crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible/roles/bind-authoritative/templates/bind/named.conf.local.j2

152 lines
2.9 KiB
Django/Jinja
Raw Blame History

{{ ansible_header | comment(decoration='// ') }}
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
{% if is_master -%}
// Let's Encrypt Challenge DNS-01 key
key "certbot_challenge." {
algorithm hmac-sha512;
secret "{{ certbot_dns_secret }}";
};
key "certbot_adm_challenge." {
algorithm hmac-sha512;
secret "{{ certbot_adm_dns_secret }}";
};
{% endif %}
// Let's Encrypt Challenge DNS-01 zone
zone "_acme-challenge.crans.org" {
{% if is_master %}
type master;
notify yes;
update-policy {
grant certbot_challenge. name _acme-challenge.crans.org. txt;
};
{% else %}
type slave;
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
file "bak._acme-challenge.crans.org";
};
// Let's Encrypt Challenge DNS-01 zone
zone "_acme-challenge.adm.crans.org" {
{% if is_master %}
type master;
notify yes;
update-policy {
grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt;
};
{% else %}
type slave;
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
file "bak._acme-challenge.adm.crans.org";
};
zone "_acme-challenge.crans.fr" {
{% if is_master %}
type master;
notify yes;
update-policy {
grant certbot_challenge. name _acme-challenge.crans.fr. txt;
};
{% else %}
type slave;
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
file "bak._acme-challenge.crans.fr";
};
zone "_acme-challenge.crans.eu" {
{% if is_master %}
type master;
notify yes;
update-policy {
grant certbot_challenge. name _acme-challenge.crans.eu. txt;
};
{% else %}
type slave;
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
file "bak._acme-challenge.crans.eu";
};
// Crans zones
{% for zone in bind.zones|sort %}
zone "{{ zone }}" {
{% if is_master %}
type master;
// Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated
file "generated/{{ zone }}.db";
notify yes;
{% else %}
type slave;
file "bak.{{ zone }}";
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
};
{% endfor %}
// Crans reverse zones
{% for zone in bind.reverse %}
zone "{{ zone }}" {
{% if is_master %}
type master;
// Apparmor: Need to ln -s /var/cache/bind/generated /var/local/re2o-services/dns/generated
file "generated/{{ zone }}.db";
notify yes;
{% else %}
type slave;
file "bak.{{ zone }}";
masters {
{% for host in bind.masters %}
{% for ip in query('ldap', 'ip', host, 'adm') %}
{{ ip }};
{% endfor -%}
{% endfor %}
};
notify no;
{% endif %}
};
{% endfor %}
Reference in New Issue View Git Blame Copy Permalink