RedXen/ansible
RedXen
/
ansible
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
This repository has been archived on 2020-08-22. You can view files and clone it, but cannot push or open issues or pull requests.
ansible/dns.yml

89 lines
6.0 KiB
YAML
Raw Permalink Blame History

---
- hosts: dns
vars:
#file:
# - { path: "/etc/nsd/zones", owner: "nsd", group: "nsd", mode: "765", state: directory }
# - { path: "/etc/nsd", owner: "nsd", group: "nsd", mode: "665", state: directory }
firewall:
- { port: 53, ipv: "v4", proto: "tcp" }
- { port: 53, ipv: "v4", proto: "udp" }
- { port: 53, ipv: "v6", proto: "tcp" }
- { port: 53, ipv: "v6", proto: "udp" }
systemd:
services:
- { name: "systemd-resolved", action: stopped }
- { name: "unbound", enabled: true, action: reloaded }
# - { name: "nsd", enabled: true, action: restarted }
apt:
packages:
- { package: "unbound", state: present }
# - { package: "nsd", state: present }
# nsd:
# listen:
# addr: "127.0.0.1"
# port: 5353
# zones:
# - name: "redxen.eu"
# zonefile: "redxen.eu.zone"
unbound:
port: 53
listen:
ipv4: "0.0.0.0"
ipv6: "::0"
forward: # NOTE: Specify in the specific order as you want them to be used
- { host: "dns.quad9.net", port: 853, ipa: "2620:fe::fe" }
- { host: "dns.quad9.net", port: 853, ipa: "9.9.9.9" }
- { host: "cloudflare-dns.com", port: 853, ipa: "2606:4700:4700::1111" }
- { host: "cloudflare-dns.com", port: 853, ipa: "1.1.1.1" }
internal:
local:
SRV:
- { service: "gitea", port: "{{ global.dev.gitea.port.http }}", group: "dev" }
- { service: "seedown", port: "{{ global.seedbox.darkhttpd.port }}", group: "seedbox" }
- { service: "transmission", port: "{{ global.seedbox.transmission.port }}", group: "seedbox" }
- { service: "grafana", port: "{{ global.monitoring.grafana.port }}", group: "monitoring" }
- { service: "pleroma", port: "{{ global.social.pleroma.listen.port }}", group: "social" }
- { service: "homepage", port: "{{ global.homepage.port }}", group: "homepage" }
- { service: "deavmi-proxy", port: "80", rawhost: "deavmi.assigned.network" }
A: # Wish these would support SRV, would ease a lot of configuration management
- { service: "postgres", group: "backend" }
- { service: "redis", group: "backend" }
- { service: "influxdb", group: "backend" }
public:
SRV:
- { service: "mumble", proto: "tcp", host: "n0.redxen.eu", port: 64738 }
- { service: "minecraft", proto: "tcp", host: "redxen.eu", port: 25565 }
TXT:
- { name: "_amazonses.", content: "PAdK+hmtSCYH2lDwBdiCfJDxyhBj2UHJtwQzL7+kh50="}
- { name: "", content: "brave-ledger-verification=1f77ffecf7da410af2f4eeb5953ae13c5ee9ddfdfed5cae63458e63003b97444" }
- { name: "", content: "v=spf1 mx ip4:94.130.108.207 ip6:2a01:4f8:c0c:8d8d::1 -all" }
- { name: "_DMARC.", content: "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" }
- { name: "mail._domainkey.", content: "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8PakBAIZxmAmqyukuwZT92I5gsM8rCD2o+abGbtXSgNCXcKEz+sWZ6kY/EAO5ABxihjyXaETsVTBuoYB514GqCFM9mZNRHHKS87rAE", content2: "/UcXUmgeydxPjqlRzEPxladjh2MhiQijT+XZzfyBVLdK9oYGPlol3VVKn48odiJIx4oRCdQhyiGTzkZGf6QMIJ5XwFqj66+Qv7OkyT6munKhFk974acL4MdL5H+LZwFAWYbRjx6j1zx3Hm7ua/EUHDcPYG6rFbJEwbyFvr1529u9H0OCn9fnIfzqMT+JEgKZRSgOWtK4jLuHcyrXTUkZzbmY8Eho+FxZszDEdvUmUQexKKQIDAQAB" }
#- { name: "_acme-challenge.", content: "" }
#- { name: "_acme-challenge.", content: "" }
CNAME:
- { name: "6jxdve2mevelrsc4lrp5ymhu2pku67v4._domainkey.", pointer: "6jxdve2mevelrsc4lrp5ymhu2pku67v4.dkim.amazonses.com" }
- { name: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou._domainkey.", pointer: "jqo2wv2wek7sh26vmc2tdzc4gdco6uou.dkim.amazonses.com" }
- { name: "edzxe6qpinwhafgwlt6b44yarhhfn3xl._domainkey.", pointer: "edzxe6qpinwhafgwlt6b44yarhhfn3xl.dkim.amazonses.com" }
MX:
- { name: "", priority: 10, host: "mail.redxen.eu" }
group:
A:
- { domain: "stats.", group: "frontend" }
- { domain: "git.", group: "frontend" }
- { domain: "seed.", group: "frontend" }
- { domain: "sd.", group: "frontend" }
- { domain: "social.", group: "frontend" }
- { domain: "mail.", group: "mail" }
- { domain: "smtp.", group: "mail" }
- { domain: "imap.", group: "mail" }
- { domain: "", group: "frontend" }
- { domain: "deavmi-proxy.", group: "frontend" }
roles:
#- file
- apt
#- nsd
- unbound
- systemd
- firewall
Reference in New Issue View Git Blame Copy Permalink