il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7365da43101b7abd734499cbe16c5e0b7b31ecb
ilnmors-homelab/ansible/roles/fw/tasks/services/set_bind.yaml
il a7365da431 1.0.0 Release IaaS
2026-03-15 04:41:02 +09:00

104 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Check bind9 installation
ansible.builtin.shell: |
command -v named
become: true # named is located in /usr/sbin, which means root permission is needed.
changed_when: false
failed_when: false
register: "is_bind_installed"
ignore_errors: true
- name: Set bind9 zone files
ansible.builtin.set_fact:
bind_zone_files:
- "db.ilnmors.internal"
- "db.ilnmors.com"
- "db.1.168.192.in-addr.arpa"
- "db.10.168.192.in-addr.arpa"
- "db.1.00df.ip6.arpa"
- "db.10.00df.ip6.arpa"
- name: Install bind9
ansible.builtin.apt:
name: "bind9"
state: "present"
become: true
when: is_bind_installed.rc != 0
- name: Deploy acem.key
ansible.builtin.copy:
content: "{{ hostvars['console']['bind']['acme_key'] }}"
dest: "/etc/bind/acme.key"
owner: "bind"
group: "bind"
mode: "0640"
become: true
notify: "notification_restart_bind"
no_log: true
- name: Deploy db files
ansible.builtin.copy:
src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/bind/lib/{{ item }}"
dest: "/var/lib/bind/{{ item }}"
owner: "bind"
group: "bind"
mode: "0640"
loop: "{{ bind_zone_files }}"
become: true
notify: "notification_restart_bind"
no_log: true
- name: Clean BIND journal files
ansible.builtin.file:
path: "/var/lib/bind/{{ item }}.jnl"
state: absent
loop: "{{ bind_zone_files }}"
become: true
notify: "notification_restart_bind"
no_log: true
- name: Deploy named.conf
ansible.builtin.template:
src: "{{ hostvars['console']['node']['config_path'] }}/services/systemd/fw/bind/etc/named.conf.j2"
dest: "/etc/bind/named.conf"
owner: "root"
group: "bind"
mode: "0640"
validate: "/usr/bin/named-checkconf -z %s"
become: true
notify: "notification_restart_bind"
no_log: true
- name: Create named.service.d
ansible.builtin.file:
path: "/etc/systemd/system/named.service.d"
state: "directory"
owner: "root"
group: "root"
mode: "0755"
become: true
- name: Set named.service.d/override.conf
ansible.builtin.copy:
dest: "/etc/systemd/system/named.service.d/override.conf"
content: |
[Service]
Restart=always
RestartSec=60
owner: "root"
group: "root"
mode: "0644"
become: true
notify: "notification_restart_bind"
- name: Enable bind9 service
ansible.builtin.systemd:
name: "named.service"
state: "started"
enabled: true
become: true
# Verify working
# dig A fw.ilnmors.internal @fd00:10::3
# dig AAAA fw.ilnmors.internal @fd00:10::3
Reference in New Issue View Git Blame Copy Permalink