GHP publish

2021-01-09 20:54:42 +03:00
commit b4b740a239
173 changed files with 5392 additions and 0 deletions
--- a/roles/knot/defaults/main.yml
+++ b/roles/knot/defaults/main.yml
@ -0,0 +1,56 @@
+---
+knot_conf: |
+  # This is a sample of a minimal configuration file for Knot DNS.
+  # See knot.conf(5) or refer to the server documentation.
+  
+  server:
+      rundir: "/run/knot"
+      user: knot:knot
+      listen: [ 0.0.0.0@53, ::@53 ]
+      udp-max-payload: 1232
+  
+  log:
+    - target: syslog
+      any: debug
+  
+  #key:
+  #  - id: k8s
+  #    algorithm: hmac-sha512
+  #    secret: changeme
+  
+  #remote:
+  #  - id: dns_server
+  #    address: 127.0.0.1@53
+  #
+  #submission:
+  #  - id: dns_zone_sbm
+  #    parent: [dns_server]
+  
+  #acl:
+  #  - id: deny_all
+  #    deny: on # no action specified and deny on implies denial of all actions
+  #
+  #  - id: key_rule
+  #    key: [k8s]                # Access based just on TSIG key
+  #    address: 192.168.0.0/16
+  #    action: [transfer, notify, update]
+  
+  #policy:
+  #  - id: rsa
+  #    algorithm: RSASHA512
+  #    ksk-size: 4096
+  #    zsk-size: 2048
+  #    nsec3: on
+  #    ksk-submission: dns_zone_sbm
+
+  template:
+    - id: default
+      storage: "/var/lib/knot"
+      file: "%s.zone"
+  
+  zone:
+    - domain: example.com
+      storage: "/var/lib/knot/zones/"
+      file: "example.com.zone"
+      #acl: [deny_all, key_rule]
+  
--- a/roles/knot/handlers/main.yml
+++ b/roles/knot/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: restart knot
+  service: "name=knot state=restarted"
+  become: true
--- a/roles/knot/meta/main.yml
+++ b/roles/knot/meta/main.yml
@ -0,0 +1 @@
+---
--- a/roles/knot/tasks/install.yml
+++ b/roles/knot/tasks/install.yml
@ -0,0 +1,7 @@
+---
+# RedHat Family (RedHat, Fendora, CentOS, Amazon, etc)
+- name: packages (RedHat)
+  yum:
+    name: knot
+    state: present
+  when: ansible_os_family == "RedHat"
--- a/roles/knot/tasks/main.yml
+++ b/roles/knot/tasks/main.yml
@ -0,0 +1,24 @@
+---
+- name: install 
+  become: true
+  include: install.yml
+
+# Configuration
+- name: configure knot
+  become: true
+  copy: 
+    content: "{{ knot_conf }}"
+    dest: /etc/knot/knot.conf
+    mode: 0640
+    owner: "root"
+    group: "knot"
+    validate: "knotc -c %s conf-check"
+  notify: restart knot
+
+- name: enable knot
+  become: true
+  systemd: 
+    name: "knot"
+    enabled: yes
+    state: started
+    daemon_reload: yes