Add knot role

This commit is contained in:
s3lph 2020-11-20 00:54:31 +01:00
parent f045949650
commit 616a8d3792
8 changed files with 133 additions and 1 deletions

View file

@ -0,0 +1,23 @@
---
knot_server_rundir: /run/knot
knot_server_user: knot
knot_server_group: knot
knot_server_listen:
- "::@53"
- "0.0.0.0@53"
knot_log_targets:
- target: syslog
level: info
knot_zone_storage_path: /var/lib/knot/master
knot_zone_semantic_checks: 'on'
knot_zone_dnssec_signing: 'on'
knot_dnssec_policy_algorithm: ecdsap384sha384
knot_dnssec_policy_nsec3: 'on'
knot_dnssec_policy_ksk_shared: 'on'
knot_dnssec_policy_ksk_size: 384
knot_dnssec_policy_zsk_size: 384
knot_dnssec_policy_cds_publish: 'always'

View file

@ -0,0 +1,6 @@
---
- name: reload knot
service:
name: knot
state: reloaded

View file

@ -1,2 +1,35 @@
--- ---
- name: render knot master config
template:
src: etc/knot/knot.conf.j2
dest: /etc/knot/knot.conf
owner: knot
group: knot
mode: 0640
notify: reload knot
- name: render knot server config
template:
src: etc/knot/knot.d/00-server.conf.j2
dest: /etc/knot/knot.d/00-server.conf
owner: knot
group: knot
mode: 0640
notify: reload knot
- name: render knot master configs
template:
src: etc/knot/knot.d/10-master.conf.j2
dest: "/etc/knot/knot.d/{{ 10+i }}-master-{{ item.name }}.conf"
owner: root
group: root
mode: 0644
vars:
name: "{{ item.name }}"
replicas: "{{ item.replicas }}"
zones: "{{ item.zones }}"
loop: "{{ knot_zone_groups }}"
loop_control:
index_var: i
notify: reload knot

View file

@ -5,3 +5,8 @@
name: knot name: knot
state: present state: present
- name: start and enable knot
service:
name: knot
state: started
enabled: yes

View file

@ -0,0 +1,5 @@
{{ ansible_managed | comment }}
# See knot.conf(5) or refer to the server documentation.
include: /etc/knot/knot.d/*conf

View file

@ -0,0 +1,14 @@
{{ ansible_managed | comment }}
server:
rundir: "{{ knot_server_rundir }}"
user: "{{ knot_server_user }}:{{ knot_server_group }}"
{% for addr in knot_server_listen %}
listen: "{{ addr }}"
{% endfor %}
log:
{% for target in knot_log_targets %}
- target: "{{ target.target }}"
any: "{{ target.level }}"
{% endfor %}

View file

@ -0,0 +1,46 @@
{{ ansible_managed | comment }}
#
# Master configuration for zones in group {{ name }}
#
acl:
- id: xfr-{{ name }}
action: transfer
address:
{% for replica in replicas %}
- "{{ replica }}"
{% endfor %}
remote:
{% for replica in replicas %}
- id: remote-{{ name }}-{{ loop.index0 }}
address: "{{ replica }}"
{% endfor %}
policy:
- id: dnssec-{{ name }}
algorithm: {{ knot_dnssec_policy_algorithm }}
nsec3: {{ knot_dnssec_policy_nsec3 }}
ksk-size: {{ knot_dnssec_policy_ksk_size }}
zsk-size: {{ knot_dnssec_policy_zsk_size }}
ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}
template:
- id: {{ name }}
storage: {{ knot_zone_storage_path }}
semantic_checks: {{ knot_zone_semantic_checks }}
dnssec-signing: {{ knot_zone_dnssec_signing }}
dnssec-policy: dnssec-{{ name }}
acl: xfr-{{ name }}
notify:
{% for replica in replicas %}
- remote-{{ name }}-{{ loop.index0 }}
{% endfor %}
zone:
{% for zone in zones %}
- domain: {{ zone }}.
template: {{ name }}
{% endfor %}

View file

@ -1,7 +1,7 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
# #
# Replica for zones of of primary {{ primary }} # Replica for zones of primary {{ primary }}
# #
pattern: pattern: