Add my changes

This commit is contained in:
Mathieu Pasquet 2021-01-04 22:34:08 +01:00
parent 215507e048
commit 547928426b
4 changed files with 96 additions and 15 deletions

View File

@ -1,4 +1,15 @@
# Ansible role for NSD
# This is a modified version of "Ansible role for NSD"
Original source: https://github.com/zorun/ansible-role-nsd/
I have made several changes to fit my usecase (essentially remote control and dnssec specificities, as well as some cosmetic changes).
Changes: added two new dictionaries:
* **nsd_remote_control** for remote controllong options in the config file
* **nsd_zone_subdirs** to transfer whole subdirectories (I expect each one to contain a source.sh script which signs dnssec, installed as a cron)
----
This Ansible role installs and configure NSD, an authoritative DNS server.
It also allows to publish DNS zones into NSD.

View File

@ -12,7 +12,10 @@
command: "{{ nsd_control_program }} reload"
- name: restart nsd
service: name={{ nsd_service_name }} state=restarted
systemd:
name: "{{ nsd_service_name }}"
enabled: yes
state: restarted
- name: notify slaves
command: "{{ nsd_control_program }} notify"

View File

@ -1,33 +1,93 @@
---
- name: Install nsd
apt: pkg={{ nsd_pkg_name }} state=present
- name: Ensure resolved stays down
systemd:
enabled: false
state: stopped
masked: yes
name: systemd-resolved
- name: Create primary zone directory
file: path="{{ nsd_primary_zones_dir }}" state=directory owner=root group=root mode=0755
file:
path: "{{ nsd_primary_zones_dir }}"
state: directory
owner: nsd
group: nsd
mode: 0711
- name: Create control dir
file:
path: /etc/nsd/control
state: directory
owner: nsd
group: nsd
mode: 0700
- name: Create subdirectories
file:
path: "{{ nsd_primary_zones_dir }}/{{ item }}"
state: directory
owner: nsd
group: nsd
mode: 0700
when: nsd_zone_subdirs is defined
loop: "{{ nsd_zone_subdirs }}"
- name: Create secondary zone directory
file: path="{{ nsd_secondary_zones_dir }}" state=directory owner=nsd group=nsd mode=0755
file:
path: "{{ nsd_secondary_zones_dir }}"
state: directory
owner: nsd
group: nsd
mode: 0755
- name: Configure nsd zones
template: src=zones_config.j2 dest="{{ nsd_zones_config_file }}" owner=root group=root mode=0644 validate='nsd-checkconf %s'
notify:
- rebuild nsd database
- reload nsd database
- restart nsd
template:
src: zones_config.j2
dest: "{{ nsd_zones_config_file }}"
owner: nsd
group: nsd
mode: 0600
validate: 'nsd-checkconf %s'
- name: Create base nsd configuration file
template: src=config.j2 dest="{{ nsd_config_dir }}/nsd.conf" owner=root group=root mode=0644 validate='nsd-checkconf %s'
template:
src: config.j2
dest: "{{ nsd_config_dir }}/nsd.conf"
owner: nsd
group: nsd
mode: 0644
validate: 'nsd-checkconf %s'
notify:
- restart nsd
- name: Copy content of subdirs
copy:
src: '{{ playbook_dir }}/files/nsd/{{ item }}'
dest: "{{ nsd_primary_zones_dir }}"
owner: nsd
group: nsd
mode: 0600
directory_mode: 0711
when: nsd_zone_subdirs is defined
loop: "{{ nsd_zone_subdirs }}"
- name: Copy content of primary zones
copy: src="files/nsd/{{ item.zone_filename }}" dest="{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}" owner=root group=root mode=0644
copy:
src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"
dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"
owner: root
group: root
mode: 0644
with_items: "{{ nsd_primary_zones }}"
notify:
- rebuild nsd database
- reload nsd database
- notify slaves
- name: Add dnssec renewal crons
cron:
special_time: monthly
user: nsd
job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"
loop: "{{ nsd_zone_subdirs }}"

View File

@ -20,6 +20,13 @@ server:
{%- endfor %}
{% endif %}
{% if nsd_remote_control is defined %}
remote-control:
{% for key, value in nsd_remote_control.items() -%}
{{ expand_list(key, value) }}
{%- endfor %}
{% endif %}
{% if nsd_local_server_config is defined %}
# Local configuration
{% for key, value in nsd_local_server_config.items() -%}