crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix master/slave certbot in bind

certbot_on_virtu
Alexandre Iooss 2020-04-26 19:39:52 +02:00
parent de3e0e5b74
commit 78d82029f0
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
1 changed files with 16 additions and 1 deletions
roles/bind-authoritative/templates/bind

17
roles/bind-authoritative/templates/bind/named.conf.local.j2
View File

@ -20,8 +20,8 @@ key "certbot_challenge." {
// Let's Encrypt Challenge DNS-01 zone // Let's Encrypt Challenge DNS-01 zone
zone "_acme-challenge.crans.org" { zone "_acme-challenge.crans.org" {
{% if is_master -%}
type master; type master;
file "bak._acme-challenge.crans.org";
allow-transfer { allow-transfer {
{% for ip in slaves_ipv4 -%} {% for ip in slaves_ipv4 -%}
{{ ip }}; {{ ip }};
@ -30,6 +30,21 @@ zone "_acme-challenge.crans.org" {
{{ ip }}; {{ ip }};
{% endfor -%} {% endfor -%}
}; };
notify yes;
{% else -%}
type slave;
masters {
{% for ip in masters_ipv4 -%}
{{ ip }};
{% endfor -%}
{% for ip in masters_ipv6 -%}
{{ ip }};
{% endfor -%}
};
allow-transfer { "none"; };
notify no;
{% endif -%}
file "bak.{{ zone }}";
update-policy { update-policy {
grant certbot_challenge. name _acme-challenge.crans.org txt; grant certbot_challenge. name _acme-challenge.crans.org txt;
}; };