verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

8748_VPN_Conntrack #81

Merged
xavi merged 4 commits from 8748_VPN_Conntrack into main 2025-04-02 13:19:02 +00:00
Conversation 0 Commits 4 Files Changed 7 +26 -18
6 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 651ee7edf6 - Show all commits

2
roles/ns/defaults/main.yml
View File

@ -18,12 +18,12 @@ bind_config_templates:
- { src: 'dhcp.key', dest: '/etc/bind/keys/dhcp.key', mode: 'u=rw,g=r,o=' }
- { src: 'isp1.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' }
- { src: 'isp2.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' }
- { src: 'delete.ns', dest: '/root/scripts/switch-isp', mode: 'u=rw,g=rw,o=r' }
directory:
- { path: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' }
- { path: '/etc/bind/keys', owner: 'root', group: 'bind', mode: 'u=rwx,g=rxs,o=rx' }
- { path: '/root/scripts/switch-isp', owner: 'root', group: 'bind', mode: 'u=rwx,g=rxs,o=rx' }
required_files:
- { src: 'delete.ns', dest: '/root/scripts/switch-isp', owner: 'root', group: 'bind', mode: 'u=rw,g=rw,o=r' }
- { src: 'switch-isp.sh', dest: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' }
- { src: 'sync-conf', dest: '/root/scripts', owner: 'root', group: 'root', mode: 'u=rwx,g=rx,o=rx' }
- { src: 'gen-key.sh', dest: '/root/scripts', owner: 'root', group: 'bind', mode: 'u=rwx,g=rx,o=rx' }

14
roles/ns/files/delete.ns
View File

@ -1,14 +0,0 @@
update delete verdnatura.es A
update delete kube-proxy.verdnatura.es A
update delete smtp.verdnatura.es A
update delete imap.verdnatura.es A
update delete autodiscover.verdnatura.es A
update delete time1.verdnatura.es A
update delete time2.verdnatura.es A
update delete dc-ip01.verdnatura.es A
update delete dc-ip02.verdnatura.es A
update delete dc-ip03.verdnatura.es A
update delete dc-ip04.verdnatura.es A
update delete mailgw1.verdnatura.es A
update delete mailgw2.verdnatura.es A
send

7
roles/ns/tasks/ns.yml
View File

@ -6,6 +6,13 @@
name: "{{ bind_packages }}"
state: present
install_recommends: no
- name: Ensure BIND9 starts with IPv4 only (-4)
lineinfile:
path: /etc/default/named
regexp: '^OPTIONS='
line: 'OPTIONS="-u bind -4"'
backrefs: yes
notify: restart-dns
- name: Create directory
file:
path: "{{ item.path }}"

4
roles/ns/templates/delete.ns Normal file
View File

@ -0,0 +1,4 @@
{% for record in dns_records_delete %}
update delete {{ record.name.ljust(30) }} A
{% endfor %}
send

6
roles/ns/templates/named.conf.master.j2
View File

@ -27,6 +27,12 @@ view "lan" {
{% endfor %}
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes;
filter-aaaa { any; };
};
recursion yes;
allow-recursion { any; };
empty-zones-enable yes;

11
roles/ns/templates/named.conf.slave.j2
View File

@ -20,17 +20,22 @@ masters master-ips {
view "lan" {
match-clients {
{% for item in key_match_clients_lan_master if item.startswith("!key") %}
{%- for item in key_match_clients_lan_master if item.startswith("!key") -%}
{{ item }};
{% endfor %}
{% for item in acl_match_clients %}
{%- for item in acl_match_clients -%}
{{ item }};
{% endfor %}
{% for item in key_match_clients_lan_slave if not item.startswith("!key") %}
{%- for item in key_match_clients_lan_slave if not item.startswith("!key") -%}
{{ item }};
{% endfor %}
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes;
filter-aaaa { any; };
};
recursion yes;
allow-recursion { any; };
empty-zones-enable yes;