From 578e8ee51015116666386c5d4ac64e376402a05f Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Sun, 26 Mar 2017 22:46:35 +0200
Subject: [PATCH] Add dns role (resolver only for now)

---
 host_vars/gw11.regensburg.freifunk.net |  3 ++
 host_vars/gw21.regensburg.freifunk.net |  3 ++
 host_vars/gw31.regensburg.freifunk.net |  3 ++
 roles/dns/handlers/main.yml            |  7 +++++
 roles/dns/tasks/main.yml               | 24 ++++++++++++++++
 roles/dns/templates/recursor.conf.j2   | 40 ++++++++++++++++++++++++++
 site.yml                               |  1 +
 7 files changed, 81 insertions(+)
 create mode 100644 roles/dns/handlers/main.yml
 create mode 100644 roles/dns/tasks/main.yml
 create mode 100644 roles/dns/templates/recursor.conf.j2

diff --git a/host_vars/gw11.regensburg.freifunk.net b/host_vars/gw11.regensburg.freifunk.net
index 502df82..2337160 100644
--- a/host_vars/gw11.regensburg.freifunk.net
+++ b/host_vars/gw11.regensburg.freifunk.net
@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.0.11
+
 site_code: ffrgb_stadt
diff --git a/host_vars/gw21.regensburg.freifunk.net b/host_vars/gw21.regensburg.freifunk.net
index eb29900..5d4d1a5 100644
--- a/host_vars/gw21.regensburg.freifunk.net
+++ b/host_vars/gw21.regensburg.freifunk.net
@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.32.21
+
 site_code: ffrgb_umland
diff --git a/host_vars/gw31.regensburg.freifunk.net b/host_vars/gw31.regensburg.freifunk.net
index ec6b34a..9ff9a20 100644
--- a/host_vars/gw31.regensburg.freifunk.net
+++ b/host_vars/gw31.regensburg.freifunk.net
@@ -1,3 +1,6 @@
 ---
 
+batman_ipv4:
+  address: 10.90.192.31
+
 site_code: ffrgb_test
diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml
new file mode 100644
index 0000000..4f4a765
--- /dev/null
+++ b/roles/dns/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Restart powerdns
+  service: name={{ item }} state=restarted
+  with_items:
+  # - pdns
+   - pdns-recursor
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
new file mode 100644
index 0000000..22ea87c
--- /dev/null
+++ b/roles/dns/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+
+- name: Enable backports
+  apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
+
+- name: Install powerdns
+  apt: name={{item}} default_release=jessie-backports state=latest
+  with_items:
+  # - pdns-server
+   - pdns-recursor
+
+- name: Configure powerdns
+  template: src={{item}}.j2 dest=/etc/powerdns/{{item}}
+  tags: dns
+  notify: Restart powerdns
+  with_items:
+  # - pdns.conf
+   - recursor.conf
+
+- name: Start the powerdns services
+  service: name={{item}} state=started enabled=yes
+  with_items:
+  # - pdns
+   - pdns-recursor
diff --git a/roles/dns/templates/recursor.conf.j2 b/roles/dns/templates/recursor.conf.j2
new file mode 100644
index 0000000..23ee901
--- /dev/null
+++ b/roles/dns/templates/recursor.conf.j2
@@ -0,0 +1,40 @@
+#################################
+# allow-from    If set, only allow these comma separated netmasks to recurse
+#
+#allow-from=127.0.0.0/8
+
+#################################
+# daemon        Operate as a daemon
+#
+daemon=yes
+
+#################################
+# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
+#
+# dnssec=process-no-validate
+dnssec=off
+
+#################################
+# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
+#
+local-address=127.0.0.1,{{ batman_ipv4.address }}
+
+#################################
+# local-port    port to listen on
+#
+local-port=53
+
+#################################
+# quiet Suppress logging of questions and answers
+#
+quiet=on
+
+#################################
+# setgid        If set, change group id to this gid for more security
+#
+setgid=pdns
+
+#################################
+# setuid        If set, change user id to this uid for more security
+#
+setuid=pdns
diff --git a/site.yml b/site.yml
index 94bd005..dc3c250 100644
--- a/site.yml
+++ b/site.yml
@@ -11,6 +11,7 @@
   hosts: gw31.regensburg.freifunk.net
   roles:
   - fastd
+  - dns
 
 - name: Setup confluence server
   hosts: confluence.regensburg.freifunk.net