Browse Source

Regroupage de la configuration pour plus de simplicité

master
Mablr 1 year ago
parent
commit
157ec83ac7
Signed by: mablr GPG Key ID: 7568670EF499017A
3 changed files with 100 additions and 101 deletions
  1. +100
    -2
      templates/named.conf.j2
  2. +0
    -81
      templates/named.conf.local.j2
  3. +0
    -18
      templates/named.conf.options.j2

+ 100
- 2
templates/named.conf.j2 View File

@ -1,9 +1,26 @@
# {{ ansible_managed }}
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.local";
## Options
options {
directory "/var/cache/bind";
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on { {% if bind_listen_ipv4 %}any{% else %}none{% endif %}; };
listen-on-v6 { {% if bind_listen_ipv6 %}any{% else %}none{% endif %}; };
{% for option, value in bind_options.items() %}
{{ option }} {% if value == True %}yes{% elif value == False %}no{% else %}{{ value }}{% endif %};
{% endfor %}
version none;
};
## Logging
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
@ -14,3 +31,84 @@ logging {
security_file;
};
};
{% if bind_tsig is defined %}
## TSIG keys
{% for usage, value in bind_tsig.items() %}
### {{ usage }}
{% for key in value %}
key "{{ key.name }}" {
algorithm {{ key.algorithm }};
secret "{{ key.secret }}";
};
{% endfor %}
{% endfor %}
{% endif %}
{% if bind_acl is defined %}
# ACL
{% for acl, hosts in bind_acl.items() %}
acl {{ acl }} {
{% for host in hosts %}
{{ host }};
{% endfor %}
};
{% endfor %}
{% endif %}
## Zones
{% for zone, value in bind_zones.items() %}
{% if 'state' not in value or value.state|lower not in ['disabled', 'absent'] %}
zone "{{ zone }}" IN {
type master;
file "/etc/bind/zones/{{ zone }}/db";
{% if zone in bind_dnssec %}
key-directory "/etc/bind/keys";
{% endif %}
allow-transfer {
{% if bind_tsig.transfer is defined %}
{% set tsig_tr_list = (bind_tsig.transfer | selectattr("zone", "==", zone) | list + bind_tsig.transfer | selectattr("zone", "==", "wild") | list) %}
{% else %}
{% set tsig_tr_list = [] %}
{% endif %}
{% if (tsig_tr_list | length) %}
{% for key in tsig_tr_list %}
key {{ key.name }};
{% endfor %}
{% else %}
"none";
{% endif %}
};
{% if bind_tsig.edition is defined %}
{% set tsig_ed_list = (bind_tsig.edition | selectattr("zone", "==", zone) | list + bind_tsig.edition | selectattr("zone", "==", "wild") | list) %}
{% else %}
{% set tsig_ed_list = [] %}
{% endif %}
{% if (tsig_ed_list | length) %}
update-policy {
{% for key in tsig_ed_list %}
{% if key.policy is defined %}
{% if key.policy|lower == "certbot" %}
grant {{ key.name }} name _acme-challenge.{{ zone }}. txt;
{% endif %}
{% if key.policy|lower == "custom" %}
grant {{ key.name }} {{ key.policy_custom }};
{% endif %}
{% endif %}
{% endfor %}
};
{% endif %}
{% if 'options' in value %}
{% for option, opt_value in value.options.items() %}
{{ option }} {% if opt_value == True %}yes{% elif opt_value == False %}no{% else %}{{ opt_value }}{% endif %};
{% endfor %}
{% endif %}
};
{% endif %}
{% endfor %}

+ 0
- 81
templates/named.conf.local.j2 View File

@ -1,81 +0,0 @@
# {{ ansible_managed }}
{% if bind_tsig is defined %}
# tsig keys
{% for usage, value in bind_tsig.items() %}
## {{ usage }}
{% for key in value %}
key "{{ key.name }}" {
algorithm {{ key.algorithm }};
secret "{{ key.secret }}";
};
{% endfor %}
{% endfor %}
{% endif %}
{% if bind_acl is defined %}
# acl
{% for acl, hosts in bind_acl.items() %}
acl {{ acl }} {
{% for host in hosts %}
{{ host }};
{% endfor %}
};
{% endfor %}
{% endif %}
# zones
{% for zone, value in bind_zones.items() %}
{% if 'state' not in value or value.state|lower not in ['disabled', 'absent'] %}
zone "{{ zone }}" IN {
type master;
file "/etc/bind/zones/{{ zone }}/db";
{% if zone in bind_dnssec %}
key-directory "/etc/bind/keys";
{% endif %}
allow-transfer {
{% if bind_tsig.transfer is defined %}
{% set tsig_tr_list = (bind_tsig.transfer | selectattr("zone", "==", zone) | list + bind_tsig.transfer | selectattr("zone", "==", "wild") | list) %}
{% else %}
{% set tsig_tr_list = [] %}
{% endif %}
{% if (tsig_tr_list | length) %}
{% for key in tsig_tr_list %}
key {{ key.name }};
{% endfor %}
{% else %}
"none";
{% endif %}
};
{% if bind_tsig.edition is defined %}
{% set tsig_ed_list = (bind_tsig.edition | selectattr("zone", "==", zone) | list + bind_tsig.edition | selectattr("zone", "==", "wild") | list) %}
{% else %}
{% set tsig_ed_list = [] %}
{% endif %}
{% if (tsig_ed_list | length) %}
update-policy {
{% for key in tsig_ed_list %}
{% if key.policy is defined %}
{% if key.policy|lower == "certbot" %}
grant {{ key.name }} name _acme-challenge.{{ zone }}. txt;
{% endif %}
{% if key.policy|lower == "custom" %}
grant {{ key.name }} {{ key.policy_custom }};
{% endif %}
{% endif %}
{% endfor %}
};
{% endif %}
{% if 'options' in value %}
{% for option, opt_value in value.options.items() %}
{{ option }} {% if opt_value == True %}yes{% elif opt_value == False %}no{% else %}{{ opt_value }}{% endif %};
{% endfor %}
{% endif %}
};
{% endif %}
{% endfor %}

+ 0
- 18
templates/named.conf.options.j2 View File

@ -1,18 +0,0 @@
# {{ ansible_managed }}
options {
directory "/var/cache/bind";
dnssec-enable yes;
dnssec-validation yes;
auth-nxdomain no; # conform to RFC1035
listen-on { {% if bind_listen_ipv4 %}any{% else %}none{% endif %}; };
listen-on-v6 { {% if bind_listen_ipv6 %}any{% else %}none{% endif %}; };
{% for option, value in bind_options.items() %}
{{ option }} {% if value == True %}yes{% elif value == False %}no{% else %}{{ value }}{% endif %};
{% endfor %}
version none;
};

Loading…
Cancel
Save