bind: wip.

7 files changed, 144 insertions, 0 deletions

diff --git a/ansible/all.yml b/ansible/all.yml
index 99f0d6f..6898a27 100644
--- a/ansible/all.yml
+++ b/ansible/all.yml
@@ -12,6 +12,7 @@
   roles:
     - postfix
     - dovecot
+    - bind
 
 - hosts:
     - all !knot
diff --git a/ansible/files/knot/bind/master/trygvis.io b/ansible/files/knot/bind/master/trygvis.io
new file mode 100644
index 0000000..52614e1
--- /dev/null
+++ b/ansible/files/knot/bind/master/trygvis.io
@@ -0,0 +1,44 @@
+$TTL 300
+@	IN	SOA	176.58.112.84. root.trygvis.io. 2019010154 300 300 1209600 300
+@		NS	176.58.112.84.
+@			MX	10	knot.inamo.no.
+@		300	TXT	"google-site-verification=fuNmCULxODJMSSlfa8w0SF-DLt2oTWCAGBvSNsUEB8k"
+_acme-challenge.birgitte.vs		300	TXT	"n58jEgL1plD8h0ZVjPVOCL2XnN6BgfpKsYZNKoHTPmU"
+_acme-challenge.conflatorio.vpn			TXT	"wuNOz_Nv6-L_0EhqkZbBjHBckWycwE2o0M5HDSI86Ao"
+_amazonses			TXT	"c3k5WNcOHhgLn27ed1s7YBq6xB4C/OoWuyKfqyeG31E="
+_keybase			TXT	"keybase-site-verification=gcoO7zav4G2IK5KQdrWOgz_PD9wpZhz-0afIb1Kodrk"
+@			A	176.58.112.84
+
+akysis			AAAA	0f00:ba00::1
+arius			AAAA	2a01:79d:469b:9c2c:7613:6612:3262:2a46
+babypi			A	192.168.10.177
+birgitte			AAAA	2a01:79d:469b:9c2c:22cf:30ff:fe55:7fa0
+conflatorio			AAAA	2001:840:4b0b:1337:f08b:34d2:8a8d:1137
+dlock			A	51.15.70.79
+dlock-dev			A	51.15.101.18
+dlock-dev			AAAA	2001:bc8:4700:2300::17:213
+dlock			AAAA	2001:bc8:4700:2300::1a:c11
+door1.dlock		300	AAAA	2001:840:4b0b:1337:89e8:2b4e:b107:5401
+eh.trygvis			A	77.40.181.108
+knot			AAAA	2a01:7e00:0000:0000:f03c:91ff:feae:93a3
+malabaricus			AAAA	2001:840:4b0b:1337:6acf:5f94:a06e:b612
+minio			CNAME	malabaricus.trygvis.io.
+mw			CNAME	trygvis.io.
+numquam			A	163.172.160.56
+openhab			CNAME	vs.trygvis.io.
+owncloud			CNAME	vs.trygvis.io.
+rosin			CNAME	numquam.trygvis.io.
+sz			CNAME	trygvis.io.
+sz-ds			CNAME	trygvis.io.
+sz-ds-test			CNAME	trygvis.io.
+sz-test			CNAME	trygvis.io.
+vs			A	81.166.231.11
+
+akysis.vpn			A	10.90.0.102
+birgitte.vpn			A	10.90.0.101
+conflatorio.vpn			A	10.90.0.103
+knot.vpn			A	10.90.0.1
+
+imtuzw2lnfktlc7uongw433qbwjxxatg._domainkey			CNAME	imtuzw2lnfktlc7uongw433qbwjxxatg.dkim.amazonses.com.
+k5o5gjadej2kkfncu36i3ef5gt473sxy._domainkey			CNAME	k5o5gjadej2kkfncu36i3ef5gt473sxy.dkim.amazonses.com.
+ypoldfnjtasbcrywm6mtyc3eygksmilo._domainkey			CNAME	ypoldfnjtasbcrywm6mtyc3eygksmilo.dkim.amazonses.com.
diff --git a/ansible/files/knot/bind/master/vpn.trygvis.io b/ansible/files/knot/bind/master/vpn.trygvis.io
new file mode 100644
index 0000000..c53fe23
--- /dev/null
+++ b/ansible/files/knot/bind/master/vpn.trygvis.io
@@ -0,0 +1,8 @@
+$TTL 300
+@	IN	SOA	176.58.112.84. root.trygvis.io. 2019010154 300 300 1209600 300
+@		NS	176.58.112.84.
+
+akysis			A	10.90.0.102
+birgitte			A	10.90.0.101
+conflatorio			A	10.90.0.103
+knot			A	10.90.0.1
diff --git a/ansible/files/knot/bind/named.conf.trygvis b/ansible/files/knot/bind/named.conf.trygvis
