ansible-collection-nameserver/roles/master/templates/etc/knot/knot.d/10-master.conf.j2

{{ ansible_managed | comment }}

#
#  Master configuration for zones in group {{ name }}
#

acl:
  - id: xfr-{{ name }}
    action: transfer
    address:
{% for replica in replicas %}
      - "{{ replica }}"
{% endfor %}

remote:
{% for replica in replicas %}
  - id: remote-{{ name }}-{{ loop.index0 }}
    address: "{{ replica }}"
{% endfor %}

policy:
  - id: dnssec-{{ name }}
    algorithm: {{ knot_dnssec_policy_algorithm }}
    nsec3: {{ knot_dnssec_policy_nsec3 }}
    ksk-size: {{ knot_dnssec_policy_ksk_size }}
    zsk-size: {{ knot_dnssec_policy_zsk_size }}
    ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
    cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}

template:
  - id: {{ name }}
    storage: {{ knot_zone_storage_path }}
    semantic_checks: {{ knot_zone_semantic_checks }}
    dnssec-signing: {{ knot_zone_dnssec_signing }}
    dnssec-policy: dnssec-{{ name }}
    acl: xfr-{{ name }}
    notify:
{% for replica in replicas %}
      - remote-{{ name }}-{{ loop.index0 }}
{% endfor %}
    
zone:
{% for zone in zones %}
  - domain: {{ zone }}.
    template: {{ name }}
{% endfor %}
Add knot role 2020-11-20 00:54:31 +01:00			`{{ ansible_managed \| comment }}`

			`#`
			`# Master configuration for zones in group {{ name }}`
			`#`

			`acl:`
			`- id: xfr-{{ name }}`
			`action: transfer`
			`address:`
			`{% for replica in replicas %}`
			`- "{{ replica }}"`
			`{% endfor %}`

			`remote:`
			`{% for replica in replicas %}`
			`- id: remote-{{ name }}-{{ loop.index0 }}`
			`address: "{{ replica }}"`
			`{% endfor %}`

			`policy:`
			`- id: dnssec-{{ name }}`
			`algorithm: {{ knot_dnssec_policy_algorithm }}`
			`nsec3: {{ knot_dnssec_policy_nsec3 }}`
			`ksk-size: {{ knot_dnssec_policy_ksk_size }}`
			`zsk-size: {{ knot_dnssec_policy_zsk_size }}`
			`ksk-shared: {{ knot_dnssec_policy_ksk_shared }}`
			`cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}`

			`template:`
			`- id: {{ name }}`
			`storage: {{ knot_zone_storage_path }}`
			`semantic_checks: {{ knot_zone_semantic_checks }}`
			`dnssec-signing: {{ knot_zone_dnssec_signing }}`
			`dnssec-policy: dnssec-{{ name }}`
			`acl: xfr-{{ name }}`
			`notify:`
			`{% for replica in replicas %}`
			`- remote-{{ name }}-{{ loop.index0 }}`
			`{% endfor %}`

			`zone:`
			`{% for zone in zones %}`
			`- domain: {{ zone }}.`
			`template: {{ name }}`
			`{% endfor %}`