diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/nsd/tasks | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/nsd/tasks')
| -rw-r--r-- | roles/nsd/tasks/generate_zone.yml | 50 | ||||
| -rw-r--r-- | roles/nsd/tasks/main.yml | 35 |
2 files changed, 85 insertions, 0 deletions
diff --git a/roles/nsd/tasks/generate_zone.yml b/roles/nsd/tasks/generate_zone.yml new file mode 100644 index 0000000..a78ee62 --- /dev/null +++ b/roles/nsd/tasks/generate_zone.yml @@ -0,0 +1,50 @@ +- name: stat current zone file + stat: + path: /etc/nsd/{{ zone.name }}.zone + register: current_zone_file + +- name: get current serial + command: dig @{{ zone.slave_nameservers | first | default('127.0.0.1') }} +short SOA {{ zone.name }} + register: zone_soa + changed_when: no + +- name: check if zone serial needs to be regenerated + block: + - name: create temporary zone file + copy: + content: | + {{ nsd_soa_block }} + {{ zone.content }} + dest: /tmp/.ansible-{{ zone.name }}.zone.tmp + vars: + serial: '{{ zone_soa.stdout.split()[2] | default(nsd_init_serial) }}' + changed_when: no + + - name: stat temporary zone file + stat: + path: /tmp/.ansible-{{ zone.name }}.zone.tmp + register: temp_zone_file + + - name: remove temporary zone file + file: + path: /tmp/.ansible-{{ zone.name }}.zone.tmp + state: absent + changed_when: no + when: current_zone_file.stat.exists + +- name: generate zone file + copy: + content: | + {{ nsd_soa_block }} + {{ zone.content }} + dest: /etc/nsd/{{ zone.name }}.zone + vars: + serial: >- + {{ + nsd_init_serial if not zone_soa.stdout.split()[2] + else + (zone_soa.stdout.split()[2] | int) if ((not current_zone_file.stat.exists) or current_zone_file.stat.checksum == temp_zone_file.stat.checksum) + else + (zone_soa.stdout.split()[2] | int) + 1 + }} + notify: reload nsd diff --git a/roles/nsd/tasks/main.yml b/roles/nsd/tasks/main.yml new file mode 100644 index 0000000..63ac3eb --- /dev/null +++ b/roles/nsd/tasks/main.yml @@ -0,0 +1,35 @@ +- name: install packages + dnf: + name: nsd + state: present + +- name: generate nsd.conf + template: + src: etc/nsd/nsd.conf.j2 + dest: /etc/nsd/nsd.conf + notify: restart nsd + tags: zoneupdate + +- include_tasks: + file: generate_zone.yml + apply: + tags: zoneupdate + loop: '{{ nsd_zones }}' + loop_control: + loop_var: zone + label: '{{ zone.name }}' + tags: zoneupdate + +- name: enable nsd + systemd: + name: nsd + state: started + enabled: yes + +- name: open firewall ports + firewalld: + service: dns + permanent: yes + immediate: yes + state: enabled + tags: firewalld |