new file mode 100644
index 0000000..3d32993
--- /dev/null
+++ b/ansible/files/knot/bind/named.conf.trygvis
@@ -0,0 +1,8 @@
+zone "trygvis.io" {
+  type master;
+  file "/etc/bind/master/trygvis.io";
+};
+zone "vpn.trygvis.io" {
+  type master;
+  file "/etc/bind/master/vpn.trygvis.io";
+};
diff --git a/ansible/host_vars/knot/bind.yml b/ansible/host_vars/knot/bind.yml
new file mode 100644
index 0000000..d3d94b8
--- /dev/null
+++ b/ansible/host_vars/knot/bind.yml
@@ -0,0 +1,2 @@
+bind__state: absent
+bind__rndc_key: o8eLfg4sb39sZ7n0unLMzg==
diff --git a/ansible/roles/bind/defaults/main.yml b/ansible/roles/bind/defaults/main.yml
new file mode 100644
index 0000000..84c58f9
--- /dev/null
+++ b/ansible/roles/bind/defaults/main.yml
@@ -0,0 +1 @@
+bind__ufw: yes
diff --git a/ansible/roles/bind/tasks/main.yml b/ansible/roles/bind/tasks/main.yml
new file mode 100644
index 0000000..710bb4f
--- /dev/null
+++ b/ansible/roles/bind/tasks/main.yml
@@ -0,0 +1,80 @@
+- tags:
+    - bind
+    - bind_packages
+  become: yes
+  vars:
+    items:
+      - bind9
+      - bind9utils
+      - dnsutils
+  apt:
+    install_recommends: no
+    name: "{{ items }}"
+
+- tags:
+    - bind
+    - bind_ufw
+  when: bind__ufw
+  become: yes
+  ufw:
+    name: Bind9
+    rule: allow
+
+- tags:
+    - bind
+    - update-passwords
+  become: yes
+  copy:
+    dest: /etc/bind/rndc.key
+    content: |
+      key "rndc-key" {
+          algorithm hmac-md5;
+          secret "{{ bind__rndc_key }}";
+      };
+
+- tags:
+    - bind
+    - bind_files
+  local_action:
+    module: find
+    paths: "./files/{{ ansible_hostname }}/bind"
+    recurse: yes
+  register: all_files
+
+- tags:
+    - bind
+    - bind_files
+  become: yes
+  vars:
+    files: "{{ all_files.files|map(attribute='path') | map('regex_replace', '^files/' + ansible_hostname + '/bind/', '') | flatten | sort }}"
+    conf_files: "{{ files | map('regex_findall', '^named\\.conf\\..*') | flatten }}"
+    dirs: "{{ files | map('regex_replace', '[^/]*$', '') | flatten | unique }}"
+  block:
+    # - debug: var=all_files
+    - debug: var=files
+    - debug: var=dirs
+    - debug: var=conf_files
+    - with_items: "{{ dirs }}"
+      file:
+        path: "/etc/bind/{{ item }}"
+        state: directory
+
+    - with_items: "{{ files }}"
+      copy:
+        dest: "/etc/bind/{{ item }}"
+        src: "{{ ansible_hostname + '/bind/' + item }}"
+
+#    - name: Generate named.conf.ansible
+#      copy:
+#        dest: /etc/bind/named.conf.ansible
+#        content: |
+#          {% for f in zone_files.files %}
+#          zone "/etc/bind/{{ '/'.join(f.path.split('/')[3:]) }}";
+#          {% endfor %}
+
+    - name: Register named.conf.ansible
+      with_items: "{{ conf_files }}"
+      lineinfile:
+        path: /etc/bind/named.conf.local
+        line: "include \"/etc/bind/{{ item }}\";"
+        regexp: "{{ item }}"