slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14cc54f4ed38d3dca1e9bae7f70d15e4e53e927e
ansible/roles/nsd/tasks/zones.yml
VC 14cc54f4ed
All checks were successful
ansible-lint / lint-everything (push) Successful in 1m24s
Details
♻: manage san for certificate/domain/sni routing
2025-04-11 17:11:15 +02:00

72 lines
2.4 KiB
YAML
Raw Blame History

---
- name: Create zone file
ansible.builtin.template:
src: "{{ 'zones/parking.zone.j2' if item.parking | default(false) else 'zones/' ~ item.name ~ '.zone.j2' }}"
dest: "{{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
owner: nsd
group: nsd
mode: "0o644"
vars:
dns_serial: "{{ ansible_date_time.epoch }}"
web_hostname_block: |-
{% for webserver in groups['webservers'] | sort -%}
{% for web_hostname in (
(hostvars[webserver]['web_hostname']
| selectattr('host', 'match', '.*' ~ item.name)
| map(attribute='host')
+
(hostvars[webserver]['web_hostname']
| selectattr('san', 'defined')
| map(attribute='san')
| flatten
| select('match', '.*' ~ item.name)))
| sort) -%}
{% if web_hostname is match("(\S+\.){2}") %}
{{ web_hostname | regex_replace('\.' ~ item.name ~ '$', '') }} IN CNAME {{ hostvars[webserver].ansible_host }}.
{% else %}
@ IN A {{ global_public_ip_address }}
@ IN AAAA {{ hostvars[webserver].proxmox_net0.ip6 | default(hostvars[webserver].ansible_default_ipv6.address) | ansible.utils.ipaddr('address') }}
{% endif %}
{% endfor %}
{% endfor %}
- name: Create zone key dir
ansible.builtin.file:
path: "{{ nsd_default_etc_path }}keys/{{ item.name }}/"
owner: nsd
group: nsd
mode: "0o750"
state: directory
- name: Create the associated keys
become: true
become_user: nsd
ansible.builtin.command:
cmd: "ldns-keygen -a ECDSAP256SHA256 -k -s {{ item.name }}"
chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
creates: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
- name: Check zone file
ansible.builtin.command:
cmd: "nsd-checkzone {{ item.name }} {{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
changed_when: false
- name: Stat associated keys
ansible.builtin.stat:
path: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
register: _stat_keys
- name: Sign zone file
become: true
become_user: nsd
ansible.builtin.command:
chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}"
changed_when: true
- name: Reload zone
ansible.builtin.command:
cmd: "nsd-control reload {{ item.name }}"
changed_when: false
Reference in New Issue View Git Blame Copy Permalink