From 3809b6c2c39b309204652557807eb5236e5be3b7 Mon Sep 17 00:00:00 2001 From: s3lph Date: Wed, 5 Apr 2023 00:14:57 +0200 Subject: [PATCH] Add support for on-secondary signing --- roles/knot/templates/etc/knot/knot.conf.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2 index ace3215..d087530 100644 --- a/roles/knot/templates/etc/knot/knot.conf.j2 +++ b/roles/knot/templates/etc/knot/knot.conf.j2 @@ -48,7 +48,7 @@ remote: {% endfor %} acl: -{% for remote in ( ( zones | map(attribute='replicas') ) + (zones | map(attribute='replicate', default={}) | map(attribute=inventory_hostname, default=[]) ) ) | flatten | unique %} +{% for remote in ( zones | map(attribute='replicas') ) | flatten | unique %} - id: acl-xfr-{{ remote }} action: transfer @@ -137,7 +137,7 @@ zone: acl: acl-update-{{ updater }} {% endfor %} {% endif %} -{% for replica in zone.replicas + ( (zone.replicate | default({}) ).get(inventory_hostname, []) ) %} +{% for replica in zone.replicas %} notify: remote-{{ replica }} {% endfor %} {% endif %} @@ -158,9 +158,15 @@ zone: {% for master in zone.masters %} acl: acl-notify-{{ master }} {% endfor %} +{% for xfer in (zone.replicate | default({})).get(inventory_hostname, []) %} + acl: acl-transfer-{{ xfer }} +{% endfor %} {% for master in zone.masters %} master: remote-{{ master }} {% endfor %} +{% for notify in (zone.replicate | default({})).get(inventory_hostname, []) %} + notify: remote-{{ notify }} +{% endfor %} {% if zone.sign_on_secondary | default(false) %} dnssec-signing: {{ knot_zone_dnssec_signing }} dnssec-policy: dnssec-{{ zone.name }}