From d0a86a869b40582487b9a0cde3f44c8bb36c46dc Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:36 +0200 Subject: [PATCH] [roles/server/named] install bind9 nameserver. possibly setup zones --- roles/server/named/defaults/main.yml | 12 ++++ .../named/files/default/named.conf.local | 10 +++ .../named/files/default/named.conf.options | 42 ++++++++++++ roles/server/named/handlers/main.yml | 13 ++++ roles/server/named/tasks/configure-zones.yml | 20 ++++++ roles/server/named/tasks/main.yml | 68 +++++++++++++++++++ 6 files changed, 165 insertions(+) create mode 100644 roles/server/named/defaults/main.yml create mode 100644 roles/server/named/files/default/named.conf.local create mode 100644 roles/server/named/files/default/named.conf.options create mode 100644 roles/server/named/handlers/main.yml create mode 100644 roles/server/named/tasks/configure-zones.yml create mode 100644 roles/server/named/tasks/main.yml diff --git a/roles/server/named/defaults/main.yml b/roles/server/named/defaults/main.yml new file mode 100644 index 0000000..617dfd6 --- /dev/null +++ b/roles/server/named/defaults/main.yml @@ -0,0 +1,12 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# If not overridden in inventory or as a parameter, this is the value that will be used +# +--- +# define to enable zone configuration. +#named_zones: +# - "defaultIntern.zone" diff --git a/roles/server/named/files/default/named.conf.local b/roles/server/named/files/default/named.conf.local new file mode 100644 index 0000000..8946f9d --- /dev/null +++ b/roles/server/named/files/default/named.conf.local @@ -0,0 +1,10 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +// Consider adding the 1918 zones here +include "/etc/bind/zones.rfc1918"; diff --git a/roles/server/named/files/default/named.conf.options b/roles/server/named/files/default/named.conf.options new file mode 100644 index 0000000..de2e309 --- /dev/null +++ b/roles/server/named/files/default/named.conf.options @@ -0,0 +1,42 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +options { + directory "/var/cache/bind"; + statistics-file "/tmp/named.stats"; + listen-on { any; }; + allow-recursion { localnets; }; +}; + +logging{ + channel sysloglog_info { + syslog local1; + severity info; + print-category yes; + }; + + category client { sysloglog_info; }; + category config { sysloglog_info; }; + category database { sysloglog_info; }; + category default { sysloglog_info; }; + category delegation-only { sysloglog_info; }; + category dispatch { sysloglog_info; }; + category dnssec { sysloglog_info; }; + category general { sysloglog_info; }; + category lame-servers { null; }; + category network { sysloglog_info; }; + category notify { null; }; + category queries { null; }; + category resolver { sysloglog_info; }; + category security { sysloglog_info; }; + category unmatched { sysloglog_info; }; + category update { sysloglog_info; }; + category update-security { sysloglog_info; }; + category xfer-in { sysloglog_info; }; + category xfer-out { sysloglog_info; }; +}; diff --git a/roles/server/named/handlers/main.yml b/roles/server/named/handlers/main.yml new file mode 100644 index 0000000..d675b12 --- /dev/null +++ b/roles/server/named/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: restart named.service + systemd: + name: named.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/server/named/tasks/configure-zones.yml b/roles/server/named/tasks/configure-zones.yml new file mode 100644 index 0000000..96590ce --- /dev/null +++ b/roles/server/named/tasks/configure-zones.yml @@ -0,0 +1,20 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: copy zone {{zone}} file + copy: + src: "{{item}}" + dest: "/etc/bind/db/{{zone}}" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/db/{{zone}}" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/db/{{zone}}" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/db/{{zone}}" + - "default/db/{{zone}}" + notify: restart named.service diff --git a/roles/server/named/tasks/main.yml b/roles/server/named/tasks/main.yml new file mode 100644 index 0000000..89e78fd --- /dev/null +++ b/roles/server/named/tasks/main.yml @@ -0,0 +1,68 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: install dns-server + apt: + pkg: + - bind9 + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: copy bind named.conf.local config file + copy: + src: "{{item}}" + dest: "/etc/bind/named.conf.local" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/named.conf.local" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/named.conf.local" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/named.conf.local" + - "default/named.conf.local" + notify: restart named.service + + +- name: copy bind named.conf.options config file + copy: + src: "{{item}}" + dest: "/etc/bind/named.conf.options" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/named.conf.options" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/named.conf.options" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/named.conf.options" + - "default/named.conf.options" + notify: restart named.service + + +- name: create bind db dir + file: + path: "/etc/bind/db" + state: directory + mode: 0755 + owner: "root" + group: "root" + + +# for each zone do a with first found. +- include_tasks: configure-zones.yml + with_items: "{{named_zones}}" + loop_control: + loop_var: zone + when: named_zones is defined + + +- name: enable and start named.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: named.service -- 2.43.0