From cdcd9e38de87b24ada401b4217231c135b421fbd Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Thu, 24 Oct 2019 23:16:35 +0200 Subject: [PATCH] Extracted playbooks/dns from main playbook Containing configuration of dns systems --- playbooks/dns.yml | 102 ++++++++++++++++++++++++++++++++++++++++++++++ site.yml | 102 ++-------------------------------------------- 2 files changed, 105 insertions(+), 99 deletions(-) create mode 100644 playbooks/dns.yml diff --git a/playbooks/dns.yml b/playbooks/dns.yml new file mode 100644 index 0000000..a0733e7 --- /dev/null +++ b/playbooks/dns.yml @@ -0,0 +1,102 @@ +- name: Configure nvak as dns server + hosts: nvak.banananet.work + vars: + nvak_dns_slaves: [] + pre_tasks: + - name: Load ssh host key dns fingerprint for host + command: cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" + delegate_to: localhost + register: ssh_key_dns_fpr_raw + changed_when: False + loop: "{{ groups['all'] }}" + - name: Remap ssh host key dns fingerprints + set_fact: + ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}" + roles: + - role: dns/master + domain: banananet.work + main_nameserver_domain: ns1.banananet.work. + responsible_mail_name: admin.banananet.work. + slaves: "{{ nvak_dns_slaves }}" + entries: | + ; Name Servers + @ IN NS ns1 + ns1 IN A {{ ansible_default_ipv4.address }} + ns1 IN AAAA {{ ansible_default_ipv6.address }} + ; Automatic server addresses + {% for fqdn in groups['public_available'] %} + {{ fqdn }}. IN A {{ hostvars[fqdn].ansible_default_ipv4.address }} + {{ fqdn }}. IN AAAA {{ hostvars[fqdn].ansible_default_ipv6.address }} + {{ ssh_key_dns_fpr_map[fqdn] }} + {% endfor %} + ; Public use domains + @ IN A {{ ansible_default_ipv4.address }} + @ IN AAAA {{ ansible_default_ipv6.address }} + auth IN CNAME nvak + cloud IN CNAME nvak + test.cloud IN CNAME nvak + dsa IN CNAME nvak + firefox IN CNAME nvak + git IN CNAME nvak + keys IN CNAME rurapenthe + rss IN CNAME nvak + wg IN CNAME nvak + ; Mail + @ IN MX 10 nvak + @ IN TXT "v=spf1 +mx -all" + mail IN CNAME nvak + imap IN CNAME nvak + smtp IN CNAME nvak + - role: dns/master + domain: forumderschan.de + main_nameserver_domain: ns1.banananet.work. + responsible_mail_name: admin.banananet.work. + slaves: "{{ nvak_dns_slaves }}" + entries: | + ; Name Servers + @ IN NS ns1.banananet.work. + @ IN NS ns2.banananet.work. + ; WebPage + @ IN A {{ ansible_default_ipv4.address }} + @ IN AAAA {{ ansible_default_ipv6.address }} + www IN A {{ ansible_default_ipv4.address }} + www IN AAAA {{ ansible_default_ipv6.address }} + ; Mail + @ IN MX 10 nvak + @ IN TXT "v=spf1 +mx -all" + - role: dns/master + domain: spotme.fun + main_nameserver_domain: ns1.banananet.work. + responsible_mail_name: admin.banananet.work. + slaves: "{{ nvak_dns_slaves }}" + entries: | + ; Name Servers + @ IN NS ns1.banananet.work. + @ IN NS ns2.banananet.work. + ; Web Page + @ IN A {{ ansible_default_ipv4.address }} + @ IN AAAA {{ ansible_default_ipv6.address }} + www IN A {{ ansible_default_ipv4.address }} + www IN AAAA {{ ansible_default_ipv6.address }} + ; Mail + @ IN MX 10 nvak + @ IN TXT "v=spf1 +mx -all" + - role: dns/master + domain: stadtpiraten-karlsruhe.de + main_nameserver_domain: ns1.banananet.work. + resposible_mail_name: admin.banananet.work. + slaves: "{{ nvak_dns_slaves }}" + entries: | + ; Name Servers + @ IN NS ns1.banananet.work. + @ IN NS ns2.banananet.work. + ; WebPages + @ IN A {{ ansible_default_ipv4.address }} + @ IN AAAA {{ ansible_default_ipv6.address }} + www IN A {{ ansible_default_ipv4.address }} + www IN AAAA {{ ansible_default_ipv6.address }} + forum IN A {{ ansible_default_ipv4.address }} + forum IN AAAA {{ ansible_default_ipv6.address }} + ; Mail + @ IN MX 10 nvak + @ IN TXT "v=spf1 +mx -all" diff --git a/site.yml b/site.yml index 86e15c2..0aeda78 100644 --- a/site.yml +++ b/site.yml @@ -50,110 +50,14 @@ - name: Configure wireguard network import_playbook: playbooks/wireguard.yml +- name: Include dns configuration + import_playbook: playbooks/dns.yml + - name: Configure nvak tags: - test hosts: nvak.banananet.work - vars: - nvak_dns_slaves: [] - pre_tasks: - - name: Load ssh host key dns fingerprint for host - command: cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" - delegate_to: localhost - register: ssh_key_dns_fpr_raw - changed_when: False - loop: "{{ groups['all'] }}" - - name: Remap ssh host key dns fingerprints - set_fact: - ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}" roles: - - role: dns/master - domain: banananet.work - main_nameserver_domain: ns1.banananet.work. - responsible_mail_name: admin.banananet.work. - slaves: "{{ nvak_dns_slaves }}" - entries: | - ; Name Servers - @ IN NS ns1 - ns1 IN A {{ ansible_default_ipv4.address }} - ns1 IN AAAA {{ ansible_default_ipv6.address }} - ; Automatic server addresses - {% for fqdn in groups['public_available'] %} - {{ fqdn }}. IN A {{ hostvars[fqdn].ansible_default_ipv4.address }} - {{ fqdn }}. IN AAAA {{ hostvars[fqdn].ansible_default_ipv6.address }} - {{ ssh_key_dns_fpr_map[fqdn] }} - {% endfor %} - ; Public use domains - @ IN A {{ ansible_default_ipv4.address }} - @ IN AAAA {{ ansible_default_ipv6.address }} - auth IN CNAME nvak - cloud IN CNAME nvak - test.cloud IN CNAME nvak - dsa IN CNAME nvak - firefox IN CNAME nvak - git IN CNAME nvak - keys IN CNAME rurapenthe - rss IN CNAME nvak - wg IN CNAME nvak - ; Mail - @ IN MX 10 nvak - @ IN TXT "v=spf1 +mx -all" - mail IN CNAME nvak - imap IN CNAME nvak - smtp IN CNAME nvak - - role: dns/master - domain: forumderschan.de - main_nameserver_domain: ns1.banananet.work. - responsible_mail_name: admin.banananet.work. - slaves: "{{ nvak_dns_slaves }}" - entries: | - ; Name Servers - @ IN NS ns1.banananet.work. - @ IN NS ns2.banananet.work. - ; WebPage - @ IN A {{ ansible_default_ipv4.address }} - @ IN AAAA {{ ansible_default_ipv6.address }} - www IN A {{ ansible_default_ipv4.address }} - www IN AAAA {{ ansible_default_ipv6.address }} - ; Mail - @ IN MX 10 nvak - @ IN TXT "v=spf1 +mx -all" - - role: dns/master - domain: spotme.fun - main_nameserver_domain: ns1.banananet.work. - responsible_mail_name: admin.banananet.work. - slaves: "{{ nvak_dns_slaves }}" - entries: | - ; Name Servers - @ IN NS ns1.banananet.work. - @ IN NS ns2.banananet.work. - ; Web Page - @ IN A {{ ansible_default_ipv4.address }} - @ IN AAAA {{ ansible_default_ipv6.address }} - www IN A {{ ansible_default_ipv4.address }} - www IN AAAA {{ ansible_default_ipv6.address }} - ; Mail - @ IN MX 10 nvak - @ IN TXT "v=spf1 +mx -all" - - role: dns/master - domain: stadtpiraten-karlsruhe.de - main_nameserver_domain: ns1.banananet.work. - resposible_mail_name: admin.banananet.work. - slaves: "{{ nvak_dns_slaves }}" - entries: | - ; Name Servers - @ IN NS ns1.banananet.work. - @ IN NS ns2.banananet.work. - ; WebPages - @ IN A {{ ansible_default_ipv4.address }} - @ IN AAAA {{ ansible_default_ipv6.address }} - www IN A {{ ansible_default_ipv4.address }} - www IN AAAA {{ ansible_default_ipv6.address }} - forum IN A {{ ansible_default_ipv4.address }} - forum IN AAAA {{ ansible_default_ipv6.address }} - ; Mail - @ IN MX 10 nvak - @ IN TXT "v=spf1 +mx -all" # Git Server - role: server/gitea domain: git.banananet.work