64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
---
|
|
- name: Set fact bind_zone_play if it empty
|
|
ansible.builtin.set_fact:
|
|
bind_zones_play: "{{ bind_zones_play | default([]) + [item] }}"
|
|
loop: "{{ bind_zones | dict2items }}"
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
when: >
|
|
(item.value.state is not defined or item.value.state != "absent")
|
|
and (bind_zones_subset is not defined or item.key in bind_zones_subset)
|
|
|
|
- name: Create zone folder
|
|
ansible.builtin.file:
|
|
path: "/etc/bind/zones/{{ item.key }}"
|
|
owner: bind
|
|
group: bind
|
|
mode: 0755
|
|
state: directory
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
loop: "{{ bind_zones_play }}"
|
|
|
|
- name: Copy zone files
|
|
ansible.builtin.template:
|
|
src: db.j2
|
|
dest: "/etc/bind/zones/{{ item.key }}/db"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: "{{ bind_zones_play }}"
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
register: zone
|
|
notify: Reload bind
|
|
|
|
- name: Dnssec sign # noqa risky-shell-pipe no-changed-when
|
|
ansible.builtin.shell: >
|
|
dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT
|
|
-o {{ item.item.key }} -t /etc/bind/zones/{{ item.item.key }}/db
|
|
args:
|
|
chdir: /etc/bind/keys
|
|
loop: "{{ zone.results }}"
|
|
loop_control:
|
|
label: "{{ item.item.key }}"
|
|
when: item.item.key in bind_dnssec and item.changed
|
|
notify: Reload bind
|
|
|
|
- name: Get zones files
|
|
ansible.builtin.find:
|
|
path: /etc/bind/zones
|
|
file_type: directory
|
|
recurse: no
|
|
register: zone_folders
|
|
|
|
- name: Delete old zone file
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
loop: "{{ zone_folders.files }}"
|
|
loop_control:
|
|
label: "{{ item.path | basename }}"
|
|
when: >
|
|
item.path|basename not in bind_zones or
|
|
("state" in bind_zones[item.path | basename] and bind_zones[item.path | basename].state == "absent")
|