hac/ansible/roles/knot/tasks/main.yml

58 lines
1.4 KiB
YAML
Raw Permalink Normal View History

2024-04-18 20:42:26 +02:00
---
- name: Add knot pgp key
ansible.builtin.get_url:
url: https://pkg.labs.nic.cz/gpg
dest: /usr/share/keyrings/cznic-labs-pkg.gpg
mode: "0644"
validate_certs: true
checksum: sha512:e78a1404feff1040c86f4a199495e4a2cf82684b8ff22ffc318a9bffa0ddf45136e484bc17e4440660c089e1c186af77008c76fb463434611b1f60709b57ee52
changed_when: false
no_log: false
- name: Add knot repository
ansible.builtin.apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/knot-dns {{ ansible_distribution_release }} main"
state: present
filename: knot-dns
- name: Install knot
ansible.builtin.apt:
name: knot
notify:
- Enable knot
- Restart knot
- name: Configure knot
ansible.builtin.template:
src: knot.conf.j2
dest: /etc/knot/knot.conf
owner: knot
mode: '0640'
notify: Restart knot
- name: Allow port 53 (DNS)
community.general.ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto }}"
with_items:
- { port: "53", proto: tcp }
- { port: "53", proto: udp }
- name: Create knot zones directory
ansible.builtin.file:
path: /var/lib/knot/zones/
state: directory
mode: '0750'
owner: knot
- name: Copy zone
ansible.builtin.copy:
src: "{{ item }}"
dest: /var/lib/knot/zones/
owner: knot
mode: '0640'
with_fileglob:
- zones/*
notify: Reload knot