CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 9 Wiki Activity Actions

fix role name auth-dns -> auth_dns
Some checks failed
/ Ansible Lint (push) Failing after 2m32s
Details
/ Ansible Lint (pull_request) Failing after 2m32s
Details

Browse source
This commit is contained in:
lilly 2026-04-30 22:53:07 +02:00
commit f9c1db8446
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
10 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
roles/auth_dns/tasks/01-install.yaml Normal file
View file

@ -0,0 +1,11 @@
---
- name: Install knot
tags: [ auth-dns ]
become: true
ansible.builtin.package:
name:
- knot
- knot-exporter
- knot-dnssecutils
- knot-dnsutils
- knot-host

53
roles/auth_dns/tasks/02-configure.yaml Normal file
View file

@ -0,0 +1,53 @@
---
- name: Ensure required directories exist
tags: [ auth-dns ]
become: true
loop: [ "/etc/knot", "/etc/knot/zones" ]
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: knot
group: knot
mode: u=rwx,g=rx,o=
- name: Deploy knot configuration file
tags: [ auth-dns ]
become: true
notify: restart knot
ansible.builtin.template:
src: knot.conf.j2
dest: /etc/knot/knot.conf
owner: knot
group: knot
mode: u=rw,g=r,o=
- name: Deploy configured zones
tags: [ auth-dns ]
become: true
notify: reload knot zones
loop: "{{ knot__zones }}"
loop_control:
label: "{{ item.domain }}"
vars:
zone_content: "{{ item.content }}"
ansible.builtin.template:
src: zone.j2
dest: "/etc/knot/zones/{{ item.domain }}zone"
owner: knot
group: knot
mode: u=rw,g=r
# this seems weird but hear me out:
# if we don't disable SLAAC, the node automatically gets an address based on IPv6 Router-Advertisements
# this results in outgoing zone transfers failing because knot will prefer to use the dynamic address over the statically configured one.
# so because we are configuring a DNS Nameserver where known IP-Addresses are actually important for ACL reasons, SLAAC is disabled
- name: Disable IPv6 SLAAC
tags: [ auth-dns ]
become: true
notify: netplan apply
ansible.builtin.template:
src: "netplan-disable-ra.yaml"
dest: "/etc/netplan/10-disable-ra.yaml"
owner: root
group: root
mode: u=rw,g=,o=

3
roles/auth_dns/tasks/main.yaml Normal file
View file

@ -0,0 +1,3 @@
---
- ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing]
- ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing]