From bdb4b20d35058ae940c7e81e7244b47ecdf890d1 Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 9 May 2020 16:39:38 +0200 Subject: [PATCH] Automatic, environment based config generation --- files/internal.conf | 22 ------- tasks/main.yml | 24 ++++---- templates/internal.conf.j2 | 15 +++++ templates/redxen-dns.conf.j2 | 60 ++++--------------- .../unbound.conf => templates/unbound.conf.j2 | 0 vars/domains.yml | 1 - vars/ips.yml | 6 -- 7 files changed, 40 insertions(+), 88 deletions(-) delete mode 100644 files/internal.conf create mode 100644 templates/internal.conf.j2 rename files/unbound.conf => templates/unbound.conf.j2 (100%) delete mode 120000 vars/domains.yml delete mode 100644 vars/ips.yml diff --git a/files/internal.conf b/files/internal.conf deleted file mode 100644 index e1218f5..0000000 --- a/files/internal.conf +++ /dev/null @@ -1,22 +0,0 @@ -server: - local-zone: "redxen.localhost." static - local-data: "n0.redxen.localhost. 60 IN A 10.0.0.8" - local-data: "n1.redxen.localhost. 60 IN A 10.0.0.7" - local-data: "n2.redxen.localhost. 60 IN A 10.0.0.9" - local-data: "n3.redxen.localhost. 60 IN A 10.0.0.10" - local-data: "n4.redxen.localhost. 60 IN A 10.0.0.11" - - local-data: "_gitea._tcp.redxen.localhost. 60 IN SRV 0 5 3200 n0.redxen.localhost." - - local-data: "_grafana._tcp.redxen.localhost. 60 IN SRV 0 5 3000 n0.redxen.localhost." - local-data: "_grafana._tcp.redxen.localhost. 60 IN SRV 0 5 3000 n1.redxen.localhost." - local-data: "_grafana._tcp.redxen.localhost. 60 IN SRV 0 5 3000 n2.redxen.localhost." - local-data: "_grafana._tcp.redxen.localhost. 60 IN SRV 0 5 3000 n3.redxen.localhost." - local-data: "_grafana._tcp.redxen.localhost. 60 IN SRV 0 5 3000 n4.redxen.localhost." - - local-data: "_homepage._tcp.redxen.localhost. 60 IN SRV 0 5 80 rxhome.s3-website.eu-central-1.amazonaws.com." - - # Node 4 - local-data: "redis.redxen.localhost. 60 IN CNAME n0.redxen.localhost." - local-data: "postgres.redxen.localhost. 60 IN CNAME n0.redxen.localhost." - local-data: "influxdb.redxen.localhost. 60 IN CNAME n0.redxen.localhost." diff --git a/tasks/main.yml b/tasks/main.yml index 2ac6551..3b0977f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,13 +1,3 @@ -- name: Copy configuration files - copy: - follow: yes - src: '{{ role_path }}/files/' - dest: /etc/unbound/ - notify: - - Reload unbound - tags: - - update - - unbound - name: Install Unbound apt: install_recommends: no @@ -18,6 +8,20 @@ tags: - setup - packages +- name: Copy configuration files + loop: + - internal.conf + - redxen-dns.conf + - unbound.conf + template: + follow: yes + src: '{{ item }}.j2' + dest: /etc/unbound/{{ item }} + notify: + - Reload unbound + tags: + - update + - unbound - name: Allow Unbound through iptables loop: - { ipv: 'ipv4', proto: 'tcp' } diff --git a/templates/internal.conf.j2 b/templates/internal.conf.j2 new file mode 100644 index 0000000..ee4e5fa --- /dev/null +++ b/templates/internal.conf.j2 @@ -0,0 +1,15 @@ +server: + local-zone: "redxen.localhost." static +{% for host in groups['all'] %} + local-data: "{{ host }}.redxen.localhost. 60 IN A {{ hostvars[host]['ansible_ens10']['ipv4']['address'] }}" +{% endfor %} + +{% for entry in services.unbound.internal.local.SRV %} +{% for host in groups[entry.group] %} + local-data: "_{{ entry.service }}._tcp.redxen.localhost. 60 IN SRV 0 5 {{ entry.port }} {{ host }}.redxen.localhost." +{% endfor %} +{% endfor %} + +{% for entry in services.unbound.internal.local.CNAME %} + local-data: "{{ entry.service }}.redxen.localhost. 