s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for on-secondary signing

Browse source
This commit is contained in:
s3lph 2023-04-05 00:14:57 +02:00
parent a3545b1646
commit 3809b6c2c3
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/knot/templates/etc/knot/knot.conf.j2
View file

@ -48,7 +48,7 @@ remote:
{% endfor %}
acl:
{% for remote in ( ( zones | map(attribute='replicas') ) + (zones | map(attribute='replicate', default={}) | map(attribute=inventory_hostname, default=[]) ) ) | flatten | unique %}
{% for remote in ( zones | map(attribute='replicas') ) | flatten | unique %}
- id: acl-xfr-{{ remote }}
action: transfer
@ -137,7 +137,7 @@ zone:
acl: acl-update-{{ updater }}
{% endfor %}
{% endif %}
{% for replica in zone.replicas + ( (zone.replicate | default({}) ).get(inventory_hostname, []) ) %}
{% for replica in zone.replicas %}
notify: remote-{{ replica }}
{% endfor %}
{% endif %}
@ -158,9 +158,15 @@ zone:
{% for master in zone.masters %}
acl: acl-notify-{{ master }}
{% endfor %}
{% for xfer in (zone.replicate | default({})).get(inventory_hostname, []) %}
acl: acl-transfer-{{ xfer }}
{% endfor %}
{% for master in zone.masters %}
master: remote-{{ master }}
{% endfor %}
{% for notify in (zone.replicate | default({})).get(inventory_hostname, []) %}
notify: remote-{{ notify }}
{% endfor %}
{% if zone.sign_on_secondary | default(false) %}
dnssec-signing: {{ knot_zone_dnssec_signing }}
dnssec-policy: dnssec-{{ zone.name }}