foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add intdomain variable to simplify configs

Browse source
This commit is contained in:
Timo Makinen 2025-06-21 16:02:57 +00:00
parent 05b4c3a9f4
commit e55dd35605
4 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
group_vars/dnagw.yml
View file

@ -3,6 +3,7 @@
mem_size: 512
intnet: "{{ network_interfaces[0].ipaddr + '/' + network_interfaces[0].netmask }}"
intdomain: "{{ inventory_hostname.split('.')[1:] | join('.') }}"
network_vip_interfaces:
- device: vio0
@ -43,7 +44,7 @@ unbound_zones:
{% else -%}
{{ reverse[:-1] | split('.', 1) | last -}}
{% endif -%}
- "{{ inventory_hostname.split('.')[1:] | join('.') }}"
- "{{ intdomain }}"
# use custom firewall config
firewall_src: pf.conf.gw_dna.j2

8
playbooks/dna-gw.yml
View file

@ -42,26 +42,26 @@
- name: Copy DNS private key
ansible.builtin.copy:
dest: "{{ tls_private }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.key"
dest: "{{ tls_private }}/dns.{{ intdomain }}.key"
src: "{{ item }}"
mode: "0600"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
- "/srv/letsencrypt/live/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh/privkey.pem"
- "/srv/letsencrypt/live/dns.{{ intdomain }}/privkey.pem"
- "/srv/ca/private/{{ inventory_hostname }}.key"
tags: certificates
notify: Restart unbound
- name: Copy DNS certificate and ca cert
ansible.builtin.copy:
dest: "{{ tls_certs }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.crt"
dest: "{{ tls_certs }}/dns.{{ intdomain }}.crt"
src: "{{ item }}"
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
with_first_found:
- "/srv/letsencrypt/live/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh/fullchain.pem"
- "/srv/letsencrypt/live/dns.{{ intdomain }}/fullchain.pem"
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
tags: certificates
notify: Restart unbound

2
roles/dhcpd/templates/dhcpd.conf.j2
View file

@ -42,7 +42,7 @@ subnet {{ intnet | ansible.utils.ipaddr('network') }} netmask {{ intnet | ansibl
option broadcast-address {{ intnet | ansible.utils.ipaddr('broadcast') }};
option routers {{ intnet | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address')}};
option domain-name "{{ inventory_hostname.split('.')[1] }}.foo.sh";
option domain-name "{{ intdomain }}";
option domain-name-servers {{ intnet | ansible.utils.ipaddr(10) | ansible.utils.ipaddr('address') }}, {{ intnet | ansible.utils.ipaddr(11) | ansible.utils.ipaddr('address') }}, {{ intnet | ansible.utils.ipaddr(12) | ansible.utils.ipaddr('address') }};
use-host-decl-names on;
}

4
roles/unbound/templates/unbound.conf.dna.j2
View file

@ -15,8 +15,8 @@ server:
interface: {{ intnet | ansible.utils.ipaddr(12) | ansible.utils.ipaddr('address') }}@53
interface: {{ intnet | ansible.utils.ipaddr(12) | ansible.utils.ipaddr('address') }}@853
tls-service-key: {{ tls_private }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.key
tls-service-pem: {{ tls_certs }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.crt
tls-service-key: {{ tls_private }}/dns.{{ intdomain }}.key
tls-service-pem: {{ tls_certs }}/dns.{{ intdomain }}.crt
tls-cert-bundle: {{ tls_bundle }}
access-control: 127.0.0.0/8 allow