From 8cf35bf550410862ff2909ef68df5fb8af21e98b Mon Sep 17 00:00:00 2001
From: Bombar Maxime <bombar@crans.org>
Date: Thu, 7 May 2020 02:51:28 +0200
Subject: [PATCH] Ansible dns
---
dns.yml | 5 +++
host_vars/hilbert.yml | 3 ++
roles/bind/tasks/main.yml | 34 ++++++++++++++++++
roles/bind/templates/db.maximebombar.fr.j2 | 35 ++++++++++++++++++
roles/bind/templates/db.satellist.fr.j2 | 42 ++++++++++++++++++++++
roles/bind/templates/named.conf.local.j2 | 34 ++++++++++++++++++
6 files changed, 153 insertions(+)
create mode 100755 dns.yml
create mode 100644 roles/bind/tasks/main.yml
create mode 100644 roles/bind/templates/db.maximebombar.fr.j2
create mode 100644 roles/bind/templates/db.satellist.fr.j2
create mode 100644 roles/bind/templates/named.conf.local.j2
diff --git a/dns.yml b/dns.yml
new file mode 100755
index 0000000..1ffb6d7
--- /dev/null
+++ b/dns.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: hilbert
+ roles:
+ - bind
diff --git a/host_vars/hilbert.yml b/host_vars/hilbert.yml
index 2c5f7a6..b946bee 100644
--- a/host_vars/hilbert.yml
+++ b/host_vars/hilbert.yml
@@ -1,2 +1,5 @@
shell: "bash"
+dns_zones:
+ - { name: "maximebombar.fr", type: "master", forwarders: ["51.158.74.193", "2001:bc8:47c0:620::1"], transfer: ["51.158.74.193", "2001:bc8:47c0:620::1"]}
+ - { name: "satellist.fr", type: "master", forwarders: ["51.158.74.193", "2001:bc8:47c0:620::1", "213.251.188.139", "2001:41d0:1:198b::1"], transfer: ["51.158.74.193", "2001:bc8:47c0:620::1", "213.251.188.139", "2001:41d0:1:198b::1"]}
diff --git a/roles/bind/tasks/main.yml b/roles/bind/tasks/main.yml
new file mode 100644
index 0000000..0aa37f6
--- /dev/null
+++ b/roles/bind/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: Install bind9
+ apt:
+ update_cache: true
+ name:
+ - bind9
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
+
+- name: Deploy config
+ template:
+ src: '{{ item.src }}'
+ dest: '{{ item.dest }}'
+ owner: root
+ group: bind
+ with_items:
+ - { src: 'named.conf.local.j2', dest: '/etc/bind/named.conf.local' }
+
+- name: deploy zones
+ template:
+ src: "db.{{ item.name }}.j2"
+ dest: "/var/cache/bind/db.{{ item.name }}"
+ owner: root
+ group: bind
+ when:
+ - (item.type == "master")
+ loop: "{{ dns_zones }}"
+
+- name: Restart bind
+ systemd:
+ enabled: yes
+ state: restarted
+ name: bind9
diff --git a/roles/bind/templates/db.maximebombar.fr.j2 b/roles/bind/templates/db.maximebombar.fr.j2
new file mode 100644
index 0000000..0dac119
--- /dev/null
+++ b/roles/bind/templates/db.maximebombar.fr.j2
@@ -0,0 +1,35 @@
+; {{ ansible_managed }}
+
+$ORIGIN {{item.name }}.
+$TTL 10
+
+@ IN SOA ns bombar.crans.org. (
+ 2020050701 ; serial
+ 86400 ; refresh
+ 3600 ; retry
+ 3600000 ; expire
+ 300 ; TTL
+ )
+
+@ IN NS ns
+@ IN NS ns0.paulon.org.
+ns IN A 51.15.204.106
+ns IN AAAA 2001:bc8:4400:2c00::3:923
+
+@ IN A 51.15.204.106
+@ IN AAAA 2001:bc8:4400:2c00::3:923
+hilbert IN A 51.15.204.106
+hilbert IN AAAA 2001:bc8:4400:2c00::3:923
+
+
+enseignement IN CNAME maximebombar.fr.
