31 lines
866 B
YAML
31 lines
866 B
YAML
---
|
|
interfaces:
|
|
adm: eth1
|
|
srv: eth0
|
|
|
|
loc_bind:
|
|
options:
|
|
secondaries: "{{ query('ldap', 'ip', 'sputnik', 'adm') }}"
|
|
key_directory: "/var/cache/bind/keys"
|
|
default:
|
|
format: 'generated/%s.db'
|
|
type: primary
|
|
notify: 'yes'
|
|
dnssec: true
|
|
zones:
|
|
'_acme-challenge.crans.org':
|
|
update_policy:
|
|
- 'grant certbot_challenge. name _acme-challenge.crans.org. txt'
|
|
format: 'bak.%s'
|
|
'_acme-challenge.adm.crans.org':
|
|
update_policy:
|
|
- 'grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt'
|
|
format: 'bak.%s'
|
|
rfc2136_keys:
|
|
'certbot_challenge.':
|
|
algorithm: hmac-sha512
|
|
secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}"
|
|
'certbot_adm_challenge.':
|
|
algorithm: hmac-sha512
|
|
secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}"
|