nsd/tasks/main.yml

---

- name: Ensure resolved stays down
  systemd:
    enabled: false
    state: stopped
    masked: yes
    name: systemd-resolved

- name: Create primary zone directory
  file:
    path: "{{ nsd_primary_zones_dir }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0711

- name: Create control dir
  file:
    path: /etc/nsd/control
    state: directory
    owner: nsd
    group: nsd
    mode: 0700

- name: Create subdirectories
  file:
    path: "{{ nsd_primary_zones_dir }}/{{ item }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0700
  when: nsd_zone_subdirs is defined
  loop: "{{ nsd_zone_subdirs }}"

- name: Create secondary zone directory
  file:
    path: "{{ nsd_secondary_zones_dir }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0755

- name: Configure nsd zones
  template:
    src: zones_config.j2
    dest: "{{ nsd_zones_config_file }}"
    owner: nsd
    group: nsd
    mode: 0600
    validate: 'nsd-checkconf %s'

- name: Create base nsd configuration file
  template:
    src: config.j2
    dest: "{{ nsd_config_dir }}/nsd.conf"
    owner: nsd
    group: nsd
    mode: 0644
    validate: 'nsd-checkconf %s'
  notify:
    - restart nsd

- name: Copy content of subdirs
  copy:
    src: '{{ playbook_dir }}/files/nsd/{{ item }}'
    dest: "{{ nsd_primary_zones_dir }}"
    owner: nsd
    group: nsd
    mode: 0600
    directory_mode: 0711
  when: nsd_zone_subdirs is defined
  loop: "{{ nsd_zone_subdirs }}"

- name: Copy content of primary zones
  copy:
    src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"
    dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"
    owner: root
    group: root
    mode: 0644
  with_items: "{{ nsd_primary_zones }}"
  notify:
    - rebuild nsd database
    - reload nsd database
    - notify slaves

- name: Add dnssec renewal crons
  cron:
    special_time: monthly
    user: nsd
    job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"
  loop: "{{ nsd_zone_subdirs }}"
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00			`---`

Add my changes 2021-01-04 22:34:08 +01:00			`- name: Ensure resolved stays down`
			`systemd:`
			`enabled: false`
			`state: stopped`
			`masked: yes`
			`name: systemd-resolved`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00
			`- name: Create primary zone directory`
Add my changes 2021-01-04 22:34:08 +01:00			`file:`
			`path: "{{ nsd_primary_zones_dir }}"`
			`state: directory`
			`owner: nsd`
			`group: nsd`
			`mode: 0711`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00
Add my changes 2021-01-04 22:34:08 +01:00			`- name: Create control dir`
			`file:`
			`path: /etc/nsd/control`
			`state: directory`
			`owner: nsd`
			`group: nsd`
			`mode: 0700`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00
Add my changes 2021-01-04 22:34:08 +01:00			`- name: Create subdirectories`
			`file:`
			`path: "{{ nsd_primary_zones_dir }}/{{ item }}"`
			`state: directory`
			`owner: nsd`
			`group: nsd`
			`mode: 0700`
			`when: nsd_zone_subdirs is defined`
			`loop: "{{ nsd_zone_subdirs }}"`

			`- name: Create secondary zone directory`
			`file:`
			`path: "{{ nsd_secondary_zones_dir }}"`
			`state: directory`
			`owner: nsd`
			`group: nsd`
			`mode: 0755`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00
nsd: adapt for new version of NSD and allow to configure most parameters related to version (nsd3/nsd4) 2017-09-01 10:55:03 +02:00			`- name: Configure nsd zones`
Add my changes 2021-01-04 22:34:08 +01:00			`template:`
			`src: zones_config.j2`
			`dest: "{{ nsd_zones_config_file }}"`
			`owner: nsd`
			`group: nsd`
			`mode: 0600`
			`validate: 'nsd-checkconf %s'`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00
nsd: adapt for new version of NSD and allow to configure most parameters related to version (nsd3/nsd4) 2017-09-01 10:55:03 +02:00			`- name: Create base nsd configuration file`
Add my changes 2021-01-04 22:34:08 +01:00			`template:`
			`src: config.j2`
			`dest: "{{ nsd_config_dir }}/nsd.conf"`
			`owner: nsd`
			`group: nsd`
			`mode: 0644`
			`validate: 'nsd-checkconf %s'`
NSD: Validate configuration syntax using nsd-checkconf before applying 2016-03-28 12:49:04 +02:00			`notify:`
nsd: adapt for new version of NSD and allow to configure most parameters related to version (nsd3/nsd4) 2017-09-01 10:55:03 +02:00			`- restart nsd`
NSD: Validate configuration syntax using nsd-checkconf before applying 2016-03-28 12:49:04 +02:00
Add my changes 2021-01-04 22:34:08 +01:00			`- name: Copy content of subdirs`
			`copy:`
			`src: '{{ playbook_dir }}/files/nsd/{{ item }}'`
			`dest: "{{ nsd_primary_zones_dir }}"`
			`owner: nsd`
			`group: nsd`
			`mode: 0600`
			`directory_mode: 0711`
			`when: nsd_zone_subdirs is defined`
			`loop: "{{ nsd_zone_subdirs }}"`
NSD: Simplify configuration to use only one file for all zones, instead of many includes This also allows the playbook to be idempotent. 2016-03-27 17:39:55 +02:00
NSD: Quote all paths 2016-03-27 18:17:51 +02:00			`- name: Copy content of primary zones`
Add my changes 2021-01-04 22:34:08 +01:00			`copy:`
			`src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"`
			`dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"`
			`owner: root`
			`group: root`
			`mode: 0644`
NSD: first playbook, still rough around the edges (no TSIG support) 2016-03-26 17:54:31 +01:00			`with_items: "{{ nsd_primary_zones }}"`
			`notify:`
nsd: adapt for new version of NSD and allow to configure most parameters related to version (nsd3/nsd4) 2017-09-01 10:55:03 +02:00			`- rebuild nsd database`
			`- reload nsd database`
NSD: notify slaves when a primary zone is updated 2016-03-26 19:36:03 +01:00			`- notify slaves`
Add my changes 2021-01-04 22:34:08 +01:00
			`- name: Add dnssec renewal crons`
			`cron:`
			`special_time: monthly`
			`user: nsd`
			`job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"`
			`loop: "{{ nsd_zone_subdirs }}"`