mans/home-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update configs

Browse Source
This commit is contained in:
Mans Ziesel 2025-01-16 13:37:02 +01:00
parent b3383c95bd
commit 73f076721d
5 changed files with 50 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
10_base_server_setup.yaml
View File

@ -30,10 +30,16 @@
- "git" - "git"
- "tcpdump" - "tcpdump"
- "dnsutils" - "dnsutils"
- "ufw"
- "iputils-ping" - "iputils-ping"
- "ripgrep" - "ripgrep"
- name: "Install ufw"
ansible.builtin.apt:
state: present
name:
- "ufw"
when: ufw_status == "enabled"
- name: "Make sure ntpd is not installed" - name: "Make sure ntpd is not installed"
ansible.builtin.apt: ansible.builtin.apt:
state: absent state: absent
@ -64,7 +70,9 @@
rule: allow rule: allow
to_port: "{{ ssh_port }}" to_port: "{{ ssh_port }}"
protocol: tcp protocol: tcp
when: ufw_status == "enabled"
- name: "Enable ufw" - name: "Enable ufw"
community.general.ufw: community.general.ufw:
state: enabled state: enabled
when: ufw_status == "enabled"

39
20_powerdns_setup.yaml
View File

@ -10,7 +10,10 @@
pdns_sqlite_databases_locations: pdns_sqlite_databases_locations:
- "{{ database_name }}" - "{{ database_name }}"
pdns_config: pdns_config:
allow-axfr-ips: "192.168.2.143" allow-axfr-ips: "{{ axfr_ips }}"
server-id: "ns1.m4n5.nl"
default-soa-content: "ns1.m4n5.nl. hostmaster.m4n5.nl. 1 3600 600 604800 1800"
version-string: "anonymous"
primary: true primary: true
pdns_auth_powerdns_repo_49: pdns_auth_powerdns_repo_49:
apt_repo_origin: "repo.powerdns.com" apt_repo_origin: "repo.powerdns.com"
@ -29,41 +32,11 @@
rule: allow rule: allow
to_port: "53" to_port: "53"
protocol: udp protocol: udp
when: ufw_status == "enabled"
- name: "Add AXFR/IXFR allow rule in ufw" - name: "Add AXFR/IXFR allow rule in ufw"
community.general.ufw: community.general.ufw:
rule: allow rule: allow
to_port: "53" to_port: "53"
protocol: tcp protocol: tcp
when: ufw_status == "enabled"
# - name: "PowerDNS setup"
# hosts: slave_nameservers
# become: true
# vars:
# database_name: "/var/lib/powerdns/db.sqlite"
# pdns_backends:
# gsqlite3:
# database: "{{ database_name }}"
# pdns_sqlite_databases_locations:
# - "{{ database_name }}"
# pdns_config:
# allow-axfr-ips: "192.168.2.143"
# primary: false
# secondary: true
# pdns_auth_powerdns_repo_49:
# apt_repo_origin: "repo.powerdns.com"
# apt_repo: "deb http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-49 main"
# gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
# gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
# yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49"
# yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49/debug"
# name: "powerdns-auth-49"
# roles:
# - { role: PowerDNS.pdns,
# pdns_install_repo: "{{ pdns_auth_powerdns_repo_49 }}" }
# tasks:
# - name: "Add DNS allow rule in ufw"
# community.general.ufw:
# rule: allow
# to_port: "53"
# protocol: udp

10
30_knot_slave_setup.yaml
View File

@ -3,10 +3,10 @@
hosts: slave_nameservers hosts: slave_nameservers
become: true become: true
vars: vars:
identity: "ns2.ziesel.internal" identity: "{{ dns_nsid }}.m4n5.nl"
nsid: "ns2" nsid: "{{ dns_nsid }}"
master_ip_acl: "192.168.2.19" master_ip_acl: "86.94.191.237, 2a02:a442:ba11::1ebd, 2a02:a442:ba11::53"
version: "Mans's DNS" version: "off"
knot_user: knot knot_user: knot
knot_group: knot knot_group: knot
catalog_domain: "catalog.internal." catalog_domain: "catalog.internal."
@ -52,9 +52,11 @@
rule: allow rule: allow
to_port: "53" to_port: "53"
protocol: udp protocol: udp
when: ufw_status == "enabled"
- name: "Add AXFR/IXFR allow rule in ufw" - name: "Add AXFR/IXFR allow rule in ufw"
community.general.ufw: community.general.ufw:
rule: allow rule: allow
to_port: "53" to_port: "53"
protocol: tcp protocol: tcp
when: ufw_status == "enabled"

34
inventory.yaml
View File

@ -1,23 +1,45 @@
all: all:
hosts: hosts:
pi5: pi5.internal.mziesel.nl:
ansible_host: 192.168.2.19 ansible_host: 192.168.2.19
ansible_user: ansible ansible_user: ansible
ansible_ssh_port: 2222
ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519 ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
ansible_ssh_port: 2222
ssh_port: 2222 ssh_port: 2222
knot-dns-test: ufw_status: enabled
ansible_host: 192.168.2.143 dns_nsid: ns1
srv01.nur.mziesel.nl:
ansible_user: ansible
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
ufw_status: disabled
ssh_port: 22
dns_nsid: ns2
srv03.oci.mziesel.nl:
ansible_user: ansible ansible_user: ansible
ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519 ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
ufw_status: disabled
ssh_port: 22 ssh_port: 22
dns_nsid: ns3
# auth-dns-slave.internal.mziesel.nl:
# ansible_host: 192.168.2.143
# ansible_user: ansible
# ansible_python_interpreter: /usr/bin/python3
# ufw_status: enabled
# ssh_port: 22
# dns_nsid: ns4
vars:
# nur01, oci03, internal-test
axfr_ips: "85.235.66.180, 2a03:4000:32:1ae:889d:dbff:fea1:9df7, 143.47.189.110, 2603:c022:c001:c601:7b56:9459:93ba:11b6"
children: children:
master_nameservers: master_nameservers:
hosts: hosts:
pi5: pi5.internal.mziesel.nl:
slave_nameservers: slave_nameservers:
hosts: hosts:
knot-dns-test: srv01.nur.mziesel.nl:
srv03.oci.mziesel.nl:
# auth-dns-slave.internal.mziesel.nl:

2
templates/knot.conf.j2
View File

@ -1,6 +1,6 @@
server: server:
identity: {{ identity }} identity: {{ identity }}
version: "{{ version }}" version: off
nsid: {{ nsid }} nsid: {{ nsid }}
rundir: "/run/knot" rundir: "/run/knot"
user: {{ knot_user }}:{{ knot_group }} user: {{ knot_user }}:{{ knot_group }}