dns_auth: new role

also apply role to ns1.regensburg.freifunk.net
This commit is contained in:
Markus 2020-10-20 15:26:50 +02:00
parent dd93bd6b11
commit 2070c32a26
5 changed files with 69 additions and 0 deletions

1
hosts
View File

@ -2,6 +2,7 @@
gw11.regensburg.freifunk.net gw11.regensburg.freifunk.net
gw21.regensburg.freifunk.net gw21.regensburg.freifunk.net
gw31.regensburg.freifunk.net gw31.regensburg.freifunk.net
ns1.regensburg.freifunk.net
web.regensburg.freifunk.net web.regensburg.freifunk.net
stats.ffrgb ansible_host=10.90.224.100 stats.ffrgb ansible_host=10.90.224.100
unms.ffrgb ansible_host=10.90.224.101 unms.ffrgb ansible_host=10.90.224.101

View File

@ -0,0 +1,4 @@
---
- name: Restart powerdns
service: name=pdns state=restarted

View File

@ -0,0 +1,28 @@
---
- name: Enable powerdns apt-key
apt_key: url='https://repo.powerdns.com/FD380FBB-pub.asc'
- name: Enable powerdns repository
apt_repository: repo='deb http://repo.powerdns.com/debian buster-auth-43 main'
- name: Install powerdns
apt:
name:
- pdns-server
- pdns-backend-sqlite3
- sqlite3
- name: Configure powerdns
template: src=pdns.conf.j2 dest=/etc/powerdns/pdns.conf
notify: Restart powerdns
- name: Initialize database
command:
cmd: >
sqlite3 -init /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql
/var/lib/powerdns/powerdns.sqlite3
creates: /var/lib/powerdns/powerdns.sqlite3
- name: Start the powerdns services
service: name=pdns state=started enabled=yes

View File

@ -0,0 +1,31 @@
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
#
# allow-axfr-ips=127.0.0.0/8,::1
allow-axfr-ips=127.0.0.1,::1
#################################
# dname-processing If we should support DNAME records
#
# dname-processing=no
dname-processing=yes
#################################
# launch Which backends to launch and order to query them in
#
# launch=
launch=gsqlite3
gsqlite3-database=/var/lib/powerdns/powerdns.sqlite3
#################################
# master Act as a master
#
# master=no
master=yes
#################################
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
#
# only-notify=0.0.0.0/0,::/0
only-notify=

View File

@ -26,6 +26,11 @@
- yanic - yanic
- web_gw - web_gw
- name: Setup name servers
hosts: ns1.regensburg.freifunk.net
roles:
- dns_auth
- name: Setup web service proxy - name: Setup web service proxy
hosts: web.regensburg.freifunk.net hosts: web.regensburg.freifunk.net
roles: roles: