd/tasks/zones.yml
@@ -1,56 +0,0 @@
---
-
- name: Create zone file
-  ansible.builtin.template:
-    src: "{{ 'zones/parking.zone.j2' if item.parking | default(false) else 'zones/' ~ item.name ~ '.zone.j2' }}"
-    dest: "{{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
-    owner: nsd
-    group: nsd
-    mode: "0o644"
-  vars:
-    dns_serial: "{{ ansible_date_time.epoch }}"
-    web_hostname_block: |-
-      {% for webserver in groups['webservers'] | sort -%}
-      {% for web_hostname in (hostvars[webserver]['web_hostname'] | selectattr('host', 'match', '.+' ~ item.name) | sort(attribute='host')) -%}
-      {{ web_hostname.host | regex_replace('\.' ~ item.name ~ '$', '') }}		IN CNAME {{ webserver }}.
-      {% endfor %}
-      {% endfor %}
-
- name: Create zone key dir
-  ansible.builtin.file:
-    path: "{{ nsd_default_etc_path }}keys/{{ item.name }}/"
-    owner: nsd
-    group: nsd
-    mode: "0o750"
-    state: directory
-
- name: Create the associated keys
-  become: true
-  become_user: nsd
-  ansible.builtin.command:
-    cmd: "ldns-keygen -a ECDSAP256SHA256 -k -s {{ item.name }}"
-    chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
-    creates: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
-
- name: Check zone file
-  ansible.builtin.command:
-    cmd: "nsd-checkzone {{ item.name }} {{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
-  changed_when: false
-
- name: Stat associated keys
-  ansible.builtin.stat:
-    path: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
-  register: _stat_keys
-
- name: Sign zone file
-  become: true
-  become_user: nsd
-  ansible.builtin.command:
-    chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
-    cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}"
-  changed_when: true
-
- name: Reload zone
-  ansible.builtin.command:
-    cmd: "nsd-control reload {{ item.name }}"
-  changed_when: false