Initial commit

2020-11-19 00:21:11 +01:00 · 2020-11-19 00:21:11 +01:00 · 8e18cf27f8
commit 8e18cf27f8
13 changed files with 226 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
 # Ansible Collection - s3lph.nameserver
 Documentation for the collection.
 WIP
--- a/galaxy.yml
+++ b/galaxy.yml
@ -0,0 +1,67 @@
 ### REQUIRED
 # The namespace of the collection. This can be a company/brand/organization or product namespace under which all
 # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
 # underscores or numbers and cannot contain consecutive underscores
 namespace: s3lph
 # The name of the collection. Has the same character restrictions as 'namespace'
 name: nameserver
 # The version of the collection. Must be compatible with semantic versioning
 version: 1.0.0
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
 - s3lph <account-gitlab-ideynizv@kernelpanic.lol>
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
 description: Authoritative nameserver setup with knot as master and nsd as replicas
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
 license:
 - MIT
 # The path to the license file for the collection. This path is relative to the root of the collection. This key is
 # mutually exclusive with 'license'
 license_file: ''
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
 tags:
  - dns
  - knot
  - nsd
  - nameserver
  - dnssec
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
 dependencies: {}
 # The URL of the originating SCM repository
 repository: https://gitlab.com/s3lph/ansible-collection-nameserver
 # The URL to any online docs
 documentation: https://gitlab.com/s3lph/ansible-collection-nameserver
 # The URL to the homepage of the collection/project
 homepage: https://gitlab.com/s3lph/ansible-collection-nameserver
 # The URL to the collection issue tracker
 issues: https://gitlab.com/s3lph/ansible-collection-nameserver/-/issues
 # A list of file glob-like patterns used to filter any files or directories that should not be included in the build
 # artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
 # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
 # and '.git' are always filtered
 build_ignore: []
--- a/roles/master/tasks/config.yml
+++ b/roles/master/tasks/config.yml
@ -0,0 +1,2 @@
 ---
--- a/roles/master/tasks/install.yml
+++ b/roles/master/tasks/install.yml
@ -0,0 +1,7 @@
 ---
 - name: install knot
  package:
    name: knot
    state: present
--- a/roles/master/tasks/main.yml
+++ b/roles/master/tasks/main.yml
@ -0,0 +1,13 @@
 ---
 - name: install knot
  import_tasks: install.yml
  tags:
    - "role::nameserver:master"
    - "role::nameserver:master:install"
 - name: configure knot
  import_tasks: config.yml
  tags:
    - "role::nameserver:master"
    - "role::nameserver:master:config"
--- a/roles/replica/defaults/main.yml
+++ b/roles/replica/defaults/main.yml
@ -0,0 +1,14 @@
 ---
 nsd_server_hide_version: yes
 nsd_server_verbosity: 1
 nsd_server_database: "" # disable database
 nsd_server_zonefile_write: 300
 nsd_server_listen:
  - "::@53"
  - "0.0.0.0@53"
 nsd_server_minimal_responses: yes
 nsd_server_refuse_any: yes
 nsd_remote_control_enable: yes
 nsd_remote_control_interface: /var/run/nsd.sock
--- a/roles/replica/handlers/main.yml
+++ b/roles/replica/handlers/main.yml
@ -0,0 +1,6 @@
 ---
 - name: reload nsd
  service:
    name: nsd
    state: reloaded
--- a/roles/replica/tasks/config.yml
+++ b/roles/replica/tasks/config.yml
@ -0,0 +1,35 @@
 ---
 - name: render nsd main config
  template:
    src: etc/nsd/nsd.conf.j2
    dest: /etc/nsd/nsd.conf
    owner: root
    group: root
    mode: 0644
  notify: reload nsd
 - name: render nsd server config
  template:
    src: etc/nsd/nsd.conf.d/00-server.conf.j2
    dest: /etc/nsd/nsd.conf.d/00-server.conf
    owner: root
    group: root
    mode: 0644
  notify: reload nsd
 - name: render nsd replica configs
  template:
    src: etc/nsd/nsd.conf.d/10-replica.conf.j2
    dest: "/etc/nsd/nsd.conf.d/{{ 10+i }}-replica-{{ item.primary }}.conf"
    owner: root
    group: root
    mode: 0644
  vars:
    primary: "{{ item.primary }}"
    masters: "{{ item.masters }}"
    zones: "{{ item.zones }}"
  loop: "{{ nsd_zone_groups }}"
  loop_control:
    index_var: i
  notify: reload nsd
--- a/roles/replica/tasks/install.yml
+++ b/roles/replica/tasks/install.yml
@ -0,0 +1,12 @@
 ---
 - name: install nsd
  package:
    name: nsd
    state: present
 - name: start and enable nsd
  service:
    name: nsd
    state: started
    enabled: yes
--- a/roles/replica/tasks/main.yml
+++ b/roles/replica/tasks/main.yml
@ -0,0 +1,13 @@
 ---
 - name: install nsd
  import_tasks: install.yml
  tags:
    - "role::nameserver:replica"
    - "role::nameserver:replica:install"
 - name: configure nsd
  import_tasks: config.yml
  tags:
    - "role::nameserver:replica"
    - "role::nameserver:replica:config"
--- a/roles/replica/templates/etc/nsd/nsd.conf.d/00-server.conf.j2
+++ b/roles/replica/templates/etc/nsd/nsd.conf.d/00-server.conf.j2
@ -0,0 +1,18 @@
 {{ ansible_managed | comment }}
 server:
  hide-version: {{ nsd_server_hide_version }}
  verbosity: {{ nsd_server_verbosity }}
  database: {{ nsd_server_database }}
  zonefiles-write: {{ nsd_server_zonefile_write }}
 {%- for addr in nsd_server_listen %}
  ip-address: {{ addr }}
 {%- endfor %}
  minimal-responses: {{ nsd_server_minimal_responses }}
  refuse-any: {{ nsd_server_refuse_any }}
 remote-control:
  control-enable: {{ nsd_remote_control_enable }}
  control-interface: {{ nsd_remote_control_interface }}
--- a/roles/replica/templates/etc/nsd/nsd.conf.d/10-replica.conf.j2
+++ b/roles/replica/templates/etc/nsd/nsd.conf.d/10-replica.conf.j2
@ -0,0 +1,21 @@
 {{ ansible_managed | comment }}
 #
 #  Replica for zones of of primary {{ primary }}
 #
 pattern:
  name: xfr-{{ primary }}
  zonefile: "/var/lib/nsd/replica/%szone"
 {%- for addr in masters %}
  allow-notify: {{ addr }} NOKEY
 {%- endfor %}
 {%- for addr in masters %}
  request-xfr: {{ addr }} NOKEY
 {%- endfor %}
 {% for zone in zones %}
 zone:
  name: {{ zone }}
  include-pattern: "xfr-{{ primary }}"
 {%- endfor %}
--- a/roles/replica/templates/etc/nsd/nsd.conf.j2
+++ b/roles/replica/templates/etc/nsd/nsd.conf.j2
@ -0,0 +1,13 @@
 {{ ansible_managed | comment }}
 # NSD configuration file for Debian.
 #
 # See the nsd.conf(5) man page.
 #
 # See /usr/share/doc/nsd/examples/nsd.conf for a commented
 # reference config file.
 #
 # The following line includes additional configuration files from the
 # /etc/nsd/nsd.conf.d directory.
 include: "/etc/nsd/nsd.conf.d/*.conf"