diff --git a/plays/dns-recursive.yml b/plays/dns-recursive.yml deleted file mode 100755 index fdb08317..00000000 --- a/plays/dns-recursive.yml +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -# Deploy recursive DNS cache server -- hosts: dns_recursive - roles: - - bind-recursive diff --git a/roles/bind-recursive/handlers/main.yml b/roles/bind-recursive/handlers/main.yml deleted file mode 100644 index c6741672..00000000 --- a/roles/bind-recursive/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Reload bind9 - systemd: - name: bind9 - state: reloaded diff --git a/roles/bind-recursive/tasks/main.yml b/roles/bind-recursive/tasks/main.yml deleted file mode 100644 index e45f12c2..00000000 --- a/roles/bind-recursive/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Install Bind9 - apt: - update_cache: true - name: bind9 - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Deploy Bind9 configuration - template: - src: bind/{{ item }}.j2 - dest: /etc/bind/{{ item }} - mode: 0644 - loop: - - named.conf - - named.conf.acl - # - named.conf.options - - named.conf.local - - named.conf.default-zones - - db.infra - notify: Reload bind9 diff --git a/roles/bind-recursive/templates/bind/db.infra.j2 b/roles/bind-recursive/templates/bind/db.infra.j2 deleted file mode 100644 index 7f2a93a9..00000000 --- a/roles/bind-recursive/templates/bind/db.infra.j2 +++ /dev/null @@ -1,24 +0,0 @@ -{{ ansible_header | comment(decoration='; ') }} - -$TTL 0 - -@ IN SOA silice.crans.org root.crans.org ( - 0 ; serial - 3600 ; refresh (1hr) - 1800 ; retry (30mn) - 604800 ; expire (7dy) - 0 ; TTL (0s) - ) - -@ IN NS passerelle.infra.crans.org -passerelle.infra.crans.org IN A {{ (query('ldap', 'ip', 'passerelle', 'infra') | ansible.utils.ipv4)[0] }} - -* IN CNAME crans.org -*.org IN CNAME crans.org -*.fr IN CNAME crans.org -*.com IN CNAME crans.org - -intranet.crans.org IN A 172.16.32.156 ; (query('ldap', 'ip', 'intranet', 'infra') | ansible.utils.ipv4)[0] -intranet.infra.crans.org IN A 172.16.32.156 - -unifi.infra.crans.org IN A {{ (query('ldap', 'ip', 'unifi', 'infra') | ansible.utils.ipv4)[0] }} diff --git a/roles/bind-recursive/templates/bind/named.conf.acl.j2 b/roles/bind-recursive/templates/bind/named.conf.acl.j2 deleted file mode 100644 index 25f1ec43..00000000 --- a/roles/bind-recursive/templates/bind/named.conf.acl.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{{ ansible_header | comment(decoration='// ') }} - -acl "srv" { - {{ query('ldap', 'network', 'srv') }}; - 2a0c:700:{{ query('ldap', 'vlanid', 'srv') }}::/48; -}; - -acl "srv-nat" { - {{ query('ldap', 'network', 'srv-nat') }}; - 2a0c:700:{{ query('ldap', 'vlanid', 'srv-nat') }}::/48; -}; - -acl "adm" { - {{ query('ldap', 'network', 'adm') }}; - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64; -}; - -acl "infra" { - {{ query('ldap', 'network', 'infra') }}; - fd00:0:0:{{ query('ldap', 'vlanid', 'infra') }}::/64; -}; - -acl "adh" { - {{ query('ldap', 'network', 'adh') }}; - 2a0c:700:{{ query('ldap', 'vlanid', 'adh') }}::/48; -}; - -acl "adh-nat" { - {{ query('ldap', 'network', 'adh-nat') }}; - 2a0c:700:{{ query('ldap', 'vlanid', 'adh-nat') }}::/48; -}; diff --git a/roles/bind-recursive/templates/bind/named.conf.default-zones.j2 b/roles/bind-recursive/templates/bind/named.conf.default-zones.j2 deleted file mode 100644 index 6a919236..00000000 --- a/roles/bind-recursive/templates/bind/named.conf.default-zones.j2 +++ /dev/null @@ -1,34 +0,0 @@ -{{ ansible_header | comment(decoration='// ') }} - -view "default" { - match-clients { any; }; - - // prime the server with knowledge of the root servers - zone "." { - type hint; - file "/usr/share/dns/root.hints"; - }; - - // be authoritative for the localhost forward and reverse zones, and for - // broadcast zones as per RFC 1912 - - zone "localhost" { - type master; - file "/etc/bind/db.local"; - }; - - zone "127.in-addr.arpa" { - type master; - file "/etc/bind/db.127"; - }; - - zone "0.in-addr.arpa" { - type master; - file "/etc/bind/db.0"; - }; - - zone "255.in-addr.arpa" { - type master; - file "/etc/bind/db.255"; - }; -}; diff --git a/roles/bind-recursive/templates/bind/named.conf.j2 b/roles/bind-recursive/templates/bind/named.conf.j2 deleted file mode 100644 index 5edbf974..00000000 --- a/roles/bind-recursive/templates/bind/named.conf.j2 +++ /dev/null @@ -1,14 +0,0 @@ -{{ ansible_header | comment(decoration='// ') }} - -// This is the primary configuration file for the BIND DNS server named. -// -// Please read /usr/share/doc/bind9/README.Debian.gz for information on the -// structure of BIND configuration files in Debian, *BEFORE* you customize -// this configuration file. -// -// If you are just adding zones, please do that in /etc/bind/named.conf.local - -include "/etc/bind/named.conf.acl"; -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; -include "/etc/bind/named.conf.default-zones"; diff --git a/roles/bind-recursive/templates/bind/named.conf.local.j2 b/roles/bind-recursive/templates/bind/named.conf.local.j2 deleted file mode 100644 index 101fade7..00000000 --- a/roles/bind-recursive/templates/bind/named.conf.local.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{{ ansible_header | comment(decoration='// ') }} - -// Consider adding the 1918 zones here, if they are not used in your -// organization -//include "/etc/bind/zones.rfc1918"; - -view "infra" { - match-clients { infra; }; - recursion no; - - zone "." { - type master; - file "/etc/bind/db.infra"; - }; -}; diff --git a/roles/bind-recursive/templates/bind/named.conf.options.j2 b/roles/bind-recursive/templates/bind/named.conf.options.j2 deleted file mode 100644 index 93497100..00000000 --- a/roles/bind-recursive/templates/bind/named.conf.options.j2 +++ /dev/null @@ -1,26 +0,0 @@ -{{ ansible_header | comment(decoration='// ') }} - -options { - directory "/var/cache/bind"; - - // If there is a firewall between you and nameservers you want - // to talk to, you may need to fix the firewall to allow multiple - // ports to talk. See http://www.kb.cert.org/vuls/id/800113 - - // If your ISP provided one or more IP addresses for stable - // nameservers, you probably want to use them as forwarders. - // Uncomment the following block, and insert the addresses replacing - // the all-0's placeholder. - - // forwarders { - // 0.0.0.0; - // }; - - //======================================================================== - // If BIND logs error messages about the root key being expired, - // you will need to update your keys. See https://www.isc.org/bind-keys - //======================================================================== - dnssec-validation auto; - - listen-on-v6 { any; }; -};