add ansible configuration

2021-06-04 15:23:13 +02:00 · 2021-06-04 15:23:13 +02:00 · fd85d42b13
commit fd85d42b13
parent 1025d8bdf5
9 changed files with 98 additions and 85 deletions
--- a/README.md
+++ b/README.md
@ -2,3 +2,7 @@

 A DNS zone management service to make accessible the [.eu.org](https://nic.eu.org) domain names to everyone.

+# Deployment
+
+Deploy the configuration using `ansible-playbook -i config/host config/deploy.yml`
+
--- a/config/deploy.yml
+++ b/config/deploy.yml
@ -0,0 +1,5 @@
+---
+- hosts: all
+  roles:
+  - common
+  - knot
--- a/config/group_vars/all
+++ b/config/group_vars/all
@ -0,0 +1,3 @@
+---
+zones_dir: "{{ lookup('env', 'ZONE_DIR') | default('../zones', True) }}"
+zones: "{{ lookup('fileglob', zones_dir + '/*.zone', wantlist=True)}}"
--- a/config/hosts
+++ b/config/hosts
@ -0,0 +1,5 @@
+[primary]
+163.172.129.205 ansible_user=root
+
+[secondary]
+51.158.108.60 ansible_user=root
--- a/config/roles/common/tasks/main.yml
+++ b/config/roles/common/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Install common packages
+  apt:
+    pkg:
+      - git
--- a/config/roles/knot/handlers/main.yml
+++ b/config/roles/knot/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: reload knot
+  ansible.builtin.command:
+    cmd: knotc reload
--- a/config/roles/knot/tasks/main.yml
+++ b/config/roles/knot/tasks/main.yml
@ -0,0 +1,27 @@
+---
+- name: Install knot
+  apt:
+    pkg:
+    - knot
+    - knot-dnsutils
+
+- name: Update zones
+  ansible.builtin.copy:
+    src: '{{ zones_dir }}'
+    dest: /var/lib/knot/zones
+    owner: knot
+    group: knot
+    mode: '0644'
+  notify: reload knot
+
+- name:
+  template:
+    src: knot.conf.j2
+    dest: /etc/knot/knot.conf
+  notify: reload knot
+
+- name: Start knot
+  service:
+    name: knot
+    state: started
+    enabled: yes
--- a/config/roles/knot/templates/knot.conf.j2
+++ b/config/roles/knot/templates/knot.conf.j2
@ -0,0 +1,45 @@
+server:
+    rundir: "/run/knot"
+    user: knot:knot
+    listen: [ 0.0.0.0@53, ::@53 ]
+
+log:
+  - target: syslog
+    any: info
+
+remote:
+{% for host in groups.all %}
+  - id: {{ hostvars[host].ansible_hostname }}
+    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
+{% endfor %}
+
+acl:
+{% for host in groups.all %}
+  - id: {{ hostvars[host].ansible_hostname }}
+    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
+    action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}
+
+{% endfor %}
+
+template:
+  - id: default
+    storage: "/var/lib/knot"
+    file: "zones/%s.zone"
+
+{% if inventory_hostname in groups.primary %}
+    zonefile-load: difference-no-serial
+    dnssec-signing: on
+    dnssec-policy: default
+    notify: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+    acl: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+{% endif %}
+
+{% if inventory_hostname in groups.secondary %}
+    master: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+    acl: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+{% endif %}
+
+zone:
+{% for zone in zones %}
+  - domain: {{ zone | basename | splitext | first }}
+{% endfor %}
--- a/knot.conf
+++ b/knot.conf
@ -1,85 +0,0 @@
-# This is a sample of a minimal configuration file for Knot DNS.
-# See knot.conf(5) or refer to the server documentation.
-
-server:
-    rundir: "/run/knot"
-    user: knot:knot
-    listen: [ 0.0.0.0@53, ::@53 ]
-
-log:
-  - target: syslog
-    any: info
-
-remote:
-#  - id: slave
-#    address: 192.168.1.1@53
-#
-#  - id: master
-#    address: 192.168.2.1@53
-
-  - id: secpb
-    address: [78.194.169.74, 2a01:e34:ec2a:94a0::4]
-
-acl:
-#  - id: acl_slave
-#    address: 192.168.1.1
-#    action: transfer
-#
-#  - id: acl_master
-#    address: 192.168.2.1
-#    action: notify
-
-  - id: secpb_acl
-    address: [78.194.169.74, 2a01:e34:ec2a:94a0::4]
-    action: transfer
-
-template:
-  - id: default
-    storage: "/var/lib/knot"
-    file: "%s.zone"
-    zonefile-load: difference-no-serial
-    dnssec-signing: on
-    dnssec-policy: default
-    notify: secpb
-    acl: secpb_acl
-
-zone:
-#    # Master zone
-#  - domain: example.com
-#    notify: slave
-#    acl: acl_slave
-  - domain: dns-witch.net.eu.org
-
-  - domain: contesludiques.eu.org
-
-  - domain: sumomo.net.eu.org
-
-  - domain: jeuviodeo.fr.eu.org
-
-  - domain: monkeygames.fr.eu.org
-
-  - domain: blog.wehost.lgbt
-
-  - domain: grimoire.eu.org
-  
-  - domain: snug.eu.org
-
-  - domain: wicce.eu.org
-  
-  - domain: stryges.fr.eu.org
-
-  - domain: familier.net.eu.org
-  
-  - domain: dns-witch.eu.org
-
-  - domain: blackconstruct.eu.org
-  
-  - domain: soundsmag.eu.org
-
-  - domain: mutu.fr.eu.org
-  
-  - domain: saimyx.eu.org
-#    # Slave zone
-#  - domain: example.net
-#    master: master
-#    acl: acl_master