aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-04 18:42:40 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:08 +0800
commit5836875b025e1601dd182963fc372581cc724faa (patch)
tree3d8ba8f384e69de03a48042c5aa88f4066a5e4b2 /roles
parentc1c03239eef42fb55961d98d64bc82c0c84b0986 (diff)
downloadansible-dfly-vps-5836875b025e1601dd182963fc372581cc724faa.tar.bz2
dns: refactor nsd zones generation to support DKIM record
Diffstat (limited to 'roles')
-rw-r--r--roles/dns/tasks/main.yml25
-rw-r--r--roles/dns/tasks/nsd-zone.yml31
2 files changed, 37 insertions, 19 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 68663f7..d2d6289 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -58,35 +58,22 @@
command: nsd-control-setup
when: not stat_result.stat.exists
+- name: NSD - create zones directory
+ file:
+ path: /usr/local/etc/nsd/zones
+ state: directory
+
- name: NSD - get the list of zone files
set_fact:
zonefiles: "{{ lookup('fileglob', '../templates/zones/*.j2', wantlist=True) }}"
- debug: var=zonefiles
-- name: NSD - create zones directory
- file:
- path: /usr/local/etc/nsd/zones
- state: directory
-
- name: NSD - generate zone files
- vars:
- domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}"
- template:
- src: "{{ item }}"
- dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone"
- # XXX: `validate` doesn't work with `with_items`???
- validate: "nsd-checkzone {{ domain }} %s"
+ include_tasks: nsd-zone.yml zonefile={{ item }}
with_items: "{{ zonefiles }}"
notify: reload-nsd
-# XXX: the above `validate` doesn't work with `with_items`???
-- name: NSD - check zone files
- vars:
- domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}"
- command: "nsd-checkzone {{ domain }} /usr/local/etc/nsd/zones/{{ domain }}.zone"
- with_items: "{{ zonefiles }}"
-
# NOTE: requires variable `zonefiles`
- name: NSD - generate configuration
template:
diff --git a/roles/dns/tasks/nsd-zone.yml b/roles/dns/tasks/nsd-zone.yml
new file mode 100644
index 0000000..960b230
--- /dev/null
+++ b/roles/dns/tasks/nsd-zone.yml
@@ -0,0 +1,31 @@
+---
+- name: var - set domain
+ set_fact:
+ domain: "{{ zonefile | basename | regex_replace('\\.zone\\.j2', '') }}"
+
+- name: var - set domain_keyfile
+ set_fact:
+ domain_keyfile: /usr/local/etc/mail/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem
+
+- name: dkim - check domain key existence
+ stat:
+ path: "{{ domain_keyfile }}"
+ register: stat_result
+
+- name: dkim - slurp domain key from the remote machine
+ slurp:
+ src: "{{ domain_keyfile }}"
+ # NOTE: get the contents with `{{ slurp_result['content'] | b64decode }}`
+ register: slurp_result
+ when: stat_result.stat.exists
+
+- name: var - set domain_key
+ set_fact:
+ domain_key: "{{ slurp_result['content'] | b64decode }}"
+ when: stat_result.stat.exists
+
+- name: NSD - generate zone files
+ template:
+ src: "{{ zonefile }}"
+ dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone"
+ validate: "nsd-checkzone {{ domain }} %s"