WIP: Add authentik roles #1
5 changed files with 76 additions and 1 deletions
|
@ -12,7 +12,7 @@
|
||||||
- role: timesyncd
|
- role: timesyncd
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Debian"
|
||||||
- role: ufw
|
- role: ufw
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Ubuntu"
|
||||||
|
|
||||||
- name: Resolver
|
- name: Resolver
|
||||||
hosts: resolver
|
hosts: resolver
|
||||||
|
|
|
@ -1,19 +1,28 @@
|
||||||
|
<<<<<<< HEAD
|
||||||
---
|
---
|
||||||
|
=======
|
||||||
|
>>>>>>> 2410885 (Add knot roles)
|
||||||
all:
|
all:
|
||||||
hosts:
|
hosts:
|
||||||
resolver-1:
|
resolver-1:
|
||||||
ansible_host: 10.20.0.42
|
ansible_host: 10.20.0.42
|
||||||
|
<<<<<<< HEAD
|
||||||
dhcp-1:
|
dhcp-1:
|
||||||
ansible_host: 10.20.0.43
|
ansible_host: 10.20.0.43
|
||||||
authoritative-1:
|
authoritative-1:
|
||||||
ansible_host: 10.20.0.44
|
ansible_host: 10.20.0.44
|
||||||
|
=======
|
||||||
|
>>>>>>> 2410885 (Add knot roles)
|
||||||
children:
|
children:
|
||||||
resolver:
|
resolver:
|
||||||
hosts:
|
hosts:
|
||||||
resolver-1:
|
resolver-1:
|
||||||
|
<<<<<<< HEAD
|
||||||
kea-dhcp:
|
kea-dhcp:
|
||||||
hosts:
|
hosts:
|
||||||
dhcp-1:
|
dhcp-1:
|
||||||
dns-authoritative:
|
dns-authoritative:
|
||||||
hosts:
|
hosts:
|
||||||
authoritative-1:
|
authoritative-1:
|
||||||
|
=======
|
||||||
|
>>>>>>> 2410885 (Add knot roles)
|
||||||
|
|
19
ansible/roles/authentik/handlers/main.yml
Normal file
19
ansible/roles/authentik/handlers/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: Package cache update
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Restart knot resolver
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
state: restarted
|
||||||
|
name: kresd@{{ item }}.service
|
||||||
|
with_sequence: count={{ ansible_processor_vcpus }}
|
||||||
|
|
||||||
|
- name: Enable knot resolver
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
enabled: true
|
||||||
|
name: kresd@{{ item }}.service
|
||||||
|
with_sequence: count={{ ansible_processor_vcpus }}
|
21
ansible/roles/authentik/tasks/main.yml
Normal file
21
ansible/roles/authentik/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
- name: Install knot repository
|
||||||
|
ansible.builtin.apt:
|
||||||
|
deb: https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
|
||||||
|
notify:
|
||||||
|
- Package cache update
|
||||||
|
|
||||||
|
- name: Install knot resolver
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: knot-resolver
|
||||||
|
notify:
|
||||||
|
- Enable knot resolver
|
||||||
|
- Restart knot resolver
|
||||||
|
|
||||||
|
- name: Configure
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: kresd.conf.j2
|
||||||
|
dest: /etc/knot-resolver/kresd.conf
|
||||||
|
mode: "0644"
|
||||||
|
notify:
|
||||||
|
- Restart knot resolver
|
26
ansible/roles/authentik/templates/kresd.conf.j2
Normal file
26
ansible/roles/authentik/templates/kresd.conf.j2
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
net.listen('{{resolver_ip}}', 53, { kind = 'dns'})
|
||||||
|
cache.size = 128 * MB
|
||||||
|
modules = {
|
||||||
|
'hints > iterate', -- Allow loading /etc/hosts or custom root hints
|
||||||
|
'predict', -- Prefetch expiring/frequent records
|
||||||
|
}
|
||||||
|
|
||||||
|
modules.load('prefill')
|
||||||
|
prefill.config({
|
||||||
|
['.'] = {
|
||||||
|
url = 'https://www.internic.net/domain/root.zone',
|
||||||
|
interval = 86400, -- seconds
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
modules.load('view')
|
||||||
|
view:addr('127.0.0.0/8', policy.all(policy.PASS))
|
||||||
|
view:addr('::1/128', policy.all(policy.PASS))
|
||||||
|
{% for prefix in kresd_allow %}
|
||||||
|
view:addr('{{ prefix }}', policy.all(policy.PASS))
|
||||||
|
{% endfor %}
|
||||||
|
view:addr('0.0.0.0/0', policy.all(policy.DROP))
|
||||||
|
view:addr('::/0', policy.all(policy.DROP))
|
||||||
|
|
||||||
|
log_target('stdout')
|
||||||
|
log_level('debug')
|
Loading…
Reference in a new issue