86 lines
2.1 KiB
YAML
86 lines
2.1 KiB
YAML
---
|
|
- name: Ensure zones directory is present
|
|
file:
|
|
path: /etc/nsd/zones
|
|
state: directory
|
|
owner: root
|
|
group: nsd
|
|
mode: 0750
|
|
|
|
- name: Ensure zones src directory is present
|
|
file:
|
|
path: /etc/nsd/src_zones
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
|
|
- name: Ensure zone files are compiled
|
|
template:
|
|
src: templates/nsd-star.conf.j2
|
|
dest: /etc/nsd/nsd.conf.d/10-zones.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
|
|
- name: Ensure main zone stub is present
|
|
template:
|
|
src: templates/zone_stub.conf.j2
|
|
dest: "/etc/nsd/src_zones/{{ main_zone.name }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
vars:
|
|
name: "{{ main_zone.name }}"
|
|
mx_records: "{{ main_zone.records|json_query('[?type==`MX`]') }}"
|
|
records: "{{ main_zone.records|json_query('[?type!=`MX`]') }}"
|
|
register: main_zone_stub
|
|
|
|
- name: Ensure main_zone is present
|
|
template:
|
|
src: templates/main_zone.conf.j2
|
|
dest: "/etc/nsd/zones/{{ main_zone.name }}.conf"
|
|
owner: root
|
|
group: nsd
|
|
mode: 0640
|
|
when: main_zone_stub.changed
|
|
notify: restart dns
|
|
|
|
- name: Ensure zones stubs are present
|
|
template:
|
|
src: templates/zone_stub.conf.j2
|
|
dest: "/etc/nsd/src_zones/{{ item.name }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
vars:
|
|
name: "{{ item.name }}"
|
|
mx_records: "{{ item.records|json_query('[?type==`MX`]') }}"
|
|
records: "{{ item.records|json_query('[?type!=`MX`]') }}"
|
|
loop: "{{ zones }}"
|
|
register: zone_stubs
|
|
|
|
- name: Ensure zones are present
|
|
template:
|
|
src: templates/zone.conf.j2
|
|
dest: "/etc/nsd/zones/{{ item.item.name }}.conf"
|
|
owner: root
|
|
group: nsd
|
|
mode: 0640
|
|
vars:
|
|
zname: "{{ item.item.name }}"
|
|
zttl: "{{ item.item.ttl|default(3600) }}"
|
|
zsoa: "{{ item.item.soa }}"
|
|
zemail: "{{ item.item.email }}"
|
|
zmx_records: "{{ item.item.records|json_query('[?type==`MX`]') }}"
|
|
zrecords: "{{ item.item.records|json_query('[?type!=`MX`]') }}"
|
|
when: item.changed
|
|
loop: "{{ zone_stubs.results }}"
|
|
notify: restart dns
|
|
|
|
- name: Ensure nsd is started and enabled
|
|
systemd:
|
|
name: nsd.service
|
|
state: started
|
|
enabled: yes
|