From 9cbf45e9587cb1e834150d0c4ea6655d08289d9d Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Fri, 5 Feb 2021 22:57:03 +0100
Subject: [PATCH] add ip filter for transfers even if tsig key is present

---
 roles/knot/templates/etc/knot/knot.conf.j2 | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2
index e0d3a26..278f58d 100644
--- a/roles/knot/templates/etc/knot/knot.conf.j2
+++ b/roles/knot/templates/etc/knot/knot.conf.j2
@@ -50,11 +50,10 @@ acl:
     action: transfer
 {% if 'knot_tsig_key' in hostvars[remote] %}
     key: {{ hostvars[remote].knot_tsig_key.name }}
-{% else %}
+{% endif %}
 {% for address in hostvars[remote].knot_dns_addresses %}
     address: "{{ address }}"
 {% endfor %}
-{% endif %}
 {% endfor %}
 
 {% for remote in zones | map(attribute='masters') | flatten | unique %}
@@ -63,11 +62,10 @@ acl:
     action: notify
 {% if 'knot_tsig_key' in hostvars[remote] %}
     key: {{ hostvars[remote].knot_tsig_key.name }}
-{% else %}
+{% endif %}
 {% for address in hostvars[remote].knot_dns_addresses %}
     address: "{{ address }}"
 {% endfor %}
-{% endif %}
 {% endfor %}
 
 {% for remote in zones | map(attribute='updaters') | select('defined') | flatten | unique %}