60 IN CNAME {{ entry.host }}.redxen.localhost." +{% endfor %} diff --git a/templates/redxen-dns.conf.j2 b/templates/redxen-dns.conf.j2 index cdb8964..0f826b3 100644 --- a/templates/redxen-dns.conf.j2 +++ b/templates/redxen-dns.conf.j2 @@ -1,10 +1,8 @@ server: local-zone: "redxen.eu." static - local-data: "redxen.eu. 10800 IN NS ns0.redxen.eu" - local-data: "redxen.eu. 10800 IN NS ns1.redxen.eu" - local-data: "redxen.eu. 10800 IN NS ns2.redxen.eu" - local-data: "redxen.eu. 10800 IN NS ns3.redxen.eu" - local-data: "redxen.eu. 10800 IN NS ns4.redxen.eu" +{% for host in groups['all'] %} + local-data: "redxen.eu. 10800 IN NS {{ host }}.redxen.eu" +{% endfor %} local-data: "_amazonses.redxen.eu. 86400 IN TXT PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50=" local-data: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.redxen.eu. 86400 IN CNAME 6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com" @@ -16,47 +14,11 @@ server: local-data: "_mumble._tcp.redxen.eu. 86400 IN SRV 0 5 2250 redxen.eu." local-data: "_minecraft._tcp.redxen.eu. 86400 IN SRV 0 5 25565 redxen.eu." - local-data: "redxen.eu. 86400 IN A {{ ips.n0 }}" - local-data: "{{ domains.grafana }}. 86400 IN A {{ ips.n0 }}" - local-data: "{{ domains.gitea }}. 86400 IN A {{ ips.n0 }}" - local-data: "{{ domains.transmission }}. 86400 IN A {{ ips.n0 }}" - local-data: "{{ domains.seedown }}. 86400 IN A {{ ips.n0 }}" - local-data: "{{ domains.pleroma }}. 86400 IN A {{ ips.n0 }}" - local-data: "ns0.redxen.eu. 86400 IN A {{ ips.n0 }}" - local-data: "nbg0.redxen.eu. 86400 IN A {{ ips.n0 }}" - - local-data: "redxen.eu. 86400 IN A {{ ips.n1 }}" - local-data: "{{ domains.grafana }}. 86400 IN A {{ ips.n1 }}" - local-data: "{{ domains.gitea }}. 86400 IN A {{ ips.n1 }}" - local-data: "{{ domains.transmission }}. 86400 IN A {{ ips.n1 }}" - local-data: "{{ domains.seedown }}. 86400 IN A {{ ips.n1 }}" - local-data: "{{ domains.pleroma }}. 86400 IN A {{ ips.n1 }}" - local-data: "ns1.redxen.eu. 86400 IN A {{ ips.n1 }}" - local-data: "nbg1.redxen.eu. 86400 IN A {{ ips.n1 }}" - - local-data: "redxen.eu. 86400 IN A {{ ips.n2 }}" - local-data: "{{ domains.grafana }}. 86400 IN A {{ ips.n2 }}" - local-data: "{{ domains.gitea }}. 86400 IN A {{ ips.n2 }}" - local-data: "{{ domains.transmission }}. 86400 IN A {{ ips.n2 }}" - local-data: "{{ domains.seedown }}. 86400 IN A {{ ips.n2 }}" - local-data: "{{ domains.pleroma }}. 86400 IN A {{ ips.n2 }}" - local-data: "ns2.redxen.eu. 86400 IN A {{ ips.n2 }}" - local-data: "nbg2.redxen.eu. 86400 IN A {{ ips.n2 }}" - - local-data: "redxen.eu. 86400 IN A {{ ips.n3 }}" - local-data: "{{ domains.grafana }}. 86400 IN A {{ ips.n3 }}" - local-data: "{{ domains.gitea }}. 86400 IN A {{ ips.n3 }}" - local-data: "{{ domains.transmission }}. 86400 IN A {{ ips.n3 }}" - local-data: "{{ domains.seedown }}. 86400 IN A {{ ips.n3 }}" - local-data: "{{ domains.pleroma }}. 86400 IN A {{ ips.n3 }}" - local-data: "ns3.redxen.eu. 86400 IN A {{ ips.n3 }}" - local-data: "nbg3.redxen.eu. 86400 IN A {{ ips.n3 }}" - - local-data: "redxen.eu. 86400 IN A {{ ips.n4 }}" - local-data: "{{ domains.grafana }}. 86400 IN A {{ ips.n4 }}" - local-data: "{{ domains.gitea }}. 86400 IN A {{ ips.n4 }}" - local-data: "{{ domains.transmission }}. 86400 IN A {{ ips.n4 }}" - local-data: "{{ domains.seedown }}. 86400 IN A {{ ips.n4 }}" - local-data: "{{ domains.pleroma }}. 86400 IN A {{ ips.n4 }}" - local-data: "ns4.redxen.eu. 86400 IN A {{ ips.n4 }}" - local-data: "nbg4.redxen.eu. 86400 IN A {{ ips.n4 }}" +{% for host in groups['all'] %} +{% for domains in services.haproxy.public %} + local-data: "{{ domains.domain }}.redxen.eu. 86400 IN A {{ hostvars[host]['ansible_default_ipv4']['address'] }}" + local-data: "{{ domains.domain }}.redxen.eu. 86400 IN AAAA {{ hostvars[host]['ansible_default_ipv6']['address'] }}" +{% endfor %} + local-data: "{{ host }}.redxen.eu. 86400 IN A {{ hostvars[host]['ansible_default_ipv4']['address'] }}" + local-data: "{{ host }}.redxen.eu. 86400 IN AAAA {{ hostvars[host]['ansible_default_ipv6']['address'] }}" +{% endfor %} diff --git a/files/unbound.conf b/templates/unbound.conf.j2 similarity index 100% rename from files/unbound.conf rename to templates/unbound.conf.j2 diff --git a/vars/domains.yml b/vars/domains.yml deleted file mode 120000 index ee159ce..0000000 --- a/vars/domains.yml +++ /dev/null @@ -1 +0,0 @@ -../../web/vars/domains.yml \ No newline at end of file diff --git a/vars/ips.yml b/vars/ips.yml deleted file mode 100644 index 7a844c7..0000000 --- a/vars/ips.yml +++ /dev/null @@ -1,6 +0,0 @@ -ips: - n0: "" - n1: "" - n2: "" - n3: "" - n4: ""