Use variables more, update some

2020-05-21 20:17:57 +02:00 · 2020-05-21 20:17:57 +02:00 · 23ed80914b
parent 5d359caeea
commit 23ed80914b
4 changed files with 21 additions and 30 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,8 +0,0 @@
- name: Disable systemd-resolved
-  systemd:
-        name: systemd-resolved
-        enabled: no
-        state: stopped
-  notify:
-        - Enable unbound
-        - Set unbound as default dns
--- a/templates/internal.conf.j2
+++ b/templates/internal.conf.j2
@ -4,13 +4,13 @@ server:
        local-data: "{{ host }}.redxen.localhost. 60 IN A {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}"
 {% endfor %}

-{% for entry in services.unbound.internal.local.SRV %}
+{% for entry in unbound.internal.local.SRV %}
 {% for host in groups[entry.group] %}
        local-data: "_{{ entry.service }}._tcp.redxen.localhost. 60 IN SRV 0 5 {{ entry.port }} {{ host }}.redxen.localhost."
 {% endfor %}
 {% endfor %}

-{% for entry in services.unbound.internal.local.A %}
+{% for entry in unbound.internal.local.A %}
 {% for host in groups[entry.group] %}
 	local-data: "{{ entry.service }}.redxen.localhost. 60 IN A {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}"
 {% endfor %}
--- a/templates/redxen-dns.conf.j2
+++ b/templates/redxen-dns.conf.j2
@ -4,21 +4,25 @@ server:
 	local-data: "redxen.eu. 10800 IN NS {{ host }}.redxen.eu"
 {% endfor %}

-	local-data: "_amazonses.redxen.eu. 86400 IN TXT PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="
-	local-data: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.redxen.eu. 86400 IN CNAME 6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com"
-	local-data: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou._domainkey.redxen.eu. 86400 IN CNAME jqo2wv2wek7sh26vmc2tdzc4gdco6uou.dkim.amazonses.com"
-	local-data: "edzxe6qpinwhafgwlt6b44yarhhfn3xl._domainkey.redxen.eu. 86400 IN CNAME edzxe6qpinwhafgwlt6b44yarhhfn3xl.dkim.amazonses.com"
+{% for record in unbound.public.TXT %}
+	local-data: "{{ record.name }}redxen.eu. 86400 IN TXT {{ record.content }}"
+{% endfor %}

-	local-data: "redxen.eu 86400 IN TXT brave-ledger-verification=1f77ffecf7da410af2f4eeb5953ae13c5ee9ddfdfed5cae63458e63003b97444"
+{% for record in unbound.public.CNAME %}
+	local-data: "{{ record.name }}redxen.eu. 86400 IN CNAME {{ record.pointer }}"
+{% endfor %}

-	local-data: "_mumble._tcp.redxen.eu. 86400 IN SRV 0 5 2250 redxen.eu."
-	local-data: "_minecraft._tcp.redxen.eu. 86400 IN SRV 0 5 25565 redxen.eu."
+{% for record in unbound.public.SRV %}
+	local-data: "_{{ record.service }}._{{ record.proto }}.redxen.eu. 86400 IN SRV 0 5 {{ record.port }} {{ record.host }}."
+{% endfor %}

-{% for host in groups['all'] %}
-{% for domains in services.haproxy.public %}
+{% for domains in haproxy.public %}
+{% for host in groups[domains.group] %}
 	local-data: "{{ domains.domain }}.redxen.eu. 86400 IN A {{ hostvars[host]['ansible_default_ipv4']['address'] }}"
 	local-data: "{{ domains.domain }}.redxen.eu. 86400 IN AAAA {{ hostvars[host]['ansible_default_ipv6']['address'] }}"
 {% endfor %}
+{% endfor %}
+{% for host in groups['all'] %}
 	local-data: "{{ host }}.redxen.eu. 86400 IN A {{ hostvars[host]['ansible_default_ipv4']['address'] }}"
 	local-data: "{{ host }}.redxen.eu. 86400 IN AAAA {{ hostvars[host]['ansible_default_ipv6']['address'] }}"
 {% endfor %}
--- a/templates/unbound.conf.j2
+++ b/templates/unbound.conf.j2
@ -8,14 +8,14 @@ server:
 	# Wireguard Range
 	access-control: 172.22.12.0/24 allow
 	# log-replies: yes
-	interface: 0.0.0.0
-	interface: ::0
+	interface: {{ unbound.listen.ipv4 }}
+	interface: {{ unbound.listen.ipv6 }}
 	extended-statistics: yes
 	root-hints: /usr/share/dns/root.hints
 	rrset-roundrobin: yes
 	trust-anchor-file: /usr/share/dns/root.key
 	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-	port: 53
+	port: {{ unbound.port }}
 	ratelimit: 20
 	prefetch: yes
 	prefetch-key: yes
@ -34,11 +34,6 @@ remote-control:
 forward-zone:
 	name: "."
 	forward-tls-upstream: yes
-#	forward-addr: 2a04:c44:e00:32e0:42a:30ff:fe00:e7d@853#a.cyberiadot.invalid
-#	forward-addr: 194.182.165.153@853#a.cyberiadot.invalid
-#	forward-addr: 2a01:4f8:1c17:4d9b::853@853#b.cyberiadot.invalid
-#	forward-addr: 78.47.220.84@853#b.cyberiadot.invalid
-	forward-addr: 2620:fe::fe@853#dns.quad9.net
-	forward-addr: 9.9.9.9@853#dns.quad9.net
-	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-	forward-addr: 1.1.1.1@853#cloudflare-dns.com
+{% for forward in unbound.forward %}
+	forward-addr: {{ forward.ipa }}@{{ forward.port|default(853) }}#{{ forward.host }}
+{% endfor %}