Merge commit 'aa5b74dcfe874efe4ec914bbd862d2d19d3f9f86'

# Conflicts: # tasks/main.yml
deb_version variable
2023-10-20 11:34:17 +03:00 · 2023-10-13 14:24:59 +03:00 · 2023-10-13 13:04:33 +03:00 · 2023-10-13 12:54:11 +03:00 · 2023-10-13 12:38:40 +03:00 · 2023-09-13 11:43:33 +03:00
6 changed files with 45 additions and 19 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,8 +1,13 @@
 ---
 # defaults file for roles/powerdns-recursor
-powerdns_version: 49
+powerdns_version: "{{ powerdns_recursor.version | default(49) }}"
-deb_powerdns_version: =4.9.*
+deb_version: "{{ powerdns_recursor.deb_version | default('=4.9.*') }}"
-repo_uri: http://repo.powerdns.com/debian
+repo_uri: "{{ powerdns_recursor.repo_uri | default('http://repo.powerdns.com/debian') }}"
 repo_components: "{{ ansible_distribution_release }}-rec-{{ powerdns_version }} main"
 repo_signed_key: "rec-{{ powerdns_version }}-pub.asc"
-repo_state: "{{ powerdns_recursor__state }}"
+repo_state: "{{ powerdns_recursor.repo_state | default('present') }}"
 forward_lst: "{{ powerdns_recursor.forward_lst | default ([]) }}"
 #  domain: auth_server_ip
 nta_lst: "{{ powerdns_recursor.nta_lst | default([]) }}"
 allow_lst: "{{ powerdns_recursor.allow_lst | default (['127.0.0.0/8', '10.0.0.0/8']) }}"
 root_cached: "{{ powerdns_recursor.root_cached | default('file') }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,16 +3,23 @@
 - name: "add powerdns-recursor repository"
  become: true
  block:
-    - name: "powerdns repo apt key"
+    - name: Check if powerdns repo apt key exists
      stat:
        path: "/etc/apt/trusted.gpg.d/{{ repo_signed_key }}"
      register: key_stat
      ignore_errors: yes
    - name: Download powerdns repo apt key if needed
      become: true
      get_url: 
        url: https://repo.powerdns.com/FD380FBB-pub.asc
        dest: "/etc/apt/trusted.gpg.d/{{ repo_signed_key }}"
      when: key_stat.stat.exists == False or key_stat.stat.checksum != 'sha256:checksum_of_the_source_key'
    - name: "powerdns-recursor {{ powerdns_version }} repo"
      become: true
      apt_repository:
-        repo: deb [signed-by=/etc/apt/trusted.gpg.d/{{ repo_signed_key }} arch=amd64] {{ repo_uri }} {{ repo_components }}
+        repo: deb [arch=amd64] {{ repo_uri }} {{ repo_components }}
        state: "{{ repo_state }}"
        update_cache: yes
        filename: powerdns-rec-{{ powerdns_version }}
@@ -20,7 +27,7 @@
 - name: "install powerdns-recursor {{ powerdns_version }}"
  become: true
  apt:
-    name: "pdns-recursor{{ deb_powerdns_version }}"
+    name: "pdns-recursor{{ deb_version }}"
    autoremove: true
    update_cache: true
@@ -31,12 +38,13 @@
      get_url:
        url: https://www.internic.net/domain/root.zone
        dest: /etc/powerdns/root.zone
      when: root_cached == 'file'
    - name: "template powerdns-recursor configs"
      become: true
      template:
-        src: "templates{{ cfile }}.j2"
+        src: "templates{{ file }}.j2"
-        dest: "{{ cfile }}"
+        dest: "{{ file }}"
        owner: root
        group: root
        mode: 0644
@@ -47,6 +55,6 @@
        - /etc/powerdns/recursor.d/forward.lst
        - /etc/powerdns/recursor.d/dns-script.lua
      loop_control:
-        loop_var: cfile
+        loop_var: file
  notify:
    - Restart powerdns-recursor
--- a/templates/etc/powerdns/recursor.d/allow.lst.j2
+++ b/templates/etc/powerdns/recursor.d/allow.lst.j2
@@ -1,6 +1,8 @@
 #
 # WARNING: auto-generated by Ansible powerdns-recursor role.
 #
-127.0.0.0/8
+{% if allow_lst is defined and allow_lst | length > 0 %}
-100.64.0.0/10
+{% for allowed_addr in allow_lst %}
-169.254.0.0/16
+{{ allowed_addr }}
 {% endfor %}
 {% endif %}
--- a/templates/etc/powerdns/recursor.d/dns-script.lua.j2
+++ b/templates/etc/powerdns/recursor.d/dns-script.lua.j2
@@ -2,7 +2,9 @@
 -- WARNING: auto-generated by Ansible powerdns-recursor role.
 --
 self = newDS()
-self:add{'{{ ansible_hostname }}', '{{ ansible_hostname }}.mm', '{{ ansible_fqdn }}'}
+self:add{'{{ ansible_hostname }}', '{{ ansible_fqdn }}'{%- for fqdn in powerdns_recursor__self_add | default([]) %}
 {% if loop.first %}, {% endif %}'{{ fqdn }}'{% if not loop.last %}, {% endif %}
 {%- endfor %}}
 function string.starts(String,Start)
   return string.sub(String,1,string.len(Start))==Start
--- a/templates/etc/powerdns/recursor.d/forward.lst.j2
+++ b/templates/etc/powerdns/recursor.d/forward.lst.j2
@@ -1,5 +1,8 @@
 #
 # WARNING: auto-generated by Ansible powerdns-recursor role.
 #
-mm=172.31.122.10
+{% if forward_lst is defined and forward_lst | length > 0 %}
-miranda-media.net=172.31.122.10
+{% for zone, auth_server in forward_lst.items() %}
 {{ zone }}={{ auth_server }}
 {% endfor %}
 {% endif %}
--- a/templates/etc/powerdns/recursor.lua.j2
+++ b/templates/etc/powerdns/recursor.lua.j2
@@ -6,7 +6,13 @@
 -- Note: If you provide your own Lua configuration file, consider
 -- running rootkeys.lua too.
 dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
-- zoneToCache(".", "url", "https://www.internic.net/domain/root.zone", { refreshPeriod = 0 })
+{% if root_cached == 'file' %}
 zoneToCache(".", "file", "/etc/powerdns/root.zone", { refreshPeriod = 0 })
-addNTA('mm', "private MM domain")
+{% else %}
-addNTA('miranda-media.net', "fix DNSSEC issue for MM domain")
+zoneToCache(".", "url", "https://www.internic.net/domain/root.zone", { refreshPeriod = 0 })
 {% endif %}
 {% if nta_lst is defined and nta_lst | length > 0 %}
 {% for zone, description in nta_lst.items() %}
 addNTA("{{ zone }}", "{{ description }}")
 {% endfor %}
 {% endif %}
Author	SHA1	Message	Date
135	c8da54199c	Merge commit 'aa5b74dcfe874efe4ec914bbd862d2d19d3f9f86' # Conflicts: # tasks/main.yml	2023-10-20 11:34:17 +03:00
135	bb3ad80d77	deb_version variable	2023-10-13 14:24:59 +03:00
135	d8a7f44d0e	repo state from upstream vars	2023-10-13 13:04:33 +03:00
135	4f570339d1	Allow lst fixed	2023-10-13 12:54:11 +03:00
135	1d34e1324c	Configurable variables	2023-10-13 12:38:40 +03:00
135	69be69ebb0	keystore changed to /etc/apt/trusted.gpg.d	2023-09-13 11:43:33 +03:00