s3lph/ansible-collection-nameserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for on-secondary signing

Browse source
This commit is contained in:
s3lph 2023-04-04 20:46:54 +02:00
parent ce27010642
commit b1795f2e76
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
galaxy.yml
View file

@ -7,7 +7,7 @@ namespace: s3lph
name: nameserver
# The version of the collection. Must be compatible with semantic versioning
version: "0.3.4"
version: "0.3.5"
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
@ -15,7 +15,7 @@ readme: README.md
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
# @nicks:irc/im.site#channel'
authors:
- s3lph <account-gitlab-ideynizv@kernelpanic.lol>
- s3lph <1375407-s3lph@users.noreply.gitlab.com>
### OPTIONAL but strongly recommended

6
roles/knot/templates/etc/knot/knot.conf.j2
View file

@ -100,7 +100,7 @@ submission:
policy:
{% for zone in zones %}
{% if inventory_hostname in zone.masters %}
{% if inventory_hostname in zone.masters or (inventory_hostname in zone.replicas and zone.sign_on_secondary | default(false)) %}
- id: dnssec-{{ zone.name }}
algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
@ -161,6 +161,10 @@ zone:
{% for master in zone.masters %}
master: remote-{{ master }}
{% endfor %}
{% if zone.sign_on_secondary | default(false) %}
dnssec-signing: {{ knot_zone_dnssec_signing }}
dnssec-policy: dnssec-{{ zone.name }}
{% endif %}
{% endif %}
{% endfor %}