55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
---
|
|
- name: Copy server certificate
|
|
ansible.builtin.copy:
|
|
dest: "{{ tls_private }}/{{ nsd_server }}.key"
|
|
src: "{{ item }}"
|
|
mode: "0600"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ nsd_server }}/privkey.pem"
|
|
- "/srv/ca/private/{{ nsd_server }}.key"
|
|
- "/srv/ca/private/{{ inventory_hostname }}.key"
|
|
tags: certificates
|
|
notify: Restart nsd
|
|
|
|
- name: Copy server key
|
|
ansible.builtin.copy:
|
|
dest: "{{ tls_certs }}/{{ nsd_server }}.crt"
|
|
src: "{{ item }}"
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_first_found:
|
|
- "/srv/letsencrypt/live/{{ nsd_server }}/fullchain.pem"
|
|
- "/srv/ca/certs/hosts/{{ site }}.crt"
|
|
- "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
|
|
tags: certificates
|
|
notify: Restart nsd
|
|
|
|
- name: Create config
|
|
ansible.builtin.template:
|
|
src: nsd.conf.j2
|
|
dest: /var/nsd/etc/nsd.conf
|
|
mode: "0640"
|
|
owner: root
|
|
group: _nsd
|
|
notify: Restart nsd
|
|
|
|
- name: Copy zone files
|
|
ansible.builtin.copy:
|
|
dest: "/var/nsd/zones/master/{{ item | replace('/', '-') }}"
|
|
src: "/srv/dns/{{ item | replace('/', '-') }}"
|
|
mode: "0640"
|
|
owner: root
|
|
group: _nsd
|
|
validate: "nsd-checkzone '{{ item }}' '%s'"
|
|
tags: dns
|
|
notify: Restart nsd
|
|
with_items: "{{ nsd_zones }}"
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: nsd
|
|
state: started
|
|
enabled: true
|