diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-04 18:42:40 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
commit | 5836875b025e1601dd182963fc372581cc724faa (patch) | |
tree | 3d8ba8f384e69de03a48042c5aa88f4066a5e4b2 /roles | |
parent | c1c03239eef42fb55961d98d64bc82c0c84b0986 (diff) | |
download | ansible-dfly-vps-5836875b025e1601dd182963fc372581cc724faa.tar.bz2 |
dns: refactor nsd zones generation to support DKIM record
Diffstat (limited to 'roles')
-rw-r--r-- | roles/dns/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/dns/tasks/nsd-zone.yml | 31 |
2 files changed, 37 insertions, 19 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 68663f7..d2d6289 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -58,35 +58,22 @@ command: nsd-control-setup when: not stat_result.stat.exists +- name: NSD - create zones directory + file: + path: /usr/local/etc/nsd/zones + state: directory + - name: NSD - get the list of zone files set_fact: zonefiles: "{{ lookup('fileglob', '../templates/zones/*.j2', wantlist=True) }}" - debug: var=zonefiles -- name: NSD - create zones directory - file: - path: /usr/local/etc/nsd/zones - state: directory - - name: NSD - generate zone files - vars: - domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}" - template: - src: "{{ item }}" - dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone" - # XXX: `validate` doesn't work with `with_items`??? - validate: "nsd-checkzone {{ domain }} %s" + include_tasks: nsd-zone.yml zonefile={{ item }} with_items: "{{ zonefiles }}" notify: reload-nsd -# XXX: the above `validate` doesn't work with `with_items`??? -- name: NSD - check zone files - vars: - domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}" - command: "nsd-checkzone {{ domain }} /usr/local/etc/nsd/zones/{{ domain }}.zone" - with_items: "{{ zonefiles }}" - # NOTE: requires variable `zonefiles` - name: NSD - generate configuration template: diff --git a/roles/dns/tasks/nsd-zone.yml b/roles/dns/tasks/nsd-zone.yml new file mode 100644 index 0000000..960b230 --- /dev/null +++ b/roles/dns/tasks/nsd-zone.yml @@ -0,0 +1,31 @@ +--- +- name: var - set domain + set_fact: + domain: "{{ zonefile | basename | regex_replace('\\.zone\\.j2', '') }}" + +- name: var - set domain_keyfile + set_fact: + domain_keyfile: /usr/local/etc/mail/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem + +- name: dkim - check domain key existence + stat: + path: "{{ domain_keyfile }}" + register: stat_result + +- name: dkim - slurp domain key from the remote machine + slurp: + src: "{{ domain_keyfile }}" + # NOTE: get the contents with `{{ slurp_result['content'] | b64decode }}` + register: slurp_result + when: stat_result.stat.exists + +- name: var - set domain_key + set_fact: + domain_key: "{{ slurp_result['content'] | b64decode }}" + when: stat_result.stat.exists + +- name: NSD - generate zone files + template: + src: "{{ zonefile }}" + dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone" + validate: "nsd-checkzone {{ domain }} %s" |