✨: DNSSEC signing and auto-signing

roles/nsd/tasks/main.yml

@@ -16,11 +16,19 @@
 - name: Create zone dir
   ansible.builtin.file:
     path: "{{ nsd_default_etc_path }}zones"
-    owner: root
-    group: root
+    owner: nsd
+    group: nsd
     mode: "0o755"
     state: directory
 
+- name: Create key dir
+  ansible.builtin.file:
+    path: "{{ nsd_default_etc_path }}keys"
+    owner: nsd
+    group: nsd
+    mode: "0o700"
+    state: directory
+
 - name: Create nsd.conf
   ansible.builtin.template:
     src: nsd.conf.j2
@@ -50,6 +58,10 @@
   loop: "{{ zones }}"
   when: nsd_master
 
+- name: Install renew cron
+  ansible.builtin.include_tasks: cron.yml
+  when: nsd_master
+
 - name: Ensure nsd is started
   ansible.builtin.service:
     name: nsd