knot: rewrite role

roles/knot/defaults/main.yaml

@@ -0,0 +1,76 @@
+---
+knot_version: ""
+
+# XDP datapath options
+# Note: rfc2136 aka nsupdate aka dynamic update 
+# not working with XDP
+knot_xdp: false
+knot_xdp_interface: "eth0"
+
+# QUIC protocol
+knot_quic: false
+
+knot_conf: |
+  # This is a sample of a minimal configuration file for Knot DNS.
+  # See knot.conf(5) or refer to the server documentation.
+  
+  server:
+      rundir: "/run/knot"
+      user: knot:knot
+      listen: [ 0.0.0.0@53, ::@53 ]
+      udp-max-payload: 1232
+  {% if knot_quic %}
+      listen-quic: [ 0.0.0.0, :: ]
+  {% endif %}
+  {% if knot_xdp %}
+  xdp:
+      listen: {{ knot_xdp_interface }}
+      udp: true
+      tcp: true
+      quic: true
+  {% endif %}
+  log:
+    - target: syslog
+      any: debug
+  
+  #key:
+  #  - id: k8s
+  #    algorithm: hmac-sha512
+  #    secret: changeme
+  
+  #remote:
+  #  - id: dns_server
+  #    address: 127.0.0.1@53
+  #
+  #submission:
+  #  - id: dns_zone_sbm
+  #    parent: [dns_server]
+  
+  #acl:
+  #  - id: deny_all
+  #    deny: on # no action specified and deny on implies denial of all actions
+  #
+  #  - id: key_rule
+  #    key: [k8s]                # Access based just on TSIG key
+  #    address: 192.168.0.0/16
+  #    action: [transfer, notify, update]
+  
+  #policy:
+  #  - id: rsa
+  #    algorithm: RSASHA512
+  #    ksk-size: 4096
+  #    zsk-size: 2048
+  #    nsec3: on
+  #    ksk-submission: dns_zone_sbm
+
+  template:
+    - id: default
+      storage: "/var/lib/knot"
+      file: "%s.zone"
+  
+  zone:
+    - domain: example.com
+      storage: "/var/lib/knot/zones/"
+      file: "example.com.zone"
+      #acl: [deny_all, key_rule]
+