diff options
| author | Mitchell Riedstra <mitch@riedstra.dev> | 2025-12-16 23:02:49 -0500 |
|---|---|---|
| committer | Mitchell Riedstra <mitch@riedstra.dev> | 2025-12-16 23:02:49 -0500 |
| commit | a468044c0337d1a2ac0dab2ce3efc4ad766f81a3 (patch) | |
| tree | ca7d1523a6b43e14dc4fb6d2cd15966774faa237 /templates | |
| parent | 256ed8e7653b1963e1cc2b6d30aa636e9766d07b (diff) | |
| download | nsd-a468044c0337d1a2ac0dab2ce3efc4ad766f81a3.tar.gz nsd-a468044c0337d1a2ac0dab2ce3efc4ad766f81a3.tar.xz | |
Rework the NSD role to support more operating systems with minimal effort and duplication
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/nsd.conf | 26 | ||||
| -rw-r--r-- | templates/nsd/nsd.conf | 35 | ||||
| -rw-r--r-- | templates/nsd/run.j2 | 7 | ||||
| -rw-r--r-- | templates/openbsd_nsd.conf | 70 | ||||
| -rw-r--r-- | templates/run.j2 | 4 |
5 files changed, 42 insertions, 100 deletions
diff --git a/templates/nsd.conf b/templates/nsd.conf deleted file mode 100644 index 246e308..0000000 --- a/templates/nsd.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Managed by Ansible -server: - server-count: 1 # use this number of cpu cores - database: "/var/db/nsd/nsd.db" - zonelistfile: "/var/db/nsd/zone.list" - username: nsd - logfile: "/var/log/nsd.log" - pidfile: "/var/run/nsd.pid" - xfrdfile: "/var/db/nsd/xfrd.state" - -{% if nsd_keys is defined %} -{% for key in nsd_keys %} -key: - name: {{key.name}} - algorithm: {{key.algorithm}} - secret: "{{key.secret}}" -{% endfor %} -{% endif %} - - -{% for zone in nsd_zones %} -zone: - name: {{zone}} - zonefile: /etc/nsd/%s.zone - -{% endfor %} diff --git a/templates/nsd/nsd.conf b/templates/nsd/nsd.conf new file mode 100644 index 0000000..43f2f12 --- /dev/null +++ b/templates/nsd/nsd.conf @@ -0,0 +1,35 @@ +server: + #server-count: 1 # use this number of cpu cores + {% if nsd_bindaddr is defined %}ip-address: {{nsd_bindaddr}} + {% elif is_deb %} + + # Workaround for systemd-resolved nonsense on Ubuntu servers + ip-address: {{ansible_facts['all_ipv4_addresses'][0]}} + {% endif %} + + hide-version: yes + verbosity: 1 + database: "" # disable database + + remote-control: + control-enable: yes + control-interface: /var/run/nsd.sock + +{% if nsd_keys is defined %} +{% for key in nsd_keys %} +key: + name: {{key.name}} + algorithm: {{key.algorithm}} + secret: "{{key.secret}}" +{% endfor %} +{% endif %} + + +{% for zone in nsd_zones %} +zone: + name: {{zone}} + {% if is_openbsd %}zonefile: master/%s.zone + {% else %}zonefile: {{zone_dir}}/%s.zone +{% endif %} + +{% endfor %} diff --git a/templates/nsd/run.j2 b/templates/nsd/run.j2 new file mode 100644 index 0000000..02f4587 --- /dev/null +++ b/templates/nsd/run.j2 @@ -0,0 +1,7 @@ +#!/bin/sh +set -e +if ! [ -d /var/log/nsd ]; then + mkdir /var/log/nsd +fi +nsd -d 2>&1 | svlogd -tt /var/log/nsd + diff --git a/templates/openbsd_nsd.conf b/templates/openbsd_nsd.conf deleted file mode 100644 index 70e3541..0000000 --- a/templates/openbsd_nsd.conf +++ /dev/null @@ -1,70 +0,0 @@ -# Manged by Ansible - -server: - hide-version: yes - verbosity: 1 - database: "" # disable database - -## bind to a specific address/port -# ip-address: 192.0.2.53 -# ip-address: 192.0.2.53@5678 -# ip-address: 2001:db8::53 - -## make packets as small as possible, on by default -# minimal-responses: yes - -## respond with truncation for ANY queries over UDP and allow ANY over TCP, -## on by default -# refuse-any: yes - -remote-control: - control-enable: yes - control-interface: /var/run/nsd.sock - -## tsig key example -#key: -# name: "tsig1.example.com." -# algorithm: hmac-sha256 -# secret: "bWVrbWl0YXNkaWdvYXQ=" - -## master zone example -#zone: -# name: "example.com" -# zonefile: "master/example.com" -# notify: 192.0.2.1 NOKEY -# provide-xfr: 192.0.2.1 NOKEY - -## slave zone example -#zone: -# name: "example.net" -# zonefile: "slave/example.net" -# allow-notify: 192.0.2.2 tsig1.example.com. -# request-xfr: 192.0.2.2 tsig1.example.com. - -## dynamically configured zones, used with "nsd-control addzone/delzone". -## filenames are constructed using the pattern: %s - zone name. -## %1 - first character of zone name, %2 second, ## %3 third. -## %z - topleveldomain label of zone, %y, %x next labels in name. -#pattern: -# name: "master" -# zonefile: "master/%s.zone" -# notify: 192.0.2.1 NOKEY -# provide-xfr: 192.0.2.1 NOKEY - - -{% if nsd_keys is defined %} -{% for key in nsd_keys %} -key: - name: {{key.name}} - algorithm: {{key.algorithm}} - secret: "{{key.secret}}" -{% endfor %} -{% endif %} - - -{% for zone in nsd_zones %} -zone: - name: {{zone}} - zonefile: master/%s.zone - -{% endfor %} diff --git a/templates/run.j2 b/templates/run.j2 deleted file mode 100644 index 7173f62..0000000 --- a/templates/run.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -# install -d -m 0755 -o nsd -g nsd /run/nsd -exec nsd -d 2>/dev/null - |