+gabidulin IN CNAME gabidulin.servens.org.
+
+
+; IP over DNS
+hack 300 IN NS avion
+t 10 IN NS ns.t
+ns.hack IN A 185.230.78.66
+ns.t IN A 51.15.204.106
+avion IN A 185.230.78.66
+dns IN A 51.15.204.106
diff --git a/roles/bind/templates/db.satellist.fr.j2 b/roles/bind/templates/db.satellist.fr.j2
new file mode 100644
index 0000000..da3725c
--- /dev/null
+++ b/roles/bind/templates/db.satellist.fr.j2
@@ -0,0 +1,42 @@
+; {{ ansible_managed }}
+
+$ORIGIN {{item.name }}.
+$TTL 10
+
+@ IN SOA ns bombar.crans.org. (
+ 2020050701 ; serial
+ 86400 ; refresh
+ 3600 ; retry
+ 3600000 ; expire
+ 300 ; TTL
+ )
+
+ IN NS ns
+ IN NS ns19.ovh.net.
+ IN NS dns19.ovh.net.
+ns IN A 51.15.204.106
+ns IN AAAA 2001:bc8:4400:2c00::3:923
+
+ IN MX 100 mx3.mail.ovh.net.
+ IN MX 5 mx2.mail.ovh.net.
+ IN MX 1 mx1.mail.ovh.net.
+ IN A 213.186.33.5
+ 600 IN TXT "v=spf1 include:mx.ovh.com ~all"
+_autodiscover._tcp IN SRV 0 0 443 mailconfig.ovh.net.
+_imaps._tcp IN SRV 0 0 993 ssl0.ovh.net.
+_submission._tcp IN SRV 0 0 465 ssl0.ovh.net.
+autoconfig IN CNAME mailconfig.ovh.net.
+autodiscover IN CNAME mailconfig.ovh.net.
+crans IN MX 1 redirect.ovh.net.
+henstai IN MX 1 redirect.ovh.net.
+hilbert IN A 51.15.204.106
+hilbert IN AAAA 2001:bc8:4400:2c00::3:923
+imap IN CNAME ssl0.ovh.net.
+liste-ca IN CNAME hilbert.satellist.fr.
+mail IN CNAME ssl0.ovh.net.
+pop3 IN CNAME ssl0.ovh.net.
+president.at.crans 600 IN TXT "paulon@crans.org"
+president.e.at.henstai 600 IN TXT "genital@prolaps.us"
+smtp IN CNAME ssl0.ovh.net.
+www IN A 213.186.33.5
+www 60 IN TXT "2|http://satellisgp.cluster021.hosting.ovh.net/"
\ No newline at end of file
diff --git a/roles/bind/templates/named.conf.local.j2 b/roles/bind/templates/named.conf.local.j2
new file mode 100644
index 0000000..9cb39a3
--- /dev/null
+++ b/roles/bind/templates/named.conf.local.j2
@@ -0,0 +1,34 @@
+// {{ ansible_managed }}
+
+include "/etc/bind/zones.rfc1918";
+
+{% for z in dns_zones %}
+zone "{{z.name}}" IN {
+ {% if z.type == "master" -%}
+ type master;
+ file "db.{{z.name}}";
+ forwarders {
+ {% for f in z.forwarders -%}
+ {{f}};
+ {% endfor -%}
+ };
+ allow-transfer {
+ {% for f in z.transfer -%}
+ {{f}};
+ {% endfor -%}
+ };
+ notify yes;
+ {% endif -%}
+ {% if z.type == "slave" -%}
+ type slave;
+ file "bak.{{z.name}}";
+ masters {
+ {% for f in z.masters -%}
+ {{f}};
+ {% endfor -%}
+ };
+ allow-transfer { "none"; };
+ notify no;
+ {% endif -%}
+};
+{% endfor -%}
--
GitLab