banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6dbd1057c3'
${ noResults }
ansible/roles/dns/master/tasks/main.yml

71 lines
1.7 KiB
YAML
Raw Blame History

---
- name: Create zone directory
file:
path: "{{ domain_directory }}"
state: directory
owner: root
group: root
mode: "u=rwx,g=rx"
- name: Determine if keys are generated already
find:
paths: "{{ domain_directory }}"
patterns: "K{{ domain }}.+*+*"
register: keys_found
- name: Generate keys for zone {{ domain }}
include_tasks: generate_keys.yml
when: keys_found.matched < 2
- name: Find generated public keys
find:
paths: "{{ domain_directory }}"
patterns: "K{{ domain }}.+*+*.key"
register: keys_list
- name: Store database of zone {{ domain }}
template:
src: zone.db
dest: "{{ database_file }}"
owner: root
group: "{{ dns_user }}"
mode: "u=rw,g=r,o=r"
validate: "named-checkzone {{ domain }} %s"
notify: reload bind9
register: database_stored
# TODO Change to makefile
# TODO test -N=UNIXTIME instead of unix time by ansible
- name: Sign zone {{ domain }}
shell: >-
dnssec-signzone
-3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)
-a
-N KEEP
-o {{ domain | quote }}
-f {{ database_signed_file | quote }}
{{ database_file | quote }}
args:
chdir: "{{ domain_directory }}"
executable: "/bin/sh"
when: database_stored.changed
- name: Configure zone {{ domain }}
template:
src: zone.conf
dest: "{{ configuration_file }}"
owner: root
group: "{{ dns_user }}"
mode: "u=rw,g=r,o=r"
validate: "named-checkconf %s"
notify: reload bind9
- name: Include configuration file of zone {{ domain }}
lineinfile:
path: "{{ dns_zones_configuration }}"
state: present
line: "include \"{{ configuration_file }}\";"
validate: "named-checkconf %s"
notify: reload bind9
Reference in New Issue View Git Blame Copy Permalink